From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DD124C433EF
	for <linux-mm@archiver.kernel.org>; Tue,  4 Jan 2022 11:46:33 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 5E5BB6B0071; Tue,  4 Jan 2022 06:46:33 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 595E76B0072; Tue,  4 Jan 2022 06:46:33 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 484516B0073; Tue,  4 Jan 2022 06:46:33 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0189.hostedemail.com [216.40.44.189])
	by kanga.kvack.org (Postfix) with ESMTP id 394046B0071
	for <linux-mm@kvack.org>; Tue,  4 Jan 2022 06:46:33 -0500 (EST)
Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id D24A38249980
	for <linux-mm@kvack.org>; Tue,  4 Jan 2022 11:46:32 +0000 (UTC)
X-FDA: 78992427024.28.AA79E4E
Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123])
	by imf16.hostedemail.com (Postfix) with ESMTP id 571CC180004
	for <linux-mm@kvack.org>; Tue,  4 Jan 2022 11:46:32 +0000 (UTC)
Received: from mail-pj1-f69.google.com (mail-pj1-f69.google.com [209.85.216.69])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 63B893F1BA
	for <linux-mm@kvack.org>; Tue,  4 Jan 2022 11:46:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1641296790;
	bh=JY7Ra2cchiTcCQg+DROtjoU0ny4nqnEUeEw1mO9P5Dc=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type;
	b=nnVjdUZBDa3jJ5rlpt4oyTizF+akpiMJjgEsTDr+lZxhZhGae9BhsfTAVvYQhzCGM
	 YnEUoSsk5yqXvIWT04fkgDkaZS9GM/MwVfSYmDj8ZUY5D9aX42V/2hKY9CNniN8v2f
	 eV4k8AinkHbizoVnoWGZZBW0dzsK793ssVzUiFcTLP2W2+UcpjFKDfax+lMTcdxQry
	 PpuGlDvbaOjw78kawOQncfZ+cSf5gMVM2Y+ADguVNfe5vCgTIpOMMJB3pp8ZwhvZ3t
	 cJ0r/N1Ew4+pqvC4U77jq2kSBogBjmM3OQNPGx/UKEBzm1tPo/hUOmRw/v06vxPsSw
	 k66N8fgXd3a2Q==
Received: by mail-pj1-f69.google.com with SMTP id b4-20020a17090a6e0400b001b179d36a57so29086951pjk.6
        for <linux-mm@kvack.org>; Tue, 04 Jan 2022 03:46:30 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=JY7Ra2cchiTcCQg+DROtjoU0ny4nqnEUeEw1mO9P5Dc=;
        b=hou0qhWzIQTNiT8nfO/dVTUfZ9PQO8XrmXl0gAdLMBPLzswPDDImboKr4eB3uyPwOl
         ecmiFbcoQEatDiomJrWd+p6eu9a0hbYMFxgmC/Sb8KwQocT0j5bLCUFbtgvvTPkSS8+p
         kCf5lbfzUheJkeMjaXyBhwdnHXzsAFSUTn5Q5u2A9pUIBMJigzYrqlFh1w2YCyNx1LGm
         sVaOfyMXMWa/JFCoE8t8q/B9wmhu/O2mgfR4mm+mI8aSVk4Kdk85dZe+UVXZaWvngFRQ
         HK3uN9vLmf7zLEzampbt86mu63kYmMvDQfdE4oGhfW7hNQRtjDTSHdJmemztw4xSnX5V
         aAwg==
X-Gm-Message-State: AOAM532uLM3WnI3hKsqXqZWPwephbtVW0ml7D5+ilYfOiRFhZNiP1uWo
	8ky9qDplP52akh5Cptwx/zicwrpppQW9xxvWbmMNYUnTEfDwlUgvbQwrK6W72gtR0l2pJ3OGfrb
	cvaVIjpXsebPhoQsHEvsnKj8lQGJoXr5JmHqIlguixNsZ
X-Received: by 2002:a17:902:dac7:b0:148:ea85:af4d with SMTP id q7-20020a170902dac700b00148ea85af4dmr48734219plx.131.1641296789077;
        Tue, 04 Jan 2022 03:46:29 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwMafOx3J2N+vnirg/RUlbh9VxvnjrvO/7mYaSFQHtIuDWATbA8Hi1oXl+pthEwcCKllJGQrdkzLfD/NlRm1gg=
X-Received: by 2002:a17:902:dac7:b0:148:ea85:af4d with SMTP id
 q7-20020a170902dac700b00148ea85af4dmr48734197plx.131.1641296788754; Tue, 04
 Jan 2022 03:46:28 -0800 (PST)
MIME-Version: 1.0
References: <20211211022115.1547617-1-mfo@canonical.com> <YbuCvo12yVHiZgRE@google.com>
In-Reply-To: <YbuCvo12yVHiZgRE@google.com>
From: Mauricio Faria de Oliveira <mfo@canonical.com>
Date: Tue, 4 Jan 2022 08:46:17 -0300
Message-ID: <CAO9xwp32+izoL54iCWRMGttL_T9yJKcyDyqwqxoDBx8Z7d_ZKg@mail.gmail.com>
Subject: Re: [PATCH] mm: fix race between MADV_FREE reclaim and blkdev direct
 IO read
To: Minchan Kim <minchan@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org, 
	linux-block@vger.kernel.org, Huang Ying <ying.huang@intel.com>, 
	Miaohe Lin <linmiaohe@huawei.com>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: 571CC180004
X-Stat-Signature: 3apioa65apc9te49kprdcb3je4iy84c3
Authentication-Results: imf16.hostedemail.com;
	dkim=pass header.d=canonical.com header.s=20210705 header.b=nnVjdUZB;
	spf=pass (imf16.hostedemail.com: domain of mauricio.oliveira@canonical.com designates 185.125.188.123 as permitted sender) smtp.mailfrom=mauricio.oliveira@canonical.com;
	dmarc=pass (policy=none) header.from=canonical.com
X-HE-Tag: 1641296792-267132
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, Dec 16, 2021 at 3:17 PM Minchan Kim <minchan@kernel.org> wrote:
...
> Hi Mauricio,
>
> Thanks for catching the bug. There is some comment before I would
> look the problem in more detail. Please see below.
>

