From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B241C25B74 for ; Thu, 30 May 2024 09:46:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C3C156B0083; Thu, 30 May 2024 05:46:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BEC696B0095; Thu, 30 May 2024 05:46:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AB3806B0096; Thu, 30 May 2024 05:46:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 8CC606B0083 for ; Thu, 30 May 2024 05:46:17 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 32163A0ECA for ; Thu, 30 May 2024 09:46:17 +0000 (UTC) X-FDA: 82174581594.05.6C2E2E1 Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) by imf20.hostedemail.com (Postfix) with ESMTP id 530BB1C0019 for ; Thu, 30 May 2024 09:46:15 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Vvdj1rMI; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf20.hostedemail.com: domain of chuanhuahan@gmail.com designates 209.85.208.42 as permitted sender) smtp.mailfrom=chuanhuahan@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1717062375; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=2qGGE11+jWCidkU+JhPI7sjHvslJ/hX9g6PtMtW7PGQ=; b=5ZoAx7Xs7JYMUyR8zZd1WeLC1pveW/j4oae2G1v90zZ8tw9+0FeV7gfoakopcmfSrzro4f IFdurd/qeophPZTHmXNr1HpwaFiYMzgrr2Jm2emSy3BtHY2G8j1LontGDwZpWsPXfW5Nz5 W5/gQIm2r8wVQ2HAZsQyoCalI4dB13s= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Vvdj1rMI; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf20.hostedemail.com: domain of chuanhuahan@gmail.com designates 209.85.208.42 as permitted sender) smtp.mailfrom=chuanhuahan@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1717062375; a=rsa-sha256; cv=none; b=jyrQsgyi/Ly+GVufRTmOSOlxag+V1a4WcE0z121XR+YNEz/o5J1UlkNjIu92NBplKB9R7T G30O/btxq4e6w4FeBE4PaANoEVm2bNjQRqFwgPDIPWt7Y+YV8TMZ+3+EVSPLl0p6QkMTT+ mmRwwtI2huwVZgkAK2L7h8KpmcW6dnk= Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-57a1fe639a5so442304a12.1 for ; Thu, 30 May 2024 02:46:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717062374; x=1717667174; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=2qGGE11+jWCidkU+JhPI7sjHvslJ/hX9g6PtMtW7PGQ=; b=Vvdj1rMIMDBp4sbmASQGB3Xy/99Z3jSX6pR/SjuLXTMNMZK89HZbiVd+XvXn2uK9QX LzSufDywFIgd9++PjnB0+7kX0BCFPv8L2/A9s9GBaM4hr+XujBtlHm/+SOPruAG12hye VdCDPWNuhyiPRa67wLZUb3BCMACXULfucMXlL3Uej4xffxt+HrfvYBqiFtOG52m+4FMY rjiJ8iovBpzwEYFfyHKIYewtTEh5Rs46yttE6jQVIdUjrY8HIuoj2Ejsvo0Io+jvQkXg POtkCANkmHuhZqe6TSfJkqDsl0xM6Aqe80HPnLgRjRgaU0u8QrM6ruLM6GEfLWB8hrFA W2lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717062374; x=1717667174; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2qGGE11+jWCidkU+JhPI7sjHvslJ/hX9g6PtMtW7PGQ=; b=ggQHueQxJLtdA4TgxdGgK8BKOFek0BmeDpFmdnw/rewHJzm0nFw7ayyULraf8mODEN Sgplnmhf/LL0UTJ3na6vYiO91D6FUod2M9OWXAgOubDbLNBxIyP5g9At8/+0QjD81VdD u/CTTof9WAHnzdLBEuHuh/dOfPYnVsO+7Px//wAv+kb2HpIC75o8USbqEqywel4ncxHT /aDFS8OPX2BpfINDUL3TnQBDwTD/RtMDcfofMKGPIW/dFHN7j6RtOMCk0VczS3uLTuKQ +UVfz8Jku985GPLLZ7/K0/JROh0leFRkDgDmf0P3f25jtyXwhkeo3asO/gXTtJOpBkkG peQw== X-Forwarded-Encrypted: i=1; AJvYcCXcTxmZJ1Q3QEUahHCQLkxRkCU/tLdVB7nwnYclChnPa4aTRzn9ae++mfNXSm/1VXFwFm0mGujYz/ihdzrWYXkJVgM= X-Gm-Message-State: AOJu0YxIsxbS/YQuo0zL7Pfm59ql84azHlWy49tQEe7UvkjNA/wc839h xseDNEjHjJ7UZpP8EJeVjXKDvxJvS9FDWhyxbr94OYUqp85ZXdmf4nbQr+XA4wKi7GGYYdwNGTP Oj56ig6ssGCaSzCGN4cXoEkFB/So= X-Google-Smtp-Source: AGHT+IHfW4iIJfZWncmG4l87GYMVJordClmrKqso5ENCApfTl6oezuCgix0L2rNJURtLFqoZZkvAr4muXcDmnZY6SQo= X-Received: by 2002:a50:ccd7:0:b0:578:67e9:a46e with SMTP id 4fb4d7f45d1cf-57a1795316bmr957835a12.32.1717062373580; Thu, 30 May 2024 02:46:13 -0700 (PDT) MIME-Version: 1.0 References: <20240530025144.1570865-1-zhaoyang.huang@unisoc.com> In-Reply-To: From: Chuanhua Han Date: Thu, 30 May 2024 17:46:01 +0800 Message-ID: Subject: Re: [PATCH] mm: fix incorrect vbq reference in purge_fragmented_block To: Zhaoyang Huang Cc: "zhaoyang.huang" , Andrew Morton , Uladzislau Rezki , Christoph Hellwig , Lorenzo Stoakes , Baoquan He , linux-mm@kvack.org, linux-kernel@vger.kernel.org, steve.kang@unisoc.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 530BB1C0019 X-Stat-Signature: e976zpnjg4c3ih4b95x59y46b1yhdceg X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1717062375-426783 X-HE-Meta: U2FsdGVkX18KEGwamtfv/zSg+o6tH5mIpRv8L+8oyFQnJNqdwDAV0TvY42WdpIZqILMXwadF9feC05ZXIvVDvA39G8ON2x0XQMWvOfDG2k6PGcbSiq5931BJrD/ArUZkYCyXzxZz30Qvk6O6EHoivtqX7gFSm8DOzVhhPp6/vRZRJgznDD9D3VXTgsNc7eHJOWHOLfBKXzfjaN0xui0ByXPBInRfi0rlSJEMGcgE3VdBYhl2OX4s+3mbq6No8CrtD8zvfjhHbxAchoEs6jwRm3NbUnNp1OAGH0dzb6gbi2muoOOGtu1vaT9MPBTIazJTed9ppo7cFwsuM8kmzNDhmecSfaejEpkWKlfjoq9rVhvmOUVQQNOxfHzwlk2CQkqIhQuhQJZX469Zx6wfjsqRFDdKckm0MGGKDGkTK7WKBhodMtYCrTYTo69Mf2H3vdS4m4ZRaZ0kbrIPf0CNY7uDOa8P+WpMphqYmUVZ99fgxLGrTybFpBTwo7N13iBEcpyDEa/OyJoBCAVBrr3q3rLOu8Zw2DDPVRl9joFcCIfH3g2uBKgXXTHphgrsqVHpfuzkaO7s2WNoRaxOPnoVt8+SDm+Tf8633uweo66ug5P61PtqqyrPqP1jLney5FLjlX/gmyHnl+TkNwxpPTRlf6EkN8IOgIhqdDSo7+P4muyC54dLAqhK1SiC42Vlzu7pyzMaNHKn1onzjrsZFf/b4AtQgeLD9ViftIEue1dZxEbFwCkG1luAtPMAC+gLOste+voAO315jqi3HsyeinSNLPqvHGrKwNir1xBO/CB2cjl9IDnhY5ZjHJ0cqclR9UC/McV7s2QL2QOTF1JmVqrcOQ54KMYFDBUtF02rPk8ZJTjy3NjBvItKP69dhs61aaE2UX1qKuN/BJfkqC60JkMsDZVFZEnkd+p2dSQPFkzbDfwi/13/b/d8Zf6FFK/CrVkZ8V4+bnZckCBaIbg1Tnsi29x kTStsbgy a0SxBcD3GNPo0gW47AGzaTxs3PcI9gq+i6rXlGd+B3mjvyNBEGuQGdepf/PH3gj/ljxFWWNO7PVsSXUF8uI98bcFxYpLotPNHr59HSAr4LYX2R+Tsk1g/hzrzZ2oDlnMK/GA5qXG+7TuelOOVgaqx4EYz8wJUsu9/qKvmbgTSwl1y4pSJo6yBYrgLq5dYA4On1AxMDalyftnntmg4edGkOvkNcCAPrl0kZMlse9F19kdEPINHd5D49IvBIb8wKNLcFLbomiG4SXV/XTF38Oa5RZ6dSlXVikJGaeR7yV9z8NXYpb0WSEp26sKJeu8Fp2yQ52FpcMn+RyzF7LwdwnbL6EYyQjgmnJbN5kr7UVdLWRbo7v1Ezxk5322pkynSr8dMlhERNMOWpoQGZeU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Zhaoyang Huang =E4=BA=8E2024=E5=B9=B45=E6=9C=8830= =E6=97=A5=E5=91=A8=E5=9B=9B 17:25=E5=86=99=E9=81=93=EF=BC=9A > > On Thu, May 30, 2024 at 5:16=E2=80=AFPM Chuanhua Han wrote: > > > > zhaoyang.huang =E4=BA=8E2024=E5=B9=B45=E6= =9C=8830=E6=97=A5=E5=91=A8=E5=9B=9B 10:52=E5=86=99=E9=81=93=EF=BC=9A > > > > > > From: Zhaoyang Huang > > > > > > Broken vbq->free