lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Jun 2015 14:14:34 +0300
From:	"Kirill A. Shutemov" <kirill@...temov.name>
To:	Vlastimil Babka <vbabka@...e.cz>
Cc:	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andrea Arcangeli <aarcange@...hat.com>,
	Hugh Dickins <hughd@...gle.com>,
	Dave Hansen <dave.hansen@...el.com>,
	Mel Gorman <mgorman@...e.de>, Rik van Riel <riel@...hat.com>,
	Christoph Lameter <cl@...two.org>,
	Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
	Steve Capper <steve.capper@...aro.org>,
	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>,
	Johannes Weiner <hannes@...xchg.org>,
	Michal Hocko <mhocko@...e.cz>,
	Jerome Marchand <jmarchan@...hat.com>,
	Sasha Levin <sasha.levin@...cle.com>,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCHv6 29/36] thp: implement split_huge_pmd()

On Thu, Jun 11, 2015 at 11:49:48AM +0200, Vlastimil Babka wrote:
> On 06/03/2015 07:06 PM, Kirill A. Shutemov wrote:
> >Original split_huge_page() combined two operations: splitting PMDs into
> >tables of PTEs and splitting underlying compound page. This patch
> >implements split_huge_pmd() which split given PMD without splitting
> >other PMDs this page mapped with or underlying compound page.
> >
> >Without tail page refcounting, implementation of split_huge_pmd() is
> >pretty straight-forward.
> >
> >Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> >Tested-by: Sasha Levin <sasha.levin@...cle.com>
> 
> [...]
> 
> >+
> >+	if (atomic_add_negative(-1, compound_mapcount_ptr(page))) {
> >+		/* Last compound_mapcount is gone. */
> >+		__dec_zone_page_state(page, NR_ANON_TRANSPARENT_HUGEPAGES);
> >+		if (PageDoubleMap(page)) {
> >+			/* No need in mapcount reference anymore */
> >+			ClearPageDoubleMap(page);
> >+			for (i = 0; i < HPAGE_PMD_NR; i++)
> >+				atomic_dec(&page[i]._mapcount);
> >+		}
> >+	} else if (!TestSetPageDoubleMap(page)) {
> >+		/*
> >+		 * The first PMD split for the compound page and we still
> >+		 * have other PMD mapping of the page: bump _mapcount in
> >+		 * every small page.
> >+		 * This reference will go away with last compound_mapcount.
> >+		 */
> >+		for (i = 0; i < HPAGE_PMD_NR; i++)
> >+			atomic_inc(&page[i]._mapcount);
> 
> The order of actions here means that between TestSetPageDoubleMap() and the
> atomic incs, anyone calling page_mapcount() on one of the pages not
> processed by the for loop yet, will see a value lower by 1 from what he
> should see. I wonder if that can cause any trouble somewhere, especially if
> there's only one other compound mapping and page_mapcount() will return 0
> instead of 1?

Good catch. Thanks.

What about this?

diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 0f1f5731a893..cd0e6addb662 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2636,15 +2636,25 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
                        for (i = 0; i < HPAGE_PMD_NR; i++)
                                atomic_dec(&page[i]._mapcount);
                }
-       } else if (!TestSetPageDoubleMap(page)) {
+       } else if (!PageDoubleMap(page)) {
                /*
                 * The first PMD split for the compound page and we still
                 * have other PMD mapping of the page: bump _mapcount in
                 * every small page.
+                *
                 * This reference will go away with last compound_mapcount.
+                *
+                * Note, we need to increment mapcounts before setting
+                * PG_double_map to avoid false-negative page_mapped().
                 */
                for (i = 0; i < HPAGE_PMD_NR; i++)
                        atomic_inc(&page[i]._mapcount);
+
+               if (TestSetPageDoubleMap(page)) {
+                       /* Race with another  __split_huge_pmd() for the page */
+                       for (i = 0; i < HPAGE_PMD_NR; i++)
+                               atomic_dec(&page[i]._mapcount);
+               }
        }
 
        smp_wmb(); /* make pte visible before pmd */

> Conversely, when clearing PageDoubleMap() above (or in one of those rmap
> functions IIRC), one could see mapcount inflated by one. But I guess that's
> less dangerous.

I think it's safe.

-- 
 Kirill A. Shutemov
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