Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp974064pxm;
        Thu, 3 Mar 2022 08:05:48 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxvkbFjd3kWBr+a6h4ucKb0ZUFQ2wkk1IeXR6XOtHe8JFOBt4SrC/wubGKgisuEnAolS1OI
X-Received: by 2002:a17:906:c145:b0:6da:aaaf:770c with SMTP id dp5-20020a170906c14500b006daaaaf770cmr319833ejc.504.1646323546989;
        Thu, 03 Mar 2022 08:05:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1646323546; cv=none;
        d=google.com; s=arc-20160816;
        b=PEfsUkEcophORL/HDtd/WGGbCRgLCpL50pSqezORiqleLxGslyEpbjeqYKpmgwt3Jm
         0JUC5ZPHTsZggWCbKAtvW3sHiJgm+KFvW59E6Vhp1x9YFcQl6TvZGwBuRN76eqK+LgZ/
         kiTwWlCR4eW+eLgrZB0IvYgAq+djJOmRP5iIFzVG/pemzNGa9r2K/kD09kRV/Za8w72a
         E1SM5+IsX7eW4dYswMJE6WukZwZG3DNB6RXfmypS+0+w8x4f63bor3oHUnyoSVcefALH
         nhQ/PwvoT54V+Lz48ocWgs2Ztx0l0wtgAuJVFMQu6nc5Guar5EYFYL42jYENrgPzJclc
         9cQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=xhpDNXXrUENoRW8oouM6cOT2aBxbIx77sOMKklVUAFQ=;
        b=0YxBWA6f2/6eIpmtWdu94B/Rcub7Rf4u65e4YUv0nExWYi4lyU1vk+sgcwFCPmzKe9
         xQdEfEADoIM/7wc9RNMBnFotQxX/15uFbTg8CGRDIRPVjg30ksO+SO0NKLeA4bGkGrqg
         thzlwP0WcSvut0m76LTjhGztlk6o8dK8vs9vo4ot3vPAWmeIh2YrGEB0X9U2VU+4Y+EK
         bgefP8ILVZPUE5Qw7bcBVLiM5mpeiWzfnGRUICtlIPxRQfiIiUQSXigzhi9QUZ0GeZIS
         DmYAm+09ZsfewEgxWY+UttOOhaTlQLo/r4+fcIEPxfjkYB4bjdaDb0x1gRi2U7Au3wuI
         3jgQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=ijiJ7KGr;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id g15-20020a056402424f00b004139bbefb4fsi1881651edb.317.2022.03.03.08.05.13;
        Thu, 03 Mar 2022 08:05:46 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=ijiJ7KGr;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233116AbiCCOYn (ORCPT <rfc822;anthony.2lannoy@gmail.com>
        + 99 others); Thu, 3 Mar 2022 09:24:43 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35690 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229919AbiCCOYm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 Mar 2022 09:24:42 -0500
Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F69517129D
        for <linux-kernel@vger.kernel.org>; Thu,  3 Mar 2022 06:23:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version:
        References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
        Content-Transfer-Encoding:Content-ID:Content-Description;
        bh=xhpDNXXrUENoRW8oouM6cOT2aBxbIx77sOMKklVUAFQ=; b=ijiJ7KGrUpn+dfSISyWBMQjjC4
        kp1GjP6Ap/LG4Z+OB4w3m8TMtAIfVKALFyY8V+/vF3FZneFdBhq9PyE+scYyzITTFqMsLlgKJjjnj
        WaEr1Csw18MQZNaKR7sS8Rg77uMacrBznpECmiF3gBQJo78xcSfZTz35e0pr6ldhpC3WgGoa4wN/9
        QfdVY9cE/H7LcRRRI3HItC1OavLuPWkE3dGo21cdHRGKMB3JlWCu6pfYl3eVekO+hi7ehlw0ERCby
        JdkUIeYt9WLASGGhUTRsTcDYKXp0I1MUoefxM4m9LvtZzM2BT97GPL0sqIId07F0Os22gQaAgwpN+
        pCfqOnYg==;
Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux))
        id 1nPmMz-00BiCQ-0o; Thu, 03 Mar 2022 14:23:53 +0000
Date:   Thu, 3 Mar 2022 14:23:52 +0000
From:   Matthew Wilcox <willy@infradead.org>
To:     Hugh Dickins <hughd@google.com>
Cc:     Andrew Morton <akpm@linux-foundation.org>,
        Vlastimil Babka <vbabka@suse.cz>, linux-kernel@vger.kernel.org,
        linux-mm@kvack.org
Subject: Re: [PATCH mmotm] mm/munlock: mlock_vma_folio() check against
 VM_SPECIAL
Message-ID: <YiDPeJ+7DVWpsuRv@casper.infradead.org>
References: <9b95d366-1719-f8e2-a5a3-429f9e808288@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9b95d366-1719-f8e2-a5a3-429f9e808288@google.com>
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Mar 02, 2022 at 05:35:30PM -0800, Hugh Dickins wrote:
> Although mmap_region() and mlock_fixup() take care that VM_LOCKED
> is never left set on a VM_SPECIAL vma, there is an interval while
> file->f_op->mmap() is using vm_insert_page(s), when VM_LOCKED may
> still be set while VM_SPECIAL bits are added: so mlock_vma_folio()
> should ignore VM_LOCKED while any VM_SPECIAL bits are set.
> 
> This showed up as a "Bad page" still mlocked, when vfree()ing pages
> which had been vm_inserted by remap_vmalloc_range_partial(): while
> release_pages() and __page_cache_release(), and so put_page(), catch
> pages still mlocked when freeing (and clear_page_mlock() caught them
> when unmapping), the vfree() path is unprepared for them: fix it?
> but these pages should not have been mlocked in the first place.
> 
> I assume that an mlockall(MCL_FUTURE) had been done in the past; or
> maybe the user got to specify MAP_LOCKED on a vmalloc'ing driver mmap.
> 
> Signed-off-by: Hugh Dickins <hughd@google.com>
> ---
> Diffed against top of next-20220301 or mmotm 2022-02-28-14-45.
> This patch really belongs as a fix to the mm/munlock series in
> Matthew's tree, so he might like to take it in there (but the patch
> here is the foliated version, so easiest to place it after foliation).

It looks like it fixes "mm/munlock: mlock_pte_range() when mlocking or
munlocking", so I'll fold it into that patch?

>  mm/internal.h | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> --- a/mm/internal.h
> +++ b/mm/internal.h
> @@ -421,8 +421,15 @@ extern int mlock_future_check(struct mm_struct *mm, unsigned long flags,
>  static inline void mlock_vma_folio(struct folio *folio,
>  			struct vm_area_struct *vma, bool compound)
>  {
> -	/* VM_IO check prevents migration from double-counting during mlock */
> -	if (unlikely((vma->vm_flags & (VM_LOCKED|VM_IO)) == VM_LOCKED) &&
> +	/*
> +	 * The VM_SPECIAL check here serves two purposes.
> +	 * 1) VM_IO check prevents migration from double-counting during mlock.
> +	 * 2) Although mmap_region() and mlock_fixup() take care that VM_LOCKED
> +	 *    is never left set on a VM_SPECIAL vma, there is an interval while
> +	 *    file->f_op->mmap() is using vm_insert_page(s), when VM_LOCKED may
> +	 *    still be set while VM_SPECIAL bits are added: so ignore it then.
> +	 */
> +	if (unlikely((vma->vm_flags & (VM_LOCKED|VM_SPECIAL)) == VM_LOCKED) &&
>  	    (compound || !folio_test_large(folio)))
>  		mlock_folio(folio);
>  }