From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5696EC83F1A for ; Thu, 17 Jul 2025 04:35:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BA3A46B00AB; Thu, 17 Jul 2025 00:35:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B545C6B00AC; Thu, 17 Jul 2025 00:35:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A43536B00AD; Thu, 17 Jul 2025 00:35:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 8E3936B00AB for ; Thu, 17 Jul 2025 00:35:36 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 178D559CB4 for ; Thu, 17 Jul 2025 04:35:36 +0000 (UTC) X-FDA: 83672493072.15.EBA19B1 Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by imf05.hostedemail.com (Postfix) with ESMTP id 1315610000A for ; Thu, 17 Jul 2025 04:35:33 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=Wrm1t+FJ; spf=pass (imf05.hostedemail.com: domain of ydfan@suse.com designates 209.85.221.43 as permitted sender) smtp.mailfrom=ydfan@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752726934; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/syFIMIDJp8+dFLun2WnZdWFKbMc/fjNZ/VhcnZpJ40=; b=EwyzQDvGhwGnaGKMtq6hW8YtXIPCeNB22RpmCSA5ygBRpsWxapBngr6nS+0khQifuyfz3a OJzdn+aWoPpMWI00AaMY9qrqNDwW5tqB2o+C1KxDqHF6T5+25z7H5r0sgpfoaNifxw58gJ meZMznkDXGruQS0CoUZrLgMI0nT1s+g= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752726934; a=rsa-sha256; cv=none; b=TZ+iM5sQiTdHxsyTR+YjOEpP7OSDm5FW/SWyVYbvCFZdklP961vgEizp7oEFnSVfA+cEll PeLOfR0iULs9Q0JOLbUPR6UU3kqFWdlNdpot3ul306X0sj418qXvZys9nYVMoC6mY7mkCL b7vzB6MGHlnaydXauWlE8d0xYZJ7odA= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=Wrm1t+FJ; spf=pass (imf05.hostedemail.com: domain of ydfan@suse.com designates 209.85.221.43 as permitted sender) smtp.mailfrom=ydfan@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-3a50956e5d3so389897f8f.1 for ; Wed, 16 Jul 2025 21:35:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1752726932; x=1753331732; darn=kvack.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=/syFIMIDJp8+dFLun2WnZdWFKbMc/fjNZ/VhcnZpJ40=; b=Wrm1t+FJH7oTyCMDRXfHzKzgV7V6q5/qvkWjzLhLKHf74Yrsq6RVDbb/YoUCJRsili I6SEGhn2nBMO4CYpNkegJ1ZzVb57CHDCoxAsO4lDLnjm6Pyjq0BxknkmcRGUgVI3dA8F JRAxb9TGQ6wDkaZdyZzGSs8O4kpjvw8srvuJBOqxkomuscoQ+1jTDNV5v4ot2llvWgI/ xlkE0hLXzHiy8BJXLGN70R5WZdN4PNLRq3TFjogChjP3NyUNgKeyf3bQnZfqF5hcJBVc v215UuxOT3eZL0cnkVSTgXICCRAIkFZhKdmFaDTOxOIadu2TcvuVgqQP9P9yImyDgF5k RGGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752726932; x=1753331732; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/syFIMIDJp8+dFLun2WnZdWFKbMc/fjNZ/VhcnZpJ40=; b=G5Qm+RoXBPtulMznaORCjPQIlHlRYERXUgeYaY4XQ3bna9ZnkMR00t1qBC/boY2lM5 Bdko5n8m81i/K4qfpmnpjexFr1uC4xZRh6EgvxtAJacEeIC9PRJ8Zl0ll3W3nr8IKjKH M1/Djjfq0IBlA/WxiDQcEMKwCJU4jmKY6ZoUbeH3H/0RERSRjjgxnDMrCDU1kwUxMvIH UBNN/jcJbFM8hM6RMCEMgi71VH9XBKymI3zO28TQHOg+2yQiJpd7kq7n+wGOHnhB2r1m 23q5ftU0d8qZRUB8kOM/q+1AunkBHDxK+vFwRRgR0uEybzbX7eRhbLGqMmqQEq4MDVkY 8/hw== X-Gm-Message-State: AOJu0YzXr4NSgybQJlZBrxVwm/DDbHjm+FMxN+LnDxEGV8IptGnxYFuw