From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AF587C54E58 for ; Mon, 18 Mar 2024 12:32:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 30A846B0087; Mon, 18 Mar 2024 08:32:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2BA096B0088; Mon, 18 Mar 2024 08:32:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1A8FC6B0089; Mon, 18 Mar 2024 08:32:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 05FBD6B0087 for ; Mon, 18 Mar 2024 08:32:34 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id CDAF91C0CB4 for ; Mon, 18 Mar 2024 12:32:33 +0000 (UTC) X-FDA: 81910098186.20.ED3A56C Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf10.hostedemail.com (Postfix) with ESMTP id 929C7C0032 for ; Mon, 18 Mar 2024 12:32:30 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=XEm+Wdrx; spf=none (imf10.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710765152; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HSPhwXSCxS++lB8cW7HjxSToUp/DCPeVhcBtHho/j3E=; b=qjdaEt3DTbVfnygePirPDVPrf4PEExsodLNIm0FVfSp5AEOG/q7mqryt56sq7Er6Uf/KdR 8yoZ3dQU5jLxVr9KL9Nm2A7o68vRZqb+SN97h6dra5I+SzT8ziMJkFb9dc2/WYCuLF7lmF 7geZJh+sJhH5vLpGsE666b8egH4qY1c= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710765152; a=rsa-sha256; cv=none; b=GNDiYvIo99UEN+JWWkc0uXZ99lP25NaFzHX0YGkHvNrgxKD59e0PoGnyLyMSfHG1uDzzGg imSZRCQQtUjIZLuocUhKKVn6Hh339sbk+VuRYCO9GrittYhEYWKdWmIfZAS/kq9rN3RrhK 0cd5IipyoSK0/kIGjSFZJnt+PvMWuQ0= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=XEm+Wdrx; spf=none (imf10.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=HSPhwXSCxS++lB8cW7HjxSToUp/DCPeVhcBtHho/j3E=; b=XEm+WdrxFnpkahFybnf2FrA+2/ rw1XzkwVssLBE54wENkAoZC8nJIs/MbYgaGfgGfxS12nOe5T+nND8XrN9cBOt0W3TfZx1NvE1oOWU HFevprZ7dWzFtOFYcLSMCvABeljS5xnpTCzBV3OGCeA3RRk28Rh8X3/ijDv785eu6/dnqRbCSOI+a YcsB95n1tMjF0A+SWYwN5OtsaP2CJ/dJHjeWfVhlmjrGXbjg7iB14GUT2mijIQYh99nD/1wTnHzqp 7BE4J7lKnVCgkaN6T4VCUcHwuyzIrtPt3dauNribIu8tiXLoxuARtDB/aK/H1yMrTjWQO2XDys2ds 7lBlZfVg==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rmCAC-0000000H9S1-2Xle; Mon, 18 Mar 2024 12:32:24 +0000 Date: Mon, 18 Mar 2024 12:32:24 +0000 From: Matthew Wilcox To: =?utf-8?B?6buE5pyd6ZizIChaaGFveWFuZyBIdWFuZyk=?= Cc: Zhaoyang Huang , Andrew Morton , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , =?utf-8?B?5bq357qq5ruoIChTdGV2ZSBLYW5nKQ==?= Subject: Re: summarize all information again at bottom//reply: reply: [PATCH] mm: fix a race scenario in folio_isolate_lru Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Queue-Id: 929C7C0032 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: bhapkgpd7qp1e3oow3eu384xt8gt7drr X-HE-Tag: 1710765150-362036 X-HE-Meta: U2FsdGVkX18J9lpo3wytvc/lKVrVh8ySgb33EHkcOvShbms7hDpShyS4e1GGm8ZWcfr5wH6v/4khMD6aCQUUdfvPOVAWFddjQF2x5u2dAQwQ2zwVEEOMCtb9qC/US9tVT0S5dNpgKP2H8zX7VGHAop2kyVv5uT/eAuyAHhhJihJVmi118Drhp1L3BnBYa3AqHAhebIQdpHivVzqrbXnFiiss8adVbFIF6Cqn74N3gZRuZLFR9hD+1gEoaBpUAVQoEtogvxM/YAaCF71a4GmwaqjVSMtUDMMoJfqY8JdvYAS6t1aHNra9yp3C2kXOMC2bbccVKvGxcO2q1t3mR0sPZ62zxd7mO/8GgoDXORN672K3tRxyed3XMCi/jUBUw5syZmvw21CyTUA+3IUs9sYtoxx/RFGxPca9ua6IB+bEtdKlChW7hg5/5zB74B8QSW/jZ2k3k4sqQGJbj3u1yH3ArcurbvRO70hMGtJxhgQRhmwCCRShEH8QwAnoYhQSq0egL/PAkyz/woXjOpYSGiiE0NJ2ree/uF7PC28CEARDLHtElv/a4qy7Q98Ic1HzEOqeKaCxLWx1/J9j5bxbKjaRrdiYNCdvqb/YqjKngb/bh8z/+IcGIPo4IpTTIJVdNhY4NAT0nQXFYDB5vVmF+AY4u+T8aWxuzLWZod2K1OEbaOUAPeJNWvYCaSgPRKOUWaLPgyfNz9rs1y3Vioeg5AG75g4vG1JqhUwNNKj1c05HWZjWjRL5j52rbDJunB7ROd/4YYmlCid9F92z6OzGHYexdZmPLqZafAUDn05NP55/fkZ7eWgGZX61N5Id6qM4v2L+ZEXZjBlTHaJkWhv7kNjo6OYjKYryvcJfvAMuJc+9/XBUmxZncP7IgryIGUxLuTpQaWX923WYfDR2IW08/erue8KVYVrUex9ZEXztJ0/lFX7Rr4zT2tnUyuw5tB5ls2Q8M29uJkTZy7n2PB7jVPZ RFKGf1mf JHRZ6H/rRboddU411Dd3h57m3716HCo1B4JuLSwIXfD88fEHKjvoLvxj+AQWvVH68Mkd5UdQA0/8s7NamsMebxRsLFRkV76QqKp7IKJ94+Sf9qJ5FVK9/EIG95fBHQS2h1VYPwSfyEIf2GD4P3wJJpWduuPTp8U2JOIQIzdVgMiQqKO5Q8PstdqQrRxbsG5x1iI3PSc784Y8gwBl4vESFLQlEdEzSi1V/q8nbol13bkC1oCpmPWJzDnNQYA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.001012, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Stop creating new threads. You're really annoying. On Mon, Mar 18, 2024 at 09:32:32AM +0000, 黄朝阳 (Zhaoyang Huang) wrote: > Summarize all information below to make it more clear(remove thread2 which is not mandatory and make the scenario complex) You've gone back to over-indenting. STOP IT. > #thread 0(madivise_cold_and_pageout) #thread1(truncate_inode_pages_range) This is still an impossible race, and it's the third time I've told you this. And madivise_cold_and_pageout does not exist, it's madvise_cold_or_pageout_pte_range(). I'm going to stop responding to your emails if you keep on uselessly repeating the same mistakes. So, once again, For madvise_cold_or_pageout_pte_range() to find a page, it must have a PTE pointing to the page. That means there's a mapcount on the page. That means there's a refcount on the page. truncate_inode_pages_range() will indeed attempt to remove a page from the page cache. BUT before it does that, it has to shoot down TLB entries that refer to the affected folios. That happens like this: for (i = 0; i < folio_batch_count(&fbatch); i++) truncate_cleanup_folio(fbatch.folios[i]); truncate_cleanup_folio() -> unmap_mapping_folio -> unmap_mapping_range_tree() -> unmap_mapping_range_vma() -> zap_page_range_single() -> unmap_single_vma -> unmap_page_range -> zap_p4d_range -> zap_pud_range -> zap_pmd_range -> zap_pte_range -> pte_offset_map_lock() > pte_offset_map_lock takes NO lock > truncate_inode_folio(refcnt == 2) > > folio_isolate_lru(refcnt == 1) > release_pages(refcnt == 1) > folio_test_clear_lru > > folio_put_testzero == true > folio_get(refer to isolation) > folio_test_lru == false > > list_add(folio->lru, pages_to_free) > ****current folio will break LRU's integrity since it has not been deleted**** > > 0. Folio's refcnt decrease from 2 to 1 by filemap_remove_folio > 1. thread 0 calls folio_isolate_lru with refcnt == 1. Folio comes from vm's pte > 2. thread 1 calls release_pages with refcnt == 1. Folio comes from address_space > (refcnt == 1 make sense for both of folio_isolate_lru and release_pages) > 3. thread0 clear folio's PG_lru by folio_test_clear_lru > 4. thread1 decrease folio's refcnt from 1 to 0 and get permission to proceed > 5. thread1 failed in folio_test_lru and do no list_del(folio) > 6. thread1 add folio to pages_to_free wrongly which break the LRU's->list > 7. next folio after current one within thread1 experiences list_del_invalid when calling lruvec_del_folio