| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Apr 2020 11:51:22 -0700
From: Yang Shi <yang.shi@...ux.alibaba.com>
To: "Kirill A. Shutemov" <kirill@...temov.name>
Cc: akpm@...ux-foundation.org, Andrea Arcangeli <aarcange@...hat.com>,
Zi Yan <ziy@...dia.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: [PATCHv2 5/8] khugepaged: Allow to callapse a page shared across
fork
On 4/8/20 6:10 AM, Kirill A. Shutemov wrote:
> On Mon, Apr 06, 2020 at 01:50:56PM -0700, Yang Shi wrote:
>>
>> On 4/3/20 4:29 AM, Kirill A. Shutemov wrote:
>>> The page can be included into collapse as long as it doesn't have extra
>>> pins (from GUP or otherwise).
>>>
>>> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
>>> ---
>>> mm/khugepaged.c | 25 ++++++++++++++-----------
>>> 1 file changed, 14 insertions(+), 11 deletions(-)
>>>
>>> diff --git a/mm/khugepaged.c b/mm/khugepaged.c
>>> index 57ff287caf6b..1e7e6543ebca 100644
>>> --- a/mm/khugepaged.c
>>> +++ b/mm/khugepaged.c
>>> @@ -581,11 +581,18 @@ static int __collapse_huge_page_isolate(struct vm_area_struct *vma,
>>> }
>>> /*
>>> - * cannot use mapcount: can't collapse if there's a gup pin.
>>> - * The page must only be referenced by the scanned process
>>> - * and page swap cache.
>>> + * Check if the page has any GUP (or other external) pins.
>>> + *
>>> + * The page table that maps the page has been already unlinked
>>> + * from the page table tree and this process cannot get
>>> + * additinal pin on the page.
>>> + *
>>> + * New pins can come later if the page is shared across fork,
>>> + * but not for the this process. It is fine. The other process
>>> + * cannot write to the page, only trigger CoW.
>>> */
>>> - if (page_count(page) != 1 + PageSwapCache(page)) {
>>> + if (total_mapcount(page) + PageSwapCache(page) !=
>>> + page_count(page)) {
>> This check looks fine for base page, but what if the page is PTE-mapped THP?
>> The following patch made this possible.
>>
>> If it is PTE-mapped THP and the page is in swap cache, the refcount would be
>> 512 + the number of PTE-mapped pages.
>>
>> Shall we do the below change in the following patch?
>>
>> extra_pins = PageSwapCache(page) ? nr_ccompound(page) - 1 : 0;
>> if (total_mapcount(page) + PageSwapCache(page) != page_count(page) -
>> extra_pins) {
>> ...
> Looks like you're right.
>
> It would be nice to have a test case to demonstrate the issue.
>
> Is there any way to trigger moving the page to swap cache? I don't see it
> immediately.
It sounds not easy to trigger since it totally depends on timing, I'm
wondering we may have to use MADV_PAGEOUT? Something below off the top
of my head may trigger this?
CPU A CPU B
CPU C
In parent:
MADV_HUGEPAGE
page fault to fill with THP
fork
In Child:
MADV_NOHUGEPAGE
MADV_DONTNEED (split pmd)
MADV_PAGEOUT
-> add_to_swap
khugepaged scan parent and try to
collapse PTE-mapped
-> try_to_unmap
When doing MADV_DONTNEED we need make sure head page is unmapped since
MADV_PAGEOUT would call page_mapcount(page) to skip shared mapping.
>
Powered by blists - more mailing lists