On Mon, 29 May 2023, Matthew Wilcox wrote:
> On Sun, May 28, 2023 at 11:20:21PM -0700, Hugh Dickins wrote:
> > +void pte_free_defer(struct mm_struct *mm, pgtable_t pgtable)
> > +{
> > + struct page *page;
> > +
> > + page = virt_to_page(pgtable);
> > + call_rcu(&page->rcu_head, pte_free_now);
> > +}
>
> This can't be safe (on ppc). IIRC you might have up to 16x4k page
> tables sharing one 64kB page. So if you have two page tables from the
> same page being defer-freed simultaneously, you'll reuse the rcu_head
> and I cannot imagine things go well from that point.
Oh yes, of course, thanks for catching that so quickly.
So my s390 and sparc implementations will be equally broken.
>
> I have no idea how to solve this problem.
I do: I'll have to go back to the more complicated implementation we
actually ran with on powerpc - I was thinking those complications just
related to deposit/withdraw matters, forgetting the one-rcu_head issue.
It uses large (0x10000) increments of the page refcount, avoiding
call_rcu() when already active.
It's not a complication I had wanted to explain or test for now,
but we shall have to. Should apply equally well to sparc, but s390
more of a problem, since s390 already has its own refcount cleverness.
Thanks, I must dash, out much of the day.
Hugh
