From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E85D036EA8D; Mon, 15 Jun 2026 10:54:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781520893; cv=none; b=Fuax7BKxfje9ZTffUS3BqKQHJbF94wTSBkSpBEGH8k4lJQsp7mvofU7ldYvL5NqHOEJ+NSeMjNkJg89H5K3uwJ9oA4yKsrD8DH8JLF5i94j6D4VY7dxUaarcUJExrKtWzOJ+W8ROIDSTumZNp3poUZ6a7JEzTuPxLkdItTxu200= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781520893; c=relaxed/simple; bh=z84X+tFi/F8moHXpQPVKFwJRT/2jsVuwZD3BTfhqxNM=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=a3ijp6iztXDq2VUOe+yVcUtOx2OTxhrxQ2OqQxtN/GmhhbbHUcIsz45QfH8bn2FSrNogZxuKETPW+1UCj3U7XqduDGjDy3c6N2O92i78yaDJBoKbBzDUDTj/i0r2RNXyZ5SpcliUxpTQh42CgewVlbrlNa5Itclfk8SmMxAbyV8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BNRUmekz; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BNRUmekz" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 930001F000E9; Mon, 15 Jun 2026 10:54:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1781520891; bh=0q6LuyfOsMS4a8EdXR/KT8Uh3LN8s86rxTJxrDIWwxk=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=BNRUmekzCtO6iJgCCGcr7et0XnHvffh8tTUcaQ5/xz3kWR8yOejh3+ghoLMtk1jdo W+Wx0ayFfAcqVw+esnhucDIFCC8Y6RY+Q5CeQVAOxygv1cx4256Vu8xLVuB/jMyWwe m/L/wZ9fddxRRe6UYZSd88zAp4BwJpRK+Zu6BWGb02us5eRcHSqMkHLNN9+cL/nN5H pOSPnqe7B8f9zixGq9/t7H0o2Ge31zATPc2yYNLquTg4lz99HS15zGXT1eryOiHLaZ c8Zk/DS9enr4MnC/C7PyXrcnsKv6m+mcIsFWDUdrQN9cLhfz9T9ybpLRVLUyVYjUfI f4RwtTqnsD/KA== Message-ID: Date: Mon, 15 Jun 2026 12:54:38 +0200 Precedence: bulk X-Mailing-List: virtualization@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH splitout] mm: memory-failure: serialize TestSetPageHWPoison with zone->lock To: Miaohe Lin , "Michael S. Tsirkin" Cc: Zi Yan , Andrew Morton , linux-kernel@vger.kernel.org, Jason Wang , Xuan Zhuo , =?UTF-8?Q?Eugenio_P=C3=A9rez?= , Muchun Song , Oscar Salvador , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Brendan Jackman , Johannes Weiner , Baolin Wang , Nico Pache , Ryan Roberts , Dev Jain , Barry Song , Lance Yang , Hugh Dickins , Matthew Brost , Joshua Hahn , Rakie Kim , Byungchul Park , Gregory Price , Ying Huang , Alistair Popple , Christoph Lameter , David Rientjes , Roman Gushchin , Harry Yoo , Axel Rasmussen , Yuanchu Xie , Wei Xu , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , virtualization@lists.linux.dev, linux-mm@kvack.org, Andrea Arcangeli , Naoya Horiguchi References: <20260609111020.e88f51a7b6ebc37360d66fdc@linux-foundation.org> <8c1f468e-b50a-487a-a267-8d1ea5a61c87@kernel.org> <38C84F23-E881-4DB2-86BA-93F39D44AE1B@nvidia.com> <20260609162437-mutt-send-email-mst@kernel.org> <4BA276D9-9EB9-4E2A-8A05-657ACACFF227@nvidia.com> <20260609165829-mutt-send-email-mst@kernel.org> <20260610171646-mutt-send-email-mst@kernel.org> <14537566-94d9-eac5-2636-35f925a9d159@huawei.com> <20260611013644-mutt-send-email-mst@kernel.org> <1b5676ab-0dc5-ef33-9d79-a2bd6090a62d@huawei.com> <984d9775-e17c-0231-b021-126b13a9aa42@huawei.com> From: "David Hildenbrand (Arm)" Content-Language: en-US Autocrypt: addr=david@kernel.org; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzS5EYXZpZCBIaWxk