From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F43DC282EC for ; Wed, 5 Mar 2025 20:31:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 98C7E6B0095; Wed, 5 Mar 2025 15:31:29 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 913B56B0096; Wed, 5 Mar 2025 15:31:29 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7DC38280003; Wed, 5 Mar 2025 15:31:29 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 0B3EC6B0095 for ; Wed, 5 Mar 2025 15:31:28 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 3339DC0A9C for ; Wed, 5 Mar 2025 20:31:29 +0000 (UTC) X-FDA: 83188642698.29.2CD73D3 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf18.hostedemail.com (Postfix) with ESMTP id BB8061C0010 for ; Wed, 5 Mar 2025 20:31:26 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=kOrGQWMP; dmarc=none; spf=none (imf18.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1741206687; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5N69iuSZpEP3m1sQZOVuMhRR/phcnv3Nm9ASp7xyfVE=; b=E0AiEi9BB8aqsicHYgFt0Dc+ntaELnDX1C17FVemzMVEK/f/+JNQMfkhXC6IFN0hNfLh+2 WKXNzNxetJoHGgnL0wIrnh2stGGdRIL52HPIhLvUXfhET2mkqw29g8bb6KrT59E4LQSY7u IlLi93UveEPERSb7uavSP94XideL1Xs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741206687; a=rsa-sha256; cv=none; b=1+QIf6t/pCHU+6QAWJVGqgYKla7biUCX7TzkYdIJ92HMhESNdn+3Po7e+63TRmGeATArit q1nPJkcZbw6T2asZ29uXFZu0fD0xRsKKUqCmw3CsjTnz0fnN2V+8ptrNb87pIdZPAM3rXM Ojk8+4neO/OQu1C8MuuGJ9hNJVEXAlQ= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=kOrGQWMP; dmarc=none; spf=none (imf18.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=5N69iuSZpEP3m1sQZOVuMhRR/phcnv3Nm9ASp7xyfVE=; b=kOrGQWMPRD/iroQXeR6iOyX+Md dbgAFsc4t/jIFa9ZM8NoLIbQsKZ+dtf3Ij7mnzbq36sVOtO4vHIV+tpJYXN+HqzGCWB85f4OQ4CtU 8InbhiB+XTG2vIqws1nkEbSwXzsIXXpDLu8X1/AZvSAD/iutOU1iEmRb7QQ6EYeoZtkX8drblW3s1 1QDV4bd9tCdaff5Nbq6CQWFy5paBSEpPEt3hLVsXCU4sONMHDcVoQcM4HCB2BZBgz6Tmkkj9NSfx0 +Tq+zt0qNZf5ys2CHT81hyPUVOij7RJ6AFbrO0VG4DRbok4roLlyAPY8luYiGUI8C0xbO4skAZX53 G/XUnQyw==; Received: from willy by casper.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1tpvOh-00000006AwN-1uRx; Wed, 05 Mar 2025 20:31:19 +0000 Date: Wed, 5 Mar 2025 20:31:19 +0000 From: Matthew Wilcox To: Zi Yan Cc: Liu Shixin , Baolin Wang , linux-mm@kvack.org, Andrew Morton , Barry Song , David Hildenbrand , Kefeng Wang , Lance Yang , Ryan Roberts , Hugh Dickins , Charan Teja Kalla , linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH v3] mm/migrate: fix shmem xarray update during migration Message-ID: References: <20250305200403.2822855-1-ziy@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250305200403.2822855-1-ziy@nvidia.com> X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: BB8061C0010 X-Stat-Signature: ppgd8fzoqi9s117q9n655h5orwztbna1 X-HE-Tag: 1741206686-804305 X-HE-Meta: