Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp3737971ybc; Thu, 21 Nov 2019 12:58:12 -0800 (PST) X-Google-Smtp-Source: APXvYqwL+3241YGNrKoRcp0t4duzzdHDmjzZB2JElx6FkTjoHkNbjDwayI5198UuBP+A439e/MrK X-Received: by 2002:a17:906:d793:: with SMTP id pj19mr16315102ejb.303.1574369892548; Thu, 21 Nov 2019 12:58:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574369892; cv=none; d=google.com; s=arc-20160816; b=nr4eHdDCjCjXfjVlKFaKShqiCzQIZCTHwX1klMLPpsTeXXpZqAT717+Cn0BzVxqoIA bSmLF4lUUCqXvc/76bgFEgnS/HehH48uN//6vdu3Obpmx+LtXpYXBKJyGJdTPreS1Kjq YYMOLrfeah+gNH3QnB2eW5fNXl+5cJ2AzszO2jUEc71yOuIWaxlhdo1T9Hgjr4HdvYT5 Gh0htn81EYEEXJpP7yOOH4mSNjHKRh/BP9sNg/wa6iVvjZWrK4tFRGdvOObBnZP++nRV XTgszIXaOK5ZUY/V/Z2ZKRPTvRx9IyaDIoF9dbDdXvFMjUXiX0unDJ8IUhy2F06Fc9fs C51A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=jo8ATEWyaSv/vLCn6HnPEaOlsTqvflPgdCXI72jAtAM=; b=MwOOZmT0zDfTfLvmWlknnaa21PLPzYTNkC9ekMuZwgAxRP/GV+hjOhaA/zqxmBdkad c1Qgv2w1XoqFcLAX7pvmX5gl4XGKk0QeS1pE/AzLKjy/zoke7CchQtD6Rfz0Juh/AzzY T4sVs/WD0gch153aiD4sHMFG8I7xrIVh88WHddOnrG6ONH6Vymz/CGD7nApfL9sG1ktT TP1JDXVm13z8CLHvDf1DF8R9hhsO+d8JGok5JruAWZYhI2GLgJe7FaJVFB1hMiS4NqTq B2noLZ75Ue5dH734cM6xcRXesdd8Q4uNKhk9ddwlkTKmcBnNcShjyFhKJofgauBR4NFw eqCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cmpxchg-org.20150623.gappssmtp.com header.s=20150623 header.b=cwuJLrMB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=cmpxchg.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o2si3390796edj.290.2019.11.21.12.57.48; Thu, 21 Nov 2019 12:58:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@cmpxchg-org.20150623.gappssmtp.com header.s=20150623 header.b=cwuJLrMB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=cmpxchg.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726852AbfKUU4e (ORCPT + 99 others); Thu, 21 Nov 2019 15:56:34 -0500 Received: from mail-qk1-f193.google.com ([209.85.222.193]:43321 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726293AbfKUU4e (ORCPT ); Thu, 21 Nov 2019 15:56:34 -0500 Received: by mail-qk1-f193.google.com with SMTP id p14so4343814qkm.10 for ; Thu, 21 Nov 2019 12:56:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=jo8ATEWyaSv/vLCn6HnPEaOlsTqvflPgdCXI72jAtAM=; b=cwuJLrMBZhPa5DBRo45PuWX50UB2Z5+gnbtBmxVA7l/W0adG0YbnCA+7EREee4ihMc /RtO2VS4M4autGBGzWZTC46Jv/LvU147g9Fe9ZrChLgdMY+2MhaYCoaBjmPAKML/GefK VsbDCS5rx0r5a8Yr8KgX4nvZa37JnXmMlmF9QekitglonB7f4EXFQTtRmVDQb2Zbltlx KwQpiRpPbM2LMBteWoe4r9FvgKpzKFjVlySacY13KC2eiNkTNw4bwv7DtJGh5FIwLoM2 eD8G2mK3gounHPRVqZB7S/qn3WcDBAFP289D4mndKgQmZUjv19S70bmW84IqqAvtTHWJ c2Vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=jo8ATEWyaSv/vLCn6HnPEaOlsTqvflPgdCXI72jAtAM=; b=dLi8bHBM6RzrG3oH9RkiCKY70TUV0NjEfKMI6KhVZ+LW1M4H7ohHvRzaryweywAd+J BGsjEYJYhRvRkL9RdFMYMYJuFBkvrKr25jqj3Dsd/mIGW36Ph8VxIex6hr0UJBrU9km7 X6Jnlp79dBiXEyX69aWo0TsuAksElKLBa47OuHetHHLjo64x0A7N3Nx1MVfl189Jq11I PUk9bSARJ73o/NiYm54t4TQgLd1NwjTcCuxCP7RBOLmu+bNCGUfCUofHbC+bpRaPIhCz ljJMvr2JeW0tpXsuepCdJOMEMy3IJ4YBWp/2dPZ8ZpZCBRRqU5eUy74asALu+0XpI3Xz IfOg== X-Gm-Message-State: APjAAAW7TWb86GSIiEJKfYuP5iORhMn08xH3eUyr0xPVQPMG/wtMUgJu bXAkb/rtaA7RnC+vXYU2pquK8Yc9q7/vVA== X-Received: by 2002:a05:620a:1653:: with SMTP id c19mr2834381qko.482.1574369793110; Thu, 21 Nov 2019 12:56:33 -0800 (PST) Received: from localhost ([2620:10d:c091:500::1:dbed]) by smtp.gmail.com with ESMTPSA id b4sm1934576qka.75.2019.11.21.12.56.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Nov 2019 12:56:32 -0800 (PST) Date: Thu, 21 Nov 2019 15:56:31 -0500 From: Johannes Weiner To: Hugh Dickins Cc: Andrew Morton , Shakeel Butt , Michal Hocko , Alex Shi , Roman Gushchin , linux-mm@kvack.org, cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@fb.com Subject: Re: [PATCH] mm: fix unsafe page -> lruvec lookups with cgroup charge migration Message-ID: <20191121205631.GA487872@cmpxchg.org> References: <20191120165847.423540-1-hannes@cmpxchg.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.2 (2019-09-21) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 20, 2019 at 07:15:27PM -0800, Hugh Dickins wrote: > It like the way you've rearranged isolate_lru_page() there, but I > don't think it amounts to more than a cleanup. Very good thinking > about the odd "lruvec->pgdat = pgdat" case tucked away inside > mem_cgroup_page_lruvec(), but actually, what harm does it do, if > mem_cgroup_move_account() changes page->mem_cgroup concurrently? > > You say use-after-free, but we have spin_lock_irq here, and the > struct mem_cgroup (and its lruvecs) cannot be freed until an RCU > grace period expires, which we rely upon in many places, and which > cannot happen until after the spin_unlock_irq. You are correct, I missed the rcu locking implied by the spinlock. With this, the justification for this patch is wrong. But all of this is way too fragile and error-prone for my taste. We're looking up a page's lruvec in a scope that does not promise at all that the lruvec will be the page's. Luckily we currently don't touch the lruvec outside of the PageLRU branch, but this subtlety is entirely non-obvious from the code. I will put more thought into this. Let's scrap this patch for now.