From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AAFB4C433F5 for ; Mon, 28 Mar 2022 00:59:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ED4F98D0002; Sun, 27 Mar 2022 20:59:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E82E98D0001; Sun, 27 Mar 2022 20:59:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D25238D0002; Sun, 27 Mar 2022 20:59:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.28]) by kanga.kvack.org (Postfix) with ESMTP id C4FB88D0001 for ; Sun, 27 Mar 2022 20:59:02 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 8557122BE4 for ; Mon, 28 Mar 2022 00:59:02 +0000 (UTC) X-FDA: 79291985724.06.5393E11 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf09.hostedemail.com (Postfix) with ESMTP id E860B140029 for ; Mon, 28 Mar 2022 00:59:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1648429141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uYLrKmIc1xkKOwwKtiACpW66v+e2X/uJupKKYBNVgY4=; b=hybqtGmCFgBLAdIoRi8gaUkRO2J7PjjS1s3tAloItdGTl9HbgpCcg7zPULCThblHMG/tQB jQxTuYzqazql8M8hGSs8XwttXbtZPbEpYm/3mnWf2VZ9aWOyapNO7Vw5CL6tgvqOxKT2oe p2AcNPQTk3YpWXy4zoY+571wmNHGPo0= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-49-mOREWdQSM1KgkyRB0mBASg-1; Sun, 27 Mar 2022 20:58:59 -0400 X-MC-Unique: mOREWdQSM1KgkyRB0mBASg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4C36E2A59559; Mon, 28 Mar 2022 00:58:59 +0000 (UTC) Received: from [10.22.16.95] (unknown [10.22.16.95]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1643A1121318; Mon, 28 Mar 2022 00:58:59 +0000 (UTC) Message-ID: Date: Sun, 27 Mar 2022 20:58:58 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH] mm/list_lru: Fix possible race in memcg_reparent_list_lru_node() Content-Language: en-US To: Andrew Morton Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Muchun Song , Roman Gushchin References: <20220328005736.2513727-1-longman@redhat.com> From: Waiman Long In-Reply-To: <20220328005736.2513727-1-longman@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Stat-Signature: i6qnranfc3di6k9eu1hewmenqht6u1nd X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: E860B140029 Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=hybqtGmC; dmarc=pass (policy=none) header.from=redhat.com; spf=none (imf09.hostedemail.com: domain of longman@redhat.com has no SPF policy when checking 170.10.129.124) smtp.mailfrom=longman@redhat.com X-Rspam-User: X-HE-Tag: 1648429141-351223 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 3/27/22 20:57, Waiman Long wrote: > Muchun Song found out there could be a race between list_lru_add() > and memcg_reparent_list_lru_node() causing the later function to miss > reparenting of a lru entry as shown below: > > CPU0: CPU1: > list_lru_add() > spin_lock(&nlru->lock) > l = list_lru_from_kmem(memcg) > memcg_reparent_objcgs(memcg) > memcg_reparent_list_lrus(memcg) > memcg_reparent_list_lru() > memcg_reparent_list_lru_node() > if (!READ_ONCE(nlru->nr_items)) > // Miss reparenting > return > // Assume 0->1 > l->nr_items++ > // Assume 0->1 > nlru->nr_items++ > > Though it is not likely that a list_lru_node that has 0 item suddenly > has a newly added lru entry at the end of its life. The race is still > theoretically possible. > > Adding a spin_is_locked() check will likely be enough for x86, but it > is less certain for other arches with a more relaxed memory semantics > like arcm64 and ppc. To avoid race, this patch moves the nr_items check > to within the lock critical section. > > Fixes: 405cc51fc104 ("mm/list_lru: optimize memcg_reparent_list_lru_node()") Sorry, I should have added Reported-by: Muchun Song > Signed-off-by: Waiman Long > --- > mm/list_lru.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/mm/list_lru.c b/mm/list_lru.c > index c669d87001a6..8aec8ebd5995 100644 > --- a/mm/list_lru.c > +++ b/mm/list_lru.c > @@ -394,18 +394,18 @@ static void memcg_reparent_list_lru_node(struct list_lru *lru, int nid, > int dst_idx = dst_memcg->kmemcg_id; > struct list_lru_one *src, *dst; > > - /* > - * If there is no lru entry in this nlru, we can skip it immediately. > - */ > - if (!READ_ONCE(nlru->nr_items)) > - return; > - > /* > * Since list_lru_{add,del} may be called under an IRQ-safe lock, > * we have to use IRQ-safe primitives here to avoid deadlock. > */ > spin_lock_irq(&nlru->lock); > > + /* > + * If there is no lru entry in this nlru, we can skip it immediately. > + */ > + if (!nlru->nr_items) > + goto out; > + > src = list_lru_from_memcg_idx(lru, nid, src_idx); > if (!src) > goto out; Cheers, Longman