From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7C0EC678D5 for ; Wed, 8 Mar 2023 09:41:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 341556B0072; Wed, 8 Mar 2023 04:41:18 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2F0416B0074; Wed, 8 Mar 2023 04:41:18 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1B8E9280001; Wed, 8 Mar 2023 04:41:18 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 0BEA76B0072 for ; Wed, 8 Mar 2023 04:41:18 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id CDF9AC0839 for ; Wed, 8 Mar 2023 09:41:17 +0000 (UTC) X-FDA: 80545237794.03.D65BF81 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf26.hostedemail.com (Postfix) with ESMTP id 480CB14000A for ; Wed, 8 Mar 2023 09:41:15 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=I0HfWdOR; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf26.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678268475; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=m7Td16p3TbD+kDYru97cnkRp6o+vBB7jl8z2uw+Ca3w=; b=7AX55Dh/Ar32Crdq8iGwIyzQ73wgJFUX30a3MJyUQUqo9Mmase0oiex0zEDNdXzo1fLvR0 CpGOmGwB/AlM8UTxVpL+59r7EdSDh/Xmt2m401/pWijaWeKEeDH5FIAJUokGDx80s5OBk2 MM6YtrUvb75312IGxLK/QUFB7z180cA= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=I0HfWdOR; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf26.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678268475; a=rsa-sha256; cv=none; b=eXGelAl4Vv6eB1xBclZqP3Om9zHcyz/L0ZXQJOKvyJpwlwoM7F8HaVJD2hq5JJa2PyiUnB 2QpcNIRSSmFcifjAC6qOf0nfTs6z5f67cYOKjQRzYhBZEXo9okv8gT/BPA/xOopsDmSuKl wn898cdQ5OVbYig1fAoI6bviA/MbxJg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678268474; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m7Td16p3TbD+kDYru97cnkRp6o+vBB7jl8z2uw+Ca3w=; b=I0HfWdORhUDO/XHt+iOLM9x5OM73Q+Ce4K8JDcRisu6Ulg3IFPvIm6rVMy7/GNdJcu6psv H6TLrGlwtRiUn0EzSrHBPkZTfuHy1GC4mluglnk7Q6vBLBuBBnIcTkNT+qhXQpJX0fm6ly NLu3akFJ9LwZanECyI+L7M5AjyrKU2U= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-232-_lzZeWkhNnaLY-F-tLlnyg-1; Wed, 08 Mar 2023 04:41:13 -0500 X-MC-Unique: _lzZeWkhNnaLY-F-tLlnyg-1 Received: by mail-wm1-f70.google.com with SMTP id k20-20020a05600c1c9400b003e2249bd2b4so5656483wms.5 for ; Wed, 08 Mar 2023 01:41:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678268472; h=content-transfer-encoding:in-reply-to:subject:organization:from :references:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=m7Td16p3TbD+kDYru97cnkRp6o+vBB7jl8z2uw+Ca3w=; b=uKG41x2LEu8PDLp5oYUBt8dJmPVnwWafXue3Eu4nsLmTpdtv5ABKKAgD86bHsUjVfV GV4jBUbrMpuleEoNG+RWrEpsqp7M6IETaD21vX0eMPYKcgT4NCiKTq4Guk7UxsKmdz9l NmCsSFPo5MLBIc9xamaXmSVh2DcE5ioEhpOFfD0NYRi7CM8zV31wVbo0FMDLbfXV3Ifj AYp5m0svGfmb0OM/h13NEWt8B3UP+zSnMHW32s3vLdcx7IautRVuC290rFX3UZkCyTn4 MO/ebpuwGM9uA526LWWoV8pp3ttN6rWiv8eSCWw09HQ/6tzWzuXJHxXQzdYpmrAq+i5x +iQQ== X-Gm-Message-State: AO0yUKVp66BEtIapgi72PfcjIzumdQgP9ZiNVPi1McT3EeSNDT6G7wHn