From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB664C83F03 for ; Wed, 9 Jul 2025 17:47:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 64B396B0149; Wed, 9 Jul 2025 13:47:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5FB706B014B; Wed, 9 Jul 2025 13:47:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4EA606B014C; Wed, 9 Jul 2025 13:47:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 3C6DB6B0149 for ; Wed, 9 Jul 2025 13:47:21 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id DE640B8122 for ; Wed, 9 Jul 2025 17:47:20 +0000 (UTC) X-FDA: 83645457840.28.428B0DC Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) by imf24.hostedemail.com (Postfix) with ESMTP id 15DBD180011 for ; Wed, 9 Jul 2025 17:47:18 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=wFYQvluy; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of surenb@google.com designates 209.85.160.172 as permitted sender) smtp.mailfrom=surenb@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752083239; a=rsa-sha256; cv=none; b=ZHbMX9CjPZxbVbBK+dRWt64ZKXWvuNCtjj9vxSnBKoiGn5qKos6KQSdL5ONptKo2nh/x0w hDf26XgW8lBIVluhb5yraBeGzQRlL+WsQ/ZtOOldiF8n2DJfE/G7uWqk6dcEp0UgRyZEz5 QI1m8oFu6vnL9PmHWaEY+nxIm5fzgrw= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=wFYQvluy; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of surenb@google.com designates 209.85.160.172 as permitted sender) smtp.mailfrom=surenb@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752083239; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cN3J1spQZH5koi2K42kd0GhPe/aELqOGYCyAPqMRKaY=; b=zVhPhOmjyaWo511yz3HWroJfKeGgAYPq8o60AlZE3l15dY79e3RsErS/8Z2ZGsrxfq7w6B PmMLGstcFKaIj+TFfx9PF3TsVJ1cNXeYA3APsZlKKpISIcsStIFbrzBYGbQomYAzobTt4r J3yyA5ED961Z+jGe77L6YDrzseOKzC8= Received: by mail-qt1-f172.google.com with SMTP id d75a77b69052e-4a5ac8fae12so56001cf.0 for ; Wed, 09 Jul 2025 10:47:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752083238; x=1752688038; darn=kvack.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cN3J1spQZH5koi2K42kd0GhPe/aELqOGYCyAPqMRKaY=; b=wFYQvluy11rkepKewt5HBLTRRHO3Q4AZNzHITqayH5gaQWs3xQoHHUeIbEjnaf9ahx 37yOi0pJWDf2YZGn5CCGsxIBj+lFQWoySZvt/UaRpPUO7lf8YmqW2y3WjC1GzlCCTPFX KKqmsfEwS96J6TUZFQEZKvFFMrG6oK4d7w8wSfctlYFykjuPT+CBMZdwMiYCzpdYZqBO j4iw4592sAVn4urXMyz6a2zWbBxBTLyAQ7+MYdqCoMQ1qdi18A7Cg3jz8E29S/9gs1fE 9mfWm1uNHSMlYuooHyw+Vpabo01lcajW9EmdnjL544t3dgWxEWts5SRBwi6Xu7L2+1Tx elTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752083238; x=1752688038; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cN3J1spQZH5koi2K42kd0GhPe/aELqOGYCyAPqMRKaY=; b=pYV5oUG0NORPcpoTNgadxoLG7d33PK86ghUIvZHK5EYRCySWKRWwDjOcD7yYbGoEMk lQ0wPpdSpUEJXZ6dp8cPqiKxBflgkCtL+lVemGi/61mZcAGt8nrS0xtdteLkAtrdKN24 HhqgfbD/KNZDnRH0x+AFWg29L6J+f4PvwxYn6FAxB13xS78BEjKn3ZpaszhGvcv1QfLV 8E/FZ9t6wHzmkyyukJhEe6f3x4NDQzeX0YSx1B0bCX0otYnIZ/lsVCkJTPb86OjN3tbt J2uh7f59Ef/PxbZeKYJQKZ3cwCwS69dZ4A7ouysR8gm7AasdAUV+RErVZdVetYgbhA+5 C6dg== X-Forwarded-Encrypted: i=1; AJvYcCXVRVGnWiJ4L7iuoFrskGjRPHJOaDztfr5lrobKBqAcAZZxDDputfcplN/GQJYJBZ6AjHbCzR2LPw==@kvack.org X-Gm-Message-State: AOJu0Ywt6OymyDjDeJsst53kz042UiGmwvbQfdL85t4p+XOpSLA3MGZB cx6nsbw0qyUcIBePd9yzqMkO5fIxKS18sF2tu1xP7I8Wvgo1DHWTRXtcXYNpx6DAt0BGpSFMGiW VJlw/O/32lFThQ8na7GHUWOoiRCjv919GVYoDqmld X-Gm-Gg: ASbGnct/0wLcTtTIXFwCsDD9hpPZm2DqmHxsPasaOhO0X64mUkEzQHieETHeqNnyw1L 4Z827JdYUEhYwh8Cg7eaReM0ktU6NLM6uMoMC3P4w+RnqBgqpNoO/S4fLquQM1154aYzdVUngqv