Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3128045rwb; Mon, 3 Oct 2022 10:03:29 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7ilWump92465Rxb3nnKUWjzKvCGlKLEin08NozNrSeMTZLwcvOg1IKYvjcYaRK5qWu7DOR X-Received: by 2002:a17:90b:1a89:b0:20a:a3d8:b05a with SMTP id ng9-20020a17090b1a8900b0020aa3d8b05amr5787486pjb.224.1664816608799; Mon, 03 Oct 2022 10:03:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664816608; cv=none; d=google.com; s=arc-20160816; b=JgJNU/jTSpn0kSlMFa9qCKbdG2f4vNv99lUIHR7P127amPqXy7+ug/WEybl51QsNNc Ap+XQVxy4d4CmF2RX0CSQkD/YAAMJ4JWKlre236klktgEdxRjxRJcV8HI0yZx8WXhapZ PYzCN2oCv3Gzfq2i65pcpk+/ahVwouTKO9UjiX2Eeed0Kf/p4yD2etyUQ8wyhuhc40CW vc1fwmdMo5WsOtCGZ5idSUI5eAqtHnMluHkBp7aDv56XTdFHFBdb6GlyQgRPsoDDGniq 0Ode/+M4KJsdH03SIaFQDNjvmHKyIvZ28N+j/JU2PzYVIbWbhn4nQM8tzNA6gDGqfgc2 6WpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=64kmJcmlBNcd7ZVRV9QGbQ+ehy4GBcry+YjVTQEY9ZY=; b=yR5y27cGmIrAKimYwqLWpzCHk7FOB9CWw6YIaF2fj7EKNTmYzXc0KsApmkvXbGUNX1 ES8laBeFp9lYN+S7W4aw8IijwAygiyfgmO8ag1O8TJkTceqqQr8lM2Al1Om1oKN+Okys IYWK1VYcPidgbVAQuPXCHMGCKQQctj18AuyBLxUnvLSy7aysPywjWfvhV2nYnpFPCBE7 17r+YZfs4Ay5mUeRKbSAmihEmz/FOgLpuYLpEIuIuWic1hh9rMsVc0DVTjzJj63kNPiO c9xNWPlQucnEbdQjyrHpdFXiozNnwFYUazUJk8mJqHCpG07eVYkVScWyTZ0AD/vtMuXM vlJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=rv8+76aX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w22-20020a634756000000b0043f06af7736si11707239pgk.306.2022.10.03.10.03.14; Mon, 03 Oct 2022 10:03:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=rv8+76aX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229530AbiJCRBb (ORCPT + 99 others); Mon, 3 Oct 2022 13:01:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229517AbiJCRA5 (ORCPT ); Mon, 3 Oct 2022 13:00:57 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C027232; Mon, 3 Oct 2022 10:00:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=64kmJcmlBNcd7ZVRV9QGbQ+ehy4GBcry+YjVTQEY9ZY=; b=rv8+76aX7O4tLP53vdvVbSgLsh Ps1cX0t9eK2DvO6xyMeO6QUPo3HVV0n1wVOWpJon/jezexdruEWrCEkTScFzJTqT6uvxo2apBU7dP 4DSkdQ69bxyqOZSM2CSXnl6CbtKLIe0RnVr5eWy2E4qbJNW7J2p9NOzdf0YTvZaUzMeVoE5PMrAyo Szs8qpwYp5Rk15Xu10RiQJyp6utdfD26w55CoyFejNvE2i+8LSNv0qLuSxRVsmRDOYhgiAkcZxaGm dWCHMkYop+s4O3DKxueYveZFwZUbfl0qqmuI5HAEjHQjcqZjdGOHTCCSuHan2jN+cztvSs66tDGRB xr0ZMb0Q==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1ofOnz-00GXjv-86; Mon, 03 Oct 2022 17:00:35 +0000 Date: Mon, 3 Oct 2022 18:00:35 +0100 From: Matthew Wilcox To: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Hugh Dickins , Vlastimil Babka , David Laight , Joel Fernandes , Andrew Morton , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rcu@vger.kernel.org Subject: Re: amusing SLUB compaction bug when CC_OPTIMIZE_FOR_SIZE Message-ID: References: <35502bdd-1a78-dea1-6ac3-6ff1bcc073fa@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Oct 02, 2022 at 02:48:02PM +0900, Hyeonggon Yoo wrote: > Just one more thing, rcu_leak_callback too. RCU seem to use it > internally to catch double call_rcu(). > > And some suggestions: > - what about adding runtime WARN() on slab init code to catch > unexpected arch/toolchain issues? > - instead of 4, we may use macro definition? like (PAGE_MAPPING_FLAGS + 1)? I think the