reported on a v6.6 based system which is caused > > > by invalid vbq->lock protect over vbq->free in purge_fragmented_block= . > > > This should be introduced by the Fixes below which ignored vbq->lock > > > matter. > > > > > > Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilize= d blocks") > > > > > > Signed-off-by: Zhaoyang Huang > > > --- > > > mm/vmalloc.c | 11 +++++++---- > > > 1 file changed, 7 insertions(+), 4 deletions(-) > > > > > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > > > index 22aa63f4ef63..112b50431725 100644 > > > --- a/mm/vmalloc.c > > > +++ b/mm/vmalloc.c > > > @@ -2614,9 +2614,10 @@ static void free_vmap_block(struct vmap_block = *vb) > > > } > > > > > > static bool purge_fragmented_block(struct vmap_block *vb, > > > - struct vmap_block_queue *vbq, struct list_head *purge= _list, > > > - bool force_purge) > > > + struct list_head *purge_list, bool force_purge) > > > { > > > + struct vmap_block_queue *vbq; > > > + > > > if (vb->free + vb->dirty !=3D VMAP_BBMAP_BITS || > > > vb->dirty =3D=3D VMAP_BBMAP_BITS) > > > return false; > > > @@ -2625,6 +2626,8 @@ static bool purge_fragmented_block(struct vmap_= block *vb, > > > if (!(force_purge || vb->free < VMAP_PURGE_THRESHOLD)) > > > return false; > > > > > > + vbq =3D container_of(addr_to_vb_xa(vb->va->va_start), > > > + struct vmap_block_queue, vmap_blocks); > > This seems to be the same as before fix :), the vbq found by > > addr_to_vb_xa is still added to the xarray vbq, not necessarily to the > > free_list vbq, > Yes, my fault. Should we expand the vmap_block_queue by introducing a > cpu_id which I actually do in my local regression. You may need to embed a cpu_id in vb, and then use cpu_id to get the vbq where the free_list is located > > > These two vbqs may not be the same, we need to find the vbq when added > > to free_list. > > > > For example: > > We add vb to vbq1's xarray and vbq2's free_list, and we need to find > > vbq2 instead of vbq1. > > So I feel like this place isn't really fixed=EF=BC=9F > > > /* prevent further allocs after releasing lock */ > > > WRITE_ONCE(vb->free, 0); > > > /* prevent purging it again */ > > > @@ -2664,7 +2667,7 @@ static void purge_fragmented_blocks(int cpu) > > > continue; > > > > > > spin_lock(&vb->lock); > > > - purge_fragmented_block(vb, vbq, &purge, true); > > > + purge_fragmented_block(vb, &purge, true); > > > spin_unlock(&vb->lock); > > > } > > > rcu_read_unlock(); > > > @@ -2801,7 +2804,7 @@ static void _vm_unmap_aliases(unsigned long sta= rt, unsigned long end, int flush) > > > * not purgeable, check whether there is dirt= y > > > * space to be flushed. > > > */ > > > - if (!purge_fragmented_block(vb, vbq, &purge_l= ist, false) && > > > + if (!purge_fragmented_block(vb, &purge_list, = false) && > > > vb->dirty_max && vb->dirty !=3D VMAP_BBMA= P_BITS) { > > > unsigned long va_start =3D vb->va->va= _start; > > > unsigned long s, e; > > > -- > > > 2.25.1 > > > > > > > > > > > > -- > > Thanks, > > Chuanhua --=20 Thanks, Chuanhua