On Wed, 15 Jan 2020, Wei Yang wrote: > >split_huge_page_to_list() has page lock taken. > > > >free_transhuge_page() is in the free path and doesn't susceptible to the > >race. > > > >deferred_split_scan() is trickier. list_move() should be safe against > >list_empty() as it will not produce false-positive list_empty(). > >list_del_init() *should* (correct me if I'm wrong) be safe because the page > >is freeing and memcg will not touch the page anymore. > > > >deferred_split_huge_page() is a problematic one. It called from > >page_remove_rmap() path witch does require page lock. I don't see any > >obvious way to exclude race with mem_cgroup_move_account() here. > >Anybody else? > > If my understanding is correct, the reason is deferred_split_huge_page() > doesn't has page lock taken, right? > I think the fix that you have proposed has inspired some deeper looks at the locking around the deferred split queue and the hope was that perhaps this could be protected by the page lock but it was found that at least in one path that isn't taken. So I believe your fix is still needed and any possible optimizations in this area can be proposed on top.