ZW5icmFuZCAoQ3VycmVudCkgPGRhdmlkQGtlcm5lbC5vcmc+wsGQBBMBCAA6AhsDBQkmWAik AgsJBBUKCQgCFgICHgUCF4AWIQQb2cqtc1xMOkYN/MpN3hD3AP+DWgUCaYJt/AIZAQAKCRBN 3hD3AP+DWriiD/9BLGEKG+N8L2AXhikJg6YmXom9ytRwPqDgpHpVg2xdhopoWdMRXjzOrIKD g4LSnFaKneQD0hZhoArEeamG5tyo32xoRsPwkbpIzL0OKSZ8G6mVbFGpjmyDLQCAxteXCLXz ZI0VbsuJKelYnKcXWOIndOrNRvE5eoOfTt2XfBnAapxMYY2IsV+qaUXlO63GgfIOg8RBaj7x 3NxkI3rV0SHhI4GU9K6jCvGghxeS1QX6L/XI9mfAYaIwGy5B68kF26piAVYv/QZDEVIpo3t7 /fjSpxKT8plJH6rhhR0epy8dWRHk3qT5tk2P85twasdloWtkMZ7FsCJRKWscm1BLpsDn6EQ4 jeMHECiY9kGKKi8dQpv3FRyo2QApZ49NNDbwcR0ZndK0XFo15iH708H5Qja/8TuXCwnPWAcJ DQoNIDFyaxe26Rx3ZwUkRALa3iPcVjE0//TrQ4KnFf+lMBSrS33xDDBfevW9+Dk6IISmDH1R HFq2jpkN+FX/PE8eVhV68B2DsAPZ5rUwyCKUXPTJ/irrCCmAAb5Jpv11S7hUSpqtM/6oVESC 3z/7CzrVtRODzLtNgV4r5EI+wAv/3PgJLlMwgJM90Fb3CB2IgbxhjvmB1WNdvXACVydx55V7 LPPKodSTF29rlnQAf9HLgCphuuSrrPn5VQDaYZl4N/7zc2wcWM7BTQRVy5+RARAA59fefSDR 9nMGCb9LbMX+TFAoIQo/wgP5XPyzLYakO+94GrgfZjfhdaxPXMsl2+o8jhp/hlIzG56taNdt VZtPp3ih1AgbR8rHgXw1xwOpuAd5lE1qNd54ndHuADO9a9A0vPimIes78Hi1/yy+ZEEvRkHk /kDa6F3AtTc1m4rbbOk2fiKzzsE9YXweFjQvl9p+AMw6qd/iC4lUk9g0+FQXNdRs+o4o6Qvy iOQJfGQ4UcBuOy1IrkJrd8qq5jet1fcM2j4QvsW8CLDWZS1L7kZ5gT5EycMKxUWb8LuRjxzZ 3QY1aQH2kkzn6acigU3HLtgFyV1gBNV44ehjgvJpRY2cC8VhanTx0dZ9mj1YKIky5N+C0f21 zvntBqcxV0+3p8MrxRRcgEtDZNav+xAoT3G0W4SahAaUTWXpsZoOecwtxi74CyneQNPTDjNg azHmvpdBVEfj7k3p4dmJp5i0U66Onmf6mMFpArvBRSMOKU9DlAzMi4IvhiNWjKVaIE2Se9BY FdKVAJaZq85P2y20ZBd08ILnKcj7XKZkLU5FkoA0udEBvQ0f9QLNyyy3DZMCQWcwRuj1m73D sq8DEFBdZ5eEkj1dCyx+t/ga6x2rHyc8Sl86oK1tvAkwBNsfKou3v+jP/l14a7DGBvrmlYjO 59o3t6inu6H7pt7OL6u6BQj7DoMAEQEAAcLBfAQYAQgAJgIbDBYhBBvZyq1zXEw6Rg38yk3e EPcA/4NaBQJonNqrBQkmWAihAAoJEE3eEPcA/4NaKtMQALAJ8PzprBEXbXcEXwDKQu+P/vts IfUb1UNMfMV76BicGa5NCZnJNQASDP/+bFg6O3gx5NbhHHPeaWz/VxlOmYHokHodOvtL0WCC 8A5PEP8tOk6029Z+J+xUcMrJClNVFpzVvOpb1lCbhjwAV465Hy+NUSbbUiRxdzNQtLtgZzOV Zw7jxUCs4UUZLQTCuBpFgb15bBxYZ/BL9MbzxPxvfUQIPbnzQMcqtpUs21CMK2PdfCh5c4gS sDci6D5/ZIBw94UQWmGpM/O1ilGXde2ZzzGYl64glmccD8e87OnEgKnH3FbnJnT4iJchtSvx yJNi1+t0+qDti4m88+/9IuPqCKb6Stl+s2dnLtJNrjXBGJtsQG/sRpqsJz5x1/2nPJSRMsx9 5YfqbdrJSOFXDzZ8/r82HgQEtUvlSXNaXCa95ez0UkOG7+bDm2b3s0XahBQeLVCH0mw3RAQg r7xDAYKIrAwfHHmMTnBQDPJwVqxJjVNr7yBic4yfzVWGCGNE4DnOW0vcIeoyhy9vnIa3w1uZ 3iyY2Nsd7JxfKu1PRhCGwXzRw5TlfEsoRI7V9A8isUCoqE2Dzh3FvYHVeX4Us+bRL/oqareJ CIFqgYMyvHj7Q06kTKmauOe4Nf0l0qEkIuIzfoLJ3qr5UyXc2hLtWyT9Ir+lYlX9efqh7mOY qIws/H2t In-Reply-To: <984d9775-e17c-0231-b021-126b13a9aa42@huawei.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 6/15/26 05:29, Miaohe Lin wrote: > On 2026/6/11 21:20, David Hildenbrand (Arm) wrote: >> On 6/11/26 09:36, Miaohe Lin wrote: >>> >>> Agree, it's not worth to do so. >>> >>> >>> Since memory_failure might be the only place, this change would be unacceptable. >>> We should come up with a better solution. Maybe we can try repeating SetPageHWPoison >>> and ClearPageHWPoison at a first attempt though it looks somewhat weird to me and makes >>> code more complicated. >> >> And I am fairly sure we could still have some remaining races ... it's shaky. > > I have to agree it's shaky. Right, just let writing task reschedule after reading the flags, but before writing the flags. > Any suggestion for next step? We have