From: Jinchao Wang <wangjinchao600@gmail.com>
To: Matthew Wilcox <willy@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <brauner@kernel.org>,
Hannes Reinecke <hare@suse.de>,
Luis Chamberlain <mcgrof@kernel.org>,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
syzbot+4d3cc33ef7a77041efa6@syzkaller.appspotmail.com,
syzbot+fdba5cca73fee92c69d6@syzkaller.appspotmail.com
Subject: Re: [PATCH] mm/readahead: read min folio constraints under invalidate lock
Date: Thu, 18 Dec 2025 12:03:28 +0800 [thread overview]
Message-ID: <aUN9BFdxHQj8ThMS@ndev> (raw)
In-Reply-To: <aUDXrYgwZAMYkXVu@casper.infradead.org>
On Tue, Dec 16, 2025 at 03:53:17AM +0000, Matthew Wilcox wrote:
> On Tue, Dec 16, 2025 at 11:12:21AM +0800, Jinchao Wang wrote:
> > On Tue, Dec 16, 2025 at 02:42:06AM +0000, Matthew Wilcox wrote:
> > > On Tue, Dec 16, 2025 at 09:37:51AM +0800, Jinchao Wang wrote:
> > > > On Mon, Dec 15, 2025 at 02:22:23PM +0000, Matthew Wilcox wrote:
> > > > > On Mon, Dec 15, 2025 at 10:19:00PM +0800, Jinchao Wang wrote:
> > > > > > page_cache_ra_order() and page_cache_ra_unbounded() read mapping minimum folio
> > > > > > constraints before taking the invalidate lock, allowing concurrent changes to
> > > > > > violate page cache invariants.
> > > > > >
> > > > > > Move the lookups under filemap_invalidate_lock_shared() to ensure readahead
> > > > > > allocations respect the mapping constraints.
> > > > >
> > > > > Why are the mapping folio size constraints being changed? They're
> > > > > supposed to be set at inode instantiation and then never changed.
> > > >
> > > > They can change after instantiation for block devices. In the syzbot repro:
> > > > blkdev_ioctl() -> blkdev_bszset() -> set_blocksize() ->
> > > > mapping_set_folio_min_order()
> > >
> > > Oh, this is just syzbot doing stupid things. We should probably make
> > > blkdev_bszset() fail if somebody else has an fd open.
> >
> > Thanks, that makes sense.
> > Tightening blkdev_bszset() would avoid the race entirely.
> > This change is meant as a defensive fix to prevent BUGs.
>
> Yes, but the point is that there's a lot of code which relies on
> the AS_FOLIO bits not changing in the middle. Syzbot found one of them,
> but there are others.
I've been thinking about this more, and I wanted to share another
perspective if that's okay.
Rather than tracking down every place that might change AS_FOLIO bits
(like blkdev_bszset() and potentially others), what if we make the
page cache layer itself robust against such changes?
The invalidate_lock was introduced for exactly this kind of protection
(commit 730633f0b7f9: "mm: Protect operations adding pages to page
cache with invalidate_lock"). This way, the page cache doesn't need
to rely on assumptions about what upper layers might do.
The readahead functions already hold filemap_invalidate_lock_shared(),
so moving the constraint reads under the lock adds no overhead. It
would protect against AS_FOLIO changes regardless of their source.
I think this separates concerns nicely: upper layers can change
constraints through the invalidate_lock protocol, and page cache
operations are automatically safe. But I'd really value your thoughts
on this approach - you have much more experience with these tradeoffs
than I do.
Thanks again for taking the time to discuss this.
next prev parent reply other threads:[~2025-12-18 4:03 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-15 14:19 [PATCH] mm/readahead: read min folio constraints under invalidate lock Jinchao Wang
2025-12-15 14:21 ` kernel test robot
2025-12-15 14:22 ` Matthew Wilcox
2025-12-16 1:37 ` Jinchao Wang
2025-12-16 2:42 ` Matthew Wilcox
2025-12-16 3:12 ` Jinchao Wang
2025-12-16 3:53 ` Matthew Wilcox
2025-12-18 4:03 ` Jinchao Wang [this message]
2025-12-16 12:05 ` Jinchao Wang
2025-12-16 12:28 ` [syzbot] [fs?] [mm?] kernel BUG in __filemap_add_folio syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aUN9BFdxHQj8ThMS@ndev \
--to=wangjinchao600@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=hare@suse.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mcgrof@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+4d3cc33ef7a77041efa6@syzkaller.appspotmail.com \
--cc=syzbot+fdba5cca73fee92c69d6@syzkaller.appspotmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.