U2FsdGVkX18ByNJiO0zQZ9rJPubBl9d3hJ6fI2rzqaWgIrX94PbKnA6C4HVs8DgXuzGKGiJ+UdsrcOPbfmAmBgj1o0Eqyf6Rxsevy77hTf46RMf0Enhkzo8ay0U648DN24ESd6WllqUU87uQDEeM20DNkhkvbBsd2vxKnKGDgf0g1ZVrNA1XKtfKoJefg7bvcVV0CKDBb7VAafzcHPVzNMEAUFnu2ej3zju7S5Y+4S/gnqIJAMJlmvg3qt287OBdBQAceXB2oNyWfKojlRTuyTKOfJa0A48Ueik0iYFqybyuM6D9tRuw+8gd0Sj+yIJJoHhrmWHOyS+gB3HqngyLSe4vYfXZOBhY1vq7wyrLxzyciuOsLFwMMPT1sH2CjIhmHat2JrJCXhpv/cvyDEnqsUItUpTXHBYT+WakLlW8sjVo81SecTwc/MDi00T0EReHHOYopf+hxuTiZbMoS/x5s62HiNf3SOAam54o2KqsTUo+d54XDA8P+YGZYtdQ7jk+yt5+sLFQ7iwc6nkqitU0GeDMcBF01gXZYW9aDkVfIUhmQ+go5iUJvDYkON6VGoV3991uJJm9anQy/glz9KgHA3PxTT91CxdrWzpUbPEiARrHaM1Z2p5Ck0W4N7iOCtbawlmv9vqQt2LDpgj2BV9h4i8ycJ6EBKKJwjWd8daBE2tWzOy8UhJesOqndlGjHzSzB0UzYzrQGS07chaWxwBA0tEnk88x+3R9BzL+CC+JeAmZ57+k9p4Ck3DTKs/wur0UM3XTaBBITPytj0znIsGdRhd6N/DTYGSMV3yuwMbn47mnVgF+kZCW+AkHi9veJtZUC6CI79lQRZMYw5iGQ277uzTCNfLICJ68VDB9jtPw4+RibeG10orWuRwT0fHmdODKyuGlVXCNPgTP4A1wCgCGRQCw9jWtreJCQZftTR2chvk1qiG2B7dgpDeYbDjy1m9uM7bGi9DhShrsaUfJKXU 8BmT9Le5 6qhSlVVV/phZdnzqWEzYAFYhN0ShNI986juzy4BBmSAj2Kikkw+q4qHED6AYRMnshyrAaHWjmS6kEO7LbzS8PbO++F1hrwA69EZunrXS3d9IFpalVuWxRLRpSTo/5qilZGTV7olRv9t7pY/Mph/uNiIAknRFxaE1cljZdR6HmkMxthb4OHe8dZTT1pgAaNqoZQcQoBR6dKztGJ32ZlE2T+WnrY/M4FQ2dnEKEjK54WO2RIuqA0ixJsGTAAkX1hLjBl/QlCdp7BU4iSIJqBGx53sa+8q79PQJUGotzYO39JBl9ayV8cIPol/s/zXyODYv9Xp7t0WjSydk9dD+NbK9woH2B8iCALTXg4ulXBVlrIOGdlJk1VxItb0HO5Sz1BKZugwtq X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Mar 05, 2025 at 03:04:03PM -0500, Zi Yan wrote: > A shmem folio can be either in page cache or in swap cache, but not at the > same time. Namely, once it is in swap cache, folio->mapping should be NULL, > and the folio is no longer in a shmem mapping. > > In __folio_migrate_mapping(), to determine the number of xarray entries > to update, folio_test_swapbacked() is used, but that conflates shmem in > page cache case and shmem in swap cache case. It leads to xarray > multi-index entry corruption, since it turns a sibling entry to a > normal entry during xas_store() (see [1] for a userspace reproduction). > Fix it by only using folio_test_swapcache() to determine whether xarray > is storing swap cache entries or not to choose the right number of xarray > entries to update. > > [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ > > Note: > In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used > to get swap_cache address space, but that ignores the shmem folio in swap > cache case. It could lead to NULL pointer dereferencing when a > in-swap-cache shmem folio is split at __xa_store(), since > !folio_test_anon() is true and folio->mapping is NULL. But fortunately, > its caller split_huge_page_to_list_to_order() bails out early with EBUSY > when folio->mapping is NULL. So no need to take care of it here. > > Fixes: fc346d0a70a1 ("mm: migrate high-order folios in swap cache correctly") > Reported-by: Liu Shixin > Closes: https://lore.kernel.org/all/28546fb4-5210-bf75-16d6-43e1f8646080@huawei.com/ > Suggested-by: Hugh Dickins > Signed-off-by: Zi Yan > Cc: stable@vger.kernel.org Reviewed-by: Matthew Wilcox (Oracle)