From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6315AC54E5D for ; Sat, 16 Mar 2024 14:59:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E94646B028B; Sat, 16 Mar 2024 10:59:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D7D3A6B028D; Sat, 16 Mar 2024 10:59:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BCEBA6B028C; Sat, 16 Mar 2024 10:59:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A06386B028A for ; Sat, 16 Mar 2024 10:59:27 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 2FA151A0C44 for ; Sat, 16 Mar 2024 14:59:27 +0000 (UTC) X-FDA: 81903210774.27.A60EE3F Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf12.hostedemail.com (Postfix) with ESMTP id AE6B540003 for ; Sat, 16 Mar 2024 14:59:24 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=ggrXv090; dmarc=none; spf=none (imf12.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710601165; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iKLiE9BwjTzP4t6SGnAORjeXAHz+HjoyGfvPRPIakTw=; b=62VOGQYfU6drTdcerIssUc0qIDDyz4oEZlLDcKVE77SpjmyyC0FEQloT9ePBNZf7oCjccT 9pyQ2FSpwknisS4k2uWyc0Zzf2Ww2ALh5VSiVz1ghZztt8zDEM5rM46KDnSs1hTAH7ovj6 5nxi4D0mjRCogmycrYPAmd7urE8gtyQ= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=ggrXv090; dmarc=none; spf=none (imf12.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710601165; a=rsa-sha256; cv=none; b=LZX8KIzhw6zNoaj5oYaEhsHrrX+zRBbj6Qnecl/GYfQRrWx9rRKJLPqcYVvf9bYvBrRR+Y 8Y9ugujC+KwAoZMb2qHSX88H/4MJborGN9G57PgMXPPXQy6msPc6X2s1kXGMJhRXTbWoOm yu/SJwyKWBU9/5QRPRvkiSs6jI3Cqyg= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=iKLiE9BwjTzP4t6SGnAORjeXAHz+HjoyGfvPRPIakTw=; b=ggrXv090/BWmzassxYCgEqKIZ8 ryZZsHN7L9tmEIqXwbeJMsqrCqH53fdw4cC56qJNZoauy00szde4QM/9nxhrMC1hMvYDRu+w19JeH CuZxTAtrnsxCjobbmFBorfB/WQqbQrHivi/iHmLpuqKv3nZPwmuLzUQy3jUGFYD6vh8oREWn13rB3 GjlS/+qsqivToYGqXOnxFBgaRR9ZpMS1bWGPpVpY1ZewKBqJDbDDWiMEl9qQmnUi7TSgPQDsDN/jB cE1LJyHJUreYH1Myfq4aZceqrXufrQ/r5M2QmqZu3XqOd2TsG4Q4ZGYuZmxLwSL2BKl3ypQcRp2Ss 20tZ4tcA==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rlVVE-0000000CiuI-1XfW; Sat, 16 Mar 2024 14:59:16 +0000 Date: Sat, 16 Mar 2024 14:59:16 +0000 From: Matthew Wilcox To: Zhaoyang Huang Cc: "zhaoyang.huang" , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, steve.kang@unisoc.com Subject: Re: [PATCH] mm: fix a race scenario in folio_isolate_lru Message-ID: References: <20240314083921.1146937-1-zhaoyang.huang@unisoc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspam-User: X-Stat-Signature: wsgw76amscwhj66iu6g6k4ji1jptks33 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: AE6B540003 X-HE-Tag: 1710601164-630348 X-HE-Meta: U2FsdGVkX1/ds1I0Y157i7eucMSnErfv5rgvLkM+K0eYHkzvYzPYAiqPf3NkFiPNDqcWrDjr0lQnl8w2UmW8HsBz+xsdFpFMq7fTBUdnO2kRecQ5KBBtLZwSQma+9SaeI4JOOo9XQZgmH3ZJZ9WcZCrIyJaf360+u1hz6n2nlVS0OhMp49ghi/QFfU9xkxcUfsV3nFBjcbFjN8sHFN2ACrCggFKDJh8mORwED8rYOcDynVXexMSI/Ug75iuk6NcT3A6hlX32D/MnF9bVcaDtH2urI4K9E1EOQz1hU+ewN4q0ZSyh5WIpzG2WF6nQkwlQge5JQI71r1IJg2o0jNxO1bYCCI/eke0RBw9WM3Gm2UxqxTV3gzFauDJarLVL1/AzsgrQ30pk67Ok84Umq4YvR4pfachxSSrJFEGEPJghUPHvfC1OVSKNU07ArI0RUtlezNdEFVxkVCzWoUiGJI9MKike+onBwwzmb7ipRTqcNv+0oAPZiu1hMqcXmif49OnunnJ0Sy5eQgMT9h1s/6q4MiyS+G30C9Q2QHUN/VzsNsJi6tntL9DfxNo8u32nCghmqXYsB8OyyJ1uF+S+UNwdsipGoHBrseUgm9YpTK2TNYAJ1UUuQ12Qhf8p80YD2ngK37/WfVj4WU/beXiJ6OrOxmThJkXCAH23IxdCA7bQczZz6LpIpYgveM+Z7NOsQQp4dk0S1xVIZWnh5KuMNMrjV0dlz9/7suCwsR44AEs2cAMbDGxppSxXTenpchD0k66RZ3vzWrIVC51CSrTIY6P/56IZ52i2KHJ5G9cG+htx7EXRN8Lxuy1hvBcnZrnO7raV1tpvsReG9cPKW0r1vpoa2pOPLjAgDCnUKLuU6+cVMp3PUUH6VXVIIrsM9hj2q4Y0uVvovG5+SlIPnTbRHOm9PXGmYd4JT9wNcgzx3/OI4y5gzTUosFaBr0gofKsJfDBIdDNlPxQOKRN3NhHQwTa qzYANlUl YpIVeRvSAKofnw+mjMBQbUKz0iQAFyJBfhMb1/JVC9S7gNA1kQgNBko2iogDP2EJNF/T6owNxL1tzG++DGFZbWlyD/fGKUnfDmIg4f1g0hYONuL3Zz15vW4xXuyff7LlvuTKaxOpnAn/jZeqZtsGC1LS50vORUgia56GUvm2mDcNPgHIbaX5Y4/+eGXVREAnlinuD7gWOkXqfHr8wiWhX4zCBRATvneQ/m728K69YyP441tQkDxQPduAde/zOqFewg+t8ZW0XTlTizjwdvCK2+stIdWi37IaHsG/2oSdjHYyEWA1ohhutVs7Wksk5C2X46Nd5 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000020, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Mar 16, 2024 at 04:53:09PM +0800, Zhaoyang Huang wrote: > On Fri, Mar 15, 2024 at 8:46 PM Matthew Wilcox wrote: > > > > On Thu, Mar 14, 2024 at 04:39:21PM +0800, zhaoyang.huang wrote: > > > From: Zhaoyang Huang > > > > > > Panic[1] reported which is caused by lruvec->list break. Fix the race > > > between folio_isolate_lru and release_pages. > > > > > > race condition: > > > release_pages could meet a non-refered folio which escaped from being > > > deleted from LRU but add to another list_head > > > > I don't think the bug is in folio_isolate_lru() but rather in its > > caller. > > > > * Context: > > * > > * (1) Must be called with an elevated refcount on the folio. This is a > > * fundamental difference from isolate_lru_folios() (which is called > > * without a stable reference). > > > > So when release_pages() runs, it must not see a refcount decremented to > > zero, because the caller of folio_isolate_lru() is supposed to hold one. > > > > Your stack trace is for the thread which is calling release_pages(), not > > the one calling folio_isolate_lru(), so I can't help you debug further. > Thanks for the comments. According to my understanding, > folio_put_testzero does the decrement before test which makes it > possible to have release_pages see refcnt equal zero and proceed > further(folio_get in folio_isolate_lru has not run yet). No, that's not possible. In the scenario below, at entry to folio_isolate_lru(), the folio has refcount 2. It has one refcount from thread 0 (because it must own one before calling folio_isolate_lru()) and it has one refcount from thread 1 (because it's about to call release_pages()). If release_pages() were not running, the folio would have refcount 3 when folio_isolate_lru() returned. > #0 folio_isolate_lru #1 release_pages > BUG_ON(!folio_refcnt) > if (folio_put_testzero()) > folio_get(folio) > if (folio_test_clear_lru())