Received: by 10.223.148.5 with SMTP id 5csp7785352wrq;
        Thu, 18 Jan 2018 09:27:08 -0800 (PST)
X-Google-Smtp-Source: ACJfBos9h/HUIGSjRvB5g7VLJZWd5YUJDFwcwNjMXhS/b7ifc7RhWHiqi1+bZ5Q/RldCRBofGvhq
X-Received: by 10.99.155.2 with SMTP id r2mr3460965pgd.422.1516296428545;
        Thu, 18 Jan 2018 09:27:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516296428; cv=none;
        d=google.com; s=arc-20160816;
        b=yaOe5tIvOOYZ6k+ZrATvgR1+h2GGUcvqhxlwG8IgYk+77doQqhaewaIw43DRY7EdBO
         E8yd+Ut4Vb9lwXcelTPguegiI0kaW3h/NG7JQDCwJIiTwYzkDjIvcseScG9+mDXwOkIY
         B6cM1gWVax/4hMHv4L1fz9pIZqxrhRd2LrWmVUw2W5fHdc6ZQ/+eoQO/iXCNu9P7lxWA
         /I6XQBxNKj/IZOpAx8loQulUBSa/1WiFkTj4726Jo8gwtKjzWek5bPZzza93Hq2tkj0r
         +hSjIuDUpbx7I5KkprElhfqsNUDag8MMS5l0MlKn3vhPRdxuB48L3EUWyyfrhScqxoCX
         +1TQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=jXrPIflARV9Kzy02+e12OFzxRS65cqUJIhPKkAP0+U0=;
        b=TWP8xF0jW9iE3ub9Qwe8TMGgfnloRQNfTpHTZkpx/PfNq6dliDRfeT9HHn9tUA8uh4
         HBTEO2373aO+5kb4+SPrhF5SHwj5wTwILbmqKNk/fjupL41+gZIhigrZMfdu/unx9ihy
         Vwq+4oLUmU06T5LQPhlioQp4jhqmEQMc9OR8wrav6ro3jqtf++yd3GV2yP/rXYPlFdS+
         ZHatKGD/rotJbXQF/HH7Sx/1ORimPBLcVD9GpKknEuXOUAZyi6oUs76MtUz2GwFCU09c
         KhxjbWXcd7mALE5G4biYT/9x8Ty/oPWTodFXkQvBWWiWhLVIz6PhmjQjbZomww0YlSdR
         eMXw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=hLsMyGPg;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l4si89790pgp.431.2018.01.18.09.26.54;
        Thu, 18 Jan 2018 09:27:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=hLsMyGPg;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755311AbeARR03 (ORCPT <rfc822;xc.haze2010@gmail.com>
        + 99 others); Thu, 18 Jan 2018 12:26:29 -0500
Received: from mail-io0-f173.google.com ([209.85.223.173]:41264 "EHLO
        mail-io0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1755186AbeARR01 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 18 Jan 2018 12:26:27 -0500
Received: by mail-io0-f173.google.com with SMTP id f6so25641642ioh.8
        for <linux-kernel@vger.kernel.org>; Thu, 18 Jan 2018 09:26:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=jXrPIflARV9Kzy02+e12OFzxRS65cqUJIhPKkAP0+U0=;
        b=hLsMyGPgWfOT6HaMGfJsU9oVXyQ54v6FV0VL0jGY6RQmmJ0m3rpj0dbb3F4m9BaH2r
         JbQXXcxN17k/LmGw5LIhnqh+55Hyzh4qC0BdF3ZcZKnXK8c6QGAeUSoCquoMGpo3qnjH
         VhZU9U4yVr7HSYykAzzdI9YLujqX1yXawG+N/xTWpA71P8pZm3O2QsIkpBxSuF9TOtsi
         tfWm/KDdmH/9b9bOOMRTO487zoIbbi+nwOfDvho92KQNhEgTbJx6s5TSXe0io1orz+sM
         tj1Oqza6Ssi1y62C6IVSM5eZb/BLKWGyqkonEdGURClYHSeK7TR2R4F59etM+M4lNq3T
         eUyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=jXrPIflARV9Kzy02+e12OFzxRS65cqUJIhPKkAP0+U0=;
        b=LLca54GdRCwA5ZbHm2nANn4ty0Xo5ttsFCXCFCzkxWpv41Sng8OGd7jStxwNNQaUFD
         uVMAMIWMjjK/Kvpvv1q9BP14v32HaMh9vrpCKj951VfA9BQSiAH/FhduIyO7kPaxi+Yf
         0ppWuLjALjFV9E4piPWkKH1r0bIE/htMgiXBSK5n8o1V5Z4P7wkNGBZaNvabm5yrfRqo
         FVk5FE+I/8aYfKZEc14W0aIxzVYHNrSmQRV+DK+IRxBQVKpOl/r41VKhjJ+bJGVCbLMo
         c5wXwKpXqD+fdPk2/bvpbkDjO62h4UEC9mv/EKbAdhwCgxwZqQAQqqohTQsWUWqZK72W
         cDUw==
X-Gm-Message-State: AKwxyteHiey0Hbme/KKD2k68CiKh+F1FmiQmrvde+tksXorkbRN3yKzk
        ByXSRnohBL87ya0oS4A3KdECyUXz88MP79PMGXg=
X-Received: by 10.107.183.78 with SMTP id h75mr8981213iof.201.1516296386698;
 Thu, 18 Jan 2018 09:26:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.6.147 with HTTP; Thu, 18 Jan 2018 09:26:25 -0800 (PST)
In-Reply-To: <20180118165629.kpdkezarsf4qymnw@node.shutemov.name>
References: <201801160115.w0G1FOIG057203@www262.sakura.ne.jp>
 <CA+55aFxOn5n4O2JNaivi8rhDmeFhTQxEHD4xE33J9xOrFu=7kQ@mail.gmail.com>
 <201801170233.JDG21842.OFOJMQSHtOFFLV@I-love.SAKURA.ne.jp>
 <CA+55aFyxyjN0Mqnz66B4a0R+uR8DdfxdMhcg5rJVi8LwnpSRfA@mail.gmail.com>
 <201801172008.CHH39543.FFtMHOOVSQJLFO@I-love.SAKURA.ne.jp>
 <201801181712.BFD13039.LtHOSVMFJQFOFO@I-love.SAKURA.ne.jp>
 <20180118122550.2lhsjx7hg5drcjo4@node.shutemov.name> <d8347087-18a6-1709-8aa8-3c6f2d16aa94@linux.intel.com>
 <20180118145830.GA6406@redhat.com> <20180118165629.kpdkezarsf4qymnw@node.shutemov.name>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu, 18 Jan 2018 09:26:25 -0800
X-Google-Sender-Auth: EUnhMoeGjs5inGLcafr37ajN4SM
Message-ID: <CA+55aFy43ypm0QvA5SqNR4O0ZJETbkR3NDR=dnSdvejc_nmSJQ@mail.gmail.com>
Subject: Re: [mm 4.15-rc8] Random oopses under memory pressure.
To:     "Kirill A. Shutemov" <kirill@shutemov.name>
Cc:     Andrea Arcangeli <aarcange@redhat.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>,
        Mel Gorman <mgorman@techsingularity.net>,
        Tony Luck <tony.luck@intel.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        Michal Hocko <mhocko@kernel.org>,
        "hillf.zj" <hillf.zj@alibaba-inc.com>,
        Hugh Dickins <hughd@google.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Rik van Riel <riel@redhat.com>,
        Srikar Dronamraju <srikar@linux.vnet.ibm.com>,
        Vladimir Davydov <vdavydov.dev@gmail.com>,
        Ingo Molnar <mingo@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-mm <linux-mm@kvack.org>,
        "the arch/x86 maintainers" <x86@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jan 18, 2018 at 8:56 AM, Kirill A. Shutemov
<kirill@shutemov.name> wrote:
>
> I can't say I fully grasp how 'diff' got this value and how it leads to both
> checks being false.

