lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191025163955.qsvkqic2hrorvdzj@box>
Date:   Fri, 25 Oct 2019 19:39:55 +0300
From:   "Kirill A. Shutemov" <kirill@...temov.name>
To:     Yang Shi <yang.shi@...ux.alibaba.com>
Cc:     hughd@...gle.com, kirill.shutemov@...ux.intel.com,
        aarcange@...hat.com, akpm@...ux-foundation.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm: thp: clear PageDoubleMap flag when the last PMD map
 gone

On Fri, Oct 25, 2019 at 07:32:33PM +0300, Kirill A. Shutemov wrote:
> On Fri, Oct 25, 2019 at 08:58:22AM -0700, Yang Shi wrote:
> > 
> > 
> > On 10/25/19 8:36 AM, Kirill A. Shutemov wrote:
> > > On Fri, Oct 25, 2019 at 01:27:46AM +0800, Yang Shi wrote:
> > > > File THP sets PageDoubleMap flag when the first it gets PTE mapped, but
> > > > the flag is never cleared until the THP is freed.  This result in
> > > > unbalanced state although it is not a big deal.
> > > > 
> > > > Clear the flag when the last compound_mapcount is gone.  It should be
> > > > cleared when all the PTE maps are gone (become PMD mapped only) as well,
> > > > but this needs check all subpage's _mapcount every time any subpage's
> > > > rmap is removed, the overhead may be not worth.  The anonymous THP also
> > > > just clears PageDoubleMap flag when the last PMD map is gone.
> > > NAK, sorry.
> > > 
> > > The key difference with anon THP that file THP can be mapped again with
> > > PMD after all PMD (or all) mappings are gone.
> > > 
> > > Your patch breaks the case when you map the page with PMD again while the
> > > page is still mapped with PTEs. Who would set PageDoubleMap() in this
> > > case?
> > 
> > Aha, yes, you are right. I missed that point. However, I'm wondering we
> > might move this up a little bit like this:
> > 
> > diff --git a/mm/rmap.c b/mm/rmap.c
> > index d17cbf3..ac046fd 100644
> > --- a/mm/rmap.c
> > +++ b/mm/rmap.c
> > @@ -1230,15 +1230,17 @@ static void page_remove_file_rmap(struct page *page,
> > bool compound)
> >                         if (atomic_add_negative(-1, &page[i]._mapcount))
> >                                 nr++;
> >                 }
> > +
> > +               /* No PTE map anymore */
> > +               if (nr == HPAGE_PMD_NR)
> > +                       ClearPageDoubleMap(compound_head(page));
> > +
> >                 if (!atomic_add_negative(-1, compound_mapcount_ptr(page)))
> >                         goto out;
> >                 if (PageSwapBacked(page))
> >                         __dec_node_page_state(page, NR_SHMEM_PMDMAPPED);
> >                 else
> >                         __dec_node_page_state(page, NR_FILE_PMDMAPPED);
> > -
> > -               /* The last PMD map is gone */
> > -               ClearPageDoubleMap(compound_head(page));
> >         } else {
> >                 if (!atomic_add_negative(-1, &page->_mapcount))
> >                         goto out;
> > 
> > 
> > This should guarantee no PTE map anymore, it should be safe to clear the
> > flag.
> 
> At first glance looks safe, but let me think more about it. I didn't
> expect it be that easy :P

How do you protect from races? What prevents other thread/process to map
the page as PTE after you've calculated 'nr'?

I don't remember the code that well, but I believe we don't require
PageLock for all cases... Or do we?

-- 
 Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