FqGiQWD20R/9kOviqFYLgwWVraWQbJL6edSMRI6Bv9IEkNnQT9olnYffaG85apOPeYyb22Su8= X-Google-Smtp-Source: AGHT+IEb9yL4kemL51aVpg60aXKmeWtcEpHCM8E6uKXxUeBvlOxi3YCv64SzOVL5NCkC47UGQze2rhIhsvwdXDbQx9M= X-Received: by 2002:a05:622a:1346:b0:4a9:95a6:3a69 with SMTP id d75a77b69052e-4a9eb05d8d9mr149361cf.8.1752083237536; Wed, 09 Jul 2025 10:47:17 -0700 (PDT) MIME-Version: 1.0 References: <20250704060727.724817-1-surenb@google.com> <20250704060727.724817-8-surenb@google.com> <3b3521f6-30c8-419e-9615-9228f539251e@suse.cz> In-Reply-To: From: Suren Baghdasaryan Date: Wed, 9 Jul 2025 17:47:06 +0000 X-Gm-Features: Ac12FXx7m-6kbzNrIap1Lfhn2R7EobVbpfkfdAZXQinEXMeB9hh_cUG7y6G0IHg Message-ID: Subject: Re: [PATCH v6 7/8] fs/proc/task_mmu: read proc/pid/maps under per-vma lock To: "Liam R. Howlett" , Suren Baghdasaryan , Vlastimil Babka , Lorenzo Stoakes , akpm@linux-foundation.org, david@redhat.com, peterx@redhat.com, jannh@google.com, hannes@cmpxchg.org, mhocko@kernel.org, paulmck@kernel.org, shuah@kernel.org, adobriyan@gmail.com, brauner@kernel.org, josef@toxicpanda.com, yebin10@huawei.com, linux@weissschuh.net, willy@infradead.org, osalvador@suse.de, andrii@kernel.org, ryan.roberts@arm.com, christophe.leroy@csgroup.eu, tjmercier@google.com, kaleshsingh@google.com, aha310510@gmail.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam11 X-Rspam-User: X-Stat-Signature: x6qqqkdmpwauidob5k35f8zk6o6oz71b X-Rspamd-Queue-Id: 15DBD180011 X-HE-Tag: 1752083238-419812 X-HE-Meta: U2FsdGVkX1+vOpKwCadi+FP05dFOYcI+zjnebYiHkldhKKor5zCO6hdnR+szmxJQpYRWB8fDskHEj18kRzdOgv15hb2268JkpKE1dplGcE0OcmRXzVLaWuLPOJXj0z7zmzqdfWAY3U84RH+2Yr6vW2/3GmiiQpHsUlok/AVmuO9jUrWYusgPzwmCdxflxVrgMaOLLu5XgFEmEABPh4pzFaOKTxQWgGR8g8P4VXDi/3AyKBVqY71Xt2/fjsPhjEAasDeW7hAGd3MdZhJ6Qiyv7nAlEVk6jM67JAOBwC0+JwGxAPWIOwn6FTnBOYJKlRpaWt9lBzu/TKYa/K8+6XIdw5nD0UgpVnaoDPzgSMyXnoWJ/iU3gx0LMOMwm5EGau0aN0RnWLx/MdY5zQ6Qm1Wm66ybYZlM1ISz1eo0W+cfVv4ufFnOgMj4MWktLC/DrCCLpxBeSTxznfemxPFm1SDS1ccMCUSSWKVVWSBD7ifQD84qBiaED9V0zYZ6bMmqiBLY7utP2Qa2IhNR64imZFSPpBAs+MIZ6PkAtNDgW6vfj7xXfc229ws098g9+iwQ8EiIEDSfGo+pfjmLuqBIeo2aNeuAn9myRJTzFDPdJyoK7PlkunJAc5EAJ8eSI4z8is2MBFjRaIc0C/qqFNjXZX8uToe8KnDkz9gLJsaucCpCL/Htqx9PPBgUZPRRFLJeZQ6s8iM9J4fWPoRvmJd4mIMH4K2ygpjY+N8uv9idT7s2Wn4lkGaGEFGEJZEroxw81wAewNn7LP/doiKQAS6ejKRthScAarhma3oVLBhQqvm3T3rwxLvbI7+no0pbzG1x50j+P02TIiVNdLC4TQtkm61dCuMBHVnUuTEcJhu/LOnmvGdLGSYl2qR6TiItwxLG48dSvqaKBmSA5vp8kXudouxSrShSYU0SsNm3D3aQSLegX1erNTd8QxR8Vdxa2epO4tUnmS5Im4m4h+n66MB89el XpuvpROK hThP9taeACKU1vLpEFk28ecog1pPVPRy8tzq7CVSNJ3WcRGn8uMGouknRW2IqpaRoacAq1WaHgaycS8CFB3DQjdNnCDjnAxqPr0Mi6hw/LqLU1ilelGoy7M7ZHU9Wsq821uujmJV9POeWg5goM0h19Cut4tTdVcGG0IOksCDgOE+ThtQZz85WIOI6BhvhUB+nrpsNCUuslWYbZrq6+7IFAApqYmfKCQiLMI6H7yQ2wQttQMEeKfGOn8bFsKRxcmb5wlIcU1gZ5ibEKx+RMtnc01/x0jRfsgE4Mlz1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jul 9, 2025 at 4:12=E2=80=AFPM Liam R. Howlett wrote: > > * Suren Baghdasaryan [250709 11:06]: > > On Wed, Jul 9, 2025 at 3:03=E2=80=AFPM Vlastimil Babka = wrote: > > > > > > On 7/9/25 16:43, Suren Baghdasaryan wrote: > > > > On Wed, Jul 9, 2025 at 1:57=E2=80=AFAM Vlastimil Babka wrote: > > > >> > > > >> On 7/8/25 01:10, Suren Baghdasaryan wrote: > > > >> >>> + rcu_read_unlock(); > > > >> >>> + vma =3D lock_vma_under_mmap_lock(mm, iter, address); > > > >> >>> + rcu_read_lock(); > > > >> >> OK I guess we hold the RCU lock the whole time as we traverse e= xcept when > > > >> >> we lock under mmap lock. > > > >> > Correct. > > > >> > > > >> I wonder