Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp2278097pxb; Mon, 19 Apr 2021 01:34:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzZtExTPNMS7xSwVHA7Ha7h87/hiRqVlET/TY0w/mkebSZKQAOR0PVuPqLeDE9lx/sca4mr X-Received: by 2002:a17:90a:5b0a:: with SMTP id o10mr116891pji.82.1618821293739; Mon, 19 Apr 2021 01:34:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618821293; cv=none; d=google.com; s=arc-20160816; b=xkr+/9FscMyYr9Z8kLRaALhqEkTBStQuvJHbqxwfJ3RmIImMUyBFbQlvUYUOk9AMhc fSG8NiwPKkHaMJ+drx0/papfU63z6DPxm8kXu94s4j+sQgRonxj8djm3VpDvnRS3ueHv gGBNa1ZTwyz+osLHTSCzgT8TTElqG1LkFBHgkR5ca0m1yxRXN0LK3j7DjRVI0sK7o+V2 3SU4jYqlyU4c0cSeMsFiTR//aZigj63utITToH4ooJIg8g8YgxH8vvuvkpjM6Yd+wGqi KIUhoMbhAX2xWaodqB5YNb2iyVszrv4MNLqJniA6HhDwFYwU1JcVpVEHuEiQwwA6NbrN VaaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=xXss9VlPNyF8dItVFAP5AV4mJWCaNlCYJXiHwPkTsNM=; b=Hbk6jSRRfAtLfUGm6M9wGUzt9IrJXZIk++4a/AAI6UDvx0B4tbM/f2yQqXvUjUt0C1 kD498kRpwy0P0PUAQRx1yDJULQlVueFgUbull9u4JFMI17gHxC1qGlJ2AMOAkk0hJGVv iNXT6RUX91N/hQ2ipxSu7fHrjFAYheyiIDk+BIml/5E4x6pFuKPgBubYFS/wllh+KJV/ d2aPVNLlF0gXlUemx9h4UjtcvjiLfPTwP3LBKhcIlzDiLYGB/l+1KcWrjVZ+tGnYH73h 7bvRxim8NvlWbeNJAtm6naN76Zf2KSjsshxBAaAH4uPpiPbzHAkVi3f7rEz0fSiSxjEs 6Zmw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u14si15981248pgm.108.2021.04.19.01.34.41; Mon, 19 Apr 2021 01:34:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234903AbhDSITP (ORCPT + 99 others); Mon, 19 Apr 2021 04:19:15 -0400 Received: from szxga05-in.huawei.com ([45.249.212.191]:16479 "EHLO szxga05-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237909AbhDSITK (ORCPT ); Mon, 19 Apr 2021 04:19:10 -0400 Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.60]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4FP05G0WpszqTdv; Mon, 19 Apr 2021 16:16:18 +0800 (CST) Received: from [10.174.178.5] (10.174.178.5) by DGGEMS412-HUB.china.huawei.com (10.3.19.212) with Microsoft SMTP Server id 14.3.498.0; Mon, 19 Apr 2021 16:18:35 +0800 Subject: Re: [PATCH v2 5/5] mm/shmem: fix shmem_swapin() race with swapoff To: "Huang, Ying" CC: , , , , , , , , , , , , References: <20210417094039.51711-1-linmiaohe@huawei.com> <20210417094039.51711-6-linmiaohe@huawei.com> <87r1j7kok3.fsf@yhuang6-desk1.ccr.corp.intel.com> <87h7k24uxg.fsf@yhuang6-desk1.ccr.corp.intel.com> <41a33c84-f878-8dab-a1d0-4aea3a1fc739@huawei.com> <877dky4t7b.fsf@yhuang6-desk1.ccr.corp.intel.com> From: Miaohe Lin Message-ID: Date: Mon, 19 Apr 2021 16:18:34 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <877dky4t7b.fsf@yhuang6-desk1.ccr.corp.intel.com> Content-Type: text/plain; charset="windows-1252" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.178.5] X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021/4/19 15:41, Huang, Ying wrote: > Miaohe Lin writes: > >> On 2021/4/19 15:04, Huang, Ying wrote: >>> Miaohe Lin writes: >>> >>>> On 2021/4/19 10:15, Huang, Ying wrote: >>>>> Miaohe Lin writes: >>>>> >>>>>> When I was investigating the swap code, I found the below possible race >>>>>> window: >>>>>> >>>>>> CPU 1 CPU 2 >>>>>> ----- ----- >>>>>> shmem_swapin >>>>>> swap_cluster_readahead >>>>>> if (likely(si->flags & (SWP_BLKDEV | SWP_FS_OPS))) { >>>>>> swapoff >>>>>> si->flags &= ~SWP_VALID; >>>>>> .. >>>>>> synchronize_rcu(); >>>>>> .. >>>>> >>>>> You have removed these code in the previous patches of the series. And >>>>> they are not relevant in this patch. >>>> >>>> Yes, I should change these. Thanks. >>>> >>>>> >>>>>> si->swap_file = NULL; >>>>>> struct inode *inode = si->swap_file->f_mapping->host;[oops!] >>>>>> >>>>>> Close this race window by using get/put_swap_device() to guard against >>>>>> concurrent swapoff. >>>>>> >>>>>> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") >>>>> >>>>> No. This isn't the commit that introduces the race condition. Please >>>>> recheck your git blame result. >>>>> >>>> >>>> I think this is really hard to find exact commit. I used git blame and found >>>> this race should be existed when this is introduced. Any suggestion ? >>>> Thanks. >>> >>> I think the commit that introduces the race condition is commit >>> 8fd2e0b505d1 ("mm: swap: check if swap backing device is congested or >>> not") >>> >> >> Thanks. >> The commit log only describes one race condition. And for that one, this should be correct >> Fixes tag. But there are still many other race conditions inside swap_cluster_readahead, >> such as swap_readpage() called from swap_cluster_readahead. This tag could not cover the >> all race windows. > > No. swap_readpage() in swap_cluster_readahead() is OK. Because > __read_swap_cache_async() is called before that, so the swap entry will > be marked with SWAP_HAS_CACHE, and page will be locked. > Oh... I missed this. Many thanks for your remind. > Best Regards, > Huang, Ying > >>> Best Regards, >>> Huang, Ying >>> >>>>> Best Regards, >>>>> Huang, Ying >>>>> >>>>>> Signed-off-by: Miaohe Lin >>>>>> --- >>>>>> mm/shmem.c | 6 ++++++ >>>>>> 1 file changed, 6 insertions(+) >>>>>> >>>>>> diff --git a/mm/shmem.c b/mm/shmem.c >>>>>> index 26c76b13ad23..936ba5595297 100644 >>>>>> --- a/mm/shmem.c >>>>>> +++ b/mm/shmem.c >>>>>> @@ -1492,15 +1492,21 @@ static void shmem_pseudo_vma_destroy(struct vm_area_struct *vma) >>>>>> static struct page *shmem_swapin(swp_entry_t swap, gfp_t gfp, >>>>>> struct shmem_inode_info *info, pgoff_t index) >>>>>> { >>>>>> + struct swap_info_struct *si; >>>>>> struct vm_area_struct pvma; >>>>>> struct page *page; >>>>>> struct vm_fault vmf = { >>>>>> .vma = &pvma, >>>>>> }; >>>>>> >>>>>> + /* Prevent swapoff from happening to us. */ >>>>>> + si = get_swap_device(swap); >>>>>> + if (unlikely(!si)) >>>>>> + return NULL; >>>>>> shmem_pseudo_vma_init(&pvma, info, index); >>>>>> page = swap_cluster_readahead(swap, gfp, &vmf); >>>>>> shmem_pseudo_vma_destroy(&pvma); >>>>>> + put_swap_device(si); >>>>>> >>>>>> return page; >>>>>> } >>>>> . >>>>> >>> . >>> > . >