Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1871529ybn;
        Thu, 26 Sep 2019 03:31:58 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyUUlk6lD3EAEK23sh0vU6ZZlCHPKJG7HUFhPh1b+kjaNSxYvQDA8LDQFjkYMo+Nii69kKI
X-Received: by 2002:a17:906:8c8:: with SMTP id o8mr2482394eje.56.1569493918430;
        Thu, 26 Sep 2019 03:31:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569493918; cv=none;
        d=google.com; s=arc-20160816;
        b=qC6iNsFosIwtQFTH8xig0Cumq2qmIP8+qTw9/xexFgvfnePZU9mpQHSu6tBHPwrWfH
         Yg648dsduk/4piydkbnEdqi4WwUiIIQsCIGUXx5tCSLbtePHkJ7OD+ar/Q3c39uHMSpu
         uSDsXUEsNMy5yLGMX1kDk98Ttmf2TuU8MWbQ9GMUE8PXKuxhnPRG/g4uOi7+ZO0WpAwW
         yVk14bOWkLsmy7AZI8Y0ZxKTDUnoy+FWHE7XkHYB4LQCEn/pj24s8ukfWIRopzLn7IE/
         rLlwuO29lJuXEQ8CDE3NUhrNBMB0fqJUd/SG8ins2L6xl3GGOYHWr80fImZyAhEG8k79
         MfkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:subject:cc:to:from:date:dkim-signature;
        bh=VXH3Ua8oN6gJFR5T3GpYv9HdGvkWILtcOQDXfdZ+hho=;
        b=RfNIARpsm198R34eh0r0zPU54ncY7ioGl2i5bnscUnlmcmy1tO6wZvEbmdPCOalM+L
         1Cekch8nsG8GO2zMaLpNGe8z1DNk5BrLfHP/bqtIkbPFMaeakPdeKcRsS7sRj3R9/DqX
         S4poPEcqLZ6RnEbDdybBnBEbNH7R2O6s9lOe3zM2wyzo1y0FrP9Pjwy4YmlXxPuXm2Lg
         4oCZeUJFthhK7+44i4wNCR1P1QaaF558/ugWs5Wx3Qxn2k7YI9/eP90d2bllANeSe6jX
         djGLR5Uu+u76OrHTGTLq5fRDGaUwbwIdsFcwEyaQwkmk02mPpDGImKwlzoT2b3I8EHC+
         Ojvw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=AWYQiVhm;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s42si961065edm.292.2019.09.26.03.31.35;
        Thu, 26 Sep 2019 03:31:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=AWYQiVhm;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729796AbfIZIss (ORCPT <rfc822;1dalishi1@gmail.com> + 99 others);
        Thu, 26 Sep 2019 04:48:48 -0400
Received: from mail-lf1-f66.google.com ([209.85.167.66]:35186 "EHLO
        mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726962AbfIZIss (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Sep 2019 04:48:48 -0400
Received: by mail-lf1-f66.google.com with SMTP id w6so1088370lfl.2
        for <linux-kernel@vger.kernel.org>; Thu, 26 Sep 2019 01:48:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:mime-version
         :content-transfer-encoding;
        bh=VXH3Ua8oN6gJFR5T3GpYv9HdGvkWILtcOQDXfdZ+hho=;
        b=AWYQiVhmU49sBPZnlWVKUJLtD5J5kkDajluEr8cbxdB7n8QKDQV1snnf9VCQNxWf++
         8/71iNzmhwEf8m8tEVAIQ6p+8GOqd2m5n8xkYNrrlM+AiNDOI0LSIZiCDx2aTMAe359h
         Gt7gmb/K/B+/EcOTJDPWh5//R9rBQulHY2hpe2ppcUjaP8NfKEHQKyTZQ397ACmfOJh3
         4dFhTA0hqxLVIhWCcqrYlv5XiN9ZkWQxN4GuWciVIVg9UIkSBZ9KHd7S/iPapzVSwk/b
         1WJAf2wsB73RosaSF5VPUc8hDm7Y+jaed1XCEDpl1KPTi0g++DzFCvV3nEBvvBIOkBbU
         NNmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
         :content-transfer-encoding;
        bh=VXH3Ua8oN6gJFR5T3GpYv9HdGvkWILtcOQDXfdZ+hho=;
        b=MtmKwBn6ZXbxbXqJ0DhzotSuGTf+MEg/G83EVF/21SPGSvGzkimfKTTstiopnT5hQf
         1LRDHCHUw0I1gnyJcCgdMbpG+dvHe/zQD1HQFQxqQR6T73Po4uZihBjuW8t6sr9o7Uh+
         YRPij48XKaU8/UioBC33thG2yqYYxaERUfwd6JH+5aNfbfFmMtV5m1I7ierjfixjwgIS
         oeQVuyVYRXhgF0O1lm73nY4y6cD4QImG87JIqMsSXucKRIjVALrQs985GX6W07d1tTjv
         r3TxYtcuCW/fWvWU1o403fydOCSIz5bfTjvSQ26lPBY7vjVt3/1ZXEet6bsxnwQLykoh
         R17Q==
X-Gm-Message-State: APjAAAV8VPYVObLAEKIhaGTRn472CgMQQaNM+yUV+OyoSYY1TgG70oiV
        6hJLHEIHkN8ivzkqRH0pu69UHKYDg58=
X-Received: by 2002:a19:f817:: with SMTP id a23mr1430709lff.18.1569487726227;
        Thu, 26 Sep 2019 01:48:46 -0700 (PDT)
Received: from seldlx21914.corpusers.net ([37.139.156.40])
        by smtp.gmail.com with ESMTPSA id g21sm362202lje.67.2019.09.26.01.48.45
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 26 Sep 2019 01:48:45 -0700 (PDT)
Date:   Thu, 26 Sep 2019 10:48:44 +0200
From:   Vitaly Wool <vitalywool@gmail.com>
To:     Linux-MM <linux-mm@kvack.org>, linux-kernel@vger.kernel.org
Cc:     Andrew Morton <akpm@linux-foundation.org>,
        Markus Linnala <markus.linnala@gmail.com>, stable@kernel.org,
        Dan Streetman <ddstreet@ieee.org>,
        Vlastimil Babka <vbabka@suse.cz>
Subject: [PATCH] z3fold: claim page in the beginning of free
Message-Id: <20190926104844.4f0c6efa1366b8f5741eaba9@gmail.com>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.30; x86_64-unknown-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