if it's really necessary? Can't it be done just inside > > > >> lock_next_vma()? It would also avoid the unlock/lock dance quoted = above. > > > >> > > > >> Even if we later manage to extend this approach to smaps and emplo= y rcu > > > >> locking to traverse the page tables, I'd think it's best to separa= te and > > > >> fine-grain the rcu lock usage for vma iterator and page tables, if= only to > > > >> avoid too long time under the lock. > > > > > > > > I thought we would need to be in the same rcu read section while > > > > traversing the maple tree using vma_next() but now looking at it, > > > > maybe we can indeed enter only while finding and locking the next > > > > vma... > > > > Liam, would that work? I see struct ma_state containing a node fiel= d. > > > > Can it be freed from under us if we find a vma, exit rcu read secti= on > > > > then re-enter rcu and use the same iterator to find the next vma? > > > > > > If the rcu protection needs to be contigous, and patch 8 avoids the i= ssue by > > > always doing vma_iter_init() after rcu_read_lock() (but does it reall= y avoid > > > the issue or is it why we see the syzbot reports?) then I guess in th= e code > > > quoted above we also need a vma_iter_init() after the rcu_read_lock()= , > > > because although the iterator was used briefly under mmap_lock protec= tion, > > > that was then unlocked and there can be a race before the rcu_read_lo= ck(). > > > > Quite true. So, let's wait for Liam's confirmation and based on his > > answer I'll change the patch by either reducing the rcu read section > > or adding the missing vma_iter_init() after we switch to mmap_lock. > > You need to either be under rcu or mmap lock to ensure the node in the > maple state hasn't been freed (and potentially, reallocated). > > So in this case, in the higher level, we can hold the rcu read lock for > a series of walks and avoid re-walking the tree then the performance > would be better. Got it. Thanks for confirming! > > When we return to userspace, then we should drop the rcu read lock and > will need to vma_iter_set()/vma_iter_invalidate() on return. I thought > this was being done (through vma_iter_init()), but syzbot seems to > indicate a path that was missed? We do that in m_start()/m_stop() by calling lock_vma_range()/unlock_vma_range() but I think I have two problems here: 1. As Vlastimil mentioned I do not reset the iterator when falling back to mmap_lock and exiting and then re-entering rcu read section; 2. I do not reset the iterator after exiting rcu read section in m_stop() and re-entering it in m_start(), so the later call to lock_next_vma() might be using an iterator with a node that was freed (and possibly reallocated). > > This is the same thing that needed to be done previously with the mmap > lock, but now under the rcu lock. > > I'm not sure how to mitigate the issue with the page table, maybe we > guess on the number of vmas that we were doing for 4k blocks of output > and just drop/reacquire then. Probably a problem for another day > anyways. > > Also, I think you can also change the vma_iter_init() to vma_iter_set(), > which is slightly less code under the hood. Vlastimil asked about this > and it's probably a better choice. Ack. I'll update my series with these fixes and all comments I received so far, will run the reproducers to confirm no issues and repost them later today. Thanks, Suren. > > Thanks, > Liam >