MUJWd+RX6GWUXIzZx7BcW7E4TvglYhh672KSpAqmq3+q+ddJqJ0/dmshxZCJ1JcyRRc= X-Gm-Gg: ASbGncsymsB/qL/xAuiWLJUEo/hOg7xA/tT1ksyb13l5S+ufBqWhpMWp4qOMmVg3efH 1rC4PwYPQknlD4xmgKmnOb4kRIxR+YRV7i/pfYp7oOhVi7BIDWkFviPoyqHTLou+CdrV35N8m74 VSQCtGrDew6VV1riv8s/0GQwmhzjebh+BVudYpOfNf7dWR6IilQF/E9aOeiKMK7Be8NJ9Vmk7Sg GhJjPmgs/4ZVfFkXA5aoo6no+7+bi4PHvOgEnH+rXaHPouoFI4eR/EEDwFZHKlAyuOtKLwMfP53 de9Y2rCIUJznIUTuLkNPEYBb8S4bdSJnwyydRSMBAPXAQoGT+ikbXahwf06VbgIQczwqUBQJvx3 TSJDpJPkXLHk3gJgnj1I= X-Google-Smtp-Source: AGHT+IGDAqjGelisO+E0EKGcohm9ngbXtJos+/pqh8EZDacWo7esN8vkiU/i1QVMc2HayIr8Fxdn+A== X-Received: by 2002:a05:6000:290b:b0:3a4:e56a:48c1 with SMTP id ffacd0b85a97d-3b60dd887c5mr4684660f8f.55.1752726932341; Wed, 16 Jul 2025 21:35:32 -0700 (PDT) Received: from [10.211.55.30] ([103.172.41.204]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de428b8a0sm137194335ad.8.2025.07.16.21.35.30 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 16 Jul 2025 21:35:31 -0700 (PDT) Message-ID: Date: Thu, 17 Jul 2025 10:07:24 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] mm: mempool: fix wake-up edge case bug for zero-minimum pools To: Andrew Morton Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org References: <8c0cdb71-8d21-497e-b793-c43ce3a16345@suse.com> <20250716141931.273ca3effdbc0f442523eac8@linux-foundation.org> Content-Language: en-US From: Yadan Fan In-Reply-To: <20250716141931.273ca3effdbc0f442523eac8@linux-foundation.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 1315610000A X-Stat-Signature: ayhkcurd9csssnzrk1m8ntyqdoy5ny3a X-Rspam-User: X-HE-Tag: 1752726933-431480 X-HE-Meta: U2FsdGVkX19n4D8N8C2NyYVqfFqczIfYO0nfvDG802zcMzi/OYATwosWRC7QllUzoIlZcQj09gtyXscaF9qHighmbljs07iVthFPM/64PMHpHmKdQVJJ6Yn8Wz8l5T3r35BUeNg9gLmoFO9ihDU5YacC2K0nrOWdc6rlmUQ8r5lumzy/dkE4llWs8+ebqCIVKIx/SW9dNFSFTDvgma/qKXClvBmYstXlSqUv03Pii7ze54jz84xf5/NxS55rN4JHazELRL1aZH5EVdza7VjIXBaoA78xrqGOR2J0FO6tNoIfKZue+dJ6TED79IMdHvVZU/tzoqAVcqrCuBt12ks/p5tBPJ0ZBrlrciEQtgaQhCoiSBKUUlxQTHwkrPq59Y4+rkfUglyIVqPOo8pqp/N8pT+fnqHZPW+1a18g1SRl5xg0nvSGGfnGTSYCJoKjVpbViEPbquA4Fjo1nY2nUDsNFJqIjpKpvjCiXmO/qQgYuMoN4d1PH1qmJHNnlss6xYVOzhUc/Bym/znOICNPZvAi8bgXVy+5mQHlOFtzk+cLGloWbgm8o3ICmKtARWIXz8kqUL/Kv6df5+nm8xY8K56KyzXBCGEUwKWz7eG1IbQ0YgBblUbleIBflFzJEXFRXTbwiB2q44ywUFTJz9w33ACn7ZEbztlXwpj1/5Qzqf236uTSkyEJmGgXUz9cTx2DuRbZ/q8cuzlZnPrXl7enkpud2+G0fIM2iBWZwXDcOY+bG5J9e3qy4Bm+Un9R4lU0RxTKxssOeVFL09CAFvCo0aXPwcXLcl6Vpogm8A9/+q4zliwYywo8nJNvMOEmZZZxd9m6GvttfphYElHjw1NtQaWU4yGXOn2lVhG8Z/QBUXAYoaAq2Qzws3K2eavPITCVN6oG5i60qCST/C5Ab+jSH8zWhpFEbPpx3YzlfDMad0r4cdy1gXdFOX4Vd99x2XOitTyNK1ZN3g/FjTjWiKYKxOp Fm2l4Tg7 oMpOmESzNSfEPC+d3LLt5zLqw2XEtvhjbsAjMEg5EHp4Vb48WG3dYlPRke/RakfKyMpDYSbQu5c1cGQvpasAacpY02l2n9rc9QTJQoiGNI5aiC3oNIemrEzT0rrC/51NlSSm+hLmcF6P6EEAoZ+/mzw0LUE/m3yReffb+bP9N4RWaaylYXA3HhhXxCJ3mbDIxPMcS0qGkpM/IQhG7zjZAyV5ZFOLp7H11r9ggeru45S10S31AqQxRw2FVgfOtW7FpJk9i9QGArnVKu44UYJbkGFeoiRyS2kvy0TpLvM1BXfqpZ2FyKerxYMTImPh8U4T1/6sJbHSZwck9hXEVjRKUQQtNI5u+LO3FJDs/ldh8B7is3hBL+U437MmHAgyGHP+IqgvG+z5yyawWJDUpOqOB8Zch/Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Andrew, On 