From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6029AC4332F for ; Wed, 23 Nov 2022 05:14:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F00456B0073; Wed, 23 Nov 2022 00:14:09 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id EB04F8E0002; Wed, 23 Nov 2022 00:14:09 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D78808E0001; Wed, 23 Nov 2022 00:14:09 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C96936B0073 for ; Wed, 23 Nov 2022 00:14:09 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id A42D1A1010 for ; Wed, 23 Nov 2022 05:14:09 +0000 (UTC) X-FDA: 80163540618.03.D425C89 Received: from mail-qv1-f51.google.com (mail-qv1-f51.google.com [209.85.219.51]) by imf13.hostedemail.com (Postfix) with ESMTP id 4BBEA20009 for ; Wed, 23 Nov 2022 05:14:09 +0000 (UTC) Received: by mail-qv1-f51.google.com with SMTP id i12so11541413qvs.2 for ; Tue, 22 Nov 2022 21:14:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=/OkCJt0xSlohFefz/J5gZgN/a/7oPMseVk+gnc8nDg0=; b=plVfVdX58j84lIGa4iqPQSbyhDhbjWozttExLyvRA1W9+qlKQ5NjDx3LZf+B4Bn5U9 PjW05AlxEjEb87VgnpnmSsYmZp1c/LXs89/R9/AtRgzgE+5v3/uyrnA6IqjTzALnkfCG 4362TdsP5r/0/hCELVqbOJZlkEXcl+qZHdIb1cxRrC9UTw2Nmv+JoVU+WFlnyzLDlnSL Z9+jsb9+Q+SvfBfjePWxmJuDlX/V7EAFU4sTqghLowYRwd1ZFPYOk3wIg9uHQUY9FjwY oTA9TAKSxI4TAgjy47KIohzKKjLVEgDp3nWps6Vna0ZKhxrL+v8OMsjBaV4R+UyTnRhM rzzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/OkCJt0xSlohFefz/J5gZgN/a/7oPMseVk+gnc8nDg0=; b=l0eDL6MwTAYnbd0zL7DGMr70oo+QATlqHGPFaiR46uSNdmdmB6az+WHmC55egTIoFN 3bCY334EDg5HOsSfFNUf2Z52U0BqOO98kzoZYIrUGBPiNSrJR1ZqJyvrfZrQfS0V+TSc xEbbS6EIlF8D4GyXs/TahPWyXMwBAP52Z/Nt7//PfTbZLqDiCDc/BllxMbsRTwH05sQO /G9YZrwm3IcEEF+53VnbZ9j+LpovBo8GuGPgb0+K8/M4AET2GtY3hLayhXeULDBBAuPr NkIG/NpMKIEPN+AsL3m71Ogw36KZMyE8fO2PaBBalsN55ZaqrzUdha8A+07H8VDLwiEV rHgQ== X-Gm-Message-State: ANoB5plNM3PFaWzwQ7SZHH/NAdSytY/RPaxmVpfTk3x8wxAKT0eJPC+u 7Ssc1kDCA1aH/V8mnYM2YA8U+w== X-Google-Smtp-Source: AA0mqf6VTL2hceDYuR2jQQIcVLTrbAT50vgOYN/hDopSb3SpZKzpp7T58o2B44uHsRmRDr7I33n4Zw== X-Received: by 2002:ad4:528a:0:b0:4c6:9033:e56b with SMTP id v10-20020ad4528a000000b004c69033e56bmr6555464qvr.12.1669180448354; Tue, 22 Nov 2022 21:14:08 -0800 (PST) Received: from ripple.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id oo19-20020a05620a531300b006fa00941e9dsm10953687qkn.136.2022.11.22.21.14.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Nov 2022 21:14:07 -0800 (PST) Date: Tue, 22 Nov 2022 21:14:04 -0800 (PST) From: Hugh Dickins X-X-Sender: hugh@ripple.attlocal.net To: Gavin Shan cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, akpm@linux-foundation.org, william.kucharski@oracle.com, ziy@nvidia.com, kirill.shutemov@linux.intel.com, david@redhat.com, zhenyzha@redhat.com, shan.gavin@gmail.com, riel@surriel.com, willy@infradead.org, apopple@nvidia.com Subject: Re: [PATCH] mm: migrate: Fix THP's mapcount on isolation In-Reply-To: <20221123005752.161003-1-gshan@redhat.com> Message-ID: References: <20221123005752.161003-1-gshan@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1669180449; a=rsa-sha256; cv=none; b=InwnmlQh9uZ1xrURQ3M6hho8e3+m0ebuYbF9ai5dbWEDEj6SjBRIp0IWt3LGE88zNGFegN AqXcJv5Z8Nv8zB7PUCxkBpMDx+tAa/GNn1PzUnlMT4k95GvmB8upUnBUd+3fz/CShVAd2c q9wPP6bZc/J6Dojv8q8F9eO/uaQs4T0= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=plVfVdX5; spf=pass (imf13.hostedemail.com: domain of hughd@google.com designates 209.85.219.51 as permitted