| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <37f1e6da-412b-4bb4-88b7-4c49f21f5fe9@redhat.com> Date: Mon, 4 Mar 2024 13:41:38 +0100 From: David Hildenbrand <david@...hat.com> To: Ryan Roberts <ryan.roberts@....com>, Barry Song <21cnbao@...il.com>, akpm@...ux-foundation.org, linux-mm@...ck.org Cc: chrisl@...nel.org, yuzhao@...gle.com, hanchuanhua@...o.com, linux-kernel@...r.kernel.org, willy@...radead.org, ying.huang@...el.com, xiang@...nel.org, mhocko@...e.com, shy828301@...il.com, wangkefeng.wang@...wei.com, Barry Song <v-songbaohua@...o.com>, Hugh Dickins <hughd@...gle.com> Subject: Re: [RFC PATCH] mm: hold PTL from the first PTE while reclaiming a large folio On 04.03.24 13:20, Ryan Roberts wrote: > Hi Barry, > > On 04/03/2024 10:37, Barry Song wrote: >> From: Barry Song <v-songbaohua@...o.com> >> >> page_vma_mapped_walk() within try_to_unmap_one() races with other >> PTEs modification such as break-before-make, while iterating PTEs >> of a large folio, it will only begin to acquire PTL after it gets >> a valid(present) PTE. break-before-make intermediately sets PTEs >> to pte_none. Thus, a large folio's PTEs might be partially skipped >> in try_to_unmap_one(). > > I just want to check my understanding here - I think the problem occurs for > PTE-mapped, PMD-sized folios as well as smaller-than-PMD-size large folios? Now > that I've had a look at the code and have a better understanding, I think that > must be the case? And therefore this problem exists independently of my work to > support swap-out of mTHP? (From your previous report I was under the impression > that it only affected mTHP). > > Its just that the problem is becoming more pronounced because with mTHP, > PTE-mapped large folios are much more common? That is my understanding. > >> For example, for an anon folio, after try_to_unmap_one(), we may >> have PTE0 present, while PTE1 ~ PTE(nr_pages - 1) are swap entries. >> So folio will be still mapped, the folio fails to be reclaimed. >> What’s even more worrying is, its PTEs are no longer in a unified >> state. This might lead to accident folio_split() afterwards. And >> since a part of PTEs are now swap entries, accessing them will >> incur page fault - do_swap_page. >> It creates both anxiety and more expense. While we can't avoid >> userspace's unmap to break up unified PTEs such as CONT-PTE for >> a large folio, we can indeed keep away from kernel's breaking up >> them due to its code design. >> This patch is holding PTL from PTE0, thus, the folio will either >> be entirely reclaimed or entirely kept. On the other hand, this >> approach doesn't increase PTL contention. Even w/o the patch, >> page_vma_mapped_walk() will always get PTL after it sometimes >> skips one or two PTEs because intermediate break-before-makes >> are short, according to test. Of course, even w/o this patch, >> the vast majority of try_to_unmap_one still can get PTL from >> PTE0. This patch makes the number 100%. >> The other option is that we can give up in try_to_unmap_one >> once we find PTE0 is not the first entry we get PTL, we call >> page_vma_mapped_walk_done() to end the iteration at this case. >> This will keep the unified PTEs while the folio isn't reclaimed. >> The result is quite similar with small folios with one PTE - >> either entirely reclaimed or entirely kept. >> Reclaiming large folios by holding PTL from PTE0 seems a better >> option comparing to giving up after detecting PTL begins from >> non-PTE0. >> I'm sure that wall of text can be formatted in a better way :) . Also, I think we can drop some of the details, If you need some inspiration, I can give it a shot. >> Cc: Hugh Dickins <hughd@...gle.com> >> Signed-off-by: Barry Song <v-songbaohua@...o.com> > > Do we need a Fixes tag? > What would be the description of the problem we are fixing? 1) failing to unmap? That can happen with small folios as well IIUC. 2) Putting the large folio on the deferred split queue? That sounds more reasonable. >> --- >> mm/vmscan.c | 11 +++++++++++ >> 1 file changed, 11 insertions(+) >> >> diff --git a/mm/vmscan.c b/mm/vmscan.c >> index 0b888a2afa58..e4722fbbcd0c 100644 >> --- a/mm/vmscan.c >> +++ b/mm/vmscan.c >> @@ -1270,6 +1270,17 @@ static unsigned int shrink_folio_list(struct list_head *folio_list, >> >> if (folio_test_pmd_mappable(folio)) >> flags |= TTU_SPLIT_HUGE_PMD; >> + /* >> + * if page table lock is not held from the first PTE of >> + * a large folio, some PTEs might be skipped because of >> + * races with break-before-make, for example, PTEs can >> + * be pte_none intermediately, thus one or more PTEs >> + * might be skipped in try_to_unmap_one, we might result >> + * in a large folio is partially mapped and partially >> + * unmapped after try_to_unmap >> + */ >> + if (folio_test_large(folio)) >> + flags |= TTU_SYNC; > > This looks sensible to me after thinking about it for a while. But I also have a > gut feeling that there might be some more subtleties that are going over my > head, since I'm not expert in this area. So will leave others to provide R-b :) > As we are seeing more such problems with lockless PT walks, maybe we really want some other special value (nonswap entry?) to indicate that a PTE this is currently ondergoing protection changes. So we'd avoid the pte_none() temporarily, if possible. Without that, TTU_SYNC feels like the right thing to do. -- Cheers, David / dhildenb
Powered by blists - more mailing lists