Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1398288ybg;
        Thu, 11 Jun 2020 08:51:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxnojn8sFOVwS6pa291YIRhk5C0y/rPz+YtlzKuD7yy5LpnEJNyfFQ14SbRHeWG4woJRaHJ
X-Received: by 2002:a50:cfc4:: with SMTP id i4mr7355456edk.252.1591890685642;
        Thu, 11 Jun 2020 08:51:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1591890685; cv=none;
        d=google.com; s=arc-20160816;
        b=a/XnN6/vaRzn7ggcknSuomkWRF3t4dp4cFR+uU6YwTC7sUYUwCziPTR7DF4TEG8ENK
         rBZm863PuXuU3T+VFfKMpSYGfMs4kpDv0Q1JJ6Eal+nSEl67NyU4obE5lh25TAhd29wL
         i628VGUbA95CZxR2fFbT0ytWPs45iC9xz34YOXgFpsCVZS8A3LiqKJWQ9JjgAtCTY+pi
         NmFgzjcsCtD1BkAJsmRrU6atF7ZKYqaeFg51e+C/G8Jzb8lkw1th+qalEgdlS1TgO+jC
         jYMyAlCpUan5vd+t80GFkmUFaNWtORXVvam/dzs3uoA6s5aVBRt56V3a7K4nXlw0RHFc
         n2LA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=dY8CX7uM4+VzghrklI+OxUlvM0TVVJgkjdPAuartxsk=;
        b=1Lk2NQw5vZ8bf3eHclg8e3NTBmhwH/9/lKH0KNKgbAj0MKjfFkN2WD2kCaiTLBN3LB
         7tpH+eCHnD7+oiQRa/OFnVEwOoYOkEPGeBp7w3RvL/GYTEV360TREfRdfuCpPXI2GOi1
         jihyT+jL3tca+SrqhKxLQQJrdhbj32uJvleP1352roTH2u0OiQVpxtVMLOLg9Onafb97
         MmFIixH+6IhsA13R3AXn9x7DcAdHW+AhdmJr3XXenkIWnwSH8yd5p1CCMNa1EmFl9mZb
         g6vH6XWqoNt+C5+9eqZqU15vMb+50qBHidlhfVFe1GqDHWtxyjbQqnu9NufmDpDaAuUz
         bToA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bs3si1933272ejb.599.2020.06.11.08.51.02;
        Thu, 11 Jun 2020 08:51:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728624AbgFKPsR (ORCPT <rfc822;noahbdev@gmail.com> + 99 others);
        Thu, 11 Jun 2020 11:48:17 -0400
Received: from outbound-smtp40.blacknight.com ([46.22.139.223]:42715 "EHLO
        outbound-smtp40.blacknight.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728104AbgFKPsR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 11 Jun 2020 11:48:17 -0400
Received: from mail.blacknight.com (pemlinmail05.blacknight.ie [81.17.254.26])
        by outbound-smtp40.blacknight.com (Postfix) with ESMTPS id 114AC1C3A4F
        for <linux-kernel@vger.kernel.org>; Thu, 11 Jun 2020 16:48:16 +0100 (IST)
Received: (qmail 2398 invoked from network); 11 Jun 2020 15:48:15 -0000
Received: from unknown (HELO techsingularity.net) (mgorman@techsingularity.net@[84.203.18.5])
  by 81.17.254.9 with ESMTPSA (AES256-SHA encrypted, authenticated); 11 Jun 2020 15:48:15 -0000
Date:   Thu, 11 Jun 2020 16:43:51 +0100
From:   Mel Gorman <mgorman@techsingularity.net>
To:     Hugh Dickins <hughd@google.com>
Cc:     Andrew Morton <akpm@linux-foundation.org>,
        Vlastimil Babka <vbabka@suse.cz>, Li Wang <liwang@redhat.com>,
        Alex Shi <alex.shi@linux.alibaba.com>,
        linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH] mm, page_alloc: capture page in task context only
Message-ID: <20200611154351.GA3183@techsingularity.net>
References: <alpine.LSU.2.11.2006101342250.4607@eggly.anvils>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
In-Reply-To: <alpine.LSU.2.11.2006101342250.4607@eggly.anvils>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 10, 2020 at 01:48:59PM -0700, Hugh Dickins wrote:
> While stressing compaction, one run oopsed on NULL capc->cc in
> __free_one_page()'s task_capc(zone): compact_zone_order() had been
> interrupted, and a page was being freed in the return from interrupt.
> 
> Though you would not expect it from the source, both gccs I was using
> (a 4.8.1 and a 7.5.0) had chosen to compile compact_zone_order() with
> the ".cc = &cc" implemented by mov %rbx,-0xb0(%rbp) immediately before
> callq compact_zone - long after the "current->capture_control = &capc".
> An interrupt in between those finds capc->cc NULL (zeroed by an earlier
> rep stos).
> 
> This could presumably be fixed by a barrier() before setting
> current->capture_control in compact_zone_order(); but would also need
> more care on return from compact_zone(), in order not to risk leaking
> a page captured by interrupt just before capture_control is reset.
> 
> Maybe that is the preferable fix, but I felt safer for task_capc() to
> exclude the rather surprising possibility of capture at interrupt time.
> 
> Fixes: 5e1f0f098b46 ("mm, compaction: capture a page under direct compaction")
> Cc: stable@vger.kernel.org # 5.1+
> Signed-off-by: Hugh Dickins <hughd@google.com>

Acked-by: Mel Gorman <mgorman@techsingularity.net>

-- 
Mel Gorman
SUSE Labs