From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E5C9C48BC4 for ; Tue, 20 Feb 2024 03:42:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9F9CE6B007E; Mon, 19 Feb 2024 22:42:28 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9A9836B0081; Mon, 19 Feb 2024 22:42:28 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 849DA6B0082; Mon, 19 Feb 2024 22:42:28 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 719186B007E for ; Mon, 19 Feb 2024 22:42:28 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 42A7C40548 for ; Tue, 20 Feb 2024 03:42:28 +0000 (UTC) X-FDA: 81810784776.13.89A5411 Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170]) by imf21.hostedemail.com (Postfix) with ESMTP id 711B71C0002 for ; Tue, 20 Feb 2024 03:42:26 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=V0LO6Ztv; spf=pass (imf21.hostedemail.com: domain of ryncsn@gmail.com designates 209.85.208.170 as permitted sender) smtp.mailfrom=ryncsn@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708400546; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6YBW0iFVBOwdaYNTEi3AnGx7giAdQn2LsYMgaIrZ6FM=; b=4ofemnc/ljsBDUzMi98hqATK+P3ErbQsfSmjsWDZncr7boFjlh4OsD1HZmCh5EELxyDlr4 8F3Z6PLCf/eY/xjyFIO9dG/Cn8LSvR+2Hipo5aULBT+1ylpjbaxwI6fXuCqJ3RZ2gTdlWr VryeUss3M7LfcvK8OPMqcwy2vXSpTYA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708400546; a=rsa-sha256; cv=none; b=uoMuleh6wYHEsIN7Sz3cJUVfJSGtdopNXBZvJwbdK1YuKuoRmJK4swDKkJ0ligZFaoBBgC yedZUl3ZU2iTV6qUA67V3FQRClXZIKOCoEEUafpX1J3iO3GdcHVv9nkhudxGgcSXOb19qA Wu5lEsgfPssD5pj1XrXdbNvau/w/v5M= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=V0LO6Ztv; spf=pass (imf21.hostedemail.com: domain of ryncsn@gmail.com designates 209.85.208.170 as permitted sender) smtp.mailfrom=ryncsn@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-lj1-f170.google.com with SMTP id 38308e7fff4ca-2d22fa5c822so29463831fa.2 for ; Mon, 19 Feb 2024 19:42:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708400544; x=1709005344; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6YBW0iFVBOwdaYNTEi3AnGx7giAdQn2LsYMgaIrZ6FM=; b=V0LO6ZtvcApuZ4l4YT93PIFNvis+6+fMEybhXm0QYZ/k72TECCHUEK7ZLs1DYG9KE2 iuz6FEXQCAEgEiIX3ogIqb2/yZ4csXdgNbSg5rarUriutfwrehhwZrZFbuQxrPurRZ87 KlN9oiKibrvirxhjSliWK5Qe/o0TUgnEXd32QkaAXTWqYLSnPQ7sKaEOVGyRytSxzcDQ gWj9Q/FYFmv0MdaJOnqHkmLHn23f/wwbYm8Gr1R/RtjJb1uQ046J+GjbszI01Ob7UPSX Y+yio2izlA4TByVtRJbjV8OVwONeYRYu2RIs4EeF3x7yg7UQDngN2JSyCGu/noT2et6Q Mn4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708400544; x=1709005344; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6YBW0iFVBOwdaYNTEi3AnGx7giAdQn2LsYMgaIrZ6FM=; b=NBAKTdtIcbGzk8HPj2i2rsPVoXIHtRd12SawQuRmJZUZqY90k/U5ZUoney/6XNflht nGFtvrepfb4jgCCb4upIJCBRE1y/URPjvbJ7WcsX5C1FH3FcbKWA92YWYg0/9KWgRQyv VI9KGewDvCS+tGr86b891XBxmrklp/mx0tF712O0dUS5fUvl3ciWNiCIGEJZrzYdHaEJ MzUdU8m9tuI9RDg1YLFyE6lbftQNMsEG1hoPqvJuni9hTZIYVQ8Eog/tJEdKNyGuEIXi kwv7kgsg2yumu2OkndoJmO5bMtMfq0eZ7H7ew+UhV4qc0bN1aIsaWHiCIQjsGS6C5rK5 dXgw== X-Gm-Message-State: AOJu0Ywa/gIX3Mt+TtDt1m5bh+Jxc4YTYsnL2NZ+DOW2Bfax1ZY8np8j k9Y0COzNDzznmIBuSwnyKTcPtXQAA5uck8f8G/wI96sE4mrb3/o7of2GpaszFd9Hvxp3F4rTaLh 3DqgUyifGNdKzitrxnFW1GvYAFs0= X-Google-Smtp-Source: AGHT+IFUdqhJ1ck10sT6eDa/vnx33reMzjJD6WE2mtMnQZK5BEREIDmnyv1I2drdG4Do2HdBONDamROPOk/Xcek4N0c= X-Received: by 2002:a2e:9816:0:b0:2d2:42ce:3e5b with SMTP id a22-20020a2e9816000000b002d242ce3e5bmr2429934ljj.8.1708400544242; Mon, 19 Feb 2024 19:42:24 -0800 (PST) MIME-Version: 1.0 References: <20240219082040.7495-1-ryncsn@gmail.com> <20240219173147.3f4b50b7c9ae554008f50b66@linux-foundation.org> In-Reply-To: <20240219173147.3f4b50b7c9ae554008f50b66@linux-foundation.org> From: Kairui Song Date: Tue, 20 Feb 2024 11:42:07 +0800 Message-ID: Subject: Re: [PATCH v4] mm/swap: fix race when skipping