From: David Hildenbrand <david@redhat.com>
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Jann Horn <jannh@google.com>,
"Uschakow, Stanislav" <suschako@amazon.de>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"trix@redhat.com" <trix@redhat.com>,
"ndesaulniers@google.com" <ndesaulniers@google.com>,
"nathan@kernel.org" <nathan@kernel.org>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"muchun.song@linux.dev" <muchun.song@linux.dev>,
"mike.kravetz@oracle.com" <mike.kravetz@oracle.com>,
"liam.howlett@oracle.com" <liam.howlett@oracle.com>,
"osalvador@suse.de" <osalvador@suse.de>,
"vbabka@suse.cz" <vbabka@suse.cz>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: Bug: Performance regression in 1013af4f585f: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
Date: Thu, 16 Oct 2025 21:13:48 +0200 [thread overview]
Message-ID: <f9d4b143-be84-47ee-9ff9-43169ea592b6@redhat.com> (raw)
In-Reply-To: <45084140-cd90-4fd8-bd31-f1a8a4d64bad@lucifer.local>
>>
>> (I don't understand how the page table can be used for "normal,
>> non-hugetlb". I could only see how it is used for the remaining user for
>> hugetlb stuff, but that's different question)
>
> Right, this surely is related only to hugetlb PTS, otherwise the refcount
> shouldn't be a factor no?
The example from Jann is scary. But I think it checks out.
>
>>
>> How does the fix work when an architecture does not issue IPIs for TLB
>> shootdown? To handle gup-fast on these architectures, we use RCU.
>>
>> So I'm wondering whether we use RCU somehow.
>
> Presumably you mean whether we _can_ use RCU somehow?
No, whether there is an implied RCU sync before the page table gets
reused, see my reply from Jann.
>
>>
>> But note that in gup_fast_pte_range(), we are validating whether the PMD
>> changed:
>>
>> if (unlikely(pmd_val(pmd) != pmd_val(*pmdp)) ||
>> unlikely(pte_val(pte) != pte_val(ptep_get(ptep)))) {
>> gup_put_folio(folio, 1, flags);
>> goto pte_unmap;
>> }
>
> Right and as per the comment there:
>
> /*
> ...
> * For THP collapse, it's a bit more complicated because GUP-fast may be
> * walking a pgtable page that is being freed (pte is still valid but pmd
> * can be cleared already). To avoid race in such condition, we need to
> * also check pmd here to make sure pmd doesn't change (corresponds to
> * pmdp_collapse_flush() in the THP collapse code path).
> ...
> */
>
> So if this can correctly handle a cleared PMD entry in the teardown case, surely
> it can handle it in this case also?
Right.
But see my other mail, on architectures that don't free page tables with
RCU we still need the IPI, so that is nasty.
>
>>
>>
>> So in case the page table got reused in the meantime, we should just back
>> off and be fine, right?
>
> Yeah seems to be the case to me.
>
>>
>> --
>> Cheers
>>
>> David / dhildenb
>>
>
> So it seems like you have a proposal here - could you send a patch so we can
> assess it please? :)
It's a bit tricky, I think I have to discuss with Jann some more first.
But right now my understanding is that Janns fix might not have taken
care of arch without the IPI sync -- I might be wrong.
--
Cheers
David / dhildenb
next prev parent reply other threads:[~2025-10-16 19:13 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-29 14:30 Uschakow, Stanislav
2025-09-01 10:58 ` Jann Horn
2025-09-01 11:26 ` David Hildenbrand
2025-09-04 12:39 ` Uschakow, Stanislav
2025-10-08 22:54 ` Prakash Sangappa
2025-10-09 7:23 ` David Hildenbrand
2025-10-09 15:06 ` Prakash Sangappa
2025-10-09 7:40 ` David Hildenbrand
2025-10-09 8:19 ` David Hildenbrand
2025-10-16 9:21 ` Lorenzo Stoakes
2025-10-16 19:13 ` David Hildenbrand [this message]
2025-10-16 18:44 ` Jann Horn
2025-10-16 19:10 ` David Hildenbrand
2025-10-16 19:26 ` Jann Horn
2025-10-16 19:44 ` David Hildenbrand
2025-10-16 20:25 ` Jann Horn
2025-10-20 15:00 ` Lorenzo Stoakes
2025-10-20 15:33 ` Jann Horn
2025-10-24 12:24 ` Lorenzo Stoakes
2025-10-24 18:22 ` Jann Horn
2025-10-24 19:02 ` Lorenzo Stoakes
2025-10-24 19:43 ` Jann Horn
2025-10-24 19:58 ` Lorenzo Stoakes
2025-10-24 21:41 ` Jann Horn
2025-10-29 16:19 ` David Hildenbrand
2025-10-29 18:02 ` Lorenzo Stoakes
2025-11-18 10:03 ` David Hildenbrand (Red Hat)
2025-11-19 16:08 ` Lorenzo Stoakes
2025-11-19 16:29 ` David Hildenbrand (Red Hat)
2025-11-19 16:31 ` David Hildenbrand (Red Hat)
2025-11-20 15:47 ` David Hildenbrand (Red Hat)
2025-12-03 17:22 ` Prakash Sangappa
2025-12-03 19:45 ` David Hildenbrand (Red Hat)
2025-10-20 17:18 ` David Hildenbrand
2025-10-24 9:59 ` Lorenzo Stoakes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f9d4b143-be84-47ee-9ff9-43169ea592b6@redhat.com \
--to=david@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=jannh@google.com \
--cc=liam.howlett@oracle.com \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mike.kravetz@oracle.com \
--cc=muchun.song@linux.dev \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=osalvador@suse.de \
--cc=stable@vger.kernel.org \
--cc=suschako@amazon.de \
--cc=trix@redhat.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox