From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BEDCCD11DD for ; Fri, 29 Mar 2024 12:19:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BE4AC6B0088; Fri, 29 Mar 2024 08:19:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B955C6B0089; Fri, 29 Mar 2024 08:19:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A5C296B008A; Fri, 29 Mar 2024 08:19:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 87C536B0088 for ; Fri, 29 Mar 2024 08:19:52 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 456631A0355 for ; Fri, 29 Mar 2024 12:19:52 +0000 (UTC) X-FDA: 81949983024.01.E227ACA Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf30.hostedemail.com (Postfix) with ESMTP id 033B580011 for ; Fri, 29 Mar 2024 12:19:49 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=GA83YCFC; spf=none (imf30.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1711714790; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MrTY9njKVMkKTePqZ/9p2zVzye3piYo5llqsJ8WWYhM=; b=aKPojzvwgrSrufJNqfvqwRKoHd55yEvliKvk841128/hryMlaGQofiJXmF9IyXIMtda8o9 Vf7VLkQshmFKgUZ8Nmy/EhqZm3xACmJoo2zd+2uJouWMZPesbkr0hUOHO251jCRUTgE6MR leqe97eVo+g1bnWRlvjwTjz5EtoBHDw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1711714790; a=rsa-sha256; cv=none; b=m4GrLRKwmpTylQymNbCQP8Xmr8WlMTM8bmxlG1D9L7zVrkzL+0D3nKz0NqJ11VsaI+N1BC qkhxB80y9QMx2De5roR1PI45HA/Eh/lwO1vFq2EwHU/Y7jIbMpeI6jz12oW98+QO/eC1Dw w5R46+RPBN6OSQs5MnMp1+HoxBeIwMg= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=GA83YCFC; spf=none (imf30.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=MrTY9njKVMkKTePqZ/9p2zVzye3piYo5llqsJ8WWYhM=; b=GA83YCFCLDvB8oIpV8GkCXMHG7 L2DMDsP3NONzY46zE1idx2BzwKua0tdu5BCoLWAI8CSofxTCOB/XF7M4Swb0ZpShQ1Me2r7E4RVjg dR7KL2SPkg5nK/HwwRilvPC7buX4UysUSW2NWQy813gnylO3D8kHtjrLkfLycopf7gU+YrMDCyKV0 Ko7Qif287kdeMDm6Q6jvxh7v4TH1fG+/Uu6xSHC2JoVWCMJYTPmthprfUs6RTSYLTJR6btg4W+CsN OxXAWLArSdNAOtzjgpKoxiDi8mJoQ/aR/H8WqEeYIYaaG8Q+duomq/ehv7ubjGK6gIvR4MaaoAzRC qPjwC22g==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rqBCu-000000098jD-3qYS; Fri, 29 Mar 2024 12:19:40 +0000 Date: Fri, 29 Mar 2024 12:19:40 +0000 From: Matthew Wilcox To: Zhaoyang Huang Cc: =?utf-8?B?6buE5pyd6ZizIChaaGFveWFuZyBIdWFuZyk=?= , Andrew Morton , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , =?utf-8?B?5bq357qq5ruoIChTdGV2ZSBLYW5nKQ==?= Subject: Re: summarize all information again at bottom//reply: reply: [PATCH] mm: fix a race scenario in folio_isolate_lru Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Queue-Id: 033B580011 X-Rspam-User: X-Stat-Signature: erucbdjjnjdexb433rcuc9nahcgitzam X-Rspamd-Server: rspam03 X-HE-Tag: 1711714789-788905 X-HE-Meta: U2FsdGVkX18t8lsykLoEqS/f9LcekRaNk8OE/XYK40ejlono2hn7JRfHBmTe1MxU9YD50mzAsURQRKL+rGZq3IGKz+ZVMMzZewKf1zTvdZFfuwZngGfymW5Z9497VWNM0RPwPJDa4jh9a0ZylI4Gp38xuQrSXC+XkLmLBzG/7PjZIK4p20+Prr4MgGXBpcHy/Qz16B2/R1+r0UNea37L4mDefPIfYFyNNhrtWzp/+Vu/ayn4kPp8N3INu8Z03jK6mslzqygKC5tXiLqykloDK+3gZlCdFSvclJpW1KfPS3egSeweaYtH89/ErA9rUz1FqoM0GRfvts4JKQJWEaACWu1eWHxDZ4/9yR5TyuIIyPakdXl0MEgSAV4YuLBhtczy3yZel5DWKvxOeVjpklJ1bK01XreTINyvtCoC3+5gT4lkEBOeo5V6HQBPowegIc6riNxFoVdMZG7FJwbBhQX0yYi0vgghbFsXOPgfwRSuLj04+Nv0OvaD/O8wr5DHSVDahzLJ7NLxYpwlZUhy+me4e2IdnAI6Wa7LA8Q938FIjeTkLlxk4qo5rS3/bOsr8gStUvi6BcOpo9R42RrzteKhy5grDIfv/TcQN8UPGdMdtLb1uEc+6LGc6LzU/Qh01CUAcaImr6pIIuxcbxunbLcckGSOqZ+Srw/0ylBSJU2IecOKfxkjt2R+XX1FASDb0dfaV95LSILHBOjX7B9uZrrghPYGpJOk7QOLdRk7Z5B7WbjWelEVXDwWLiv+tlFhOX+7opc57d1w4XS00vuYIYvdUSVGuvV+pB+/wvm2A97Jjvic8vjZtOo3+HxqA1rN5JX5Hu2pQJwosN76lnCT6XC7MUB8vBDSY4/TpBs+e1mfUiengK07hS6P/QniaAHafcLiUqZQ227PXJFewlyKDa2MdRz6A9SA17/zta+B97o8c+1RhDG1ACuxg2u6+Dnest6JhRV2HsCA/Wp/O+687K1 fNZCga77 AwMGoF+bMJBvB96m0F8YeTDoNYUUEfahLQ4NtvG+KRDN990xFqijJEkfsybCISCB+mKPYBGIo33kK77JMWMxJheibwRzemkVIb3J2pJnAu7B7sXZ3Y/wIzv/tA0F89xpZ3LRxQLHGGg0pyqcqYJeGe8d/gtYEDfylkFTKO3hb9aF8t5us1zuSXNXi12QE85nxvmq5RtY9v+mtNry+dVXtnAf9Zz3ZNyHd1CZbVwhKiB06phdJJ+SoLdC1Vo5OKsIrrVIF9CN14k315kDktfrkaB4P5FHjgOvI4WYwmkoaSNhKrPKHkeyk0121Ew== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Mar 29, 2024 at 01:49:05PM +0800, Zhaoyang Huang wrote: > On Thu, Mar 28, 2024 at 10:12 PM Matthew Wilcox wrote: > key steps in brief: > Thread_truncate get folio to its local fbatch by find_get_entry in step 2 > The refcnt is deducted to 1 which is not as expect as from alloc_pages > but from thread_truncate's local fbatch in step 7 > Thread_reclaim succeed to isolate the folio by the wrong refcnt(not > the value but meaning) in step 8 > Thread_truncate hit the VM_BUG_ON in step 9 > > all steps: > Thread_readahead: > 0. folio = filemap_alloc_folio(gfp_mask, 0); > (folio has refcount 1) > 1. ret = filemap_add_folio(mapping, folio, index + i, gfp_mask); > (folio has refcount 2) > 2. thread_truncate hold one refcnt and add this folio to fbatch_truncate > (folio has refcount 3(alloc, page cache, fbatch_truncate), PG_lru) > 3. Then we call read_pages() > First we call ->readahead() which for some reason stops early. > 4. Then we call readahead_folio() which calls folio_put() > (folio has refcount 2) > 5. Then we call folio_get() > (folio has refcount 3) > 6. Then we call filemap_remove_folio() > (folio has refcount 2) > 7. Then we call folio_unlock() > Then we call folio_put() > (folio has refcount 1(fbatch_truncate)) > 8. thread_reclaim call shrink_inactive_list->isolate_lru_folios > shrink_inactive_list > isolate_lru_folios > if (!folio_test_lru(folio)) > if (!folio_try_get(folio)) > if (!folio_test_clear_lru(folio)) > list_move(folio, dst) > (folio has refcount 2) > > 8.1. thread_reclaim call shrink_folio_list->__remove_mapping > shrink_folio_list() > __remove_mapping() > (refcount = 2) > if (!folio_ref_freeze(2)) //true > list_add(folio, free_folios); > (folio has refcount 0) > > 9. thread_truncate will hit the refcnt VM_BUG_ON(refcnt == 0) in > folio_put_testzero But now you're talking about something _entirely different_ that isn't the bug you hit. isolate_lru_folios is not isolate_lru_folio. I am disinclined to pick through this example to find out why you're wrong again. I'm also disinclined to continue this correspondance. We're not making any progress here.