From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91217C4332F for ; Wed, 13 Dec 2023 07:01:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C1A2F6B0310; Wed, 13 Dec 2023 02:01:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id BCC136B0316; Wed, 13 Dec 2023 02:01:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A1EF26B0318; Wed, 13 Dec 2023 02:01:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 8B8746B0310 for ; Wed, 13 Dec 2023 02:01:54 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 4CEF14015E for ; Wed, 13 Dec 2023 07:01:54 +0000 (UTC) X-FDA: 81560900148.01.E3F0A37 Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) by imf15.hostedemail.com (Postfix) with ESMTP id 688C4A0003 for ; Wed, 13 Dec 2023 07:01:52 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=dUaBbbST; spf=pass (imf15.hostedemail.com: domain of dan.carpenter@linaro.org designates 209.85.218.54 as permitted sender) smtp.mailfrom=dan.carpenter@linaro.org; dmarc=pass (policy=none) header.from=linaro.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702450912; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=VQCVwLHg9ygzm1zCMesCtrtp2nN7gjsd4rcZFSkp6H4=; b=hHIMSjKjOhBOImy+6WMlgQpwS6b/cFEHCod8m/sOJHXwxm98U07cObx36Sazxx3gOH1cc0 IGd85wJKBkBxGnLQhsZA+3CXcbyIkNSE/0HEdf8EybPtscLwBh+GsNMiyo0oKK0r2foQ3N Dcel5M8HHD0Kls+GQynBOikwsEoGtAU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702450912; a=rsa-sha256; cv=none; b=rWFgbtisqiMq29Am762WrfhHz4ubjZQ/wXBjtkUbiVCn1m6fZtB/54Ep2Eb4CVVjyeKY5y s6dDJ1INrC261GpbWlprhrtY58k7rVVTXaOWWrNdvkTRTuwwpvDb9Q+lgKrBPfXh7OaCuX NeUlq3Tc42gpH3wm7Z9QPH0lWNhYOvA= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=dUaBbbST; spf=pass (imf15.hostedemail.com: domain of dan.carpenter@linaro.org designates 209.85.218.54 as permitted sender) smtp.mailfrom=dan.carpenter@linaro.org; dmarc=pass (policy=none) header.from=linaro.org Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-a1d93da3eb7so756384266b.0 for ; Tue, 12 Dec 2023 23:01:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1702450911; x=1703055711; darn=kvack.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=VQCVwLHg9ygzm1zCMesCtrtp2nN7gjsd4rcZFSkp6H4=; b=dUaBbbSTJs6DUMILj9k2lV1SHCrj6NKEBowc++ngC7tlF6TGwUO5XirjpZrvwsg7MN S9e830MzZu/DcYbQQKxPjbkHUWHzy0ax5KBQ5LQbMqAncw+Gfu3xmN9MChUGCzGFCnwg 1dd3GXNi427c+FSMknaJFU2+3byMW5D/OgXN0xGf6zJyZeMXqh4bi88YeoKqb+oaQ//n A7/CvlU7bTjI/fWlQFV2ZHz/P4YMt72AtdGDoGymOgf7gDEVkHfdLU6rEWkw7AsbpEMO 8tBPXy+rHa09MhA08NmNRan5Ks93d7EO45pIWu1dyjrjwbsoEKOcJI48zY5oi5msBmKo qeMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702450911; x=1703055711; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VQCVwLHg9ygzm1zCMesCtrtp2nN7gjsd4rcZFSkp6H4=; b=Ale6rUCiQ2/axGTuyIJHmO7ocfCHSgo7DjMkeTCqAFXAFmgAVmvjuX5SILUrMcuGI3 EKZqBenNbQ8WS+DsPnPp7ZcLUbalPKUES6WKNca6bwSrAajrmME9vp0+uePWKwxhZwmg P6/AGQNsGB8bnIcSXHe86WQQV+/mc7mrpUglUoqNMYtuC9qTVIHqbGtZLT/XhvegjsQs DnUNGXn5HLRj8PSv4wPzNqtHt2gOR3w73tCyHKLCYN5+vUYz0T3/RXZeYzvm7Ii5O6JK yf/WgO3Ghlyfy/GcB3+KwwwLo1btF9g9UWiwNKwkh9wqLbSCv1dEjNDLipXRzBF87aQY uZtg== X-Gm-Message-State: AOJu0Yxac+np6hmy2Pcx1lWFmyV0K8x/6Wn3/9avbn0ANOU0TxfHzuA8 