From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8476DC433F5 for ; Wed, 29 Sep 2021 19:57:11 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E9CB461501 for ; Wed, 29 Sep 2021 19:57:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E9CB461501 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 206E7940053; Wed, 29 Sep 2021 15:57:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1B45094003A; Wed, 29 Sep 2021 15:57:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0A331940053; Wed, 29 Sep 2021 15:57:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0144.hostedemail.com [216.40.44.144]) by kanga.kvack.org (Postfix) with ESMTP id F20DD94003A for ; Wed, 29 Sep 2021 15:57:09 -0400 (EDT) Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id AB76F183EE7B2 for ; Wed, 29 Sep 2021 19:57:09 +0000 (UTC) X-FDA: 78641669778.29.4CCAB4C Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by imf03.hostedemail.com (Postfix) with ESMTP id 4D29B3003989 for ; Wed, 29 Sep 2021 19:57:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632945428; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=F/mRV2BU5QTwC845iW+b0/O9sITOnOIq+B1wAWtu908=; b=Ejt6nWvLp5TRMO3WHvcsUV85m/mzY8SrDGo0DBrVWAjaJor5lu1YbrvpeHHiUeZFOfhCNm Ko8dyXv8VmdkYk1/c5WSR6HAY503wx/nw+yVh8oOY5JIMF0bstrRU2lQVTS8tfTbCGtruZ NjAHiee7nl+xXX5PQaz7nJVE5H9DaC4= Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-117-sb94WEYEO-mO9taXKtPWCg-1; Wed, 29 Sep 2021 15:57:07 -0400 X-MC-Unique: sb94WEYEO-mO9taXKtPWCg-1 Received: by mail-qt1-f197.google.com with SMTP id q24-20020ac84118000000b002a6d14f21e9so9665063qtl.9 for ; Wed, 29 Sep 2021 12:57:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=F/mRV2BU5QTwC845iW+b0/O9sITOnOIq+B1wAWtu908=; b=TB0H2hc8R34CybN6tp36hj24OHoIhZIBSg+x4USekt9mlmxvOpkSZJcUjDMD/TgkWr RUb6aFV9K/O2Ds6GeN0zQo6u3F7FlRUFCFlug70I0VILLkdfZ1GPT0/Qo8VYbvRncDI5 5emEDy7pWCPZUyWqd5pyIyKSXr3yuMsIausR7VJRcMqiK8aXy3iLpCE7/zrmSNVQV4bh RFCSOS6FGBhPgBo7RsEWyv9347oBcmxs4Bgn/pHOTLt6sGgjfToe31+qUCxq/wahp6Yz R4bzH4mgTJfQHL22DaJNE2BCXF417TJYPucOIWInr44rO33jv6QAq/kYWDezO52jxuQX wNNA== X-Gm-Message-State: AOAM530xTNUAv3NsgBdNE3w5LgKGiV+s6uVeyWR6h6jnVnqebudWE2tF abHH5T/0K2mQnERGAQm6HNlhm4iCyJvQHrlUjGhOyf2XATj0NOLQU2L2U3D3zumYh9daDa72w2q Pv69jL6/LbA9bxUJsLTTG0Wlra97vNZ2oz2m3aTitNVzUqpDIdDI2FFDoI53C X-Received: by 2002:a05:6214:5a1:: with SMTP id by1mr304451qvb.42.1632945426889; Wed, 29 Sep 2021 12:57:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz4EMPSxAsQhxp4ckwkRsDCxXTli6qsP/aqfyUkucxUhvPVWZN7778U5Kgz64v3D9/xhEI21w== X-Received: by 2002:a05:6214:5a1:: with SMTP id by1mr304429qvb.42.1632945426592; Wed, 29 Sep 2021 12:57:06 -0700 (PDT) Received: from t490s ([2607:fea8:56a2:9100::d3ec]) by smtp.gmail.com with ESMTPSA id 188sm430369qkm.21.2021.09.29.12.57.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Sep 2021 12:57:06 -0700 (PDT) Date: Wed, 29 Sep 2021 15:57:04 -0400 From: Peter Xu To: Linux MM Mailing List Cc: Jason Gunthorpe , Linus Torvalds , John Hubbard , Jan Kara , Andrew Morton , Andrea Arcangeli Subject: Possible race with page_maybe_dma_pinned? Message-ID: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 4D29B3003989 X-Stat-Signature: xe8s8wy6dmukz819iom64khwfpd6zgfn Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Ejt6nWvL; dmarc=pass (policy=none) header.from=redhat.com; spf=none (imf03.hostedemail.com: domain of peterx@redhat.com has no SPF policy when checking 216.205.24.124) smtp.mailfrom=peterx@redhat.com X-HE-Tag: 1632945429-137163 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi, all, It seems to be racy to call page_maybe_dma_pinned() without properly taking the mm->write_protect_seq lock, which is taken read for fast gup. Now we have 3 callers of page_maybe_dma_pinned(): 1. page_needs_cow_for_dma 2. pte_is_pinned 3. shrink_page_list The 1st one is good as it takes the seqlock for write properly. The 2nd & 3rd are missing, we may need to add them. The race could trigger when the fast-gup of FOLL_PIN happened right after a call to page_maybe_dma_pinned() which returned false. One example for page reclaim of above case 3: fast-gup thread page reclaim thread --------------- ------------------- page_maybe_dma_pinned --> false put the page into swap cache fast-gup with FOLL_PIN unmap page in pgtables ... So commit feb889fb40fa ("mm: don't put pinned pages into the swap cache", 2021-01-17) could still have a small window that will stop working. Same thing to the pte_is_pinned for clear_refs, which is case 2nd above. If anyone agrees, and if anyone would like to fix this, please add: Reported-by: Andrea Arcangeli As this is originally spotted and reported by Andrea. Thanks, -- Peter Xu