Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Fri, Jan 10, 2014 at 05:12:27PM +0100, Oleg Nesterov wrote: > The recent "[PATCH v6 tip/core/locking 3/8] Documentation/memory-barriers.txt: > Prohibit speculative writes" from Paul says: > > No SMP architecture currently supporting Linux allows speculative > writes, > > ... > >

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On 01/09, Andrea Arcangeli wrote: > > > > > But we probably need barrier() in between, we can't use ACCESS_ONCE(). > > After get_page_unless_zero I don't think there's any need of > barrier(). barrier() should have been implicit in __atomic_add_unless > in fact it should be a full smp_mb() equivale

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Thu, Jan 09, 2014 at 03:04:47PM +0100, Oleg Nesterov wrote: > > > #ifdef CONFIG_TRANSPARENT_HUGEPAGE > > page_head = page; > > if (unlikely(PageTail(page))) { > > put_page(page); > > > > > > so I'm still not seeing how a tail page racing with a split ends up with

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Thu, Jan 09, 2014 at 08:43:50PM +0100, Oleg Nesterov wrote: > get_page_unless_zero(), and recently it was documented that the kernel can > rely on the control dependency to serialize LOAD + STORE. Ok, that's cheap then. > > But we probably need barrier() in between, we can't use ACCESS_ONCE()

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On 01/09, Andrea Arcangeli wrote: > > On Thu, Jan 09, 2014 at 03:04:47PM +0100, Oleg Nesterov wrote: > > OK. Even if I am right, we can probably make another fix. > > I think the confusion here was to think this was related to the futex > code, it isn't. This was just a generic theoretical problem

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Thu, Jan 09, 2014 at 03:04:47PM +0100, Oleg Nesterov wrote: > OK. Even if I am right, we can probably make another fix. I think the confusion here was to think this was related to the futex code, it isn't. This was just a generic theoretical problem found doing the futex cleanups but it's not r

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On 01/09, Mel Gorman wrote: > > On Wed, Jan 08, 2014 at 08:04:43PM +0100, Oleg Nesterov wrote: > > > > Yes. > > > > But suppose that CPU B completes split_huge_page_to_list/munmap/etc > > and frees this head page. > > > > Where did the reference taken by get_huge_page_multiple go? In __split_huge_

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Wed, Jan 08, 2014 at 08:04:43PM +0100, Oleg Nesterov wrote: > On 01/08, Mel Gorman wrote: > > > > On Wed, Jan 08, 2014 at 05:13:38PM +0100, Oleg Nesterov wrote: > > > > > > Yes. But, for example, get_futex_key() does > > > > > > if (unlikely(PageTail(page))) { > > > put_page(page); >

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On 01/08, Mel Gorman wrote: > > On Wed, Jan 08, 2014 at 05:13:38PM +0100, Oleg Nesterov wrote: > > > > Yes. But, for example, get_futex_key() does > > > > if (unlikely(PageTail(page))) { > > put_page(page); > > > > why this put_page() can't race with _split? If nothing else, another

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Wed, Jan 08, 2014 at 05:13:38PM +0100, Oleg Nesterov wrote: > On 01/08, Mel Gorman wrote: > > > > On Sat, Jan 04, 2014 at 05:43:47PM +0100, Oleg Nesterov wrote: > > > > > > get/put_page(thp_tail) paths do get_page_unless_zero(page_head) + > > > compound_lock(). In theory this page_head can b

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On 01/08, Mel Gorman wrote: > > On Sat, Jan 04, 2014 at 05:43:47PM +0100, Oleg Nesterov wrote: > > > > get/put_page(thp_tail) paths do get_page_unless_zero(page_head) + > > compound_lock(). In theory this page_head can be already freed and > > reallocated as alloc_pages(__GFP_COMP, smal

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Wed, Jan 08, 2014 at 11:54:00AM +, Mel Gorman wrote: > On Sat, Jan 04, 2014 at 05:43:47PM +0100, Oleg Nesterov wrote: > > On 01/03, Andrew Morton wrote: > > > > > > On Fri, 3 Jan 2014 20:55:47 +0100 Oleg Nesterov wrote: > > > > > > > get/put_page(thp_tail) paths do get_page_unless_zero(page

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Sat, Jan 04, 2014 at 05:43:47PM +0100, Oleg Nesterov wrote: > On 01/03, Andrew Morton wrote: > > > > On Fri, 3 Jan 2014 20:55:47 +0100 Oleg Nesterov wrote: > > > > > get/put_page(thp_tail) paths do get_page_unless_zero(page_head) + > > > compound_lock(). In theory this page_head can be already

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On 01/03, Andrew Morton wrote: > > On Fri, 3 Jan 2014 20:55:47 +0100 Oleg Nesterov wrote: > > > get/put_page(thp_tail) paths do get_page_unless_zero(page_head) + > > compound_lock(). In theory this page_head can be already freed and > > reallocated as alloc_pages(__GFP_COMP, smaller_order). In thi

Re: [PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

On Fri, 3 Jan 2014 20:55:47 +0100 Oleg Nesterov wrote: > get/put_page(thp_tail) paths do get_page_unless_zero(page_head) + > compound_lock(). In theory this page_head can be already freed and > reallocated as alloc_pages(__GFP_COMP, smaller_order). In this case > get_page_unless_zero() can succee

[PATCH v2 1/1] mm: fix the theoretical compound_lock() vs prep_new_page() race

get/put_page(thp_tail) paths do get_page_unless_zero(page_head) + compound_lock(). In theory this page_head can be already freed and reallocated as alloc_pages(__GFP_COMP, smaller_order). In this case get_page_unless_zero() can succeed right after set_page_refcounted(), and compound_lock() can race