From: "Sridhar, Kanchana P" <kanchana.p.sridhar@intel.com>
To: Yosry Ahmed <yosry.ahmed@linux.dev>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"hannes@cmpxchg.org" <hannes@cmpxchg.org>,
"nphamcs@gmail.com" <nphamcs@gmail.com>,
"chengming.zhou@linux.dev" <chengming.zhou@linux.dev>,
"usamaarif642@gmail.com" <usamaarif642@gmail.com>,
"ryan.roberts@arm.com" <ryan.roberts@arm.com>,
"21cnbao@gmail.com" <21cnbao@gmail.com>,
"ying.huang@linux.alibaba.com" <ying.huang@linux.alibaba.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"senozhatsky@chromium.org" <senozhatsky@chromium.org>,
"sj@kernel.org" <sj@kernel.org>,
"kasong@tencent.com" <kasong@tencent.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"davem@davemloft.net" <davem@davemloft.net>,
"clabbe@baylibre.com" <clabbe@baylibre.com>,
"ardb@kernel.org" <ardb@kernel.org>,
"ebiggers@google.com" <ebiggers@google.com>,
"surenb@google.com" <surenb@google.com>,
"Accardi, Kristen C" <kristen.c.accardi@intel.com>,
"Gomes, Vinicius" <vinicius.gomes@intel.com>,
"Feghali, Wajdi K" <wajdi.k.feghali@intel.com>,
"Gopal, Vinodh" <vinodh.gopal@intel.com>,
"Sridhar, Kanchana P" <kanchana.p.sridhar@intel.com>
Subject: RE: [PATCH v13 19/22] mm: zswap: Per-CPU acomp_ctx resources exist from pool creation to deletion.
Date: Fri, 12 Dec 2025 01:58:52 +0000 [thread overview]
Message-ID: <SJ2PR11MB847266BEA195A20A095AFA73C9AEA@SJ2PR11MB8472.namprd11.prod.outlook.com> (raw)
In-Reply-To: <bv3uk3kj47iiesreahlvregsmn6efndok6sueq5e3kr3vub554@nnivojdofmb6>
> -----Original Message-----
> From: Yosry Ahmed <yosry.ahmed@linux.dev>
> Sent: Thursday, December 11, 2025 5:06 PM
> To: Sridhar, Kanchana P <kanchana.p.sridhar@intel.com>
> Cc: linux-kernel@vger.kernel.org; linux-mm@kvack.org;
> hannes@cmpxchg.org; nphamcs@gmail.com; chengming.zhou@linux.dev;
> usamaarif642@gmail.com; ryan.roberts@arm.com; 21cnbao@gmail.com;
> ying.huang@linux.alibaba.com; akpm@linux-foundation.org;
> senozhatsky@chromium.org; sj@kernel.org; kasong@tencent.com; linux-
> crypto@vger.kernel.org; herbert@gondor.apana.org.au;
> davem@davemloft.net; clabbe@baylibre.com; ardb@kernel.org;
> ebiggers@google.com; surenb@google.com; Accardi, Kristen C
> <kristen.c.accardi@intel.com>; Gomes, Vinicius <vinicius.gomes@intel.com>;
> Feghali, Wajdi K <wajdi.k.feghali@intel.com>; Gopal, Vinodh
> <vinodh.gopal@intel.com>
> Subject: Re: [PATCH v13 19/22] mm: zswap: Per-CPU acomp_ctx resources
> exist from pool creation to deletion.
