On 22.08.2020 02:49, Peter Xu wrote:
> From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
>
> How about we just make sure we're the only possible valid user fo the
> page before we bother to reuse it?
>
> Simplify, simplify, simplify.
>
> And get rid of the nasty serialization on the page lock at the same time.
>
> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> [peterx: add subject prefix]
> Signed-off-by: Peter Xu <peterx@xxxxxxxxxx>
> ---
> mm/memory.c | 59 +++++++++++++++--------------------------------------
> 1 file changed, 17 insertions(+), 42 deletions(-)
>
> diff --git a/mm/memory.c b/mm/memory.c
> index 602f4283122f..cb9006189d22 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -2927,50 +2927,25 @@ static vm_fault_t do_wp_page(struct vm_fault *vmf)
> * not dirty accountable.
> */
> if (PageAnon(vmf->page)) {
> - int total_map_swapcount;
> - if (PageKsm(vmf->page) && (PageSwapCache(vmf->page) ||
> - page_count(vmf->page) != 1))
> + struct page *page = vmf->page;
> +
> + /* PageKsm() doesn't necessarily raise the page refcount */
No, this is wrong. PageKSM() always raises refcount. There was another problem:
KSM may raise refcount without lock_page(), and only then it takes the lock.
See get_ksm_page(GET_KSM_PAGE_NOLOCK) for the details.
So, reliable protection against parallel access requires to freeze page counter,
which is made in reuse_ksm_page().
> + if (PageKsm(page) || page_count(page) != 1)
> + goto copy;
> + if (!trylock_page(page))
> + goto copy;
> + if (PageKsm(page) || page_mapcount(page) != 1 || page_count(page) != 1) {
> + unlock_page(page);
> goto copy;
> - if (!trylock_page(vmf->page)) {
> - get_page(vmf->page);
> - pte_unmap_unlock(vmf->pte, vmf->ptl);
> - lock_page(vmf->page);
> - vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd,
> - vmf->address, &vmf->ptl);
> - if (!pte_same(*vmf->pte, vmf->orig_pte)) {
> - update_mmu_tlb(vma, vmf->address, vmf->pte);
> - unlock_page(vmf->page);
> - pte_unmap_unlock(vmf->pte, vmf->ptl);
> - put_page(vmf->page);
> - return 0;
> - }
> - put_page(vmf->page);
> - }
> - if (PageKsm(vmf->page)) {
> - bool reused = reuse_ksm_page(vmf->page, vmf->vma,
> - vmf->address);
> - unlock_page(vmf->page);
> - if (!reused)
> - goto copy;
> - wp_page_reuse(vmf);
> - return VM_FAULT_WRITE;
> - }
> - if (reuse_swap_page(vmf->page, &total_map_swapcount)) {
> - if (total_map_swapcount == 1) {
> - /*
> - * The page is all ours. Move it to
> - * our anon_vma so the rmap code will
> - * not search our parent or siblings.
> - * Protected against the rmap code by
> - * the page lock.
> - */
> - page_move_anon_rmap(vmf->page, vma);
> - }
> - unlock_page(vmf->page);
> - wp_page_reuse(vmf);
> - return VM_FAULT_WRITE;
> }
> - unlock_page(vmf->page);
> + /*
> + * Ok, we've got the only map reference, and the only
> + * page count reference, and the page is locked,
> + * it's dark out, and we're wearing sunglasses. Hit it.
> + */
> + wp_page_reuse(vmf);
> + unlock_page(page);
> + return VM_FAULT_WRITE;
> } else if (unlikely((vma->vm_flags & (VM_WRITE|VM_SHARED)) ==
> (VM_WRITE|VM_SHARED))) {
> return wp_page_shared(vmf);
>