Rjil/r42va3XLUW/X2wtL2b8gJPKvYzB3hibNTZWjtdLmXBu6uJ8Z1v6EgXrGJBAWHxg7DMFePf c4wCDIBSi90A= X-Received: by 2002:adf:f048:0:b0:2c7:1757:3a8e with SMTP id t8-20020adff048000000b002c717573a8emr11809173wro.34.1678268472207; Wed, 08 Mar 2023 01:41:12 -0800 (PST) X-Google-Smtp-Source: AK7set8Ymu+LXx9nCtK2pvrM5/lBSUM962NTfLkeMSnJCReM+FspgE/w457FUI4GWu9X+B6h9vVsRA== X-Received: by 2002:adf:f048:0:b0:2c7:1757:3a8e with SMTP id t8-20020adff048000000b002c717573a8emr11809163wro.34.1678268471894; Wed, 08 Mar 2023 01:41:11 -0800 (PST) Received: from ?IPV6:2003:cb:c71b:cb00:d372:1da8:9e9e:422d? (p200300cbc71bcb00d3721da89e9e422d.dip0.t-ipconnect.de. [2003:cb:c71b:cb00:d372:1da8:9e9e:422d]) by smtp.gmail.com with ESMTPSA id z7-20020a5d4407000000b002c5503a8d21sm15012364wrq.70.2023.03.08.01.41.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Mar 2023 01:41:11 -0800 (PST) Message-ID: Date: Wed, 8 Mar 2023 10:41:10 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 To: "Liam R. Howlett" , maple-tree@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton Cc: Pengfei Xu , syzbot+2ee18845e89ae76342c5@syzkaller.appspotmail.com, Matthew Wilcox , heng.su@intel.com, lkp@intel.com, Stable@vger.kernel.org References: <20230307205951.2465275-1-Liam.Howlett@oracle.com> From: David Hildenbrand Organization: Red Hat Subject: Re: [PATCH] mm/ksm: Fix race with ksm_exit() in VMA iteration In-Reply-To: <20230307205951.2465275-1-Liam.Howlett@oracle.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 480CB14000A X-Stat-Signature: bjepapxmo1un36ay356x1hxjzdgza1fm X-HE-Tag: 1678268475-155146 X-HE-Meta: U2FsdGVkX19JHKdptM30lQSi/4YKiQtP0bgPqiJnrxOrX1H5l3hZzPB1+HVvRXVdItSZDNurYRudSIUvUMwInpycuyameOEN87LoK4JVpxlq87V9wO7GaLT+j2BZcTHaV2DutHfVvXRFwmDzewKf/0GH5d2JGV6PV10YlbMZOhorBmoYslGZsP7UNiR3FBWcvQfy+/ymCTPObjB78Tlrb+aC5Rdrf1NnZYi20YYx43AXOtm47OifK51w20SXLywMXMpxz61bfwYHV3QZ910TUt1VUy3bkEquC7W9z27O/G9wfNYtHkZg/v3txn80QQB0R8sMNE1gxuZ8be+TKOx2kBtv2HbfsSbbnNlacAjC3v8gXl052iOUwCSKRPDpbh5Bn/h25HmN8/AKTGti0KLAEOtMH2E/zK55J0ESCNpCTeJs/xX3THK2Iu7kG+uhCGsqtzWRX3xedepG9aIE6a5zofer2NIEVSfXPJToWXIyc0zxV8HY+Lh/bUC5kjAAW6QefN2iV9fQ2yfbwtnUeK7Ky1Wwc+mfp9PeRtR8UbXocW/9d1FiVy8a+dAit+DYYRupinRm/6SYDvsgDkwJfyQf8aQW65HjBiCzEmhhGF3k4Q6SfnHLN3r93hoNov/Unh5lF4XqL4pCv3JEyLoptidgTrZXN1I3oHg/hJ0gcCinErjtGaYHRqoCREea2pVjgx6sCe9qoaXe3xuSyGify7PVigss+tbbkhzhuaufDaEr92nld0RmmJEXVbcJD6/J53W3qhMjs2JMBt7iWGzXNMvvLgICy0d95OpYWW8ZXlRLLCGcnBcfL1QT1lD86P4JWYV5TnroS39HPWNBiFKtTEOo4UHOGZXKfhOxWzCoZN7ek5fLBpDus2B93kxhcy0G9uS0qm0r9tFbquRjslg+Fn6QlKV9+9qHW2/hf0dv9OdemzYGihLzxJssIEy6EIpYyxlSPBrdG1YxDJDwcr6rJY8 EcLNtMj+ w8ti/r1+5Z2v6ICPWlT/5+mQvtkQYx12vG0Q73dchgW7BNgQBAqoVYn5IxkGN2B2ETLDyy/ybS13MKZP2hwpAiEgOq1njKmKiOLLc713x/q4sjohqTeGulZqLp7EDTMSliLWZYOitZAgge8p3N8Gack8d7c1FY89UFHWtIwqGcB/hFSFaojHKYb/Mt2nuL7hcw6HqlwxFRgTM3rrMcg1no24yxt0nOiCkJRHwCg6BBExqQSiom3+b2rWSN1bXCMeEkS7ONKmkw4MzEyqUrLDVsFOdgriUsqIQzN1taloJM/QnXRUJQk9HeqNmZ27agsSJZZlMkmqNmZt0l9ijh7Gwk9bvJLvxeSEOTBS1QmWzzKUzdov4JyBsUBHfsIhSj+kdFlsdwIrEurBCG4gK5dISnE8VUGVDgYswS0y5mknW8NQT/zVqJr/DPuRJXHjwjMF034vRlqXS81Vrr2EbwEYUFjI/rK4cWio0AgaIQapjMYR8YYCswQF1EC8NLbE886ZR5rWeDLllO0/+5SKT5l1ftpt/2blp7ZKi25Wo4+6An+vFgGyzcxo52ObcEGFMubxsyn6hT2qBYqXQItlqivTV/qBrH8qQzVBvnGs7meNJuaG0qAZKtsGesbrzq7nVe5+e4X3XRKnMWEKki8Aw7dmxyujxXENcjmd0oHdUGN5hcPF5zA+/hQn4uovSdEa3qTYO915G06N3moHwZJLyfT5bWFR7fhJ4m6UEtGSPV4GNH8mskEnJxiTuFSW9J5wVq+b0fqKdnjEU4EXYFXsCyrw86EN2SDddkQffehTnoWCy2FnX2DKL/EWNOtL8h+ZRhlQy49kToLV88Nvafp7r3hyxM5Awc4cX/Onno07q X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 07.03.23 21:59, Liam R. Howlett wrote: > ksm_exit() may remove the mm from the ksm_scan between the unlocking of > the ksm_mmlist and the start of the VMA iteration. This results in the > mmap_read_lock() not being taken and a report from lockdep that the mm > isn't locked in the maple tree code. I'm confused. The code does mmap_read_lock(mm); ... for_each_vma(vmi, vma) { mmap_read_unlock(mm); How can we not take the mmap_read_lock() ? Or am I staring at the wrong mmap_read_lock() ? > > Fix the race by checking if this mm has been removed before iterating > the VMAs. __ksm_exit() uses the mmap lock to synchronize the freeing of > an mm, so it is safe to keep iterating over the VMAs when it is going to > be freed. > > This change will slow down the mm exit during the race condition, but > will speed up the non-race scenarios iteration over the VMA list, which > should be much more common. Would leaving the existing check in help to just stop scanning faster in that case? > > Reported-by: Pengfei Xu > Link: https://lore.kernel.org/lkml/ZAdUUhSbaa6fHS36@xpf.sh.intel.com/ > Reported-by: syzbot+2ee18845e89ae76342c5@syzkaller.appspotmail.com > Link: https://syzkaller.appspot.com/bug?id=64a3e95957cd3deab99df7cd7b5a9475af92c93e > Cc: linux-mm@kvack.org > Cc: linux-kernel@vger.kernel.org > Cc: Andrew Morton > Cc: Matthew Wilcox (Oracle) > Cc: heng.su@intel.com > Cc: lkp@intel.com > Cc: > Fixes: a5f18ba07276 ("mm/ksm: use vma iterators instead of vma linked list") > Signed-off-by: Liam R. Howlett > --- > mm/ksm.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/mm/ksm.c b/mm/ksm.c > index 525c3306e78b..723ddbe6ea97 100644 > --- a/mm/ksm.c > +++ b/mm/ksm.c > @@ -1044,9 +1044,10 @@ static int unmerge_and_remove_all_rmap_items(void) > > mm = mm_slot->slot.mm; > mmap_read_lock(mm); Better add a comment: /* * Don't iterate any VMAs if we might be racing against ksm_exit(), * just exit early. */ > + if (ksm_test_exit(mm)) > + goto mm_exiting; > + > for_each_vma(vmi, vma) { > - if (ksm_test_exit(mm)) > - break; > if (!(vma->vm_flags & VM_MERGEABLE) || !vma->anon_vma) > continue; > err = unmerge_ksm_pages(vma, > @@ -1055,6 +1056,7 @@ static int unmerge_and_remove_all_rmap_items(void) > goto error; > } > > +mm_exiting: > remove_trailing_rmap_items(&mm_slot->rmap_list); > mmap_read_unlock(mm); > -- Thanks, David / dhildenb