From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69073C25B74 for ; Thu, 30 May 2024 09:16:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E8F226B0092; Thu, 30 May 2024 05:16:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E3F946B0093; Thu, 30 May 2024 05:16:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D06B96B0099; Thu, 30 May 2024 05:16:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id AFE996B0092 for ; Thu, 30 May 2024 05:16:32 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 1BE8F140C8E for ; Thu, 30 May 2024 09:16:32 +0000 (UTC) X-FDA: 82174506624.24.B5BF3BC Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) by imf15.hostedemail.com (Postfix) with ESMTP id 43DA9A000B for ; Thu, 30 May 2024 09:16:29 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=XA4XfDT+; spf=pass (imf15.hostedemail.com: domain of chuanhuahan@gmail.com designates 209.85.208.53 as permitted sender) smtp.mailfrom=chuanhuahan@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1717060590; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=F1XnOTuhpxpO8zzU87yFsF7xaPtDUjo2SnjXEIe/jGE=; b=Qcv8eXTppxJPkyQzOeGQ6Z691Friew4HcfXE2aeK/ZGfWao9aSS04II7dNF4NEfDV4z0U1 65fF1fcFLIunchuqHfsImg5UoCONq4IhYJhAzk7H9gPrCGdx+KpLvwX+tphsUTpttKam54 d9yC7xuLOTS25MVYk4Cb47dPsRoBsy8= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=XA4XfDT+; spf=pass (imf15.hostedemail.com: domain of chuanhuahan@gmail.com designates 209.85.208.53 as permitted sender) smtp.mailfrom=chuanhuahan@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1717060590; a=rsa-sha256; cv=none; b=KZwgy1vBqIYHjv+tNLPsyFSWk8RTqWtFC4r0AkcDF6t4TJ84PxHZ1Kofzt+KKB9K46S7mp mze2Aq1/p9aT2f+445drR+xR60ZgVE+35ng8MKxOEVG4EGVnFhlq+dCSo56FgM2O4cRPF9 0FpPGql0uHG00XF0La2QYOk6EOHOZY8= Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-57a033c2ec2so591821a12.2 for ; Thu, 30 May 2024 02:16:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717060588; x=1717665388; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=F1XnOTuhpxpO8zzU87yFsF7xaPtDUjo2SnjXEIe/jGE=; b=XA4XfDT+LW21ijY0JSkF8TZmBv7eklvprKCThcfRgAHQ1iknx2atB5rTdlHUjmJgdD zaRvPC0GGgrW4Ex61LSdqxVTwmdQJsjzJm1L/Bk5dbhNAmshhke1qzPI10hmzMpB9xsz bW6YVAHgUig2xlxzHvMbaoMIeuQ7qhIwu0Imu9wnHkSf/c6ym1SbjsN2gAy0R5ti8aWX 2tXxlAAvZG62ifc0jw0tpDf+mMdOk0gF/T3Gx3Bj0ZV+fPIKHrrAOE6bg+K+Kfm5f/Qz 00hN8he1c5qywuwp9cGs2md4USvYxxrRJAclGfnS8aJ3Ajgvo5e1unaBR+pXAIa2eI9h In6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717060588; x=1717665388; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F1XnOTuhpxpO8zzU87yFsF7xaPtDUjo2SnjXEIe/jGE=; b=DdPfwGif6y3YFB9+xkMOKd/RL6f8S/M/8yUbtB0b8PEVJZrumPGAisVEYjAxKVDijr JM68lpSh1wgGN66H/F8Lo6ZvLNlJ/dCi8ZSB7cnzUr8EvNxTSA96Te8Ql9wT+bP5T3rB y2y7sc0UJsbgZaZUBoXZ/gIxVQ0W+Ly1GU3R0jSAO5O2y5GX+l/SSrxBvYK583vss6P1 