KiALJc9ocBJQCI/8ILrHpJJoPw== X-Google-Smtp-Source: AGHT+IENT3zaK8HahgotHJINOfUuVRDB/UpNxUAiKJ7PtfEPMb4bVjtCjymy9gPqfGUgvAe/EwCzYg== X-Received: by 2002:a17:906:6a1d:b0:9c2:2d0a:320c with SMTP id qw29-20020a1709066a1d00b009c22d0a320cmr4581998ejc.46.1702450910684; Tue, 12 Dec 2023 23:01:50 -0800 (PST) Received: from localhost (h3220.n1.ips.mtn.co.ug. [41.210.178.32]) by smtp.gmail.com with ESMTPSA id ty6-20020a170907c70600b00a1d71c57cb1sm7281810ejc.68.2023.12.12.23.01.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Dec 2023 23:01:50 -0800 (PST) Date: Wed, 13 Dec 2023 10:01:46 +0300 From: Dan Carpenter To: willy@infradead.org Cc: linux-mm@kvack.org Subject: [bug report] mm: convert ksm_might_need_to_copy() to work on folios Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Stat-Signature: 5ptfgamria5ystmug6d4crpjk9qqr8jg X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 688C4A0003 X-Rspam-User: X-HE-Tag: 1702450912-955430 X-HE-Meta: U2FsdGVkX1+ZQFE8azMQXcrWVLSOjXI7ml+8M3mYyNBRHS2GyIl/njE+G7U3Ww3jjVR78ZlzUZwZ8QXWF9FheI1oUp6rcpMZQC6WZvyH4MPZh8fBe381XuWPP/EHHa7AlC9dZVW4KnNVn7vKjMt4hfGd2HnsqzMEA8fRRcd96l0xCnkqsjpdwHaD4R5pzq57AjBtCchBkzGQ4m5OZfgmyNCGplWHaJ0Kq+8fiTizKGilfkvb7qIEv8aHHXeK1ItxZOCe35TfxZRV+hacnzFtrNlo9eY6B/pTi5fPeWwI7DASHOVTaiSypqMfPOf0qKI1KPxCSw7Yvd7SRCwUlRmEyyLhSL+Jm9NyIwHjW0MrFcf7bxKcNb6VGCX9hZ5kBqBwDNq0u3lD1lyS4C9NitO4XJIerkWLW1g2yV8xmAMaE6CRwqFeXHmuwi36WQf9pX6qmCe2u51hT+3W7URf0AH/1/2Y5mn9IeUUlEzTdaYj/Wf+ZuVz/6Tsni7UbC4E8ndeMsmk5Xxi50bPjdFnK+Wf2yXFUwvwwSyLJ5D5Pkx8DhlM5gNld4w8ppiERLBjJRwMO2LsiWDUTMx7fYSIwo+PVHknHma2u5WaOl6C40pz/4J3jkq0pZYjoKuWraz9yjLxL0gvvuDPg3Mq4Xfvk1zefMG++68FLIwCO55VSQru3y/KsTyrn1ayW0BcJ3wJU068W68eBMk3y+ghPS/+FSyU5RkKhul/wR7kPFXlOYRoEIauvxcrq9ICjJU60YyseR5n/F4T33i1ni2TzGICXzHXLEV1YAT7WNQt77MHc+Vtoaww5OAOw+4ppb/0hUQuMQwnNRFfKHU+r6Cdh+oV+9nVKIycIWZTG/LCyqCB12LP8LOD7fjbFofJWz0cYPaZSA7a/Wjgrk96M6oHEuITnqAY/1nqYp6dd+Zk4iRJyESoZ47ViVx0p8QC/3V6U/3Kged2G98PW/S73twCE0Li4Vp 285BAWUt mklhUyh5oclJOuTvVllDR41FkpWXDNICZe+FuGvw0w4BbRdeEFByiDu50hu3WF6N8a+LP7cRrX+015Hw0XNEFoBBlzQhmjGOiHgSLSOB0yRkQ2F5W2XYmrw50ZcLvzmmMa33ziYO7BdEIlKthKaoqL6r9OqwhWatqZkBYcMOpGk14LW/N1zQ8RP1brCAC1CE1250v5ofLTsMnD30wc5LURANeoE9gWJ3NBGUOHIw7t/hAGRp53tTkE8xjldVn2KoDx4zjKc6lNXplnCBVzQ2CcOCtogC8Ze1VG3SyV8n4EYTfCBWvOik5kISr0kSrA81hpRqFGJH3tqonyyKnxcvR387i03CLOhiVlJuq1txjyeAnyky27MquZwp9+aVrk6O6uRjtPiZpH0+oouXs+WW/ZrrWIA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello Matthew Wilcox (Oracle), The patch 6faef19bdfcc: "mm: convert ksm_might_need_to_copy() to work on folios" from Dec 11, 2023 (linux-next), leads to the following Smatch static checker warning: mm/memory.c:4118 do_swap_page() error: 'folio' dereferencing possible ERR_PTR() mm/memory.c 3940 /* 3941 * KSM sometimes has to copy on read faults, for example, if 3942 * page->index of !PageKSM() pages would be nonlinear inside the 3943 * anon VMA -- PageKSM() is lost on actual swapout. 