sender) smtp.mailfrom=hughd@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1669180449; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/OkCJt0xSlohFefz/J5gZgN/a/7oPMseVk+gnc8nDg0=; b=GrT8SE3Kw36Tw435K4d4O+5PRR+JdjMpSLdn8TDYBtx9o9ng52FqXeZjcpcT91E3PES9GZ EeM98xqWCEpmJb3PNirwl7rj7hon/OUYHY8hy9fEjpQguSZjvFN5IcmLvxeuc9zzBx1g1I TQQuqwiKCaGAhcRKKNl7jlhTSgtlxyI= X-Rspam-User: X-Rspamd-Queue-Id: 4BBEA20009 Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=plVfVdX5; spf=pass (imf13.hostedemail.com: domain of hughd@google.com designates 209.85.219.51 as permitted sender) smtp.mailfrom=hughd@google.com; dmarc=pass (policy=reject) header.from=google.com X-Stat-Signature: kyask5p4fpnkp7kewwzu1zxjjjzywz5r X-Rspamd-Server: rspam10 X-HE-Tag: 1669180449-716857 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 23 Nov 2022, Gavin Shan wrote: > The issue is reported when removing memory through virtio_mem device. > The transparent huge page, experienced copy-on-write fault, is wrongly > regarded as pinned. The transparent huge page is escaped from being > isolated in isolate_migratepages_block(). The transparent huge page > can't be migrated and the corresponding memory block can't be put > into offline state. > > Fix it by replacing page_mapcount() with total_mapcount(). With this, > the transparent huge page can be isolated and migrated, and the memory > block can be put into offline state. > > Fixes: 3917c80280c9 ("thp: change CoW semantics for anon-THP") > Cc: stable@vger.kernel.org # v5.8+ > Reported-by: Zhenyu Zhang > Suggested-by: David Hildenbrand > Signed-off-by: Gavin Shan Interesting, good catch, looked right to me: except for the Fixes line and mention of v5.8. That CoW change may have added a case which easily demonstrates the problem, but it would have been the wrong test on a THP for long before then - but only in v5.7 were compound pages allowed through at all to reach that test, so I think it should be Fixes: 1da2f328fa64 ("mm,thp,compaction,cma: allow THP migration for CMA allocations") Cc: stable@vger.kernel.org # v5.7+ Oh, no, stop: this is not so easy, even in the latest tree. Because at the time of that "admittedly racy check", we have no hold at all on the page in question: and if it's PageLRU or PageCompound at one instant, it may be different the next instant. Which leaves it vulnerable to whatever BUG_ON()s there may be in the total_mapcount() path - needs research. *Perhaps* there are no more BUG_ON()s in the total_mapcount() path than in the existing page_mapcount() path. I suspect that for this to be safe (before your patch and more so after), it will be necessary to shift the "admittedly racy check" down after the get_page_unless_zero() (and check the sequence of operations when a compound page is initialized). The races I'm talking about are much much rarer than the condition you are trying to avoid, so it's frustrating; but such races are real, and increasing stable's exposure to them is not so good. Sorry, I'm going to run away now: just raising these concerns without working on the solution. Hugh > --- > mm/compaction.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/compaction.c b/mm/compaction.c > index c51f7f545afe..c408b5e04c1d 100644 > --- a/mm/compaction.c > +++ b/mm/compaction.c > @@ -990,7 +990,7 @@ isolate_migratepages_block(struct compact_control *cc, unsigned long low_pfn, > * admittedly racy check. > */ > mapping = page_mapping(page); > - if (!mapping && page_count(page) > page_mapcount(page)) > + if (!mapping && page_count(page) > total_mapcount(page)) > goto isolate_fail; > > /* > -- > 2.23.0