7/17/25 05:19, Andrew Morton wrote: > On Wed, 16 Jul 2025 23:37:30 +0800 Yadan Fan wrote: > >> The mempool wake-up mechanism has a edge case bug that affects pools >> created with min_nr=0. When a thread blocks waiting for memory from an >> empty pool (curr_nr == 0), subsequent mempool_free() calls fail to wake >> the waiting thread because the condition "curr_nr < min_nr" evaluates >> to "0 < 0" which is false, this causes threads to sleep indefinitely. >> >> There is at least 2 places where the mempool created with min_nr=0: >> >> 1. lib/btree.c:191: mempool_create(0, btree_alloc, btree_free, NULL) >> 2. drivers/md/dm-verity-fec.c:791: >>    mempool_init_slab_pool(&f->extra_pool, 0, f->cache) > > This is very old code. Can you suggest why this has taken so long to > surface? > > Which is a roundabout way of asking "should this be backported into > -stable kernels". For that we'd need to know how this issue is > affecting our users. There is no real issue yet, I just reviewed the codes here and found this, I thought it may needs to fix so that I sent this patch. > >> Add an explicit check in mempool_free() to handle the min_nr=0 case: >> when the pool has zero minimum reserves, is currently empty, and has >> active waiters, wake them up. The wq_has_sleeper() avoids unnecessary >> wake-ups when no threads are waiting. > > Do we need the separate test? What's wrong with the obvious approach > of replacing the "<" with "<=" in the preceding test? Simply changing to "<=" has problem since add_element() has "BUG_ON(pool->curr_nr >= pool->min_nr);". > > And would the previous (ie, existing) test benefit from the > wq_has_sleeper() check? I think it could have benefit for the existing test, wq_has_sleeper() is cost cheaper than wake_up(). I will submit a new patch containing it. > >> --- a/mm/mempool.c >> +++ b/mm/mempool.c >> @@ -545,6 +545,22 @@ void mempool_free(void *element, mempool_t *pool) >>                 } >>                 spin_unlock_irqrestore(&pool->lock, flags); >>         } >> +       /* >> +        * Handle the min_nr = 0 edge case: >> +        * For zero-minimum pools, curr_nr < min_nr (0 < 0) never succeeds, >> +        * so waiters sleeping on pool->wait would never be woken by the >> +        * normal wake-up path. This explicit check ensures that when >> +        * pool->min_nr == 0 and pool->curr_nr == 0, any active waiters >> +        * are properly awakened. >> +        * The wq_has_sleeper() avoids unnecessary wake-ups when no >> +        * threads are waiting. >> +        */ >> +       if (unlikely(pool->min_nr == 0 && >> +                    READ_ONCE(pool->curr_nr) == 0 && >> +                    wq_has_sleeper(&pool->wait))) { >> +               wake_up(&pool->wait); >> +       } >> + > > Something strange is happening with the whitespace here. I pretty much > retyped the patch. Please have a chat with your email client ;) > Sorry for this, I may just messed up somehow my client configuration, will fix it. Thanks, Yadan