real problem here is that isolate_movable_page() is insufficiently paranoid. Looking at the gyrations that GUP and the page cache do to convince themselves that the page they got really is the page they wanted, there are a few missing pieces (eg checking that you actually got a refcount on _this_ page and not some random other page you were temporarily part of a compound page with). This patch does three things: - Turns one of the comments into English. There are some others which I'm still scratching my head over. - Uses a folio to help distinguish which operations are being done to the head vs the specific page (this is somewhat an abuse of the folio concept, but it's acceptable) - Add the aforementioned check that we're actually operating on the page that we think we want to be. - Add a check that the folio isn't secretly a slab. We could put the slab check in PageMapping and call it after taking the folio lock, but that seems pointless. It's the acquisition of the refcount which stabilises the slab flag, not holding the lock. diff --git a/mm/migrate.c b/mm/migrate.c index 6a1597c92261..a65598308c83 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -59,6 +59,7 @@ int isolate_movable_page(struct page *page, isolate_mode_t mode) { + struct folio *folio = page_folio(page); const struct movable_operations *mops; /* @@ -70,16 +71,23 @@ int isolate_movable_page(struct page *page, isolate_mode_t mode) * the put_page() at the end of this block will take care of * release this page, thus avoiding a nasty leakage. */ - if (unlikely(!get_page_unless_zero(page))) + if (unlikely(!folio_try_get(folio))) goto out; + /* Recheck the page is still part of the folio we just got */ + if (unlikely(page_folio(page) != folio)) + goto out_put; + /* - * Check PageMovable before holding a PG_lock because page's owner - * assumes anybody doesn't touch PG_lock of newly allocated page - * so unconditionally grabbing the lock ruins page's owner side. + * Check movable flag before taking the folio lock because + * we use non-atomic bitops on newly allocated page flags so + * unconditionally grabbing the lock ruins page's owner side. */ - if (unlikely(!__PageMovable(page))) - goto out_putpage; + if (unlikely(!__folio_test_movable(folio))) + goto out_put; + if (unlikely(folio_test_slab(folio))) + goto out_put; + /* * As movable pages are not isolated from LRU lists, concurrent * compaction threads can race against page migration functions @@ -91,8 +99,8 @@ int isolate_movable_page(struct page *page, isolate_mode_t mode) * lets be sure we have the page lock * before proceeding with the movable page isolation steps. */ - if (unlikely(!trylock_page(page))) - goto out_putpage; + if (unlikely(!folio_trylock(folio))) + goto out_put; if (!PageMovable(page) || PageIsolated(page)) goto out_no_isolated; @@ -106,14 +114,14 @@ int isolate_movable_page(struct page *page, isolate_mode_t mode) /* Driver shouldn't use PG_isolated bit of page->flags */ WARN_ON_ONCE(PageIsolated(page)); SetPageIsolated(page); - unlock_page(page); + folio_unlock(folio); return 0; out_no_isolated: - unlock_page(page); -out_putpage: - put_page(page); + folio_unlock(folio); +out_put: + folio_put(folio); out: return -EBUSY; }