Re: [PATCH v3] mm,thp: recheck each page before collapsing file THP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On Oct 18, 2019, at 6:17 PM, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> 
> On Fri, 18 Oct 2019 11:03:45 -0700 Song Liu <songliubraving@xxxxxx> wrote:
> 
>> In collapse_file(), after locking the page, it is necessary to recheck
>> that the page is up-to-date. Add PageUptodate() check for both shmem THP
>> and file THP.
>> 
>> Current khugepaged should not try to collapse dirty file THP, because it
>> is limited to read only text. Add a PageDirty check and warning for file
>> THP. This is added after page_mapping() check, because if the page is
>> truncated, it might be dirty.
> 
> When fixing a bug, please always fully describe the end-user visible
> effects of that bug.  This is vital information for people who are
> considering the fix for backporting.

The end user effect is, corruption in page cache. While grouping pages 
into a huge page, the page cache mistakenly includes some pages that 
are not uptodate, and considers the huge page is uptodate. 

I am attaching updated commit log to the end. 

> 
> I'm suspecting that you've found a race condition which can trigger a
> VM_BUG_ON_PAGE(), which is rather serious.  But that was just a wild
> guess.  Please don't make us wildly guess :(
> 
> The old code looked rather alarming:
> 
> 			} else if (!PageUptodate(page)) {
> 				xas_unlock_irq(&xas);
> 				wait_on_page_locked(page);
> 				if (!trylock_page(page)) {
> 					result = SCAN_PAGE_LOCK;
> 					goto xa_unlocked;
> 				}
> 				get_page(page);
> 
> We don't have a ref on that page.  After we've released the xarray lock
> we have no business playing with *page at all, correct?

Yeah, this piece is not just redundant, but also buggy. I am also 
including some information about it. 

Updated commit log:

============================= 8< =============================

In collapse_file(), for !is_shmem case, current check cannot guarantee 
the locked page is up-to-date. Specifically, xas_unlock_irq() should not
be called before lock_page() and get_page(); and it is necessary to 
recheck PageUptodate() after locking the page. 

With this bug and CONFIG_READ_ONLY_THP_FOR_FS=y, madvise(HUGE)'ed .text 
may contain corrupted data. This is because khugepaged mistakenly 
collapses some not up-to-date sub pages into a huge page, and assumes the 
huge page is up-to-date. This will NOT corrupt data in the disk, because 
the page is read-only and never written back. Fix this by properly 
checking PageUptodate() after locking the page. This check replaces 
"VM_BUG_ON_PAGE(!PageUptodate(page), page);". 

Also, move PageDirty() check after locking the page. Current khugepaged 
should not try to collapse dirty file THP, because it is limited to 
read-only .text. Add a warning with the PageDirty() check as it should 
not happen. This warning is added after page_mapping() check, because 
if the page is truncated, it might be dirty.

Fixes: 99cb0dbd47a1 ("mm,thp: add read-only THP support for (non-shmem) FS")
Cc: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Cc: Johannes Weiner <hannes@xxxxxxxxxxx>
Cc: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: William Kucharski <william.kucharski@xxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Song Liu <songliubraving@xxxxxx>

============================= 8< =============================

Thanks,
Song







[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux