Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1623369pxa; Sun, 2 Aug 2020 14:34:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyW4YQWmfqt3ouSwa2bKJput/KiDBUSEbQCJ6r+ySgRQtIBHvYOyLyK0dUePEpr5fpeQS1r X-Received: by 2002:a50:a40e:: with SMTP id u14mr3819919edb.36.1596404065764; Sun, 02 Aug 2020 14:34:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596404065; cv=none; d=google.com; s=arc-20160816; b=GKznQPJP9P3kKr49r/L3pFUQANxYthghBY7h0LwJNTcJPupwq/jUt6XoK9qjbiW3Jd GMI2cnNhYqSfJ95gLXf+o7OV2a+UM0vAk7wv1U17YHwYJ8ZikLwgrBxAw2Vw42USs4sL EkvT+0vuN3ropu7TFLZvbcncnKiqFYhPQyearyI1tqhxYefL4QhSMQomomBTTRtefUQ7 17vFbr0KJAMpp/D3vl6lmynGlklRoDN6EtNWHHFaDqeyzOK8r/DOBI+J2wThL0rLwzH9 rgOkXxrblCa52B5SdxRsnSgXCVbO1LrmkE880PlZq4Y/seWlGUBYMl3cnZ2rPdwnZLzL UOhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=yt8bNBaIV64wySDW8cExaLb5AaApyS2IQgoQTTkg7Wc=; b=pGDbCK9ShPdGwT6ueOK/RwvKJ367+lf3eh+kJzRs6cZdmAs4otTfCUdVtGprdckQ4j TlMpP4/BjvM5H1av3dDV5omSWHMfQBwow52CLIVwpSFkK1LqiK2ec8/oC0FR7G9eK0E2 uw2730TmsbTgEOAHCEoVYpdiTFr2K3UD3QmKH7mcR3n+ZDVkIm2H+bRC8zhKb61u/Gcy 6DC1JUJK81Lgy94SmIH1L867Xy7kpcAyC6gNHWSszgYJoRUk5pfczpQN4nJevbqGCWyi ZaDR22dfsMWX/RKHRwGflRUu/XnBqJy3BW4mpigY9DZT9wyQdrErttD8NT7IrFbKc3Iz uRRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=mOGaWHhS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b16si8237788edw.147.2020.08.02.14.33.35; Sun, 02 Aug 2020 14:34:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=mOGaWHhS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727101AbgHBVXU (ORCPT + 99 others); Sun, 2 Aug 2020 17:23:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726058AbgHBVXU (ORCPT ); Sun, 2 Aug 2020 17:23:20 -0400 Received: from mail-lj1-x243.google.com (mail-lj1-x243.google.com [IPv6:2a00:1450:4864:20::243]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EBD70C06174A for ; Sun, 2 Aug 2020 14:23:19 -0700 (PDT) Received: by mail-lj1-x243.google.com with SMTP id v4so27906092ljd.0 for ; Sun, 02 Aug 2020 14:23:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=yt8bNBaIV64wySDW8cExaLb5AaApyS2IQgoQTTkg7Wc=; b=mOGaWHhSC6DO4nHRpEGHE3IJE4pMn1OOjX3eZnuwo+AHNpAo6cCfemxXPo97kfSSJF skOBWc0X42eMmEmbgIB4A7d8dUaf+M6th9osCgyeYrkySdR1Vimyt6QkzNVcTq7AcqGK 4tuk6ccgg5rAsTaCiV8GBGwzKXEosg5gnZYSPL7UuLbgHW7rY1rlH3y8IzGjtmlGsVsF CgA2HC3L0Mm3fhLH81OjhjjV129uCW3IZACReJRhxph8zZE4Po4WVhNk1g12UZrTw1eq iOwZviLBlks9TFG4MvayPCjknaWyYbfmxqiqoh55q9BK6KScRk+jpQ+0Mua6AQazj/Sw K6rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=yt8bNBaIV64wySDW8cExaLb5AaApyS2IQgoQTTkg7Wc=; b=oGdsf5IBNsw6B0VPxCABcY097i3Ew9S4DxkBCrx61zKyl8qqXkxQv7Hv/LvbY90bgl U2h+f2Vb1BNu4wMJyOZ6D265eN4tucmvDaHpTlfF3TCRH9jOer4qu1CzjZJze32x7AN+ iGtfrbD2KhR6tVamN55fu6QxhoCwIxW/OmG+6N0LqiRofUJqKqDizVcsh4+AVc7N/VGu 7mnshHAsV/yTYD8vzEYtGgbQeyp79gEOxY5TLv8p/7lIZDUrxwSX4/RmjTI/aaSxOZ2Z Z/fked/LoSFPqmQ//+Y9A617Mf3BeD96sJrSNb/MpJhSe0fzVHt0uasDD7GCALEIcstT NVDg== X-Gm-Message-State: AOAM532eoUys7eLtMWswvrhBWyalNWWgjgyawRS0HixNfBTPtTxlN7Rc kWArQ9jmU/WQI/DYQ3ZFuk7eIw== X-Received: by 2002:a2e:9557:: with SMTP id t23mr6008411ljh.193.1596403396630; Sun, 02 Aug 2020 14:23:16 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id 29sm3995750ljv.72.2020.08.02.14.23.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Aug 2020 14:23:16 -0700 (PDT) Received: by box.localdomain (Postfix, from userid 1000) id 87E15102BA1; Mon, 3 Aug 2020 00:23:22 +0300 (+03) Date: Mon, 3 Aug 2020 00:23:22 +0300 From: "Kirill A. Shutemov" To: Hugh Dickins Cc: Andrew Morton , "Kirill A. Shutemov" , Andrea Arcangeli , Song Liu , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH] khugepaged: collapse_pte_mapped_thp() protect the pmd lock Message-ID: <20200802212322.o6jk3slvjvwxn7ja@box> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Aug 02, 2020 at 12:15:24PM -0700, Hugh Dickins wrote: > When retract_page_tables() removes a page table to make way for a huge > pmd, it holds huge page lock, i_mmap_lock_write, mmap_write_trylock and > pmd lock; but when collapse_pte_mapped_thp() does the same (to handle > the case when the original mmap_write_trylock had failed), only > mmap_write_trylock and pmd lock are held. > > That's not enough. One machine has twice crashed under load, with > "BUG: spinlock bad magic" and GPF on 6b6b6b6b6b6b6b6b. Examining the > second crash, page_vma_mapped_walk_done()'s spin_unlock of pvmw->ptl > (serving page_referenced() on a file THP, that had found a page table > at *pmd) discovers that the page table page and its lock have already > been freed by the time it comes to unlock. > > Follow the example of retract_page_tables(), but we only need one of > huge page lock or i_mmap_lock_write to secure against this: because it's > the narrower lock, and because it simplifies collapse_pte_mapped_thp() > to know the hpage earlier, choose to rely on huge page lock here. > > Fixes: 27e1f8273113 ("khugepaged: enable collapse pmd for pte-mapped THP") > Signed-off-by: Hugh Dickins > Cc: stable@vger.kernel.org # v5.4+ We could avoid the page cache lookup by locking the page on the first valid PTE and recheck page->mapping, but this way is cleaner. Acked-by: Kirill A. Shutemov -- Kirill A. Shutemov