| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d2e5b099-94bd-444d-9946-182807443539@linux.dev>
Date: Tue, 14 Oct 2025 23:01:13 +0800
From: Lance Yang <lance.yang@...ux.dev>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
Cc: akpm@...ux-foundation.org, david@...hat.com, Liam.Howlett@...cle.com,
baohua@...nel.org, baolin.wang@...ux.alibaba.com, dev.jain@....com,
hughd@...gle.com, ioworker0@...il.com, kirill@...temov.name,
linux-kernel@...r.kernel.org, linux-mm@...ck.org, mpenttil@...hat.com,
npache@...hat.com, ryan.roberts@....com, ziy@...dia.com,
richard.weiyang@...il.com
Subject: Re: [PATCH mm-new v3 1/1] mm/khugepaged: abort collapse scan on
non-swap entries
On 2025/10/14 22:39, Lorenzo Stoakes wrote:
> On Tue, Oct 14, 2025 at 10:26:20PM +0800, Lance Yang wrote:
>>
>>
>> On 2025/10/14 19:08, Lorenzo Stoakes wrote:
>>> On Wed, Oct 08, 2025 at 11:26:57AM +0800, Lance Yang wrote:
>>>> diff --git a/mm/khugepaged.c b/mm/khugepaged.c
>>>> index abe54f0043c7..bec3e268dc76 100644
>>>> --- a/mm/khugepaged.c
>>>> +++ b/mm/khugepaged.c
>>>> @@ -1020,6 +1020,11 @@ static int __collapse_huge_page_swapin(struct mm_struct *mm,
>>>> if (!is_swap_pte(vmf.orig_pte))
>>>> continue;
>>>>
>>>> + if (non_swap_entry(pte_to_swp_entry(vmf.orig_pte))) {
>>>> + result = SCAN_PTE_NON_PRESENT;
>>>> + goto out;
>>>> + }
>>>
>>> OK seems in line with what we were discussing before...
>>
>> Yep. That's the idea :)
>>
>>>
>>>> +
>>>> vmf.pte = pte;
>>>> vmf.ptl = ptl;
>>>> ret = do_swap_page(&vmf);
>>>> @@ -1281,7 +1286,23 @@ static int hpage_collapse_scan_pmd(struct mm_struct *mm,
>>>> for (addr = start_addr, _pte = pte; _pte < pte + HPAGE_PMD_NR;
>>>> _pte++, addr += PAGE_SIZE) {
>>>> pte_t pteval = ptep_get(_pte);
>>>> - if (is_swap_pte(pteval)) {
>>>> + if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
>>>> + ++none_or_zero;
>>>> + if (!userfaultfd_armed(vma) &&
>>>> + (!cc->is_khugepaged ||
>>>> + none_or_zero <= khugepaged_max_ptes_none)) {
>>>> + continue;
>>>> + } else {
>>>> + result = SCAN_EXCEED_NONE_PTE;
>>>> + count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
>>>> + goto out_unmap;
>>>> + }
>>>> + } else if (!pte_present(pteval)) {
>>>> + if (non_swap_entry(pte_to_swp_entry(pteval))) {
>>>
>>
>> Thanks for pointing that out!
>
> You've deleted what I've said here and also not indicated whether you'll do what
> I asked :)
>
> Please be clearer...
Oh, I didn't delete your comment at all ... It's just below ...
>
>>>>> Hm but can't this be pte_protnone() at this stage (or something
else)? And then <-- Here!
>>
>> Yeah. The funny thing is, a protnone pte cannot actually get here, IIUC.
>>
>> ```
>> static inline int pte_protnone(pte_t pte)
>> {
>> return (pte_flags(pte) & (_PAGE_PROTNONE | _PAGE_PRESENT))
>> == _PAGE_PROTNONE;
>> }
>>
>> static inline int pte_present(pte_t a)
>> {
>> return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE);
>> }
>> ```
>>
>> On x86, pte_present() returns true for a protnone pte. And I'd assume
>> other archs behave similarly ...
>
> This was one example, we may make changes in the future that result in entries
> that are non-present but also non-swap.
>
> I don't see the point in eliminating this check based on an implicit, open-coded
> assumption that this can never be the case, this is just asking for trouble.
>
>>
>>> we're just assuming pte_to_swp_entry() is operating on a swap entry when it in
>>> fact might not be?
>>>
>>> Couldn't we end up with false positives here?
>>
>> Emm, I think we're good here and the code is doing the right thing.
>
> I mean sorry but just - NO - to doing swap operations based on open-coded checks
> that you implicitly feel must imply a swap entry.
>
> This makes the code a lot more confusing, it opens us up to accidentally
> breaking things in future and has little to no benefit, I don't see why we're
> doing it.
>
> I don't think every little 'aha X must imply Y so just eliminate Z' idea need be
> implemented, this feels like a sort of 'mathematical reduction of code ignoring
> all other factors'.
Understood. Changing !pte_present() to is_swap_pte() will resolve all your
concerns, right?
```
if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
[...]
} else if (is_swap_pte(pteval)) { <-- Here
if (non_swap_entry(pte_to_swp_entry(pteval))) {
[...]
}
[...]}
```
>
>>
>>>
>>>> + result = SCAN_PTE_NON_PRESENT;
>>>> + goto out_unmap;
>>>> + }
>>>> +
>>>> ++unmapped;
>>>> if (!cc->is_khugepaged ||
>>>> unmapped <= khugepaged_max_ptes_swap) {
>>>> @@ -1290,7 +1311,7 @@ static int hpage_collapse_scan_pmd(struct mm_struct *mm,
>>>> * enabled swap entries. Please see
>>>> * comment below for pte_uffd_wp().
>>>> */
>>>> - if (pte_swp_uffd_wp_any(pteval)) {
>>>> + if (pte_swp_uffd_wp(pteval)) {
>>>
>>> Again you're assuming it's a swap entry but you're not asserting this is a swap
>>> entry in this branch?
>>
>> As we discussed above, the non_swap_entry() check has already kicked out
>> anything that isn't a true swap entry, right?
>
> This is a different function?
>
> Actually I'm mistaken here I think - you check in the code above:
>
> if (is_swap_pte(pteval)) {
> ...
> }
>
> So this is fine, please ignore sorry :)
No worries at all, thanks for double-checking and clarifying!
>
>>
>>>
>>> Also an aside - I hate, hate, hate how this uffd wp stuff has infiltrated all
>>> kinds of open-coded stuff. It's so gross (not your fault, just a general
>>> comment...)
>>
>> Haha, tell me about it. No argument from me there ;)
>
> :)
>
>>
>> Thanks,
>> Lance
>
> Cheers, Lorenzo
Powered by blists - more mailing lists