Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3645616pxj; Tue, 15 Jun 2021 05:42:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxHQftEGByWixqO8d3WomCvXrFyViEZOZmDOHCsEgZ5fCRGRj3iBqvayHd9Fy3n7HedROZt X-Received: by 2002:a50:fd81:: with SMTP id o1mr22805525edt.382.1623760957758; Tue, 15 Jun 2021 05:42:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623760957; cv=none; d=google.com; s=arc-20160816; b=0EL3Wxh5UdANfMesz966mOwIUymQYsyhMDNWKpzDsnVLujnuv04UzmCTsoGjaZBUwl DA24g6VuBT7AY7CnXXDZ1E2JjPIBtOrCeXEo8LcTzr652CTUqWMZ/wvbd1bCG0NybsDG 2Z9qF5k2UVuaGzTTwVuoIUEBwaj+Db+xAPWOKtyqIRwnp6/j90rGoq5Dnx17G4+UATGr iTNtaYPrVWyfozc5kAxGsHAbusev9cSEZNAKFwntdHZ41OYu/UT7D8IBueEseytPfGR5 qL+4G118icBhTsUAXuAPZLV8R9CKxJVTyT0SAowozk9AEaWTQYZ52kxs4S4t+eolCte/ /Rdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=xxwRxDnh0VFVSsnf3fNZemBZlcC0v4L/I7gFw2Rsxr0=; b=vQ5PpSCuFCpgq9Zo80YxXB7pwEuZiWdbKRld97t/DsYD4YtujFfNstLdcqznPLYODR NUCyNqUQd4sLI30L7tJNaC+Xw8sNsZhSF/67zB+T+Se4wP6HrACpynasntS2CNEAct5S f8y2Wq7gpJr290eQh/orJXKVjRnDTb/F8wlHwJR6rgtDyvPIt88Pwa7RdXG+8+H8NC9E Z7Zc2swK3bE6RNaxqWkrSl605AzTk5WkAemnhNtYZGVu6FGLu+pTGzuVohmc4I1xyUC0 6hG6kouYbCx1F3QiLg82CU+rt1zVUj4p/CcCgy9kc9T8XzlmvSueKAoLx8q6i/BJtfv8 fYDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=qQpMlxK0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gh25si13953602ejb.170.2021.06.15.05.42.13; Tue, 15 Jun 2021 05:42:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=qQpMlxK0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230060AbhFOMm5 (ORCPT + 99 others); Tue, 15 Jun 2021 08:42:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229951AbhFOMm5 (ORCPT ); Tue, 15 Jun 2021 08:42:57 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC7AAC061574 for ; Tue, 15 Jun 2021 05:40:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=xxwRxDnh0VFVSsnf3fNZemBZlcC0v4L/I7gFw2Rsxr0=; b=qQpMlxK0xqbmG70o+ix3Upt+LC EHUJjQSjaPIiCOLPWNUqdZS+rtwxovhVzx7paeOOsEQdTI5dGoP9e2ygWsBC05Pf9QQhYRoj3uIE+ nUkpQYqLikGOMhnf6NvhhJYXl0DzCVcC6492Vg6L5bCVmrweD9zKRzUxQpuctsDSf4Qj3/9VTU42/ mAFpDRxIm3Yzxrugdu0fqowsCbhU8HsTmAgi66hQAcQi11B1p9/WRUiJwH0FtN1TpLRPpSfUCinuA qEIb5nYGxBqxI1SGzzW2kzHRDFTTp0bhnBzx7B3FudymDsHOHaq/yPMA+WxV7E7asgLYh87WJCPKS R8dgPQ4w==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1lt8Mm-006lyA-PL; Tue, 15 Jun 2021 12:40:32 +0000 Date: Tue, 15 Jun 2021 13:40:28 +0100 From: Matthew Wilcox To: Jann Horn Cc: Linux-MM , kernel list , Youquan Song , Andrea Arcangeli , Jan Kara , Mike Kravetz , John Hubbard , "Kirill A. Shutemov" Subject: Re: page refcount race between prep_compound_gigantic_page() and __page_cache_add_speculative()? Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 15, 2021 at 01:03:53PM +0200, Jann Horn wrote: > The messier path, as the original commit describes, is "gigantic" page > allocation. In that case, we'll go through the following path (if we > ignore CMA): > > alloc_fresh_huge_page(): > alloc_gigantic_page() > alloc_contig_pages() > __alloc_contig_pages() > alloc_contig_range() > isolate_freepages_range() > split_map_pages() > post_alloc_hook() [FOR EVERY PAGE] > set_page_refcounted() > set_page_count(page, 1) > prep_compound_gigantic_page() > set_page_count(p, 0) [FOR EVERY TAIL PAGE] > > so all the tail pages are initially allocated with refcount 1 by the > page allocator, and then we overwrite those refcounts with zeroes. > > > Luckily, the only non-__init codepath that can get here is > __nr_hugepages_store_common(), which is only invoked from privileged > writes to sysfs/sysctls. Argh. What if we passed __GFP_COMP into alloc_contig_pages()? The current callers of alloc_contig_range() do not pass __GFP_COMP, so it's no behaviour change for them, and __GFP_COMP implies this kind of behaviour. I think that would imply _not_ calling split_map_pages(), which implies not calling post_alloc_hook(), which means we probably need to do a lot of the parts of post_alloc_hook() in alloc_gigantic_page(). Yuck.