Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp5957383rdb; Mon, 1 Jan 2024 03:33:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IHrB3cP47Wa4stltSwOE+Pkmxi7u5gBRpef3/rOMiEt0cLRBPj5avROUlAA0BlsRyp80xsA X-Received: by 2002:a05:6871:29d:b0:204:1ed0:83ef with SMTP id i29-20020a056871029d00b002041ed083efmr18978235oae.36.1704108839391; Mon, 01 Jan 2024 03:33:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704108839; cv=none; d=google.com; s=arc-20160816; b=Eckbj4kUGJS1YbF4azItlQ3jYX14nJzdQfwqZKbFU+ZG4yXpDaZqzsDb6sghH9Dhqj 9rVluPvHinXNTdShc4cVuwU9jT9WTfN1HYebuaWxLINjgD7bEUBcwxaMLr4UgiUgFCO4 S0WzX96cXNqA1WyugDTZ7+Q5OvqxCKFPT/xRT/I+DW4XkAOWaqkqhXXTsJuxdm/bzAjM GXcTgiZEAbKMCDQf2/xEOJv32bydA5axCnGCJfq03b8UyU/Og3DDBRZZGEaryc4Ukar6 JoyxqgjG+K+GKHj/YZzgE0VaX2gsldzanjmXQAR/5kKAr/32bJhxLd49EzTnFNDV6gIT PX2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=wPEIQpuK12G16pnEFqEJ6FrRWV23vQHDAdkeuTBDezw=; fh=9E48kTFwclmSO8TcqRIv6Wby2EsVvfwXPxpyACCtUVg=; b=ybIOsFQmYh1bGP2ZyM/Oh5j8KlhH4w1Pp/mU7x6RzSqJxK9izHr3LXPBZgFk4tKKHn 0PJYacEVC9ouOCg2lmhcUC8jMnN4RujEtCepvlsl0FWbMAwBL3cdPw10eSjWL8xnIWMf gHQOLIBFJHBc4CUNLnfNQ0sgfIm44ii+PLqs1YXc23WwNB/PSDY8Uz4vH2BUV3M2fV/z Bh1lIVk2cdd2p7DyosJlJpMM8AlaJeDh7zsMFNeid474qQ8wQBi+zWVp/FhRw/iXE0ug upP6+LBWRVd074wBFg6cAd6PkOEL2xLJA3lcmm/tcgCu8pT1wW9MQcR0+VCESEOYvoS3 jOYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-13857-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13857-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id q8-20020a63f948000000b005ce26be61c1si4716824pgk.346.2024.01.01.03.33.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jan 2024 03:33:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-13857-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-13857-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13857-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 4FE24B21BEC for ; Mon, 1 Jan 2024 11:33:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4B2623D60; Mon, 1 Jan 2024 11:33:45 +0000 (UTC) X-Original-To: linux-kernel@vger.kernel.org Received: from mail115-69.sinamail.sina.com.cn (mail115-69.sinamail.sina.com.cn [218.30.115.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3AF2D20E8 for ; Mon, 1 Jan 2024 11:33:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([113.118.68.122]) by sina.com (10.75.12.45) with ESMTP id 6592A30500007E54; Mon, 1 Jan 2024 19:33:31 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com Authentication-Results: sina.com; spf=none smtp.mailfrom=hdanton@sina.com; dkim=none header.i=none; dmarc=none action=none header.from=hdanton@sina.com X-SMAIL-MID: 3265331457689 X-SMAIL-UIID: 05E51E30F69B439BA57A35AEF53799B8-20240101-193331-1 From: Hillf Danton To: Matthew Wilcox Cc: Genes Lists , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: Re: 6.6.8 stable: crash in folio_mark_dirty Date: Mon, 1 Jan 2024 19:33:16 +0800 Message-Id: <20240101113316.2595-1-hdanton@sina.com> In-Reply-To: References: <8bb29431064fc1f70a42edef75a8788dd4a0eecc.camel@sapience.com> <20231231012846.2355-1-hdanton@sina.com> <20240101015504.2446-1-hdanton@sina.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Mon, 1 Jan 2024 09:07:52 +0000 Matthew Wilcox > On Mon, Jan 01, 2024 at 09:55:04AM +0800, Hillf Danton wrote: > > On Sun, 31 Dec 2023 13:07:03 +0000 Matthew Wilcox > > > I don't think this can happen. Look at the call trace; > > > block_dirty_folio() is called from unmap_page_range(). That means the > > > page is in the page tables. We unmap the pages in a folio from the > > > page tables before we set folio->mapping to NULL. Look at > > > invalidate_inode_pages2_range() for example: > > > > > > unmap_mapping_pages(mapping, indices[i], > > > (1 + end - indices[i]), false); > > > folio_lock(folio); > > > folio_wait_writeback(folio); > > > if (folio_mapped(folio)) > > > unmap_mapping_folio(folio); > > > BUG_ON(folio_mapped(folio)); > > > if (!invalidate_complete_folio2(mapping, folio)) > > > > > What is missed here is the same check [1] in invalidate_inode_pages2_range(), > > so I built no wheel. > > > > folio_lock(folio); > > if (unlikely(folio->mapping != mapping)) { > > folio_unlock(folio); > > continue; > > } > > > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/mm/truncate.c#n658 > > That's entirely different. That's checking in the truncate path whether > somebody else already truncated this page. What I was showing was why > a page found through a page table walk cannot have been truncated (which > is actually quite interesting, because it's the page table lock that > prevents the race). > Feel free to shed light on how ptl protects folio->mapping.