>
> On Fri, Dec 12, 2025 at 12:55:10AM +0000, Sridhar, Kanchana P wrote:
> >
> > > -----Original Message-----
> > > From: Yosry Ahmed <yosry.ahmed@linux.dev>
> > > Sent: Thursday, November 13, 2025 12:24 PM
> > > To: Sridhar, Kanchana P <kanchana.p.sridhar@intel.com>
> > > Cc: linux-kernel@vger.kernel.org; linux-mm@kvack.org;
> > > hannes@cmpxchg.org; nphamcs@gmail.com;
> chengming.zhou@linux.dev;
> > > usamaarif642@gmail.com; ryan.roberts@arm.com; 21cnbao@gmail.com;
> > > ying.huang@linux.alibaba.com; akpm@linux-foundation.org;
> > > senozhatsky@chromium.org; sj@kernel.org; kasong@tencent.com; linux-
> > > crypto@vger.kernel.org; herbert@gondor.apana.org.au;
> > > davem@davemloft.net; clabbe@baylibre.com; ardb@kernel.org;
> > > ebiggers@google.com; surenb@google.com; Accardi, Kristen C
> > > <kristen.c.accardi@intel.com>; Gomes, Vinicius
> <vinicius.gomes@intel.com>;
> > > Feghali, Wajdi K <wajdi.k.feghali@intel.com>; Gopal, Vinodh
> > > <vinodh.gopal@intel.com>
> > > Subject: Re: [PATCH v13 19/22] mm: zswap: Per-CPU acomp_ctx
> resources
> > > exist from pool creation to deletion.
> > >
> > > On Tue, Nov 04, 2025 at 01:12:32AM -0800, Kanchana P Sridhar wrote:
> > >
> > > The subject can be shortened to:
> > >
> > > "mm: zswap: Tie per-CPU acomp_ctx lifetime to the pool"
> > >
> > > > This patch simplifies the zswap_pool's per-CPU acomp_ctx resource
> > > > management. Similar to the per-CPU acomp_ctx itself, the per-CPU
> > > > acomp_ctx's resources' (acomp, req, buffer) lifetime will also be from
> > > > pool creation to pool deletion. These resources will persist through CPU
> > > > hotplug operations instead of being destroyed/recreated. The
> > > > zswap_cpu_comp_dead() teardown callback has been deleted from the
> call
> > > > to cpuhp_setup_state_multi(CPUHP_MM_ZSWP_POOL_PREPARE). As a
> > > result, CPU
> > > > offline hotplug operations will be no-ops as far as the acomp_ctx
> > > > resources are concerned.
> > >
> > > Currently, per-CPU acomp_ctx are allocated on pool creation and/or CPU
> > > hotplug, and destroyed on pool destruction or CPU hotunplug. This
> > > complicates the lifetime management to save memory while a CPU is
> > > offlined, which is not very common.
> > >
> > > Simplify lifetime management by allocating per-CPU acomp_ctx once on
> > > pool creation (or CPU hotplug for CPUs onlined later), and keeping them
> > > allocated until the pool is destroyed.
> > >
> > > >
> > > > This commit refactors the code from zswap_cpu_comp_dead() into a
> > > > new function acomp_ctx_dealloc() that is called to clean up acomp_ctx
> > > > resources from:
> > > >
> > > > 1) zswap_cpu_comp_prepare() when an error is encountered,
> > > > 2) zswap_pool_create() when an error is encountered, and
> > > > 3) from zswap_pool_destroy().
> > >
> > >
> > > Refactor cleanup code from zswap_cpu_comp_dead() into
> > > acomp_ctx_dealloc() to be used elsewhere.
> > >
> > > >
> > > > The main benefit of using the CPU hotplug multi state instance startup
> > > > callback to allocate the acomp_ctx resources is that it prevents the
> > > > cores from being offlined until the multi state instance addition call
> > > > returns.
> > > >
> > > > From Documentation/core-api/cpu_hotplug.rst:
> > > >
> > > > "The node list add/remove operations and the callback invocations are
> > > > serialized against CPU hotplug operations."
> > > >
> > > > Furthermore, zswap_[de]compress() cannot contend with
> > > > zswap_cpu_comp_prepare() because:
> > > >
> > > > - During pool creation/deletion, the pool is not in the zswap_pools
> > > > list.
> > > >
> > > > - During CPU hot[un]plug, the CPU is not yet online, as Yosry pointed
> > > > out. zswap_cpu_comp_prepare() will be run on a control CPU,
> > > > since CPUHP_MM_ZSWP_POOL_PREPARE is in the PREPARE section
> of
> > > "enum
> > > > cpuhp_state". Thanks Yosry for sharing this observation!