various code that assumes that no concurrent writes are possible, and consequently, we use no atomics. __free_pages_prepare() is just one user. Then we have __folio_set_locked(), __folio_clear_active() and __folio_clear_unevictable(). But also __folio_mark_uptodate(), which is called rather frequently. page_cpupid_reset_last() is also a thing, but it mostly falls under __free_pages_prepare() handling. ... and __split_folio_to_order() also messes with flags directly without atomics. Many of these are only possible for frozen pages (refcount == 0). I think only __folio_set_locked() and __folio_mark_uptodate() are called on non-frozen pages, when there is the expectation that nobody will concurrently use atomics that would be bad (e.g., don't trylock if not an lru page). We don't want to use atomics at these places just to please memory failure code. Would it be sufficient to know in memory-failure code that concurrent handling succeeded? Assume that we enlighten all non-atomics to grab the rcu read lock, such as diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h index 7223f6f4e2b4..3c3852b60bbd 100644 --- a/include/linux/page-flags.h +++ b/include/linux/page-flags.h @@ -803,10 +803,30 @@ static inline bool PageUptodate(const struct page *page) return folio_test_uptodate(page_folio(page)); } +#ifdef CONFIG_MEMORY_FAILURE +static inline void page_flags_modify_nonatomic_begin(void) +{ + rcu_read_lock(); +} +static inline void page_flags_modify_nonatomic_end(void) +{ + rcu_read_unlock(); +} +#else +static inline void page_flags_modify_nonatomic_begin(void) +{ +} +static inline void page_flags_modify_nonatomic_end(void) +{ +} +#endif + static __always_inline void __folio_mark_uptodate(struct folio *folio) { smp_wmb(); + page_flags_modify_nonatomic_begin(); __set_bit(PG_uptodate, folio_flags(folio, 0)); + page_flags_modify_nonatomic_end(); } And then we have some retry logic such as: diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 51508a55c405..1123c40aaf43 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -162,6 +162,62 @@ static struct rb_root_cached pfn_space_itree = RB_ROOT_CACHED; static DEFINE_MUTEX(pfn_space_lock); +static bool page_test_set_hwpoison(struct page *page) +{ + lockdep_assert_held(&mf_mutex); + + while (true) { + /* Already set -> not our problem. */ + if (TestSetPageHWPoison(page)) + return true; + /* Make sure concurrent non-atomic writers completed. */ + synchronize_rcu(); + /* Setting the flag was sticky. */ + if (PageHWPoison(page)) + return false; + } +} + +static bool page_test_clear_hwpoison(struct page *page) +{ + lockdep_assert_held(&mf_mutex); + + while (true) { + /* Already clear -> not our problem. */ + if (!TestClearPageHWPoison(page)) + return false; + /* Make sure concurrent non-atomic writers completed. */ + synchronize_rcu(); + /* Clearing the flag was sticky. */ + if (!PageHWPoison(page)) + return true; + } +} + +static void page_set_hwpoison(struct page *page) +{ + lockdep_assert_held(&mf_mutex); + + while (!PageHWPoison(page)) { + SetPageHWPoison(page); + + /* Make sure concurrent non-atomic writers completed. */ + synchronize_rcu(); + } +} + +static void page_clear_hwpoison(struct page *page) +{ + lockdep_assert_held(&mf_mutex); + + while (PageHWPoison(page)) { + ClearPageHWPoison(page); + + /* Make sure concurrent non-atomic writers completed. */ + synchronize_rcu(); + } +} + /* * Return values: * 1: the page is dissolved (if needed) and taken off from buddy, @@ -199,7 +255,7 @@ static bool page_handle_poison(struct page *page, bool hugepage_or_freepage, boo return false; } - SetPageHWPoison(page); + page_set_hwpoison(page); if (release) put_page(page); page_ref_inc(page); @@ -1744,7 +1800,7 @@ static int mf_generic_kill_procs(unsigned long long pfn, int flags, * Use this flag as an indication that the dax page has been * remapped UC to prevent speculative consumption of poison. */ - SetPageHWPoison(&folio->page); + page_set_hwpoison(&folio->page); /* * Unlike System-RAM there is no possibility to swap in a @@ -1789,7 +1845,7 @@ int mf_dax_kill_procs(struct address_space *mapping, pgoff_t index, goto unlock; if (!pre_remove) - SetPageHWPoison(page); + page_set_hwpoison(page); /* * The pre_remove case is revoking access, the memory is still @@ -1866,7 +1922,7 @@ static unsigned long __folio_free_raw_hwp(struct folio *folio, bool move_flag) head = llist_del_all(raw_hwp_list_head(folio)); llist_for_each_entry_safe(p, next, head, node) { if (move_flag) - SetPageHWPoison(p->page); + page_set_hwpoison(p->page); else num_poisoned_pages_sub(page_to_pfn(p->page), 1); kfree(p); @@ -2380,7 +2436,7 @@ int memory_failure(unsigned long pfn, int flags) if (res != -ENOENT) goto unlock_mutex; - if (TestSetPageHWPoison(p)) { + if (page_test_set_hwpoison(p)) { res = -EHWPOISON; if (flags & MF_ACTION_REQUIRED) res = kill_accessing_process(current, pfn, flags); @@ -2410,7 +2466,7 @@ int memory_failure(unsigned long pfn, int flags) } else { /* We lost the race, try again */ if (retry) { - ClearPageHWPoison(p); + page_clear_hwpoison(p); retry = false; goto try_again; } @@ -2431,7 +2487,7 @@ int memory_failure(unsigned long pfn, int flags) /* filter pages that are protected from hwpoison test by users */ folio_lock(folio); if (hwpoison_filter(p)) { - ClearPageHWPoison(p); + page_clear_hwpoison(p); folio_unlock(folio); folio_put(folio); res = -EOPNOTSUPP; @@ -2751,7 +2807,7 @@ int unpoison_memory(unsigned long pfn) } folio_put(folio); - if (TestClearPageHWPoison(p)) { + if (page_test_clear_hwpoison(p)) { folio_put(folio); ret = 0; } Maybe that would work. There would still be issues to solve (a) We don't hold the mf_mutex on all call paths, but we really need it so a page_test_set_hwpoison() cannot race in weird ways with the other primitives I think. (b) There are some leftover SetPageHWPoison etc. instances. The ones in arch/x86/kernel/cpu/mce/core.c likely cannot grab the mutex, but maybe they are corner cases either way and we can document the situation. Further, while I assume the synchronize_rcu() on the MCE path should be fine (who cares about performance there?), I don't know if the added RCU read lock on some paths could be noticable. So one idea worth discussing, but I am sure there are more problems. -- Cheers, David