On Tue, Jan 14, 2020 at 12:57:22PM -0800, David Rientjes wrote: >On Tue, 14 Jan 2020, Kirill A. Shutemov wrote: > >> split_huge_page_to_list() has page lock taken. >> >> free_transhuge_page() is in the free path and doesn't susceptible to the >> race. >> >> deferred_split_scan() is trickier. list_move() should be safe against >> list_empty() as it will not produce false-positive list_empty(). >> list_del_init() *should* (correct me if I'm wrong) be safe because the page >> is freeing and memcg will not touch the page anymore. >> >> deferred_split_huge_page() is a problematic one. It called from >> page_remove_rmap() path witch does require page lock. I don't see any >> obvious way to exclude race with mem_cgroup_move_account() here. >> Anybody else? >> >> Wei, could you rewrite the commit message with deferred_split_huge_page() >> as a race source instead of split_huge_page_to_list()? >> > >I think describing the race in terms of deferred_split_huge_page() makes >the most sense and I'd prefer a cc to stable for 5.4+. Even getting the >split_queue_len, which is unsigned long, to underflow because of a >list_empty(page_deferred_list()) check that is no longer accurate after >the lock is taken would be a significant issue for shrinkers. Oh, you are right. Even the list is not corrupted between deferred_split_scan() and mem_cgroup_move_account(), split_queue_len would be in a wrong state. Hmm... to some extend, the page lock complicates the picture a little here, even it helps in some cases. -- Wei Yang Help you, Help me