srNbzDhPQW3O9zpf3mdbGYcGh3PzyaSFDguTo9LGrL4P1adTikIE5f2LArc9yWg1BeIa uUknlpGyFjZ7NuHY9H64ih/5oHD8r218sNukn0WyBbo8h1kIDGimyWRpCHn+mLmzrq3K i/bg== X-Forwarded-Encrypted: i=1; AJvYcCVbGpO5o6gnDGVfXiApbUa99htIWs8/oa3DfUAld+Q800wJ1rygPqVWz5UvTtf0hERzNSaNGsBFUmnm3ny/jySDNYc= X-Gm-Message-State: AOJu0YyH0AjuT1WGQQTyo6+l9/s/vskrjrgDG99CU8rHs6K+t2fQCciE L7jqaKoYcxIhEisuQD0Mhhml8XLfrl2tVcy84bR7h0gJd3jO3QNCspG+gcByaryh4Bznhlb3SN9 vbSRvWpweI7ROQoOAHIIDwJziMls= X-Google-Smtp-Source: AGHT+IHY5FGqB1MS6tM5VBgblHUPJiGBCEDB0yMW+i4DBD6TVapuznm+n3XAy9sEeOq7UIFcrSqhaNuOKrqfUUp1W08= X-Received: by 2002:a50:9514:0:b0:579:e6d1:d38b with SMTP id 4fb4d7f45d1cf-57a17837d0bmr888746a12.2.1717060588376; Thu, 30 May 2024 02:16:28 -0700 (PDT) MIME-Version: 1.0 References: <20240530025144.1570865-1-zhaoyang.huang@unisoc.com> In-Reply-To: <20240530025144.1570865-1-zhaoyang.huang@unisoc.com> From: Chuanhua Han Date: Thu, 30 May 2024 17:16:16 +0800 Message-ID: Subject: Re: [PATCH] mm: fix incorrect vbq reference in purge_fragmented_block To: "zhaoyang.huang" Cc: Andrew Morton , Uladzislau Rezki , Christoph Hellwig , Lorenzo Stoakes , Baoquan He , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Zhaoyang Huang , steve.kang@unisoc.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: i53bha5eps88ph8xtwapwmy6dpdqeddr X-Rspamd-Queue-Id: 43DA9A000B X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1717060589-112284 X-HE-Meta: U2FsdGVkX181ZiSEpSVrZg1kpHadUajLMoNQ0iVpsBQdQ2QD7k/2rlIMMYjcW/Ljnb8TVedea2Sb+33y0qDvwQ7A7OMgeM0CNt/Ra3F9hh3qtljPQTX0ziPf4OfRrFK8NgL4nSYtimRE0IJe+aFQ8aB0Xz92PJzv33DNYzF86YYEuwsNgT4Pg3FCj/9/rSdsTZMsvl2zuSU02zzVc9xkcIJHFSj9TJLOyZmQleHE4tfgCixUzHMaCXSrD93U6s1VWbxPrB11ZIcbMYt1cQPN5qgXLpt5s7PezxwPc4t4Fs9jGPzD2n9x9sCcMHsrmPR9nOyV5CPVEwDNPHYgVk04zr5gjN2VDi2wel63jipNQZC9fcNwkDxZiygamUXjrF227VaUOTBJPP8ieDlWmH65j4hrJ1LHGp1EDoSCdqEjefG/YybnEuBkLu7wf5ZZvHlXzCfLWIbe3xhzTKhw5k+W6IcsfjIs7uyxZzfoPi9/LHt2CbxC7xj4QdHhnwMIo54zQvt8yLMrQfGSyiL9jEwr5aTEwLxToVj3JHcwnb15VDmQ6X56pj3TWYkYfyB0TFcERJWGuspfG9jYkV07eTo9qwmzW0E4/KlPbk1LtMbF/I8EsZkUHD2TlxnuzV6x6dKF0SMqQlac71rQeCBenrkfHiBz6okPK4CbZUrjWhs7w86TewcRygnoLGaR3epJz+Gx4GIDk+Dwn+XIR2g5RY0lIege0GJnfNR3uSUKSyj7iUrxiJ1+Wb7LWYwFgMGKsX0tqvLfQCE0r9BEtjNzh1FI3RX2QsxdvMY135d017Ww//ABHjQP/DUDyM6ju0szroCiZRWeb0j5uDT+fyIE/j8haO8M4kst2W3f0sDX+9Ssy0DHhwezySzyT7vhQ3y+kfxEFmvJVkFXkZ7ieBiWwC9RmZFsae8L1rWs/3V7+u745J+Z5j+DqbzYoukuzdr4Sp4wEFDASzEdv8/j+OdZ80Q g8yL03aR WnWghJduzUe9VA1F/gI4Pz2IsWe7PNMlHFTi8eLl42cDv7JaVC/wKxmelOzSvNYe60UfSG4M7O76Y9Lc915nlbGOEuuD9iJVTPWCFvY4bCtDs8J6AWtK6qiOTqP1dhEDOFcWYvq/L09fNEN4l9ZPMASRr3Ch1IkAK35DmXULBuKfHN3QzsQOF4jfSG6v3pElAifNyCtVS/JfzrH3KnVe36qCpCSGWkZCCUoY08IYoSvGUExQZxfaYnoeF7ir1fRVtUpbjEwWKsBikJK2CpYYyo88KlrfDC23SgbCLWO0VF84i94fOa/qMW8HEVZSpbPRYR8cOFbN4R8FU/DnGKVcrH9iT82jpYzaJBFP/0eDj1JmdS89mfRSgUk88nBd3xWL7mhTAc+LHUZImjqULWLU0OSkuEd5Ebot0CPSxWfMbAjvNLhFH7nonhnlOqTT3qPUnBMQ9814XBUYxSKY2+DiXZlGF6WIQTCWcihwwtqb1DMqdEwdXgOUaO/dOKA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: zhaoyang.huang =E4=BA=8E2024=E5=B9=B45=E6=9C=88= 30=E6=97=A5=E5=91=A8=E5=9B=9B 10:52=E5=86=99=E9=81=93=EF=BC=9A > > From: Zhaoyang Huang > > Broken vbq->free reported on a v6.6 based system which is caused > by invalid vbq->lock protect over vbq->free in purge_fragmented_block. > This should be introduced by the Fixes below which ignored vbq->lock > matter. > > Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized bl= ocks") > > Signed-off-by: Zhaoyang Huang > --- > mm/vmalloc.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index 22aa63f4ef63..112b50431725 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -2614,9 +2614,10 @@ static void free_vmap_block(struct vmap_block *vb) > } > > static bool purge_fragmented_block(struct vmap_block *vb, > - struct vmap_block_queue *vbq, struct list_head *purge_lis= t, > - bool force_purge) > + struct list_head *purge_list, bool force_purge) > { > + struct vmap_block_queue *vbq; > + > if (vb->free + vb->dirty !=3D VMAP_BBMAP_BITS || > vb->dirty =3D=3D VMAP_BBMAP_BITS) > return false; > @@ -2625,6 +2626,8 @@ static bool purge_fragmented_block(struct vmap_bloc= k *vb, > if (!(force_purge || vb->free < VMAP_PURGE_THRESHOLD)) > return false; > > + vbq =3D container_of(addr_to_vb_xa(vb->va->va_start), > + struct vmap_block_queue, vmap_blocks); This seems to be the same as before fix :), the vbq found by addr_to_vb_xa is still added to the xarray vbq, not necessarily to the free_list vbq, These two vbqs may not be the same, we need to find the vbq when added to free_list. For example: We add vb to vbq1's xarray and vbq2's free_list, and we need to find vbq2 instead of vbq1. So I feel like this place isn't really fixed=EF=BC=9F > /* prevent further allocs after releasing lock */ > WRITE_ONCE(vb->free, 0); > /* prevent purging it again */ > @@ -2664,7 +2667,7 @@ static void purge_fragmented_blocks(int cpu) > continue; > > spin_lock(&vb->lock); > - purge_fragmented_block(vb, vbq, &purge, true); > + purge_fragmented_block(vb, &purge, true); > spin_unlock(&vb->lock); > } > rcu_read_unlock(); > @@ -2801,7 +2804,7 @@ static void _vm_unmap_aliases(unsigned long start, = unsigned long end, int flush) > * not purgeable, check whether there is dirty > * space to be flushed. > */ > - if (!purge_fragmented_block(vb, vbq, &purge_list,= false) && > + if (!purge_fragmented_block(vb, &purge_list, fals= e) && > vb->dirty_max && vb->dirty !=3D VMAP_BBMAP_BI= TS) { > unsigned long va_start =3D vb->va->va_sta= rt; > unsigned long s, e; > -- > 2.25.1 > > --=20 Thanks, Chuanhua