From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6937FC47082 for ; Mon, 7 Jun 2021 20:49:43 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 100F661185 for ; Mon, 7 Jun 2021 20:49:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 100F661185 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=shutemov.name Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A0F9E6B006E; Mon, 7 Jun 2021 16:49:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9E6806B0070; Mon, 7 Jun 2021 16:49:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 887EF6B0071; Mon, 7 Jun 2021 16:49:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0110.hostedemail.com [216.40.44.110]) by kanga.kvack.org (Postfix) with ESMTP id 558C16B006E for ; Mon, 7 Jun 2021 16:49:42 -0400 (EDT) Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id D7AD181FB7CC for ; Mon, 7 Jun 2021 20:49:41 +0000 (UTC) X-FDA: 78228118962.17.773CAE6 Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com [209.85.167.51]) by imf23.hostedemail.com (Postfix) with ESMTP id D96DCA0045B5 for ; Mon, 7 Jun 2021 20:49:33 +0000 (UTC) Received: by mail-lf1-f51.google.com with SMTP id j2so893987lfg.9 for ; Mon, 07 Jun 2021 13:49:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=TvLQf2wXHegMO4uEWEbqN/2+ymXClH1c47usYHXpKPM=; b=j6colDVcTN6A/b35XaPZE4vfAMXgk36m3VueudKIPO+29yOnWbhBPZ7vFNJgZ2+yVQ hDIWgs8o1n4MyM30H3UDD9fzlPds4ERgcN8ylTWLdrz/NOWYGHQXGee88DKHgcf1yVwu +CWmNVnaz2J7eO2lB/yZzTxyjOjSUH2+o4OoHrnT2+/R7JHqfCooJoKS5j4TdG1rJdDh uag2/FVuA6gts+bE2FAAFi9dR2HlQ+3TPWvcO0De2BQLFMjQeeawg2AXsiJfdipstxHM xrBZmLdAln/aMJ60sNtC9bjDTLHPYQQ2FQWvOVy9yca9wAZ9Lknk97Gl/f8eSQXvdyT+ u+IA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=TvLQf2wXHegMO4uEWEbqN/2+ymXClH1c47usYHXpKPM=; b=CC002uuM5YnTVgDOkIB2WiLpfeIlP7+j66xuUkC7ZArXCfnsTI2jJoV8FRr63hEuAI 7m7DQsXYigGj8NdAVdf3L8rAvs3wAGwc3gF5sppe3yDrXvMKaV1jNQD/RpMn+PWumuMB 8qCRoYlrDoShp+P+B0BuzvMBFoSGNfUTa0JUOP2eDKmhAlvL1FLofH9rN/ChgDB9/8lm qwCQCAlPH1bBJu1GA5hO+zG7+zKV7aMzTbBwctv4SXmV6IH2vhGnzDqA66ptGDUopvoO 9facoMzGddHNbMYHT7e4/FrOWV8j5GleTUC1sH2ioyv0FrA9/o2CdZQ7xS+2WHoc77e1 q+iQ== X-Gm-Message-State: AOAM532VRUoH7+JV9hK+pTFtnLYX7k9HRqK6zu6f1aLrv0LFjgdBx8f3 NOmQN9HKqt7S73SnV8JG6oNu4A== X-Google-Smtp-Source: ABdhPJxhAfAQ88rG5kSCkiw5DymwPnlnDy67yswfnuHDyWwGh+X2e4dbklZWygL1TDN+0BJcBwWE9w== X-Received: by 2002:a19:f706:: with SMTP id z6mr12847846lfe.122.1623098969472; Mon, 07 Jun 2021 13:49:29 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id j16sm1238926lfk.155.2021.06.07.13.49.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Jun 2021 13:49:28 -0700 (PDT) Received: by box.localdomain (Postfix, from userid 1000) id F3890101ED7; Mon, 7 Jun 2021 23:49:42 +0300 (+03) Date: Mon, 7 Jun 2021 23:49:42 +0300 From: "Kirill A. Shutemov" To: Jann Horn Cc: Matthew Wilcox , Linux-MM , Zi Yan , Peter Xu , "Kirill A. Shutemov" , Konstantin Khlebnikov , Andrew Morton , chinwen.chang@mediatek.com, kernel list , syzkaller-bugs , Vlastimil Babka , Michel Lespinasse , syzbot Subject: Re: split_huge_page_to_list() races with page_mapcount() on migration entry in smaps code? [was: Re: [syzbot] kernel BUG in __page_mapcount] Message-ID: <20210607204942.buratcsapp5fk627@box.shutemov.name> References: <00000000000017977605c395a751@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=j6colDVc; dmarc=none; spf=none (imf23.hostedemail.com: domain of kirill@shutemov.name has no SPF policy when checking 209.85.167.51) smtp.mailfrom=kirill@shutemov.name X-Rspamd-Server: rspam02 X-Stat-Signature: yekn7dhnnfqfpqwx1954jnr843yd7zqa X-Rspamd-Queue-Id: D96DCA0045B5 X-HE-Tag: 1623098973-885252 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Jun 07, 2021 at 07:27:23PM +0200, Jann Horn wrote: > 2. let smaps assume that the mapcount is 1 for all migration entries? I believe that what we effectively do for migration entries to non-compound pages: for (i = 0; i < nr; i++, page++) { int mapcount = page_mapcount(page); unsigned long pss = PAGE_SIZE << PSS_SHIFT; if (mapcount >= 2) pss /= mapcount; smaps_page_accumulate(mss, page, PAGE_SIZE, pss, dirty, locked, mapcount < 2); } For non-compound pages with page_count(page) != 1 (== 1 handled separately) we would have nr == 1 and will look into mapcount, which for pages under migration is 0. The code above will handle mapcount == 0 as mapcount == 1. I think it would not be a stretch to do the same for compound pages here. I guess we should take an additional argument to smaps_account() which would indicate that we deal with migration entry and handle it as mapcount == 1. Hm. Do we need the same for device-private entries? -- Kirill A. Shutemov