From: Yu Zhao <yuzhao@google.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Hocko <mhocko@kernel.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm: don't expose page to fast gup before it's ready
Date: Tue, 14 May 2019 17:07:51 -0600 [thread overview]
Message-ID: <20190514230751.GA70050@google.com> (raw)
In-Reply-To: <20190514142527.356cb071155cd1077536f3da@linux-foundation.org>
On Tue, May 14, 2019 at 02:25:27PM -0700, Andrew Morton wrote:
> On Tue, 9 Jan 2018 02:10:50 -0800 Yu Zhao <yuzhao@google.com> wrote:
>
> > > Also what prevents reordering here? There do not seem to be any barriers
> > > to prevent __SetPageSwapBacked leak after set_pte_at with your patch.
> >
> > I assumed mem_cgroup_commit_charge() acted as full barrier. Since you
> > explicitly asked the question, I realized my assumption doesn't hold
> > when memcg is disabled. So we do need something to prevent reordering
> > in my patch. And it brings up the question whether we want to add more
> > barrier to other places that call page_add_new_anon_rmap() and
> > set_pte_at().
>
> Is a new version of this patch planned?
Sorry for the late reply. The last time I tried, I didn't come up
with a better fix because:
1) as Michal pointed out, we need to make sure the fast gup sees
all changes made before set_pte_at();
2) pairing smp_wmb() in set_pte/pmd_at() with smp_rmb() in gup
seems the best way to prevent any potential ordering related
problems in the future;
3) but this slows down the paths that don't require the smp_mwb()
unnecessarily.
I didn't give it further thought because the problem doesn't seem
fatal at the time. Now the fast gup has changed and the problem is
serious:
CPU 1 CPU 1
set_pte_at get_user_pages_fast
page_add_new_anon_rmap gup_pte_range
__SetPageSwapBacked (fetch)
try_get_compound_head
page_ref_add_unless
__SetPageSwapBacked (store)
Or the similar problem could happen to __do_huge_pmd_anonymous_page(),
for the reason of missing smp_wmb() between the non-atomic bit op
and set_pmd_at().
We could simply replace __SetPageSwapBacked() with its atomic
version. But 2) seems more preferable to me because it addresses
my original problem:
> > I didn't observe the race directly. But I did get few crashes when
> > trying to access mem_cgroup of pages returned by get_user_pages_fast().
> > Those page were charged and they showed valid mem_cgroup in kdumps.
> > So this led me to think the problem came from premature set_pte_at().
Thoughts? Thanks.
next prev parent reply other threads:[~2019-05-14 23:07 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-08 22:56 [PATCH] mm: don't expose page to fast gup before it's ready Yu Zhao
2018-01-08 22:56 ` Yu Zhao
2018-01-09 8:46 ` Michal Hocko
2018-01-09 8:46 ` Michal Hocko
2018-01-09 10:10 ` Yu Zhao
2018-01-09 10:10 ` Yu Zhao
2018-01-31 23:07 ` Andrew Morton
2018-01-31 23:07 ` Andrew Morton
2019-05-14 21:25 ` Andrew Morton
2019-05-14 23:07 ` Yu Zhao [this message]
2019-09-14 7:05 ` [PATCH v2] mm: don't expose page to fast gup prematurely Yu Zhao
2019-09-24 11:23 ` Kirill A. Shutemov
2019-09-24 22:05 ` Yu Zhao
2019-09-25 12:17 ` Kirill A. Shutemov
2019-09-26 3:58 ` Yu Zhao
2019-09-24 23:24 ` [PATCH v3 1/4] mm: remove unnecessary smp_wmb() in collapse_huge_page() Yu Zhao
2019-09-24 23:24 ` [PATCH v3 2/4] mm: don't expose hugetlb page to fast gup prematurely Yu Zhao
2019-09-24 23:24 ` [PATCH v3 3/4] mm: don't expose non-hugetlb " Yu Zhao
2019-09-25 8:25 ` Peter Zijlstra
2019-09-25 22:26 ` Yu Zhao
2019-09-26 10:20 ` Kirill A. Shutemov
2019-09-27 3:26 ` John Hubbard
2019-09-27 5:06 ` Yu Zhao
2019-10-01 22:31 ` John Hubbard
2019-10-02 0:00 ` Yu Zhao
2019-09-27 12:33 ` Michal Hocko
2019-09-27 18:31 ` Yu Zhao
2019-09-27 19:31 ` John Hubbard
2019-09-29 22:47 ` John Hubbard
2019-09-30 9:20 ` Jan Kara
2019-09-30 17:57 ` John Hubbard
2019-10-01 7:10 ` Jan Kara
2019-10-01 8:36 ` Peter Zijlstra
2019-10-01 8:40 ` Jan Kara
2019-10-01 18:43 ` John Hubbard
2019-10-02 9:24 ` Jan Kara
2019-10-02 17:33 ` John Hubbard
2019-09-24 23:24 ` [PATCH v3 4/4] mm: remove unnecessary smp_wmb() in __SetPageUptodate() Yu Zhao
2019-09-24 23:50 ` Matthew Wilcox
2019-09-25 22:03 ` Yu Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190514230751.GA70050@google.com \
--to=yuzhao@google.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.