> > > >
> > > > In both these cases, any recursions into zswap reclaim from
> > > > zswap_cpu_comp_prepare() will be handled by the old pool.
> > > >
> > > > The above two observations enable the following simplifications:
> > > >
> > > > 1) zswap_cpu_comp_prepare(): CPU cannot be offlined. Reclaim cannot
> > > use
> > > > the pool. Considerations for mutex init/locking and handling
> > > > subsequent CPU hotplug online-offline-online:
> > > >
> > > > Should we lock the mutex of current CPU's acomp_ctx from start to
> > > > end? It doesn't seem like this is required. The CPU hotplug
> > > > operations acquire a "cpuhp_state_mutex" before proceeding, hence
> > > > they are serialized against CPU hotplug operations.
> > > >
> > > > If the process gets migrated while zswap_cpu_comp_prepare() is
> > > > running, it will complete on the new CPU. In case of failures, we
> > > > pass the acomp_ctx pointer obtained at the start of
> > > > zswap_cpu_comp_prepare() to acomp_ctx_dealloc(), which again, can
> > > > only undergo migration. There appear to be no contention scenarios
> > > > that might cause inconsistent values of acomp_ctx's members. Hence,
> > > > it seems there is no need for mutex_lock(&acomp_ctx->mutex) in
> > > > zswap_cpu_comp_prepare().
> > > >
> > > > Since the pool is not yet on zswap_pools list, we don't need to
> > > > initialize the per-CPU acomp_ctx mutex in zswap_pool_create(). This
> > > > has been restored to occur in zswap_cpu_comp_prepare().
> > > >
> > > > zswap_cpu_comp_prepare() checks upfront if acomp_ctx->acomp is
> > > > valid. If so, it returns success. This should handle any CPU
> > > > hotplug online-offline transitions after pool creation is done.
> > > >
> > > > 2) CPU offline vis-a-vis zswap ops: Let's suppose the process is
> > > > migrated to another CPU before the current CPU is dysfunctional. If
> > > > zswap_[de]compress() holds the acomp_ctx->mutex lock of the
> offlined
> > > > CPU, that mutex will be released once it completes on the new
> > > > CPU. Since there is no teardown callback, there is no possibility of
> > > > UAF.
> > > >
> > > > 3) Pool creation/deletion and process migration to another CPU:
> > > >
> > > > - During pool creation/deletion, the pool is not in the zswap_pools
> > > > list. Hence it cannot contend with zswap ops on that CPU. However,
> > > > the process can get migrated.
> > > >
> > > > Pool creation --> zswap_cpu_comp_prepare()
> > > > --> process migrated:
> > > > * CPU offline: no-op.
> > > > * zswap_cpu_comp_prepare() continues
> > > > to run on the new CPU to finish
> > > > allocating acomp_ctx resources for
> > > > the offlined CPU.
> > > >
> > > > Pool deletion --> acomp_ctx_dealloc()
> > > > --> process migrated:
> > > > * CPU offline: no-op.
> > > > * acomp_ctx_dealloc() continues
> > > > to run on the new CPU to finish
> > > > de-allocating acomp_ctx resources
> > > > for the offlined CPU.
> > > >
> > > > 4) Pool deletion vis-a-vis CPU onlining:
> > > > The call to cpuhp_state_remove_instance() cannot race with
> > > > zswap_cpu_comp_prepare() because of hotplug synchronization.
> > > >
> > > > This patch deletes acomp_ctx_get_cpu_lock()/acomp_ctx_put_unlock().
> > > > Instead, zswap_[de]compress() directly call
> > > > mutex_[un]lock(&acomp_ctx->mutex).
> > >
> > > I am not sure why all of this is needed. We should just describe why
> > > it's safe to drop holding the mutex while initializing per-CPU
> > > acomp_ctx:
> > >
> > > It is no longer possible for CPU hotplug to race against allocation or
> > > usage of per-CPU acomp_ctx, as they are only allocated once before the
> > > pool can be used, and remain allocated as long as the pool is used.
> > > Hence, stop holding the lock during acomp_ctx initialization, and drop
> > > acomp_ctx_get_cpu_lock()//acomp_ctx_put_unlock().
> >
> > Hi Yosry,
> >
> > Thanks for these comments. IIRC, there was quite a bit of technical
> > discussion analyzing various what-ifs, that we were able to answer
> > adequately. The above is a nice summary of the outcome, however,
> > I think it would help the next time this topic is re-visited to have a log
> > of the "why" and how races/UAF scenarios are being considered and
> > addressed by the solution. Does this sound Ok?
>
> How about using the summarized version in the commit log and linking to
> the thread with the discussion?
Seems like capturing just enough detail of the threads involving the
discussions, in this commit log would be valuable. As against reading long
email threads with indentations, as the sole resource to provide context?
next prev parent reply other threads:[~2025-12-12 1:59 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-04 9:12 [PATCH v13 00/22] zswap compression batching with optimized iaa_crypto driver Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 01/22] crypto: iaa - Reorganize the iaa_crypto driver code Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 02/22] crypto: iaa - New architecture for IAA device WQ comp/decomp usage & core mapping Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 03/22] crypto: iaa - Simplify, consistency of function parameters, minor stats bug fix Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 04/22] crypto: iaa - Descriptor allocation timeouts with mitigations Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 05/22] crypto: iaa - iaa_wq uses percpu_refs for get/put reference counting Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 06/22] crypto: iaa - Simplify the code flow in iaa_compress() and iaa_decompress() Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 07/22] crypto: iaa - Refactor hardware descriptor setup into separate procedures Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 08/22] crypto: iaa - Simplified, efficient job submissions for non-irq mode Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 09/22] crypto: iaa - Deprecate exporting add/remove IAA compression modes Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 10/22] crypto: iaa - Expect a single scatterlist for a [de]compress request's src/dst Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 11/22] crypto: iaa - Rearchitect iaa_crypto to have clean interfaces with crypto_acomp Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 12/22] crypto: acomp - Define a unit_size in struct acomp_req to enable batching Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 13/22] crypto: iaa - IAA Batching for parallel compressions/decompressions Kanchana P Sridhar
2025-11-14 9:59 ` Herbert Xu
2025-11-16 18:53 ` Sridhar, Kanchana P
2025-11-17 3:12 ` Herbert Xu
2025-11-17 5:47 ` Sridhar, Kanchana P
2025-11-04 9:12 ` [PATCH v13 14/22] crypto: iaa - Enable async mode and make it the default Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 15/22] crypto: iaa - Disable iaa_verify_compress by default Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 16/22] crypto: iaa - Submit the two largest source buffers first in decompress batching Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 17/22] crypto: iaa - Add deflate-iaa-dynamic compression mode Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 18/22] crypto: acomp - Add crypto_acomp_batch_size() to get an algorithm's batch-size Kanchana P Sridhar
2025-11-04 9:12 ` [PATCH v13 19/22] mm: zswap: Per-CPU acomp_ctx resources exist from pool creation to deletion Kanchana P Sridhar
2025-11-13 20:24 ` Yosry Ahmed
2025-12-12 0:55 ` Sridhar, Kanchana P
2025-12-12 1:06 ` Yosry Ahmed
2025-12-12 1:58 ` Sridhar, Kanchana P [this message]
2025-12-12 2:47 ` Yosry Ahmed
2025-12-12 4:32 ` Sridhar, Kanchana P
2025-12-12 18:17 ` Sridhar, Kanchana P
2025-12-12 18:43 ` Yosry Ahmed
2025-12-12 20:53 ` Sridhar, Kanchana P
2025-12-12 22:25 ` Yosry Ahmed
2025-12-13 19:53 ` Sridhar, Kanchana P
2025-11-04 9:12 ` [PATCH v13 20/22] mm: zswap: Consistently use IS_ERR_OR_NULL() to check acomp_ctx resources Kanchana P Sridhar
2025-11-13 20:25 ` Yosry Ahmed
2025-12-12 1:07 ` Sridhar, Kanchana P
2025-11-04 9:12 ` [PATCH v13 21/22] mm: zswap: zswap_store() will process a large folio in batches Kanchana P Sridhar
2025-11-06 17:45 ` Nhat Pham
2025-11-07 2:28 ` Sridhar, Kanchana P
2025-11-13 20:52 ` Yosry Ahmed
2025-11-13 20:51 ` Yosry Ahmed
2025-12-12 1:43 ` Sridhar, Kanchana P
2025-12-12 4:40 ` Yosry Ahmed
2025-12-12 18:03 ` Sridhar, Kanchana P
2025-11-04 9:12 ` [PATCH v13 22/22] mm: zswap: Batched zswap_compress() with compress batching of large folios Kanchana P Sridhar
2025-11-13 21:34 ` Yosry Ahmed
2025-11-13 23:55 ` Sridhar, Kanchana P
2025-11-14 0:46 ` Yosry Ahmed
2025-12-19 2:29 ` Sridhar, Kanchana P
2025-12-19 15:26 ` Yosry Ahmed
2025-12-19 19:03 ` Sridhar, Kanchana P
2025-11-14 5:52 ` Yosry Ahmed
2025-11-14 6:43 ` Sridhar, Kanchana P
2025-11-14 15:37 ` Yosry Ahmed
2025-11-14 19:23 ` Sridhar, Kanchana P
2025-11-14 19:44 ` Yosry Ahmed
2025-11-14 19:59 ` Sridhar, Kanchana P
2025-11-14 20:49 ` Yosry Ahmed
2025-11-26 5:46 ` Herbert Xu
2025-11-26 6:34 ` Yosry Ahmed
2025-11-26 20:05 ` Sridhar, Kanchana P
2025-12-08 3:23 ` Herbert Xu
2025-12-08 4:17 ` Sridhar, Kanchana P
2025-12-08 4:24 ` Herbert Xu
2025-12-08 4:33 ` Sridhar, Kanchana P
2025-12-09 1:15 ` Yosry Ahmed
2025-12-09 2:32 ` Herbert Xu
2025-12-09 16:55 ` Yosry Ahmed
2025-12-09 17:21 ` Sridhar, Kanchana P
2025-12-09 17:31 ` Yosry Ahmed
2025-12-09 19:38 ` Sridhar, Kanchana P
2025-12-10 16:01 ` Yosry Ahmed
2025-12-10 18:47 ` Sridhar, Kanchana P
2025-12-10 4:28 ` Herbert Xu
2025-12-10 5:36 ` Sridhar, Kanchana P
2025-12-10 15:53 ` Yosry Ahmed
2025-11-13 18:14 ` [PATCH v13 00/22] zswap compression batching with optimized iaa_crypto driver Sridhar, Kanchana P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SJ2PR11MB847266BEA195A20A095AFA73C9AEA@SJ2PR11MB8472.namprd11.prod.outlook.com \
--to=kanchana.p.sridhar@intel.com \
--cc=21cnbao@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=chengming.zhou@linux.dev \
--cc=clabbe@baylibre.com \
--cc=davem@davemloft.net \
--cc=ebiggers@google.com \
--cc=hannes@cmpxchg.org \
--cc=herbert@gondor.apana.org.au \
--cc=kasong@tencent.com \
--cc=kristen.c.accardi@intel.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nphamcs@gmail.com \
--cc=ryan.roberts@arm.com \
--cc=senozhatsky@chromium.org \
--cc=sj@kernel.org \
--cc=surenb@google.com \
--cc=usamaarif642@gmail.com \
--cc=vinicius.gomes@intel.com \
--cc=vinodh.gopal@intel.com \
--cc=wajdi.k.feghali@intel.com \
--cc=ying.huang@linux.alibaba.com \
--cc=yosry.ahmed@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox