Received: by 2002:ab2:620c:0:b0:1ef:ffd0:ce49 with SMTP id o12csp192149lqt; Mon, 18 Mar 2024 05:32:48 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXL4Bg0J4tWWUGkZyDCe7kMtNYOVS1PGfAYrq5IJI0oM+8joEmF/Jkzw8GhTYo6VhikRVoWoaf9nlXTWIFu+zbWDEKI7Xe8xZZti7Q+RA== X-Google-Smtp-Source: AGHT+IEf3byi3oEcPmdc39+d7juUsagrAaOsJ7Z3NkVKR6be59LEzs76qv9RSY/dmX+SwUwjsIkA X-Received: by 2002:a05:620a:4620:b0:789:db4a:641f with SMTP id br32-20020a05620a462000b00789db4a641fmr14979579qkb.6.1710765168098; Mon, 18 Mar 2024 05:32:48 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710765168; cv=pass; d=google.com; s=arc-20160816; b=w5s8oTFpL0I8NOrQgPXgxQbvasBrDeMXEpqor6cRKRcy98acrQNd8RiFtRZ4KCpirA UkIgMtlPJH9Eg2LKFa4/wkHeNyPnPjd8nXaG+M4e3VSlFVltJG42P/sve5lptkbLsU1/ FWNCVXfus0NkeZBRD3pZzVquibUAoRP3IRAShbVDucaF2F/0LIR7mFY+Wn5H7RkfjWwJ PKrBkAa0eMPhmrQywTLw5BSe6u7KmxID99fmJ0Qa0bmKfpk1qE950ONKeWEDsX2ue/PE ahAZerOm9/em0gnTVq+YeorgY8J9auyxLj3mjfmwSfYnWyhI9BPxfep+yFW4U2g4AxTB aU6w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=HSPhwXSCxS++lB8cW7HjxSToUp/DCPeVhcBtHho/j3E=; fh=/kky22/bhxc38bik9XthCRNBBaehPl7TRda8O1EOaP8=; b=MVbYsV/OfVEj7nev5oA4cg70IhPh0yGZISebpoRgwPGt+QvV59xWcRRJhrIVQuRAOe PKae68dUhPDi/DEK7JnnbSgq+qz8KqszcGhEWdS+qX+5i8Lk3KV6GR+ZxqzAkLszHTuk 6eS6DXv2mr8QTYz8GqXdoNxXa1xoy24FUDy5dAcMk+BEvu+K5nqF7/X/PTS0gGNWZYTe HK+bSud7d9xYJQr+9DeLYglmpJJE0IoP/4RdlUog87MBU8Rc9B9dz7q5eECfO+LtNYpk JvRHTvsBB2BEqkjX45DWftGw2cUbo9ny5oWsdwMxOHhgctg/yd8Haso/GiClv9+QacJ5 PJeg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=XEm+Wdrx; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-106116-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-106116-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id z7-20020a05620a08c700b0078a010afad0si1845996qkz.757.2024.03.18.05.32.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Mar 2024 05:32:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-106116-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=XEm+Wdrx; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-106116-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-106116-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C6EE41C2129D for ; Mon, 18 Mar 2024 12:32:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 63642210EC; Mon, 18 Mar 2024 12:32:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="XEm+Wdrx" Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 00B381E49E for ; Mon, 18 Mar 2024 12:32:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.50.34 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710765160; cv=none; b=S+r28NLSRBs0KNJtL6GuXqy6uJwTcAaDe4C0GQVGWm+DMXCY8APDoWpgB+vfMB14NMISJHKaNniy0PmomPBpagiYEUPO5Gt/f1nyWU5S/qN4oPKxfqIKJswvqrlAwDeRqo1eCJ2vijc8kJu7bzV4pGBsuqABHfdZtyjKssw1xc8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710765160; c=relaxed/simple; bh=efnVPpmb2teYRxdgVuvr53GXPaEARKO2oJiZDPTgVSQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=sMRW907IUYoYSOPOOjWXvBGFNu60OXI20CGrFR9RVtl49N3P0oio9gO3ISYL1cLgPfunzO8eFeri5h6G0BboLLXEiTUmYpgV3HSROQg46ffzbnuDa0mjvArm4mMv7C0klMg53epo5pgnwAeM2HwMR6q62bt5Fo+q2BYW/kY+bZs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=XEm+Wdrx; arc=none smtp.client-ip=90.155.50.34 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=HSPhwXSCxS++lB8cW7HjxSToUp/DCPeVhcBtHho/j3E=; b=XEm+WdrxFnpkahFybnf2FrA+2/ rw1XzkwVssLBE54wENkAoZC8nJIs/MbYgaGfgGfxS12nOe5T+nND8XrN9cBOt0W3TfZx1NvE1oOWU HFevprZ7dWzFtOFYcLSMCvABeljS5xnpTCzBV3OGCeA3RRk28Rh8X3/ijDv785eu6/dnqRbCSOI+a YcsB95n1tMjF0A+SWYwN5OtsaP2CJ/dJHjeWfVhlmjrGXbjg7iB14GUT2mijIQYh99nD/1wTnHzqp 7BE4J7lKnVCgkaN6T4VCUcHwuyzIrtPt3dauNribIu8tiXLoxuARtDB/aK/H1yMrTjWQO2XDys2ds 7lBlZfVg==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rmCAC-0000000H9S1-2Xle; Mon, 18 Mar 2024 12:32:24 +0000 Date: Mon, 18 Mar 2024 12:32:24 +0000 From: Matthew Wilcox To: =?utf-8?B?6buE5pyd6ZizIChaaGFveWFuZyBIdWFuZyk=?= Cc: Zhaoyang Huang , Andrew Morton , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , =?utf-8?B?5bq357qq5ruoIChTdGV2ZSBLYW5nKQ==?= Subject: Re: summarize all information again at bottom//reply: reply: [PATCH] mm: fix a race scenario in folio_isolate_lru Message-ID: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Stop creating new threads. You're really annoying. On Mon, Mar 18, 2024 at 09:32:32AM +0000, 黄朝阳 (Zhaoyang Huang) wrote: > Summarize all information below to make it more clear(remove thread2 which is not mandatory and make the scenario complex) You've gone back to over-indenting. STOP IT. > #thread 0(madivise_cold_and_pageout) #thread1(truncate_inode_pages_range) This is still an impossible race, and it's the third time I've told you this. And madivise_cold_and_pageout does not exist, it's madvise_cold_or_pageout_pte_range(). I'm going to stop responding to your emails if you keep on uselessly repeating the same mistakes. So, once again, For madvise_cold_or_pageout_pte_range() to find a page, it must have a PTE pointing to the page. That means there's a mapcount on the page. That means there's a refcount on the page. truncate_inode_pages_range() will indeed attempt to remove a page from the page cache. BUT before it does that, it has to shoot down TLB entries that refer to the affected folios. That happens like this: for (i = 0; i < folio_batch_count(&fbatch); i++) truncate_cleanup_folio(fbatch.folios[i]); truncate_cleanup_folio() -> unmap_mapping_folio -> unmap_mapping_range_tree() -> unmap_mapping_range_vma() -> zap_page_range_single() -> unmap_single_vma -> unmap_page_range -> zap_p4d_range -> zap_pud_range -> zap_pmd_range -> zap_pte_range -> pte_offset_map_lock() > pte_offset_map_lock takes NO lock > truncate_inode_folio(refcnt == 2) > > folio_isolate_lru(refcnt == 1) > release_pages(refcnt == 1) > folio_test_clear_lru > > folio_put_testzero == true > folio_get(refer to isolation) > folio_test_lru == false > > list_add(folio->lru, pages_to_free) > ****current folio will break LRU's integrity since it has not been deleted**** > > 0. Folio's refcnt decrease from 2 to 1 by filemap_remove_folio > 1. thread 0 calls folio_isolate_lru with refcnt == 1. Folio comes from vm's pte > 2. thread 1 calls release_pages with refcnt == 1. Folio comes from address_space > (refcnt == 1 make sense for both of folio_isolate_lru and release_pages) > 3. thread0 clear folio's PG_lru by folio_test_clear_lru > 4. thread1 decrease folio's refcnt from 1 to 0 and get permission to proceed > 5. thread1 failed in folio_test_lru and do no list_del(folio) > 6. thread1 add folio to pages_to_free wrongly which break the LRU's->list > 7. next folio after current one within thread1 experiences list_del_invalid when calling lruvec_del_folio