Re: [PATCH v2] mm, dump_page: do not crash with bad compound_mapcount()

From: Vlastimil Babka <vbabka@suse.cz>
To: Matthew Wilcox <willy@infradead.org>
Cc: John Hubbard <jhubbard@nvidia.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	LKML <linux-kernel@vger.kernel.org>,
	linux-mm@kvack.org, cai@lca.pw, kirill@shutemov.name,
	rppt@linux.ibm.com, william.kucharski@oracle.com,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: [PATCH v2] mm, dump_page: do not crash with bad compound_mapcount()
Date: Thu, 6 Aug 2020 17:53:10 +0200	[thread overview]
Message-ID: <da00f435-a867-0108-8855-872019d85d44@suse.cz> (raw)
In-Reply-To: <20200806153938.GO23808@casper.infradead.org>

On 8/6/20 5:39 PM, Matthew Wilcox wrote:
>> >> +++ b/mm/huge_memory.c
>> >> @@ -2125,7 +2125,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
>> >>  	 * Set PG_double_map before dropping compound_mapcount to avoid
>> >>  	 * false-negative page_mapped().
>> >>  	 */
>> >> -	if (compound_mapcount(page) > 1 && !TestSetPageDoubleMap(page)) {
>> >> +	if (head_mapcount(page) > 1 && !TestSetPageDoubleMap(page)) {
>> > 
>> > I'm a little nervous about this one.  The page does actually come from
>> > pmd_page(), and today that's guaranteed to be a head page.  But I'm
>> > not convinced that's going to still be true in twenty years.  With the
>> > current THP patchset, I won't allocate pages larger than PMD order, but
>> > I can see there being interest in tracking pages in chunks larger than
>> > 2MB in the future.  And then pmd_page() might well return a tail page.
>> > So it might be a good idea to not convert this one.
>> 
>> Hmm the function converts the compound mapcount of the whole page to a
>> HPAGE_PMD_NR of base pages. If suddenly the compound page was bigger than a pmd,
>> then I guess this wouldn't work properly anymore without changes anyway?
>> Maybe we could stick something like VM_BUG_ON(PageTransHuge(page)) there as
>> "enforced documentation" for now?
> 
> I think it would work as-is.  But also I may have totally misunderstood it.
> I'll write this declaratively and specifically for x86 (PMD order is 9)
> ... tell me when I've made a mistake ;-)
> 
> This function is for splitting the PMD.  We're leaving the underlying
> page intact and just changing the page table.  So if, say, we have an
> underlying 4MB page (and maybe the pages are mapped as PMDs in this
> process), we might get subpage number 512 of this order-10 page.  We'd
> need to check the DoubleMap bit on subpage 1, and the compound_mapcount
> also stored in page 1, but we'd only want to spread the mapcount out
> over the 512 subpages from 512-1023; we wouldn't want to spread it out
> over 0-511 because they aren't affected by this particular PMD.

Yeah, and then we decrease the compound mapcount, which is a counter of "how
many times is this compound page mapped as a whole". But we only removed (the
second) half of the compound mapping, so imho that would be wrong?

> Having to reason about stuff like this is why I limited the THP code to
> stop at PMD order ... I don't want to make my life even more complicated
> than I have to!

Kirill might correct me but I'd expect the THP code right now has baked in many
assumptions about THP pages being exactly HPAGE_PMD_ORDER large?