linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mm: delete unsafe BUG from page_cache_add_speculative()
@ 2021-12-09  7:19 Hugh Dickins
  2021-12-09  9:30 ` Kirill A. Shutemov
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Hugh Dickins @ 2021-12-09  7:19 UTC (permalink / raw)
  To: Matthew Wilcox
  Cc: Andrew Morton, Vlastimil Babka, William Kucharski,
	Christoph Hellwig, Kirill A. Shutemov, Mike Rapoport,
	linux-kernel, linux-fsdevel, linux-mm

It is not easily reproducible, but on 5.16-rc I have several times hit
the VM_BUG_ON_PAGE(PageTail(page), page) in page_cache_add_speculative():
usually from filemap_get_read_batch() for an ext4 read, yesterday from
next_uptodate_page() from filemap_map_pages() for a shmem fault.

That BUG used to be placed where page_ref_add_unless() had succeeded,
but now it is placed before folio_ref_add_unless() is attempted: that
is not safe, since it is only the acquired reference which makes the
page safe from racing THP collapse or split.

We could keep the BUG, checking PageTail only when folio_ref_try_add_rcu()
has succeeded; but I don't think it adds much value - just delete it.

Fixes: 020853b6f5ea ("mm: Add folio_try_get_rcu()")
Signed-off-by: Hugh Dickins <hughd@google.com>
---

 include/linux/pagemap.h |    1 -
 1 file changed, 1 deletion(-)

--- 5.16-rc4/include/linux/pagemap.h
+++ linux/include/linux/pagemap.h
@@ -285,7 +285,6 @@ static inline struct inode *folio_inode(
 
 static inline bool page_cache_add_speculative(struct page *page, int count)
 {
-	VM_BUG_ON_PAGE(PageTail(page), page);
 	return folio_ref_try_add_rcu((struct folio *)page, count);
 }
 

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] mm: delete unsafe BUG from page_cache_add_speculative()
  2021-12-09  7:19 [PATCH] mm: delete unsafe BUG from page_cache_add_speculative() Hugh Dickins
@ 2021-12-09  9:30 ` Kirill A. Shutemov
  2021-12-09 13:55 ` Matthew Wilcox
  2021-12-10 17:20 ` Andrew Morton
  2 siblings, 0 replies; 5+ messages in thread
From: Kirill A. Shutemov @ 2021-12-09  9:30 UTC (permalink / raw)
  To: Hugh Dickins
  Cc: Matthew Wilcox, Andrew Morton, Vlastimil Babka,
	William Kucharski, Christoph Hellwig, Mike Rapoport,
	linux-kernel, linux-fsdevel, linux-mm

On Wed, Dec 08, 2021 at 11:19:18PM -0800, Hugh Dickins wrote:
> It is not easily reproducible, but on 5.16-rc I have several times hit
> the VM_BUG_ON_PAGE(PageTail(page), page) in page_cache_add_speculative():
> usually from filemap_get_read_batch() for an ext4 read, yesterday from
> next_uptodate_page() from filemap_map_pages() for a shmem fault.
> 
> That BUG used to be placed where page_ref_add_unless() had succeeded,
> but now it is placed before folio_ref_add_unless() is attempted: that
> is not safe, since it is only the acquired reference which makes the
> page safe from racing THP collapse or split.
> 
> We could keep the BUG, checking PageTail only when folio_ref_try_add_rcu()
> has succeeded; but I don't think it adds much value - just delete it.
> 
> Fixes: 020853b6f5ea ("mm: Add folio_try_get_rcu()")
> Signed-off-by: Hugh Dickins <hughd@google.com>

Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>

-- 
 Kirill A. Shutemov

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] mm: delete unsafe BUG from page_cache_add_speculative()
  2021-12-09  7:19 [PATCH] mm: delete unsafe BUG from page_cache_add_speculative() Hugh Dickins
  2021-12-09  9:30 ` Kirill A. Shutemov
@ 2021-12-09 13:55 ` Matthew Wilcox
  2021-12-10 17:20 ` Andrew Morton
  2 siblings, 0 replies; 5+ messages in thread
From: Matthew Wilcox @ 2021-12-09 13:55 UTC (permalink / raw)
  To: Hugh Dickins
  Cc: Andrew Morton, Vlastimil Babka, William Kucharski,
	Christoph Hellwig, Kirill A. Shutemov, Mike Rapoport,
	linux-kernel, linux-fsdevel, linux-mm

On Wed, Dec 08, 2021 at 11:19:18PM -0800, Hugh Dickins wrote:
> It is not easily reproducible, but on 5.16-rc I have several times hit
> the VM_BUG_ON_PAGE(PageTail(page), page) in page_cache_add_speculative():
> usually from filemap_get_read_batch() for an ext4 read, yesterday from
> next_uptodate_page() from filemap_map_pages() for a shmem fault.
> 
> That BUG used to be placed where page_ref_add_unless() had succeeded,
> but now it is placed before folio_ref_add_unless() is attempted: that
> is not safe, since it is only the acquired reference which makes the
> page safe from racing THP collapse or split.
> 
> We could keep the BUG, checking PageTail only when folio_ref_try_add_rcu()
> has succeeded; but I don't think it adds much value - just delete it.

