Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp3882299pxb; Mon, 27 Sep 2021 04:56:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxh31nOLDKYrVqbh+tXF954QCUE9jgni91Tx9hjwt6zcLp8tzme05cajuQwj4FuUgzRqJMW X-Received: by 2002:a17:902:ab93:b0:13d:e3b5:7ec2 with SMTP id f19-20020a170902ab9300b0013de3b57ec2mr17827567plr.26.1632743788439; Mon, 27 Sep 2021 04:56:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632743788; cv=none; d=google.com; s=arc-20160816; b=y/zcCyHweduyrMUHL6jFc+gGNk2buSAKvoTf2D8UHz/r1juBiE6Gf4DkNa9nY1Lxam 0jk1vR/AU30BtMeQvnotcE5by6smoIHRsDNZk+8WbRuTPp2E9GVdxPm6bxJo/jaqhmPU Kq09s425KWDTLCgQTu03k6Rxjge52e3Oj0qRara74EUMQ2H5QgXx0ptJWkF+QRojKyC2 Bq8meN8rg+fKrB+qy6R9U0uAGT3MV0Wo4ZPltIbzS5md2NZQzy9sjA/g2SFcgZYaQd2d +jbl3/T7sUG6eITYA+z72At1yHRMw1rpcy6oE+WvBRo7hWuWKl3uUVksibGzhtlUrFP5 u2Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=DS5KVI0MI3urzxy+Dr1c8uCppaGchpddwzrmXVrMjZw=; b=UlI86R17sKXyqgZ04VJ5yj2f+idGS9ks2fj3E4sPLpVyQuAdyYKRi2j+VF99SnHX3E i6Hixo/eMBXPvt9kjeDCu++dDe8hDVCifD7J2d6jEt0lFRd0l8plvebyJepss0qwF6SC JrGBPuPsYcmzX2iO5pHGomo0DWqVD7lGorLArymjWWWWn4xb2vS8Zp67A6Zh7A8VJBwD ro0YMBl49dRu0U+rhZxE4s6x3cyxYw+xH3adiHp8i3zyXc8wGuDi01/JAkjw75OkJK3I jnStGKJp5r2b30wOchwALbb/vlg/dUMywXU+nOGjcetapUMZKdEiWN5OcSd7XqFdEwgk XG7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov-name.20210112.gappssmtp.com header.s=20210112 header.b=cQvdOnUk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u3si19017609plh.445.2021.09.27.04.56.16; Mon, 27 Sep 2021 04:56:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov-name.20210112.gappssmtp.com header.s=20210112 header.b=cQvdOnUk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234108AbhI0L4s (ORCPT + 99 others); Mon, 27 Sep 2021 07:56:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234051AbhI0L4s (ORCPT ); Mon, 27 Sep 2021 07:56:48 -0400 Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 210D7C061575 for ; Mon, 27 Sep 2021 04:55:10 -0700 (PDT) Received: by mail-lf1-x12c.google.com with SMTP id i4so76290996lfv.4 for ; Mon, 27 Sep 2021 04:55:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20210112.gappssmtp.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=DS5KVI0MI3urzxy+Dr1c8uCppaGchpddwzrmXVrMjZw=; b=cQvdOnUkyhSPNzgh4Wudd6h8B02zdpU4K7tSFEUUhp0dws6UouuWJi+cxD0kvJFMoZ NwMiIC/K24a4LRk6LE2ewO8tO1YgqceTgui7RHon2GlaZ5bk6v4bL+wBVX6EpJoQkPaV WYyhwxWv6r40e6cMQyPT8+qPaCfj//7a8RGg8O905rCqUvL/ufW+fx1w8BDNuxA7uSe9 FRF8+xgRNxR25AFQpGRRobbWp+VWribppnUjhJQ5mvbL1arcTkfJ74mcT9qmxhEPnOvW F/+w0VEXbr3dOVwplmKTzVnFkgQbKd8o5P9vj9dH6lj10g6Vxri4I7yg90cGTxMEXZiI 7kKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=DS5KVI0MI3urzxy+Dr1c8uCppaGchpddwzrmXVrMjZw=; b=D7e3+oaqzudw+bxyzhd2CD/YniH3CVWih2pXLT0E3mJBQamCcBBzrT3sRh6QQ0G+qi OqISM2/PsSoRzW6hafQQmaYjrJrm7ZA6FfUnrOtdsg3Yz3ZWORGczMciBQmuI8UVwdzH FXTNTlFAcKrjB3KhldyZ2yn8vkK7EBD66w6/juFThDJ1ZRw2pfsErqzTpkrKT/KSvrEt GhnFSi31ln9gKcSrPNewFte0WmDm0nK2bKsYTAjA3NkZJuGlo2Y4HBjmfksDVjnt6p09 mBMbuxfDCC0v11MjmF5gEnn4Yg05v8ZW45Nf0ipsBawSRQapIT/ku7EnIUicaO9j1LpY a4nA== X-Gm-Message-State: AOAM533V9AxMtkm6yax9BfnGbRqCgyy55he+b0XTlMX+o8tQnJTMKu8x /TCscVpYXzwOFbovyFFYcn8dDA== X-Received: by 2002:a05:6512:b0f:: with SMTP id w15mr23568038lfu.164.1632743708091; Mon, 27 Sep 2021 04:55:08 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id v26sm1954224lja.22.2021.09.27.04.55.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Sep 2021 04:55:07 -0700 (PDT) Received: by box.localdomain (Postfix, from userid 1000) id 1AD8F102FD9; Mon, 27 Sep 2021 14:55:07 +0300 (+03) Date: Mon, 27 Sep 2021 14:55:07 +0300 From: "Kirill A. Shutemov" To: Nadav Amit Cc: Andrew Morton , Linux-MM , Linux Kernel Mailing List , Peter Xu , Andrea Arcangeli , Minchan Kim , Colin Cross , Suren Baghdasarya , Mike Rapoport Subject: Re: [RFC PATCH 1/8] mm/madvise: propagate vma->vm_end changes Message-ID: <20210927115507.6xfpugeg3swookbh@box> References: <20210926161259.238054-1-namit@vmware.com> <20210926161259.238054-2-namit@vmware.com> <20210927090852.sc5u65ufwvfx57rl@box.shutemov.name> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 27, 2021 at 03:11:20AM -0700, Nadav Amit wrote: > > > On Sep 27, 2021, at 2:08 AM, Kirill A. Shutemov wrote: > > > > On Sun, Sep 26, 2021 at 09:12:52AM -0700, Nadav Amit wrote: > >> From: Nadav Amit > >> > >> The comment in madvise_dontneed_free() says that vma splits that occur > >> while the mmap-lock is dropped, during userfaultfd_remove(), should be > >> handled correctly, but nothing in the code indicates that it is so: prev > >> is invalidated, and do_madvise() will therefore continue to update VMAs > >> from the "obsolete" end (i.e., the one before the split). > >> > >> Propagate the changes to end from madvise_dontneed_free() back to > >> do_madvise() and continue the updates from the new end accordingly. > > > > Could you describe in details a race that would lead to wrong behaviour? > > Thanks for the quick response. > > For instance, madvise(MADV_DONTNEED) can race with mprotect() and cause > the VMA to split. > > Something like: > > CPU0 CPU1 > ---- ---- > madvise(0x10000, 0x2000, MADV_DONTNEED) > -> userfaultfd_remove() > [ mmap-lock dropped ] > mprotect(0x11000, 0x1000, PROT_READ) > [splitting the VMA] > > read(uffd) > [unblocking userfaultfd_remove()] > > [ resuming ] > end = vma->vm_end > [end == 0x11000] > > madvise_dontneed_single_vma(vma, 0x10000, 0x11000) > > Following this operation, 0x11000-0x12000 would not be zapped. Okay, fair enough. Wouldn't something like this work too: diff --git a/mm/madvise.c b/mm/madvise.c index 0734db8d53a7..0898120c5c04 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -796,6 +796,7 @@ static long madvise_dontneed_free(struct vm_area_struct *vma, */ return -ENOMEM; } + *prev = vma; if (!can_madv_lru_vma(vma)) return -EINVAL; if (end > vma->vm_end) { -- Kirill A. Shutemov