From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB4D0C3ABDD for ; Tue, 20 May 2025 04:41:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0A6AA6B007B; Tue, 20 May 2025 00:41:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 057396B0082; Tue, 20 May 2025 00:41:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EAEF46B0083; Tue, 20 May 2025 00:41:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id CAD7B6B007B for ; Tue, 20 May 2025 00:41:35 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 2E749140127 for ; Tue, 20 May 2025 04:41:35 +0000 (UTC) X-FDA: 83462037750.02.0732F89 Received: from mail-vk1-f176.google.com (mail-vk1-f176.google.com [209.85.221.176]) by imf23.hostedemail.com (Postfix) with ESMTP id 754F614000A for ; Tue, 20 May 2025 04:41:33 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=eCM0D6Gu; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf23.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.221.176 as permitted sender) smtp.mailfrom=21cnbao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747716093; a=rsa-sha256; cv=none; b=vkXDONppRXZv+bIYOsF7PMkaAA5MveSfMMrCl52fnanY/FGVubyQOA2KC0urg81vdj92IN tsLwGmPsOHoKbzt46z7Mxi1lu6UjL53uok5SXorY0Los1q1mmxrgimRXw9sQf4R/O78BK0 9Sr+T/xciMGSE6Fn96lJFVMRGRpW/7I= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=eCM0D6Gu; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf23.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.221.176 as permitted sender) smtp.mailfrom=21cnbao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747716093; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=0PGsEVRuOLLAJr1H7lswziptx7jnjpDYYZxCcbVfAq4=; b=ewAPggbK+tyjwbmN2VbAeB0eRNf4E41r0vdftebubuhOSp2Ve1sdbB51uaejS8hvMYcrTn q3TYJjxWYUrj0nKkvdBbh4Tc2Mysm3yQEDfyRfTkauAAQg72AnDhOzUfz7s8tPXCqKTbhE sWBOVUTFKRqUGHzZ2tJUlTBpnXzcg3Q= Received: by mail-vk1-f176.google.com with SMTP id 71dfb90a1353d-52dd77335a3so552096e0c.1 for ; Mon, 19 May 2025 21:41:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747716092; x=1748320892; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=0PGsEVRuOLLAJr1H7lswziptx7jnjpDYYZxCcbVfAq4=; b=eCM0D6GuZu/KJa3t728IdkOB9XWsfXh7Gyp5kszZ5+Y4+fjJmCNXkoOeugVrgRyfTg dqBprD83JcK/Z++7ATChhz/IagHt9vNcXph+aMb38oBtkzoM5GdppXQTcCJjzSFXpGy7 oHEoQV30IddYJkciuqBiyEqb8uPxTQ2oJv6SFeVYl0PHiwGdeJ462R71mo7xvQsJM9VX hD7yhH3o5tgNkNmA21vaHo/roYM7o2k/0rU38o5bqRoz7CIf5fLVHpaVm/YgHnMVRz8x IuXO1OSBJ0lWoHlDcaJtJilgO3ocjRu65sY2dMkY6l12fI+0cTUShSmVOEKm4VIp8REm 2kbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747716092; x=1748320892; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0PGsEVRuOLLAJr1H7lswziptx7jnjpDYYZxCcbVfAq4=; b=pG9niGYDQZkXgyD1dUUSH8226p+8d0Gec2oBNl8+322p6QYzbyDG9Lan6b1Bf8gljq