3944 */ 3945 folio = ksm_might_need_to_copy(folio, vma, vmf->address); 3946 if (unlikely(!folio)) { 3947 ret = VM_FAULT_OOM; 3948 goto out_page; 3949 } else if (unlikely(folio == ERR_PTR(-EHWPOISON))) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This used to be page instead of folio 3950 ret = VM_FAULT_HWPOISON; 3951 goto out_page; This goto will crash 3952 } 3953 page = folio_page(folio, 0); 3954 3955 /* 3956 * If we want to map a page that's in the swapcache writable, we 3957 * have to detect via the refcount if we're really the exclusive 3958 * owner. Try removing the extra reference from the local LRU 3959 * caches if required. 3960 */ 3961 if ((vmf->flags & FAULT_FLAG_WRITE) && folio == swapcache && 3962 !folio_test_ksm(folio) && !folio_test_lru(folio)) 3963 lru_add_drain(); 3964 } 3965 3966 folio_throttle_swaprate(folio, GFP_KERNEL); 3967 3968 /* 3969 * Back out if somebody else already faulted in this pte. 3970 */ 3971 vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, vmf->address, 3972 &vmf->ptl); 3973 if (unlikely(!vmf->pte || !pte_same(ptep_get(vmf->pte), vmf->orig_pte))) 3974 goto out_nomap; 3975 3976 if (unlikely(!folio_test_uptodate(folio))) { 3977 ret = VM_FAULT_SIGBUS; 3978 goto out_nomap; 3979 } 3980 3981 /* 3982 * PG_anon_exclusive reuses PG_mappedtodisk for anon pages. A swap pte 3983 * must never point at an anonymous page in the swapcache that is 3984 * PG_anon_exclusive. Sanity check that this holds and especially, that 3985 * no filesystem set PG_mappedtodisk on a page in the swapcache. Sanity 3986 * check after taking the PT lock and making sure that nobody 3987 * concurrently faulted in this page and set PG_anon_exclusive. 3988 */ 3989 BUG_ON(!folio_test_anon(folio) && folio_test_mappedtodisk(folio)); 3990 BUG_ON(folio_test_anon(folio) && PageAnonExclusive(page)); 3991 3992 /* 3993 * Check under PT lock (to protect against concurrent fork() sharing 3994 * the swap entry concurrently) for certainly exclusive pages. 3995 */ 3996 if (!folio_test_ksm(folio)) { 3997 exclusive = pte_swp_exclusive(vmf->orig_pte); 3998 if (folio != swapcache) { 3999 /* 4000 * We have a fresh page that is not exposed to the 4001 * swapcache -> certainly exclusive. 4002 */ 4003 exclusive = true; 4004 } else if (exclusive && folio_test_writeback(folio) && 4005 data_race(si->flags & SWP_STABLE_WRITES)) { 4006 /* 4007 * This is tricky: not all swap backends support 4008 * concurrent page modifications while under writeback. 4009 * 4010 * So if we stumble over such a page in the swapcache 4011 * we must not set the page exclusive, otherwise we can 4012 * map it writable without further checks and modify it 4013 * while still under writeback. 4014 * 4015 * For these problematic swap backends, simply drop the 4016 * exclusive marker: this is perfectly fine as we start 4017 * writeback only if we fully unmapped the page and 4018 * there are no unexpected references on the page after 4019 * unmapping succeeded. After fully unmapped, no 4020 * further GUP references (FOLL_GET and FOLL_PIN) can 4021 * appear, so dropping the exclusive marker and mapping 4022 * it only R/O is fine. 4023 */ 4024 exclusive = false; 4025 } 4026 } 4027 4028 /* 4029 * Some architectures may have to restore extra metadata to the page 4030 * when reading from swap. This metadata may be indexed by swap entry 4031 * so this must be called before swap_free(). 