Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3708559pxv; Mon, 28 Jun 2021 10:49:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJynQz2yZnUOwQ9NHH+v80YQ1DqMOWdUoNmA3UM0nKcykxXYAZIDOE2tbWYLvi6bdBVRBc+U X-Received: by 2002:a05:6602:178c:: with SMTP id y12mr538372iox.10.1624902576522; Mon, 28 Jun 2021 10:49:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624902576; cv=none; d=google.com; s=arc-20160816; b=qRo2JnXoYE3bkBg9BregtGTkNAa3p42Lo2UNX9jBeeIGULx1vNI3Qjm1oWIrrfHjae +gC+WGIuKn+rm/K11Fu8ONfaHgViDKOIQRzHFxdpoCd2DpxyxvUIIy1RLYZFAKPVYVP5 /xVOuKBtGBNBDRTQY4fSGA7zXMHPJZFbvOlmAnfNBYoz5cRUrR6hRIjL4iCWohoz/bu4 o+zuIqmS2O2bZGSlhJlDMNZMAJW3GlMY78Q1gS9nWB6HYOEY+lmjbg0cgQYksvKLgmC/ YE47V3BqHm+Z9fswCSIyuJEytU+nKM4KEbU+JorIlfdKzl01UiWbjrvawahQgixYnm9E pNig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2m1NG/EKsvdpdgGu23p+mX/t3kltwKYQ94OyU2Im2o8=; b=DVjQZolJ3TL/NDAm2XaN4Rb9Guzzqh96JBLTNyELjORToaLFMdHtruMe+buJq0NzXR SNYEQE/oVrc0oDlTNtxTRLBAtdcsqPc5AdNhINktmJxnfqdcPpaXKXOWbNtb4DiOMJlx iEqtN33JdZLQXeUjmhLaEQWZvqpvA+htr82CThxWWgGK7icClOhd5VS0dpks1UyU5+dv DbxA9QGR7s8oagRWOwzoqulLT+77YnqUNUv6solQ+ibWEd1OhgakZM0BpPsaGPYC+utN my4li7ih57WfD1jbIfWWjt1ooprh4Ot1BG7lPA+Jl9kdakjDTxSW2xC/QYNhbFepcT09 BLZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DWvO+2n6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z13si18642790ill.61.2021.06.28.10.49.23; Mon, 28 Jun 2021 10:49:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DWvO+2n6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233382AbhF1O2D (ORCPT + 99 others); Mon, 28 Jun 2021 10:28:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:54376 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232496AbhF1OWd (ORCPT ); Mon, 28 Jun 2021 10:22:33 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id DC84C61C90; Mon, 28 Jun 2021 14:19:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1624889983; bh=98cI8ic/Le61O88efsVZqLPy0ulmnceg2zhtEShWsxk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DWvO+2n6kKNWlQAAb6mZChpHFi2mQ24M7yLuTQLoumbxhYfg7ttf8oBTjAKCLQqBo DLN10QPlFwbFSWtXkrk+dvwDVhg6iNVUn/WtvPMbTSUg3qVEbhfrMwbHnOgjyWQuFH W24Xxpf19MZvzG4CZwVLRg0TWDhrVfYX+Te0vS6HZnb8bZleWqqc9QjcxBS24t0DJP yIOGeGQDX5D2XXakazfOcoRkKMYy+e3B3uNcKoMMOGglgjXoGxi7YwbdHeIRhR7q5z 9AK448IurBpwoArqUq1np/8fFGY3Yl44jMb50VEdfgPYLttjBtpFnhhR5SDolMsy2o tSbegQkmgxQFQ== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Hugh Dickins , "Kirill A . Shutemov" , Yang Shi , Wang Yugui , "Matthew Wilcox (Oracle)" , Naoya Horiguchi , Alistair Popple , Ralph Campbell , Zi Yan , Miaohe Lin , Minchan Kim , Jue Wang , Peter Xu , Jan Kara , Shakeel Butt , Oscar Salvador , Andrew Morton , Linus Torvalds , Greg Kroah-Hartman Subject: [PATCH 5.12 083/110] mm/thp: fix __split_huge_pmd_locked() on shmem migration entry Date: Mon, 28 Jun 2021 10:18:01 -0400 Message-Id: <20210628141828.31757-84-sashal@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210628141828.31757-1-sashal@kernel.org> References: <20210628141828.31757-1-sashal@kernel.org> MIME-Version: 1.0 X-KernelTest-Patch: http://kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.12.14-rc1.gz X-KernelTest-Tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git X-KernelTest-Branch: linux-5.12.y X-KernelTest-Patches: git://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git X-KernelTest-Version: 5.12.14-rc1 X-KernelTest-Deadline: 2021-06-30T14:18+00:00 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hugh Dickins commit 99fa8a48203d62b3743d866fc48ef6abaee682be upstream. Patch series "mm/thp: fix THP splitting unmap BUGs and related", v10. Here is v2 batch of long-standing THP bug fixes that I had not got around to sending before, but prompted now by Wang Yugui's report https://lore.kernel.org/linux-mm/20210412180659.B9E3.409509F4@e16-tech.com/ Wang Yugui has tested a rollup of these fixes applied to 5.10.39, and they have done no harm, but have *not* fixed that issue: something more is needed and I have no idea of what. This patch (of 7): Stressing huge tmpfs page migration racing hole punch often crashed on the VM_BUG_ON(!pmd_present) in pmdp_huge_clear_flush(), with DEBUG_VM=y kernel; or shortly afterwards, on a bad dereference in __split_huge_pmd_locked() when DEBUG_VM=n. They forgot to allow for pmd migration entries in the non-anonymous case. Full disclosure: those particular experiments were on a kernel with more relaxed mmap_lock and i_mmap_rwsem locking, and were not repeated on the vanilla kernel: it is conceivable that stricter locking happens to avoid those cases, or makes them less likely; but __split_huge_pmd_locked() already allowed for pmd migration entries when handling anonymous THPs, so this commit brings the shmem and file THP handling into line. And while there: use old_pmd rather than _pmd, as in the following blocks; and make it clearer to the eye that the !vma_is_anonymous() block is self-contained, making an early return after accounting for unmapping. Link: https://lkml.kernel.org/r/af88612-1473-2eaa-903-8d1a448b26@google.com Link: https://lkml.kernel.org/r/dd221a99-efb3-cd1d-6256-7e646af29314@google.com Fixes: e71769ae5260 ("mm: enable thp migration for shmem thp") Signed-off-by: Hugh Dickins Cc: Kirill A. Shutemov Cc: Yang Shi Cc: Wang Yugui Cc: "Matthew Wilcox (Oracle)" Cc: Naoya Horiguchi Cc: Alistair Popple Cc: Ralph Campbell Cc: Zi Yan Cc: Miaohe Lin Cc: Minchan Kim Cc: Jue Wang Cc: Peter Xu Cc: Jan Kara Cc: Shakeel Butt Cc: Oscar Salvador Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/huge_memory.c | 27 ++++++++++++++++++--------- mm/pgtable-generic.c | 5 ++--- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index ae907a9c2050..cd37a0829881 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2046,7 +2046,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, count_vm_event(THP_SPLIT_PMD); if (!vma_is_anonymous(vma)) { - _pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd); + old_pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd); /* * We are going to unmap this huge page. So * just go ahead and zap it @@ -2055,16 +2055,25 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, zap_deposited_table(mm, pmd); if (vma_is_special_huge(vma)) return; - page = pmd_page(_pmd); - if (!PageDirty(page) && pmd_dirty(_pmd)) - set_page_dirty(page); - if (!PageReferenced(page) && pmd_young(_pmd)) - SetPageReferenced(page); - page_remove_rmap(page, true); - put_page(page); + if (unlikely(is_pmd_migration_entry(old_pmd))) { + swp_entry_t entry; + + entry = pmd_to_swp_entry(old_pmd); + page = migration_entry_to_page(entry); + } else { + page = pmd_page(old_pmd); + if (!PageDirty(page) && pmd_dirty(old_pmd)) + set_page_dirty(page); + if (!PageReferenced(page) && pmd_young(old_pmd)) + SetPageReferenced(page); + page_remove_rmap(page, true); + put_page(page); + } add_mm_counter(mm, mm_counter_file(page), -HPAGE_PMD_NR); return; - } else if (pmd_trans_huge(*pmd) && is_huge_zero_pmd(*pmd)) { + } + + if (pmd_trans_huge(*pmd) && is_huge_zero_pmd(*pmd)) { /* * FIXME: Do we want to invalidate secondary mmu by calling * mmu_notifier_invalidate_range() see comments below inside diff --git a/mm/pgtable-generic.c b/mm/pgtable-generic.c index c2210e1cdb51..4e640baf9794 100644 --- a/mm/pgtable-generic.c +++ b/mm/pgtable-generic.c @@ -135,9 +135,8 @@ pmd_t pmdp_huge_clear_flush(struct vm_area_struct *vma, unsigned long address, { pmd_t pmd; VM_BUG_ON(address & ~HPAGE_PMD_MASK); - VM_BUG_ON(!pmd_present(*pmdp)); - /* Below assumes pmd_present() is true */ - VM_BUG_ON(!pmd_trans_huge(*pmdp) && !pmd_devmap(*pmdp)); + VM_BUG_ON(pmd_present(*pmdp) && !pmd_trans_huge(*pmdp) && + !pmd_devmap(*pmdp)); pmd = pmdp_huge_get_and_clear(vma->vm_mm, address, pmdp); flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE); return pmd; -- 2.30.2