Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp2269748pxb;
        Mon, 19 Apr 2021 01:18:07 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy13Yz0NURN+QjKKrJ/BFzA7+sv3esV8JsUNp3Qb07+R0kIGEQFPUtNenTBjHo8MjoAdl5q
X-Received: by 2002:a17:90b:4c87:: with SMTP id my7mr23605888pjb.162.1618820287663;
        Mon, 19 Apr 2021 01:18:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1618820287; cv=none;
        d=google.com; s=arc-20160816;
        b=DHpd+aRjLtb6JEa7PnHM7CGQiju9lzZpGfXr2kCkvFtm67kQ5Zbadp+qmK7QCkcG4X
         /UePZt1NjG5shLVxlfpT6fDrD5rLry2D3wd0ZZgPYd+5NtDjP4+y6eV7nOwclm5vX0QL
         9Kus2kGDSHV9yzpKlEKKLKi6bvgZJRxt6PGBTUbvihNtZ+5+hbqm1X7teb2KtlQ8X6rh
         J7EmcZ7k+Sjj9ySVGVyuJUoYgKxMKUuqkVqj2J0jQI1iEWNLrv6cRYn1EZGZdQGn2wF1
         +U3eGL7uBS7HkLCs8c8BIK/Bdvsml11I05xiqEkPtQkf1ZSr47MXahnpp5icB34BBjsi
         wO1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=nNe9CK/zw84/hnc8EEQqHKxtp/HxqS96cYJfMokFgtk=;
        b=kpqRi2zuosPELTprszV9KQ3UbVBZUsneTOP5PuxlKHjgMjOm6eYRb2FZ5kZPbcSfb5
         fc1kudRcH3DRpSKtHBPiBaju1k8DQ4fjzX3IqDMA4kqWl5JHokodpzha0qWTWPF0p6cM
         OnwQY4fkhhbnz9Hfh9YQ+5CtDDbF79N1LDwFKMhzPtwM0dSyxgpW2wIt3g5kcNo56zwt
         6iqYz98cfYKwRFZIrmdI50lyKyBihKlHpNzESpBUxrFGX5dTNR2sTI9ppDoucxgp/phq
         mz+R9+qk2W8gvbBYGKIevhm+ATDLKd57lNPVrZJ/y48cbnX7qD7/Q0AI/9s9CEtKf+H8
         oo6g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id j12si16834025pll.142.2021.04.19.01.17.55;
        Mon, 19 Apr 2021 01:18:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233422AbhDSHOq (ORCPT <rfc822;lists.md@gmail.com> + 99 others);
        Mon, 19 Apr 2021 03:14:46 -0400
Received: from szxga06-in.huawei.com ([45.249.212.32]:17374 "EHLO
        szxga06-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231490AbhDSHOo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 19 Apr 2021 03:14:44 -0400
Received: from DGGEMS406-HUB.china.huawei.com (unknown [172.30.72.59])
        by szxga06-in.huawei.com (SkyGuard) with ESMTP id 4FNygP4Gk3zlYyH;
        Mon, 19 Apr 2021 15:12:17 +0800 (CST)
Received: from [10.174.178.5] (10.174.178.5) by DGGEMS406-HUB.china.huawei.com
 (10.3.19.206) with Microsoft SMTP Server id 14.3.498.0; Mon, 19 Apr 2021
 15:14:10 +0800
Subject: Re: [PATCH v2 5/5] mm/shmem: fix shmem_swapin() race with swapoff
To:     "Huang, Ying" <ying.huang@intel.com>
CC:     <akpm@linux-foundation.org>, <dennis@kernel.org>,
        <tim.c.chen@linux.intel.com>, <hughd@google.com>,
        <hannes@cmpxchg.org>, <mhocko@suse.com>, <iamjoonsoo.kim@lge.com>,
        <alexs@kernel.org>, <david@redhat.com>, <minchan@kernel.org>,
        <richard.weiyang@gmail.com>, <linux-kernel@vger.kernel.org>,
        <linux-mm@kvack.org>
References: <20210417094039.51711-1-linmiaohe@huawei.com>
 <20210417094039.51711-6-linmiaohe@huawei.com>
 <87r1j7kok3.fsf@yhuang6-desk1.ccr.corp.intel.com>
 <ed215f73-93c1-d47b-e440-30701a7fca46@huawei.com>
 <87h7k24uxg.fsf@yhuang6-desk1.ccr.corp.intel.com>
From:   Miaohe Lin <linmiaohe@huawei.com>
Message-ID: <41a33c84-f878-8dab-a1d0-4aea3a1fc739@huawei.com>
Date:   Mon, 19 Apr 2021 15:14:10 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <87h7k24uxg.fsf@yhuang6-desk1.ccr.corp.intel.com>
Content-Type: text/plain; charset="windows-1252"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.174.178.5]
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2021/4/19 15:04, Huang, Ying wrote:
> Miaohe Lin <linmiaohe@huawei.com> writes:
> 
>> On 2021/4/19 10:15, Huang, Ying wrote:
>>> Miaohe Lin <linmiaohe@huawei.com> writes:
>>>
>>>> When I was investigating the swap code, I found the below possible race
>>>> window:
>>>>
>>>> CPU 1                                           CPU 2
>>>> -----                                           -----
>>>> shmem_swapin
>>>>   swap_cluster_readahead
>>>>     if (likely(si->flags & (SWP_BLKDEV | SWP_FS_OPS))) {
>>>>                                                 swapoff
>>>>                                                   si->flags &= ~SWP_VALID;
>>>>                                                   ..
>>>>                                                   synchronize_rcu();
>>>>                                                   ..
>>>
>>> You have removed these code in the previous patches of the series.  And
>>> they are not relevant in this patch.
>>
>> Yes, I should change these. Thanks.
>>
>>>
>>>>                                                   si->swap_file = NULL;
>>>>     struct inode *inode = si->swap_file->f_mapping->host;[oops!]
>>>>
>>>> Close this race window by using get/put_swap_device() to guard against
>>>> concurrent swapoff.
>>>>
>>>> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
>>>
>>> No.  This isn't the commit that introduces the race condition.  Please
>>> recheck your git blame result.
>>>
>>
>> I think this is really hard to find exact commit. I used git blame and found
>> this race should be existed when this is introduced. Any suggestion ?
>> Thanks.
> 
> I think the commit that introduces the race condition is commit
> 8fd2e0b505d1 ("mm: swap: check if swap backing device is congested or
> not")
> 

Thanks.
The commit log only describes one race condition. And for that one, this should be correct
Fixes tag. But there are still many other race conditions inside swap_cluster_readahead,
such as swap_readpage() called from swap_cluster_readahead. This tag could not cover the
all race windows.

> Best Regards,
> Huang, Ying
> 
>>> Best Regards,
>>> Huang, Ying
>>>
>>>> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
>>>> ---
>>>>  mm/shmem.c | 6 ++++++
>>>>  1 file changed, 6 insertions(+)
>>>>
>>>> diff --git a/mm/shmem.c b/mm/shmem.c
>>>> index 26c76b13ad23..936ba5595297 100644
>>>> --- a/mm/shmem.c
>>>> +++ b/mm/shmem.c
>>>> @@ -1492,15 +1492,21 @@ static void shmem_pseudo_vma_destroy(struct vm_area_struct *vma)
>>>>  static struct page *shmem_swapin(swp_entry_t swap, gfp_t gfp,
>>>>  			struct shmem_inode_info *info, pgoff_t index)
>>>>  {
>>>> +	struct swap_info_struct *si;
>>>>  	struct vm_area_struct pvma;
>>>>  	struct page *page;
>>>>  	struct vm_fault vmf = {
>>>>  		.vma = &pvma,
>>>>  	};
>>>>  
>>>> +	/* Prevent swapoff from happening to us. */
>>>> +	si = get_swap_device(swap);
>>>> +	if (unlikely(!si))
>>>> +		return NULL;
>>>>  	shmem_pseudo_vma_init(&pvma, info, index);
>>>>  	page = swap_cluster_readahead(swap, gfp, &vmf);
>>>>  	shmem_pseudo_vma_destroy(&pvma);
>>>> +	put_swap_device(si);
>>>>  
>>>>  	return page;
>>>>  }
>>> .
>>>
> .
>