I think the problem is that page difference when they are in different sections.

When you do

     pte_page(*pvmw->pte) - pvmw->page

then the compiler takes the pointer difference, and then divides by
the size of "struct page" to get an index.

But - and this is important - it does so knowing that the division it
does will have no modulus: the two 'struct page *' pointers are really
in the same array, and they really are 'n*sizeof(struct page)' apart
for some 'n'.

That means that the compiler can optimize the division. In fact, for
this case, gcc will generate

        subl    %ebx, %eax
        sarl    $3, %eax
        imull   $-858993459, %eax, %eax

because 'struct page' is 40 bytes in size, and that magic sequence
happens to divide by 40 (first divide by 8, then that magical "imull"
will divide by 5 *IFF* the thing is evenly divisible by 5 (and not too
big - but the shift guarantees that).

Basically, it's a magic trick, because real divides are very
expensive, but you can fake them more quickly if you can limit the
input domain.

But what does it mean if the two "struct page *" are not in the same
array, and the two arrays were allocated not aligned exactly 40 bytes
away, but some random number of pages away?

You get *COMPLETE*GARBAGE* when you do the above optimized divide.
Suddenly the divide had a modulus (because the base of the two arrays
weren't 40-byte aligned), and the "trick" doesn't work.

So that's why you can't do pointer diffs between two arrays. Not
because you can't subtract the two pointers, but because the
*division* part of the C pointer diff rules leads to issues.

                Linus