There's a really hard to reproduce race in z3fold between
z3fold_free() and z3fold_reclaim_page(). z3fold_reclaim_page()
can claim the page after z3fold_free() has checked if the page
was claimed and z3fold_free() will then schedule this page for
compaction which may in turn lead to random page faults (since
that page would have been reclaimed by then). Fix that by
claiming page in the beginning of z3fold_free().

Reported-by: Markus Linnala <markus.linnala@gmail.com>
Signed-off-by: Vitaly Wool <vitalywool@gmail.com>
---
 mm/z3fold.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mm/z3fold.c b/mm/z3fold.c
index 05bdf90646e7..01b87c78b984 100644
--- a/mm/z3fold.c
+++ b/mm/z3fold.c
@@ -998,9 +998,11 @@ static void z3fold_free(struct z3fold_pool *pool, unsigned long handle)
 	struct z3fold_header *zhdr;
 	struct page *page;
 	enum buddy bud;
+	bool page_claimed;
 
 	zhdr = handle_to_z3fold_header(handle);
 	page = virt_to_page(zhdr);
+	page_claimed = test_and_set_bit(PAGE_CLAIMED, &page->private);
 
 	if (test_bit(PAGE_HEADLESS, &page->private)) {
 		/* if a headless page is under reclaim, just leave.
@@ -1008,7 +1010,7 @@ static void z3fold_free(struct z3fold_pool *pool, unsigned long handle)
 		 * has not been set before, we release this page
 		 * immediately so we don't care about its value any more.
 		 */
-		if (!test_and_set_bit(PAGE_CLAIMED, &page->private)) {
+		if (!page_claimed) {
 			spin_lock(&pool->lock);
 			list_del(&page->lru);
 			spin_unlock(&pool->lock);
@@ -1044,7 +1046,7 @@ static void z3fold_free(struct z3fold_pool *pool, unsigned long handle)
 		atomic64_dec(&pool->pages_nr);
 		return;
 	}
-	if (test_bit(PAGE_CLAIMED, &page->private)) {
+	if (page_claimed) {
 		z3fold_page_unlock(zhdr);
 		return;
 	}
-- 
2.17.1