swapcache To: Andrew Morton Cc: linux-mm@kvack.org, "Huang, Ying" , Chris Li , Minchan Kim , Barry Song , Yu Zhao , SeongJae Park , David Hildenbrand , Hugh Dickins , Johannes Weiner , Matthew Wilcox , Michal Hocko , Yosry Ahmed , Aaron Lu , stable@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 711B71C0002 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: czo53xjta6d9t5ifhg5joqwjuuj71dje X-HE-Tag: 1708400546-400955 X-HE-Meta: U2FsdGVkX19Ec/O/Ko9J4fmGW1PEzbmRfD2P148zQ7QY8f1u6EK11c79UN73np8gxVCZpe3UhiKYo2uV+DENcGaotj/mBSIEhPekbO78grm6mfl2M9TKBwrebFnAwO7i74OGz3d//LQ6zqPNZkx3p7YHMJkG1seBYzv2caFgCKMtRVnyrI19vwhirCqPssOOftQjUsKAGrSjUqIEEDRI0PyAwC7776rphYXoPDS3UvJWCmVcTnm4WRLk02wnBeh/9dpnWf7Xazrmb0Se1MJ1B2K+i9ESNH3CuWjhQieOeVtLV4dMVAQtwz0SaSejuBssBrzMj7cY+F3ElCO26VaZcZoK5SUlmPSkOmrymed1Wo+Bz0eSVR+Y5SLNFl+B1zMLXx7jy/QmIoVQXn3jOnXE0MBMMpvcYbbMVybVHPH6sEEGN7pLWnT33SKhzJ5hK+M/aCEFM3MEpkvkaU/BFOq4WE0fce/7Z9Gc0t40hmR99+YU7rB7gdjxXeF6JfBu9F95c7wtSxYncSdDVukc1CBwN9WQmhvse0PpRpX2zx+8urJVUh98zdylYfraVStAd9sUx5/+1JQuA9Bpnd4E3oZrFE3rdImPe9XIxd1OZD5acO7Ag8pKGIeLHr/VgxrlEdbQeaEF8LYMTwxJN6fbz9OxFbovfL6U/CV6yFpQDek8sf2UGAQaUiv3acqo4rV07vE6NBp2jutvzhCYB2nmtTWrvVApo/1dBy7rAwuzGlwwQiFb+HQKkftqinjRkar4mUajXX61naE5Rh6tISJdkeuGmijBLV2RuOIospeWH43giT1Tu/2H3bYziXm6rN2c8bTnBbQTCT286oRzmwY6gSC/L+9JRjpvxnRj1VblGMramE2vlAClcWNd+C/LIk5jASIfkCuXiCnqu4sdjMO7KQDS0lnwowGAIVXMmvdVJx4+Lt81hr6fqyuVA5rxz6//rYCvKm1lT06MamHCdx9yO7D hw6myt6X ikzzeOGWVlzXbBcHlH5+B0T+RS+EVCTkcx9Ag5HCnhYar/aMDOhn8fz63G5l/pafpkRHgOOATUcAIEfv5dzuXopl+crnEqduHaVV/ohN9XvrssyA9dBeOtXpFilncDrKsD6iC3ayvH56EMZ7544QPNe+EHEfMWZx7y6cWjBGq7MZ/rXQ5Cy2zaXFGj9UD7MCpjsOicAyNqiRAohX7hBOZsUfKsn74S8qjszuAVVswbxxJI8GgxHAYi5ZMrfhxM8Y+YkcDWckMunp44JoI+KXz9T1lhdsuSr7AEp/MTPbvLTdLO83Mwoi2HPFbnjSfLBw7nD6aYoMoV4nHe3+Qw0pjFVoHb+HVMo6RGPhvJEq0XsmZjO+O6UpCeIOBjQx2NQHKRu306/Bf+I4USpLv2qi/juEQqBIIGRB/EUTXEt7Ke7wOKZAgJ0FSNeN1Zhyc3zuo1UJBM2hHEOFRBaxe69yp3tdhfphyIhTk61jZORhHxfbyjCHgpxa89l65zw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Feb 20, 2024 at 9:31=E2=80=AFAM Andrew Morton wrote: > > On Mon, 19 Feb 2024 16:20:40 +0800 Kairui Song wrote: > > > From: Kairui Song > > > > When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads > > swapin the same entry at the same time, they get different pages (A, B)= . > > Before one thread (T0) finishes the swapin and installs page (A) > > to the PTE, another thread (T1) could finish swapin of page (B), > > swap_free the entry, then swap out the possibly modified page > > reusing the same entry. It breaks the pte_same check in (T0) because > > PTE value is unchanged, causing ABA problem. Thread (T0) will > > install a stalled page (A) into the PTE and cause data corruption. > > > > @@ -3867,6 +3868,20 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) > > if (!folio) { > > if (data_race(si->flags & SWP_SYNCHRONOUS_IO) && > > __swap_count(entry) =3D=3D 1) { > > + /* > > + * Prevent parallel swapin from proceeding with > > + * the cache flag. Otherwise, another thread may > > + * finish swapin first, free the entry, and swapo= ut > > + * reusing the same entry. It's undetectable as > > + * pte_same() returns true due to entry reuse. > > + */ > > + if (swapcache_prepare(entry)) { > > + /* Relax a bit to prevent rapid repeated = page faults */ > > + schedule_timeout_uninterruptible(1); > > Well this is unpleasant. How often can we expect this to occur? > The chance is very low, using the current mainline kernel and ZRAM, even with threads set to race on purpose using the reproducer I provides, for 647132 page faults it occured 1528 times (~0.2%). If I run MySQL and sysbench with 128 threads and 16G buffer pool, with 6G cgroup limit and 32G ZRAM, it occured 1372 times for 40 min, 109930201 page faults in total (~0.001%).