Received: by 10.223.176.46 with SMTP id f43csp181053wra;
        Thu, 18 Jan 2018 15:51:48 -0800 (PST)
X-Google-Smtp-Source: ACJfBovYDseZ5ZlNqVFuf80qDPBhTM141BIeNmzCtJH72iQ3GI/5bBMU3PaRRWOCGrRMJTrHdqUm
X-Received: by 10.99.117.86 with SMTP id f22mr32666390pgn.330.1516319508635;
        Thu, 18 Jan 2018 15:51:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516319508; cv=none;
        d=google.com; s=arc-20160816;
        b=m3Hg/WoR1HFeHcdeulTf11/jYgeT5HB637StYnRcX5ekP3+5LaMRqrtRs7IRBgNCTs
         H8E/EsOnT5PrlT7GU8lDSaX0FwLoxemgPq9eMiIEud3r08a7zlY1BpWY2zcqjlqxKXsN
         w22dWZYWW2M8muK8feBL5vl1k/ZPpZJj3xikQC86E0reumQLmb2y2mvc3shL+6HLO/Bg
         s1ZAOx1DXXh3E8SGAjqU/H9uZ3M5tWi5X7vaRy2eTQT7p2KfPZ+r/MJIwuEaQYVMV+tL
         Usr5+PmNjxmNAcqJ57U+hpLbuliTDZBnpJr8cgrWL3LMotQ8sRcIHPO/OzkjLCUUTyAL
         DdRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=IBANaJTt7/ScDTlKRsoy8dPqkym8cg/f4qaI4g7CdH0=;
        b=AjS7yUhJErm1wmdrF8PETNemPt/02AXXt0NV5EKLEPGsiZfebuMC93zpMgirhElaMZ
         uqqmB4coZTJiyfwLyXYYWucIaAuj2jS0Gxriz1HO54M6aIRg4yj3GvKHyw+/TjxY1ukO
         jEy2/1T3frqN6unwWXFJG0GnGu/M13X4FCnAPQabKJ9Tg8RwVVCbYBXkZvWltpyultgl
         Suy1cKdn5ODT6ky1nW+/F+DtF6rc4mERtRU2xUirtKYW7NV388xsItN9GNY+ETgxpPbU
         7iXSiLdAnA1kaZOmuKHWJdOsh0fwWs3CA6MIpXsSf/fYE7k1JxpCwNIs+yxV/+AcyEgP
         xPOg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=e9dl3T64;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z81si1691520pfa.224.2018.01.18.15.51.34;
        Thu, 18 Jan 2018 15:51:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=e9dl3T64;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932647AbeARXuJ (ORCPT <rfc822;xc.haze2010@gmail.com>
        + 99 others); Thu, 18 Jan 2018 18:50:09 -0500
Received: from mail-wm0-f66.google.com ([74.125.82.66]:36149 "EHLO
        mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932394AbeARXuD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 18 Jan 2018 18:50:03 -0500
Received: by mail-wm0-f66.google.com with SMTP id f3so209237wmc.1
        for <linux-kernel@vger.kernel.org>; Thu, 18 Jan 2018 15:50:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=shutemov-name.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=IBANaJTt7/ScDTlKRsoy8dPqkym8cg/f4qaI4g7CdH0=;
        b=e9dl3T640F19WbyqcVe91CNTKZVPOqr1k4x7aAUveS2YU2R7kqSz+sZ+V5qOD2rJfG
         OD6+8SdrH9dmshg4NvVFU8B2c7pcO6AowMDi9G+aI7Hs7gIHsMi2LWCyY6uEDCwf50y4
         V+1DEsB/Ui7zLVKivCFxmSs0rucjJL+QUVEYdqjGNZnXLzepKWPFGRhyV+Qi5/6RDHJT
         6cNTvWD+PvnP6sYSxLOORI2kc6Ls0icLtI/SQ4SLLtV/AnuYYXSZ4ekIkViv8iNK0ZXs
         UdDkX4122mJ7N7lJGeJl/tJpcoyOIr1450EOmF8T5yZui4TQBoLLbM8qdTK2Dh8EpE8y
         2x2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=IBANaJTt7/ScDTlKRsoy8dPqkym8cg/f4qaI4g7CdH0=;
        b=lHSr6bC6KUGZvHfeuWEzpxCyUeX5G73l3qA1s5asi4a190moWgwaIX4ybb8UEcZ1PQ
         qLMW/pCz4e2MptEsxjcnAS+jOyGdGd2lANiYxjACbXfvmKNf3hmL1JZyZDJ8uVQQFd8x
         RqaGliqeTeQ8UsPw2d8I0+uv4/89AKpqpllAXbIauj0VgkHGLqDkE22DVi+Kzuy0V5km
         ShTRv9sasbWQcYF/Y32ac/WRloxwffIS9u2Ixwdm1opOBvTQhSX1EE6ybBubn6AlgOkr
         kBLkq4iSDBA27Y0nsfhVSZroBBoJ9EM+i4jYSyFFhcx73drgJf+F3cvZCZMSjTdAuP6H
         7uow==
X-Gm-Message-State: AKwxytf9N22WuDr/G60C6gtI9x7q73TS1qFmj7uSDqw8gYQlbACk4jht
        oXc47LGA/9XpNtRKvTf0sbDH/w==
X-Received: by 10.80.153.75 with SMTP id l11mr10130508edb.245.1516319401981;
        Thu, 18 Jan 2018 15:50:01 -0800 (PST)
Received: from node.shutemov.name ([178.122.206.50])
        by smtp.gmail.com with ESMTPSA id y5sm5147329ede.71.2018.01.18.15.49.56
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 18 Jan 2018 15:49:56 -0800 (PST)
Received: by node.shutemov.name (Postfix, from userid 1000)
        id 43339648D520; Fri, 19 Jan 2018 02:49:55 +0300 (+03)
Date:   Fri, 19 Jan 2018 02:49:55 +0300
From:   "Kirill A. Shutemov" <kirill@shutemov.name>
To:     Linus Torvalds <torvalds@linux-foundation.org>,
        Peter Zijlstra <peterz@infradead.org>
Cc:     Andrea Arcangeli <aarcange@redhat.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>,
        Mel Gorman <mgorman@techsingularity.net>,
        Tony Luck <tony.luck@intel.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        Michal Hocko <mhocko@kernel.org>,
        "hillf.zj" <hillf.zj@alibaba-inc.com>,
        Hugh Dickins <hughd@google.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Rik van Riel <riel@redhat.com>,
        Srikar Dronamraju <srikar@linux.vnet.ibm.com>,
        Vladimir Davydov <vdavydov.dev@gmail.com>,
        Ingo Molnar <mingo@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-mm <linux-mm@kvack.org>,
        the arch/x86 maintainers <x86@kernel.org>
Subject: Re: [mm 4.15-rc8] Random oopses under memory pressure.
Message-ID: <20180118234955.nlo55rw2qsfnavfm@node.shutemov.name>
References: <CA+55aFxOn5n4O2JNaivi8rhDmeFhTQxEHD4xE33J9xOrFu=7kQ@mail.gmail.com>
 <201801170233.JDG21842.OFOJMQSHtOFFLV@I-love.SAKURA.ne.jp>
 <CA+55aFyxyjN0Mqnz66B4a0R+uR8DdfxdMhcg5rJVi8LwnpSRfA@mail.gmail.com>
 <201801172008.CHH39543.FFtMHOOVSQJLFO@I-love.SAKURA.ne.jp>
 <201801181712.BFD13039.LtHOSVMFJQFOFO@I-love.SAKURA.ne.jp>
 <20180118122550.2lhsjx7hg5drcjo4@node.shutemov.name>
 <d8347087-18a6-1709-8aa8-3c6f2d16aa94@linux.intel.com>
 <20180118145830.GA6406@redhat.com>
 <20180118165629.kpdkezarsf4qymnw@node.shutemov.name>
 <CA+55aFy43ypm0QvA5SqNR4O0ZJETbkR3NDR=dnSdvejc_nmSJQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+55aFy43ypm0QvA5SqNR4O0ZJETbkR3NDR=dnSdvejc_nmSJQ@mail.gmail.com>
User-Agent: NeoMutt/20171215
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jan 18, 2018 at 09:26:25AM -0800, Linus Torvalds wrote:
> On Thu, Jan 18, 2018 at 8:56 AM, Kirill A. Shutemov
> <kirill@shutemov.name> wrote:
> >
> > I can't say I fully grasp how 'diff' got this value and how it leads to both
> > checks being false.
> 
> I think the problem is that page difference when they are in different sections.
> 
> When you do
> 
>      pte_page(*pvmw->pte) - pvmw->page
> 
> then the compiler takes the pointer difference, and then divides by
> the size of "struct page" to get an index.
> 
> But - and this is important - it does so knowing that the division it
> does will have no modulus: the two 'struct page *' pointers are really
> in the same array, and they really are 'n*sizeof(struct page)' apart
> for some 'n'.
> 
> That means that the compiler can optimize the division. In fact, for
> this case, gcc will generate
> 
>         subl    %ebx, %eax
>         sarl    $3, %eax
>         imull   $-858993459, %eax, %eax
> 
> because 'struct page' is 40 bytes in size, and that magic sequence
> happens to divide by 40 (first divide by 8, then that magical "imull"
> will divide by 5 *IFF* the thing is evenly divisible by 5 (and not too
> big - but the shift guarantees that).
> 
> Basically, it's a magic trick, because real divides are very
> expensive, but you can fake them more quickly if you can limit the
> input domain.
> 
> But what does it mean if the two "struct page *" are not in the same
> array, and the two arrays were allocated not aligned exactly 40 bytes
> away, but some random number of pages away?
> 
> You get *COMPLETE*GARBAGE* when you do the above optimized divide.
> Suddenly the divide had a modulus (because the base of the two arrays
> weren't 40-byte aligned), and the "trick" doesn't work.
> 
> So that's why you can't do pointer diffs between two arrays. Not
> because you can't subtract the two pointers, but because the
> *division* part of the C pointer diff rules leads to issues.

Thanks a lot for the explanation!

I wounder if this may be a problem in other places?

For instance, perf uses address of a mutex to determinate the lock
ordering. See mutex_lock_double(). The mutex is embedded into struct
perf_event_context, which is allocated with kzalloc() so I don't see how
we can presume that alignment is consistent between them.

I don't think it's the only example in kernel. Are we just lucky?

-- 
 Kirill A. Shutemov