Whoops, that was careless of me.  I agree with your reasoning and patch.

Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>

> Fixes: 020853b6f5ea ("mm: Add folio_try_get_rcu()")
> Signed-off-by: Hugh Dickins <hughd@google.com>
> ---
> 
>  include/linux/pagemap.h |    1 -
>  1 file changed, 1 deletion(-)
> 
> --- 5.16-rc4/include/linux/pagemap.h
> +++ linux/include/linux/pagemap.h
> @@ -285,7 +285,6 @@ static inline struct inode *folio_inode(
>  
>  static inline bool page_cache_add_speculative(struct page *page, int count)
>  {
> -	VM_BUG_ON_PAGE(PageTail(page), page);
>  	return folio_ref_try_add_rcu((struct folio *)page, count);
>  }
>  

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] mm: delete unsafe BUG from page_cache_add_speculative()
  2021-12-09  7:19 [PATCH] mm: delete unsafe BUG from page_cache_add_speculative() Hugh Dickins
  2021-12-09  9:30 ` Kirill A. Shutemov
  2021-12-09 13:55 ` Matthew Wilcox
@ 2021-12-10 17:20 ` Andrew Morton
  2021-12-10 19:18   ` Hugh Dickins
  2 siblings, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2021-12-10 17:20 UTC (permalink / raw)
  To: Hugh Dickins
  Cc: Matthew Wilcox, Vlastimil Babka, William Kucharski,
	Christoph Hellwig, Kirill A. Shutemov, Mike Rapoport,
	linux-kernel, linux-fsdevel, linux-mm

On Wed, 8 Dec 2021 23:19:18 -0800 (PST) Hugh Dickins <hughd@google.com> wrote:

> It is not easily reproducible, but on 5.16-rc I have several times hit
> the VM_BUG_ON_PAGE(PageTail(page), page) in page_cache_add_speculative():
> usually from filemap_get_read_batch() for an ext4 read, yesterday from
> next_uptodate_page() from filemap_map_pages() for a shmem fault.
> 
> That BUG used to be placed where page_ref_add_unless() had succeeded,
> but now it is placed before folio_ref_add_unless() is attempted: that
> is not safe, since it is only the acquired reference which makes the
> page safe from racing THP collapse or split.
> 
> We could keep the BUG, checking PageTail only when folio_ref_try_add_rcu()
> has succeeded; but I don't think it adds much value - just delete it.
> 
> Fixes: 020853b6f5ea ("mm: Add folio_try_get_rcu()")
> Signed-off-by: Hugh Dickins <hughd@google.com>

I added cc:stable to this.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] mm: delete unsafe BUG from page_cache_add_speculative()
  2021-12-10 17:20 ` Andrew Morton
@ 2021-12-10 19:18   ` Hugh Dickins
  0 siblings, 0 replies; 5+ messages in thread
From: Hugh Dickins @ 2021-12-10 19:18 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Hugh Dickins, Matthew Wilcox, Vlastimil Babka, William Kucharski,
	Christoph Hellwig, Kirill A. Shutemov, Mike Rapoport,
	linux-kernel, linux-fsdevel, linux-mm

On Fri, 10 Dec 2021, Andrew Morton wrote:
> On Wed, 8 Dec 2021 23:19:18 -0800 (PST) Hugh Dickins <hughd@google.com> wrote:
> 
> > It is not easily reproducible, but on 5.16-rc I have several times hit
> > the VM_BUG_ON_PAGE(PageTail(page), page) in page_cache_add_speculative():
> > usually from filemap_get_read_batch() for an ext4 read, yesterday from
> > next_uptodate_page() from filemap_map_pages() for a shmem fault.
> > 
> > That BUG used to be placed where page_ref_add_unless() had succeeded,
> > but now it is placed before folio_ref_add_unless() is attempted: that
> > is not safe, since it is only the acquired reference which makes the
> > page safe from racing THP collapse or split.
> > 
> > We could keep the BUG, checking PageTail only when folio_ref_try_add_rcu()
> > has succeeded; but I don't think it adds much value - just delete it.
> > 
> > Fixes: 020853b6f5ea ("mm: Add folio_try_get_rcu()")
> > Signed-off-by: Hugh Dickins <hughd@google.com>
> 
> I added cc:stable to this.

Thanks, but no, cc:stable not needed: the fixed commit went into 5.16-rc1,
and did not go to stable itself. There was an identical VM_BUG_ON_PAGE in
the old __page_cache_add_speculative(), but that one was correctly placed,
so there's no need for the old one to be removed.

Hugh

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-12-10 19:19 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-09  7:19 [PATCH] mm: delete unsafe BUG from page_cache_add_speculative() Hugh Dickins
2021-12-09  9:30 ` Kirill A. Shutemov
2021-12-09 13:55 ` Matthew Wilcox
2021-12-10 17:20 ` Andrew Morton
2021-12-10 19:18   ` Hugh Dickins

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).