From: "Huang\, Ying" <ying.huang@intel.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Hugh Dickins <hughd@google.com>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
Minchan Kim <minchan@kernel.org>,
Johannes Weiner <hannes@cmpxchg.org>,
Tim Chen <tim.c.chen@linux.intel.com>,
Shaohua Li <shli@kernel.org>,
Mel Gorman <mgorman@techsingularity.net>,
jglisse@redhat.com, Michal Hocko <mhocko@suse.com>,
Andrea Arcangeli <aarcange@redhat.com>,
David Rientjes <rientjes@google.com>,
Rik van Riel <riel@redhat.com>, Jan Kara <jack@suse.cz>,
Dave Jiang <dave.jiang@intel.com>, Aaron Lu <aaron.lu@intel.com>
Subject: Re: [PATCH -mm -v5 RESEND] mm, swap: Fix race between swapoff and some swap operations
Date: Wed, 14 Feb 2018 08:38:00 +0800 [thread overview]
Message-ID: <87fu64jthz.fsf@yhuang-dev.intel.com> (raw)
In-Reply-To: <20180213154123.9f4ef9e406ea8365ca46d9c5@linux-foundation.org> (Andrew Morton's message of "Tue, 13 Feb 2018 15:41:23 -0800")
Andrew Morton <akpm@linux-foundation.org> writes:
> On Tue, 13 Feb 2018 09:42:20 +0800 "Huang, Ying" <ying.huang@intel.com> wrote:
>
>> From: Huang Ying <ying.huang@intel.com>
>>
>> When the swapin is performed, after getting the swap entry information
>> from the page table, system will swap in the swap entry, without any
>> lock held to prevent the swap device from being swapoff. This may
>> cause the race like below,
>
> Sigh. In terms of putting all the work into the swapoff path and
> avoiding overheads in the hot paths, I guess this is about as good as
> it will get.
>
> It's a very low-priority fix so I'd prefer to keep the patch in -mm
> until Hugh has had an opportunity to think about it.
>
>> ...
>>
>> +/*
>> + * Check whether swap entry is valid in the swap device. If so,
>> + * return pointer to swap_info_struct, and keep the swap entry valid
>> + * via preventing the swap device from being swapoff, until
>> + * put_swap_device() is called. Otherwise return NULL.
>> + */
>> +struct swap_info_struct *get_swap_device(swp_entry_t entry)
>> +{
>> + struct swap_info_struct *si;
>> + unsigned long type, offset;
>> +
>> + if (!entry.val)
>> + goto out;
>> + type = swp_type(entry);
>> + if (type >= nr_swapfiles)
>> + goto bad_nofile;
>> + si = swap_info[type];
>> +
>> + preempt_disable();
>
> This preempt_disable() is later than I'd expect. If a well-timed race
> occurs, `si' could now be pointing at a defunct entry. If that
> well-timed race include a swapoff AND a swapon, `si' could be pointing
> at the info for a new device?
struct swap_info_struct pointed to by swap_info[] will never be freed.
During swapoff, we only free the memory pointed to by the fields of
struct swap_info_struct. And when swapon, we will always reuse
swap_info[type] if it's not NULL. So it should be safe to dereference
swap_info[type] with preemption enabled.
