lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240416104008.41979-1-ioworker0@gmail.com>
Date: Tue, 16 Apr 2024 18:40:08 +0800
From: Lance Yang <ioworker0@...il.com>
To: david@...hat.com
Cc: akpm@...ux-foundation.org,
	cgroups@...r.kernel.org,
	chris@...kel.net,
	corbet@....net,
	dalias@...c.org,
	fengwei.yin@...el.com,
	glaubitz@...sik.fu-berlin.de,
	hughd@...gle.com,
	jcmvbkbc@...il.com,
	linmiaohe@...wei.com,
	linux-doc@...r.kernel.org,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	linux-mm@...ck.org,
	linux-sh@...r.kernel.org,
	linux-trace-kernel@...r.kernel.org,
	muchun.song@...ux.dev,
	naoya.horiguchi@....com,
	peterx@...hat.com,
	richardycc@...gle.com,
	ryan.roberts@....com,
	shy828301@...il.com,
	willy@...radead.org,
	ysato@...rs.sourceforge.jp,
	ziy@...dia.com,
	Lance Yang <ioworker0@...il.com>
Subject: Re: [PATCH v1 05/18] mm: improve folio_likely_mapped_shared() using the mapcount of large folios

Hey David,

Maybe I spotted a bug below.

[...]
 static inline bool folio_likely_mapped_shared(struct folio *folio)
 {
-	return page_mapcount(folio_page(folio, 0)) > 1;
+	int mapcount = folio_mapcount(folio);
+
+	/* Only partially-mappable folios require more care. */
+	if (!folio_test_large(folio) || unlikely(folio_test_hugetlb(folio)))
+		return mapcount > 1;
+
+	/* A single mapping implies "mapped exclusively". */
+	if (mapcount <= 1)
+		return false;
+
+	/* If any page is mapped more than once we treat it "mapped shared". */
+	if (folio_entire_mapcount(folio) || mapcount > folio_nr_pages(folio))
+		return true;

bug: if a PMD-mapped THP is exclusively mapped, the folio_entire_mapcount()
function will return 1 (atomic_read(&folio->_entire_mapcount) + 1).

IIUC, when mapping a PMD entry for the entire THP, folio->_entire_mapcount
increments from -1 to 0.

Thanks,
Lance

+
+	/* Let's guess based on the first subpage. */
+	return atomic_read(&folio->_mapcount) > 0;
 }
[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