On Tue, 14 Jan 2020, Kirill A. Shutemov wrote: > split_huge_page_to_list() has page lock taken. > > free_transhuge_page() is in the free path and doesn't susceptible to the > race. > > deferred_split_scan() is trickier. list_move() should be safe against > list_empty() as it will not produce false-positive list_empty(). > list_del_init() *should* (correct me if I'm wrong) be safe because the page > is freeing and memcg will not touch the page anymore. > > deferred_split_huge_page() is a problematic one. It called from > page_remove_rmap() path witch does require page lock. I don't see any > obvious way to exclude race with mem_cgroup_move_account() here. > Anybody else? > > Wei, could you rewrite the commit message with deferred_split_huge_page() > as a race source instead of split_huge_page_to_list()? > I think describing the race in terms of deferred_split_huge_page() makes the most sense and I'd prefer a cc to stable for 5.4+. Even getting the split_queue_len, which is unsigned long, to underflow because of a list_empty(page_deferred_list()) check that is no longer accurate after the lock is taken would be a significant issue for shrinkers.