b2QE9NNcWUGFxWieIyFGeEXSzJBlHwQPtFvSk8jlppjxdGR/2DrQNMro09z72uNuHoK5 UhRigV1dW3kIl316fAz3N2ocxsRpWonGAUfR2gl6QFXdVHUsInUdNIAssvcWHLQEYIfp Y+sVZEVA5NccWW0kojuYHZYGwVtOuInS94IJs7rDGr4YQunz3gRxB+OQnCrQ/Fs8ZJNE L0f9PGdctz8ITQXNeJYBikhJmf2l4x2EYauM+8GMkgji6ZIkCGvyUoGa5SY3KAhn4SyI STwQ== X-Forwarded-Encrypted: i=1; AJvYcCWbMEuzr3tRJPI6Exm4pbaaqP8b65dtDYMTYVlY3CzC0rjJJukYcPdqab6Ja+SQvIa7jGRjdZhV1g==@kvack.org X-Gm-Message-State: AOJu0YwhiIxVfWe7uYiEX9tMxYfzQzJlH8B0iOAh6+jPUmOwnxuftqsl xpJkuYoqG9mHokjazU28xRDmb4OEJmDDeHJlMfIxxMc5mBMqHEskyi65WcDUV7Aw03nMjPagNl/ WBs/dsPPxhe+/grgunyNm1jHrGUly9YU= X-Gm-Gg: ASbGncsxaOgAm3U3yWNLvr9onrcNCu4kDLAlz367pbPGDZw9Jbv1PCudXn5xDE3q+hT PEyUiwJS+5PNX/v0z9SKN6MCZHCuX7+jvqY2YNTMLTab+bYypByoRf/GHJqRF/I3zu2yanOFiE/ VKQ1l/r9iQnnMOzLdfwBgL8WqP1H2mtxuPFUTIwas9cAV/ X-Google-Smtp-Source: AGHT+IFbArCYIwR2O/XBoeciC8FmCdBof1bsivqX5W5MnnOOmOlzuLNzaRop84BOKTPpznME2mGSIpjrRoQG+H0ayQ4= X-Received: by 2002:a05:6122:2203:b0:52a:90d1:ed2d with SMTP id 71dfb90a1353d-52dba83aa75mr13682011e0c.3.1747716092432; Mon, 19 May 2025 21:41:32 -0700 (PDT) MIME-Version: 1.0 References: <20250514201729.48420-6-ryncsn@gmail.com> <20250519043847.1806-1-21cnbao@gmail.com> In-Reply-To: From: Barry Song <21cnbao@gmail.com> Date: Tue, 20 May 2025 16:41:21 +1200 X-Gm-Features: AX0GCFtFF3WFy2ZJO51MlfJuT8MJKMwchLGRfuBGHfQPNVy5hqpUeX4HrnyUKdE Message-ID: Subject: Re: [PATCH 05/28] mm, swap: sanitize swap cache lookup convention To: Kairui Song Cc: akpm@linux-foundation.org, baolin.wang@linux.alibaba.com, bhe@redhat.com, chrisl@kernel.org, david@redhat.com, hannes@cmpxchg.org, hughd@google.com, kaleshsingh@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, nphamcs@gmail.com, ryan.roberts@arm.com, shikemeng@huaweicloud.com, tim.c.chen@linux.intel.com, willy@infradead.org, ying.huang@linux.alibaba.com, yosryahmed@google.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 754F614000A X-Rspam-User: X-Stat-Signature: b9gs8zb187sga5iuenaif1obdgcdc1e9 X-HE-Tag: 1747716093-703513 X-HE-Meta: U2FsdGVkX1+itT7erHYjE5g0sbDWVqkK+RdHtf+UXWqf5/fGz0OEIZQH1908wBDVnafDlKAO/erK1t42GsvCqdf00XPlWKFa5fX4qH1wGQ0skaRxvKEkiD4LYVfUHWIQU0/99lRVdTROmjYKu4YbvwzoYNarV1HaqbmFB2pp6Yt8pteEW3Uenjlhzfv9WXS/ayU6/GeBMaEWsMtFmja0qAl+gU4kUm8cG8EZwGuBPrxNFbSrmcNV8iWjLzI9eIJybRcp2KLSU4MlbWYZEeJbB4Y/ZnQh0A2XpL0RKtEiw0O825kMEMOh1adGWpYDTram6V4aebO3YivzLxPgV/iVVEBvT/x5Fck4PHX9cY/sooAPdOzfyFc6GgRuCnSxtvmvP7BoltFqpo+6NyFMcwk9JGw+Em2frBZI3x1Y/RSn7p+KwPloJk5aVSh3T4MN/2sHbqk4ajrv/PPBTeDWLrzBmSxZI6Up5GG+NxTpaShq+1jl8gjGR18RAnGANh6PTicGX1HTZulsXzTJZn23KFGJHbjprgQA9N7JDpCQbfAP6LqzEf7/UJSHNB3HmOZeempB1DNT4U8vbadgoHAHJ3n6821Zx6/9/mXQntX82Gc+of72xNezdTjqMpYFecOJGFyyITBiqks96qBhZyyGWkC+w1r/g1ahRWNUgJceyKH+4zVkefSQxYEvTuA1BXfddkcKzzLGzBTyRVlA0LnfFgtnGxUquHi+LhjxfY1+X39pixY4wxBPx1fs/vySdwrc4/aUlom+xibIXBLJLgAhgn++kx+YgoVvsJNRq4AQnxmh4EUBWlem70CyqfC9JeERLgIDs9dkqWvqlK/gbAYtSnjio0JwzRhWow0L0EylZE5kihgjzBuaY1YEz82rrlfQJZLyBFH55n6MNrNO4QEgAvDXvtZ4u8P/EitXz6b0r95h43Gf4EjtvPWmNq5gStBsG4wsryuJGMh9Nno= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, May 20, 2025 at 3:31=E2=80=AFPM Kairui Song wrot= e: > > On Mon, May 19, 2025 at 12:38=E2=80=AFPM Barry Song <21cnbao@gmail.com> w= rote: > > > > > From: Kairui Song > > > > > diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c > > > index e5a0db7f3331..5b4f01aecf35 100644 > > > --- a/mm/userfaultfd.c > > > +++ b/mm/userfaultfd.c > > > @@ -1409,6 +1409,10 @@ static int move_pages_pte(struct mm_struct *mm= , pmd_t *dst_pmd, pmd_t *src_pmd, > > > goto retry; > > > } > > > } > > > + if (!folio_swap_contains(src_folio, entry)) { > > > + err =3D -EBUSY; > > > + goto out; > > > + } > > > > It seems we don't need this. In move_swap_pte(), we have been checking = pte pages > > are stable: > > > > if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_s= rc_pte, > > dst_pmd, dst_pmdval)) { > > double_pt_unlock(dst_ptl, src_ptl); > > return -EAGAIN; > > } > > The tricky part is when swap_cache_get_folio returns the folio, both > folio and ptes are unlocked. So is it possible that someone else > swapped in the entries, then swapped them out again using the same > entries? > > The folio will be different here but PTEs are still the same value to > they will pass the is_pte_pages_stable check, we previously saw > similar races with anon fault or shmem. I think more strict checking > won't hurt here. This doesn't seem to be the same case as the one you fixed in do_swap_page(). Here, we're hitting the swap cache, whereas in that case, there was no one hitting the swap cache, and you used swap_prepare() to set up the cache to fix the issue. By the way, if we're not hitting the swap cache, src_folio will be NULL. Also, it seems that folio_swap_contains(src_folio, entry) does not guard against that case either. But I suspect we won't have a problem, since we're not swapping in =E2=80= =94 we didn't read any stale data, right? Swap-in will only occur after we move the PTEs. > > > > > Also, -EBUSY is somehow incorrect error code. > > Yes, thanks, I'll use EAGAIN here just like move_swap_pte. > > > > > > > err =3D move_swap_pte(mm, dst_vma, dst_addr, src_addr, = dst_pte, src_pte, > > > orig_dst_pte, orig_src_pte, dst_pmd, ds= t_pmdval, > > > dst_ptl, src_ptl, src_folio); > > > > > Thanks Barry