| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 May 2022 04:13:44 +0100
From: Matthew Wilcox <willy@...radead.org>
To: Miaohe Lin <linmiaohe@...wei.com>
Cc: akpm@...ux-foundation.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm/vmscan: don't try to reclaim freed folios
On Sat, May 28, 2022 at 10:52:11AM +0800, Miaohe Lin wrote:
> On 2022/5/27 23:02, Matthew Wilcox wrote:
> > What? No. This can absolutely happen. We have a refcount on the folio,
> > which means that any other thread can temporarily raise the refcount,
>
> IIUC, the folio is only in the isolated page_list now and it's not in the page cache, swap cache, pagetable or
> under any use. So there should be no way that any other thread can temporarily raise the refcount when
> folio_ref_count == 1. Or am I miss something?
Take a look at something like GUP (fast). If this page _was_ mapped to
userspace, something like this can happen:
Thread A Thread B
load PTE
unmap page
refcount goes to 1
vmscan sees the page
try_get_ref
refcount is now 2. WARN_ON.
Thread A will see that the PTE has changed and will now drop its
reference, but Thread B already spat out the WARN.
A similar thing can happen with the page cache.
If this is a worthwhile optimisation (does it happen often that we find
a refcount == 1 page?), we could do something like ...
if (folio_ref_freeze(folio, 1)) {
nr_pages = folio_nr_pages(folio);
goto free_it;
}
... or ...
if (folio_ref_count(folio) == 1 &&
folio_ref_freeze(folio, 1)) {
... if we want to test-and-test-and-clear
But this function is far too complicated already. I really want to
see numbers that proves the extra complexity is worth it.
Powered by blists - more mailing lists