Hey! Thanks for looking into this. Sorry for the delay; I've been out
a few weeks.

> > diff --git a/mm/rmap.c b/mm/rmap.c
> > index 163ac4e6bcee..f04151aae03b 100644
> > --- a/mm/rmap.c
> > +++ b/mm/rmap.c
> > @@ -1570,7 +1570,18 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
> >
> >                       /* MADV_FREE page check */
> >                       if (!PageSwapBacked(page)) {
> > -                             if (!PageDirty(page)) {
> > +                             int refcount = page_ref_count(page);
> > +
> > +                             /*
> > +                              * The only page refs must be from the isolation
> > +                              * (checked by the caller shrink_page_list() too)
> > +                              * and the (single) rmap (dropped by discard:).
> > +                              *
> > +                              * Check the reference count before dirty flag
> > +                              * with memory barrier; see __remove_mapping().
> > +                              */
> > +                             smp_rmb();
> > +                             if (refcount == 2 && !PageDirty(page)) {
>
> A madv_free marked page could be mapped at several processes so
> it wouldn't be refcount two all the time, I think.
> Shouldn't we check it with page_mapcount with page_refcount?
>
>     page_ref_count(page) - 1  > page_mapcount(page)
>

It's the other way around, isn't it? The madvise(MADV_FREE) call only clears
the page dirty flag if page_mapcount() == 1 (ie not mapped by more processes).

@ madvise_free_pte_range()

                        /*
                         * If page is shared with others, we couldn't clear
                         * PG_dirty of the page.
                         */
                        if (page_mapcount(page) != 1) {
                                unlock_page(page);
                                continue;
                        }
...
                        ClearPageDirty(page);
                        unlock_page(page);


If that's right, the refcount of 2 should be OK (one from the isolation,
another one from the single map/one process.)

Does that make sense?  I might be missing something.

Thanks!

-- 
Mauricio Faria de Oliveira