Best Regards,
Huang, Ying
>> + if (!(si->flags & SWP_VALID))
>> + goto unlock_out;
>> + offset = swp_offset(entry);
>> + if (offset >= si->max)
>> + goto unlock_out;
>> +
>> + return si;
>> +bad_nofile:
>> + pr_err("%s: %s%08lx\n", __func__, Bad_file, entry.val);
>> +out:
>> + return NULL;
>> +unlock_out:
>> + preempt_enable();
>> + return NULL;
>> +}
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: "Huang\, Ying" <ying.huang@intel.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
Hugh Dickins <hughd@google.com>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
Minchan Kim <minchan@kernel.org>,
Johannes Weiner <hannes@cmpxchg.org>,
"Tim Chen" <tim.c.chen@linux.intel.com>,
Shaohua Li <shli@kernel.org>,
Mel Gorman <mgorman@techsingularity.net>,
jglisse@redhat.com, Michal Hocko <mhocko@suse.com>,
Andrea Arcangeli <aarcange@redhat.com>,
David Rientjes <rientjes@google.com>,
Rik van Riel <riel@redhat.com>, Jan Kara <jack@suse.cz>,
Dave Jiang <dave.jiang@intel.com>, Aaron Lu <aaron.lu@intel.com>
Subject: Re: [PATCH -mm -v5 RESEND] mm, swap: Fix race between swapoff and some swap operations
Date: Wed, 14 Feb 2018 08:38:00 +0800 [thread overview]
Message-ID: <87fu64jthz.fsf@yhuang-dev.intel.com> (raw)
In-Reply-To: <20180213154123.9f4ef9e406ea8365ca46d9c5@linux-foundation.org> (Andrew Morton's message of "Tue, 13 Feb 2018 15:41:23 -0800")
Andrew Morton <akpm@linux-foundation.org> writes:
> On Tue, 13 Feb 2018 09:42:20 +0800 "Huang, Ying" <ying.huang@intel.com> wrote:
>
>> From: Huang Ying <ying.huang@intel.com>
>>
>> When the swapin is performed, after getting the swap entry information
>> from the page table, system will swap in the swap entry, without any
>> lock held to prevent the swap device from being swapoff. This may
>> cause the race like below,
>
> Sigh. In terms of putting all the work into the swapoff path and
> avoiding overheads in the hot paths, I guess this is about as good as
> it will get.
>
> It's a very low-priority fix so I'd prefer to keep the patch in -mm
> until Hugh has had an opportunity to think about it.
>
>> ...
>>
>> +/*
>> + * Check whether swap entry is valid in the swap device. If so,
>> + * return pointer to swap_info_struct, and keep the swap entry valid
>> + * via preventing the swap device from being swapoff, until
>> + * put_swap_device() is called. Otherwise return NULL.
>> + */
>> +struct swap_info_struct *get_swap_device(swp_entry_t entry)
>> +{
>> + struct swap_info_struct *si;
>> + unsigned long type, offset;
>> +
>> + if (!entry.val)
>> + goto out;
>> + type = swp_type(entry);
>> + if (type >= nr_swapfiles)
>> + goto bad_nofile;
>> + si = swap_info[type];
>> +
>> + preempt_disable();
>
> This preempt_disable() is later than I'd expect. If a well-timed race
> occurs, `si' could now be pointing at a defunct entry. If that
> well-timed race include a swapoff AND a swapon, `si' could be pointing
> at the info for a new device?
struct swap_info_struct pointed to by swap_info[] will never be freed.
During swapoff, we only free the memory pointed to by the fields of
struct swap_info_struct. And when swapon, we will always reuse
swap_info[type] if it's not NULL. So it should be safe to dereference
swap_info[type] with preemption enabled.
Best Regards,
Huang, Ying
>> + if (!(si->flags & SWP_VALID))
>> + goto unlock_out;
>> + offset = swp_offset(entry);
>> + if (offset >= si->max)
>> + goto unlock_out;
>> +
>> + return si;
>> +bad_nofile:
>> + pr_err("%s: %s%08lx\n", __func__, Bad_file, entry.val);
>> +out:
>> + return NULL;
>> +unlock_out:
>> + preempt_enable();
>> + return NULL;
>> +}
next prev parent reply other threads:[~2018-02-14 0:38 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-13 1:42 [PATCH -mm -v5 RESEND] mm, swap: Fix race between swapoff and some swap operations Huang, Ying
2018-02-13 1:42 ` Huang, Ying
2018-02-13 23:41 ` Andrew Morton
2018-02-13 23:41 ` Andrew Morton
2018-02-14 0:38 ` Huang, Ying [this message]
2018-02-14 0:38 ` Huang, Ying
2018-02-16 23:38 ` Andrew Morton
2018-02-16 23:38 ` Andrew Morton
2018-02-18 1:06 ` huang ying
2018-02-18 1:06 ` huang ying
2018-02-20 23:38 ` Andrew Morton
2018-02-20 23:38 ` Andrew Morton
2018-02-21 6:28 ` huang ying
2018-02-21 6:28 ` huang ying
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fu64jthz.fsf@yhuang-dev.intel.com \
--to=ying.huang@intel.com \
--cc=aarcange@redhat.com \
--cc=aaron.lu@intel.com \
--cc=akpm@linux-foundation.org \
--cc=dave.jiang@intel.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=jack@suse.cz \
--cc=jglisse@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=mhocko@suse.com \
--cc=minchan@kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=shli@kernel.org \
--cc=tim.c.chen@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.