4032 */ 4033 arch_swap_restore(entry, folio); 4034 4035 /* 4036 * Remove the swap entry and conditionally try to free up the swapcache. 4037 * We're already holding a reference on the page but haven't mapped it 4038 * yet. 4039 */ 4040 swap_free(entry); 4041 if (should_try_to_free_swap(folio, vma, vmf->flags)) 4042 folio_free_swap(folio); 4043 4044 inc_mm_counter(vma->vm_mm, MM_ANONPAGES); 4045 dec_mm_counter(vma->vm_mm, MM_SWAPENTS); 4046 pte = mk_pte(page, vma->vm_page_prot); 4047 4048 /* 4049 * Same logic as in do_wp_page(); however, optimize for pages that are 4050 * certainly not shared either because we just allocated them without 4051 * exposing them to the swapcache or because the swap entry indicates 4052 * exclusivity. 4053 */ 4054 if (!folio_test_ksm(folio) && 4055 (exclusive || folio_ref_count(folio) == 1)) { 4056 if (vmf->flags & FAULT_FLAG_WRITE) { 4057 pte = maybe_mkwrite(pte_mkdirty(pte), vma); 4058 vmf->flags &= ~FAULT_FLAG_WRITE; 4059 } 4060 rmap_flags |= RMAP_EXCLUSIVE; 4061 } 4062 flush_icache_page(vma, page); 4063 if (pte_swp_soft_dirty(vmf->orig_pte)) 4064 pte = pte_mksoft_dirty(pte); 4065 if (pte_swp_uffd_wp(vmf->orig_pte)) 4066 pte = pte_mkuffd_wp(pte); 4067 vmf->orig_pte = pte; 4068 4069 /* ksm created a completely new copy */ 4070 if (unlikely(folio != swapcache && swapcache)) { 4071 folio_add_new_anon_rmap(folio, vma, vmf->address); 4072 folio_add_lru_vma(folio, vma); 4073 } else { 4074 page_add_anon_rmap(page, vma, vmf->address, rmap_flags); 4075 } 4076 4077 VM_BUG_ON(!folio_test_anon(folio) || 4078 (pte_write(pte) && !PageAnonExclusive(page))); 4079 set_pte_at(vma->vm_mm, vmf->address, vmf->pte, pte); 4080 arch_do_swap_page(vma->vm_mm, vma, vmf->address, pte, vmf->orig_pte); 4081 4082 folio_unlock(folio); 4083 if (folio != swapcache && swapcache) { 4084 /* 4085 * Hold the lock to avoid the swap entry to be reused 4086 * until we take the PT lock for the pte_same() check 4087 * (to avoid false positives from pte_same). For 4088 * further safety release the lock after the swap_free 4089 * so that the swap count won't change under a 4090 * parallel locked swapcache. 4091 */ 4092 folio_unlock(swapcache); 4093 folio_put(swapcache); 4094 } 4095 4096 if (vmf->flags & FAULT_FLAG_WRITE) { 4097 ret |= do_wp_page(vmf); 4098 if (ret & VM_FAULT_ERROR) 4099 ret &= VM_FAULT_ERROR; 4100 goto out; 4101 } 4102 4103 /* No need to invalidate - it was non-present before */ 4104 update_mmu_cache_range(vmf, vma, vmf->address, vmf->pte, 1); 4105 unlock: 4106 if (vmf->pte) 4107 pte_unmap_unlock(vmf->pte, vmf->ptl); 4108 out: 4109 if (si) 4110 put_swap_device(si); 4111 return ret; 4112 out_nomap: 4113 if (vmf->pte) 4114 pte_unmap_unlock(vmf->pte, vmf->ptl); 4115 out_page: 4116 folio_unlock(folio); 4117 out_release: --> 4118 folio_put(folio); ^^^^^^^^^^^^^^^^ 4119 if (folio != swapcache && swapcache) { 4120 folio_unlock(swapcache); 4121 folio_put(swapcache); 4122 } 4123 if (si) 4124 put_swap_device(si); 4125 return ret; 4126 } regards, dan carpenter