From patchwork Fri Sep 22 19:02:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rik van Riel X-Patchwork-Id: 13396350 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30FDDCD4851 for ; Fri, 22 Sep 2023 19:06:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 662A26B0303; Fri, 22 Sep 2023 15:06:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5EC1A6B0305; Fri, 22 Sep 2023 15:06:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 48C576B0307; Fri, 22 Sep 2023 15:06:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 347676B0303 for ; Fri, 22 Sep 2023 15:06:23 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 02B9212029D for ; Fri, 22 Sep 2023 19:06:22 +0000 (UTC) X-FDA: 81265164246.19.816864F Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) by imf04.hostedemail.com (Postfix) with ESMTP id 75DB34001C for ; Fri, 22 Sep 2023 19:06:21 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=none; dmarc=none; spf=none (imf04.hostedemail.com: domain of riel@shelob.surriel.com has no SPF policy when checking 96.67.55.147) smtp.mailfrom=riel@shelob.surriel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1695409581; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references; bh=ZWOBUzel0hTP5zlz7y2Skk8tQ+ei1TM5PAGkEPtLeRI=; b=VGXO7GDezbqrc22g7oTQwwwXGxad/hZ47CyXAVVzMnrNSys/zUFxM8G4/A+SVoPV+GxY0T kaZvw8X+3N9OmU5jywfAyPaDAxMzGnlqS+daiQdpNbMnI39Sq7igNH3TCM2LBc3pX8nSl/ fC1amC/CtJbwfMHiA9FNUrp5FLoR53Y= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=none; dmarc=none; spf=none (imf04.hostedemail.com: domain of riel@shelob.surriel.com has no SPF policy when checking 96.67.55.147) smtp.mailfrom=riel@shelob.surriel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1695409581; a=rsa-sha256; cv=none; b=K2G0dJszi9KjlpN6lAZNihpUnj9oA8ONCOk8MnDm/mHZLu5GbbAwe/DAogqq3MMqqySPOw iRi079Ehtt8Y6VDvDBggQnppJssydZFKT+GkhWwsBqxj3LicXIbZ9ThXcsWabRS3eizJ5E b0GOybsjfUwP17qxl3XhM7QVQQHLZ3g= Received: from imladris.home.surriel.com ([10.0.13.28] helo=imladris.surriel.com) by shelob.surriel.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1qjlTP-0002Wy-1G; Fri, 22 Sep 2023 15:05:55 -0400 From: riel@surriel.com To: linux-kernel@vger.kernel.org Cc: kernel-team@meta.com, linux-mm@kvack.org, akpm@linux-foundation.org, muchun.song@linux.dev, mike.kravetz@oracle.com, leit@meta.com, willy@infradead.org Subject: [PATCH v2 0/3] hugetlbfs: close race between MADV_DONTNEED and page fault Date: Fri, 22 Sep 2023 15:02:28 -0400 Message-ID: <20230922190552.3963067-1-riel@surriel.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Rspamd-Queue-Id: 75DB34001C X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: qmhcb3hjh7nbjze5ur9113yx6i8efxui X-HE-Tag: 1695409581-952252 X-HE-Meta: U2FsdGVkX1/1QVjyasGcm9SDu6ewzqyJiWnHoheM2vvIdBU6BLvxhagop1eKeDa9zV3SYdf6L9NmVeBgyrOI3dwFMHCpVIobaSI7mBUli16hPgaeniqZxD0bJSpc0sIEf4QcQver00FvNlb1KMApNYoFKLGYYhRUgT3hTScIkC8OM3gwax4DtJcxTrNqdDvSbNUEv9cRU/D3hr2/wEKDWev3H3Z/p793QnqD2IPPOnEZLUPtEz5ipjT5s7uwKUu0/qzVOxgpkoxSMy20CgnvQf/PKzkTfIQp1dZHL6hfY0vWr3HtHkcVgkFNqxVrUaDEQuo8rvpP829ipkloCv40PzaoMn3Tk3UQiamYu4RQPo9qWprbVgpCHskc7/4Ny2jFyMA4hk6bYotv+RnB3X1N9bD2rxOC14CgqIVCg88SGSULoHVonZ17wHjvRBheWcJAKsIrcsaKKuAeZjjH7+pYmr6s45Y75Y7uCzSV6QNmjAdjdSD/zoEnlYzoU10V4vxGuLEkwAmdQ0KZRMALRxGkl7CoLcYHxEKg4hWX2CFFnF+5hd2s/nxb/jf4EFrrxCagZPYGfPfkbjVyTIErtd7zaM/bCslwkR1n9mFepoe8oz26CEl4tVwtxGAeTolFMMRbZDs9/zXvKUfebW8Q7YgDEVOrEXWskbeTSHXrx+W8BIJkP9K0lXL2imj/8YWUIHohw3PTm28KHyAJz+Ogqi1q8gnvOkzUmjRkHaZgwAXene51LBlRfsfTqVWC6UBM1tT84SpVZTjIXbfv+T5PgvLpYN8z4m2vTrqzeC14vva+GQBiM4Ev1Nb7R62aFH1qpMsJ6+McINhIX1jqfeuRjZa16y4mMfwWLSgAcv6TCwuPMizRwfE90gkRdBfciBRJvYm1oCsLV1ZYBrgVr6eaBr+n72RZRZONx78hZOPec53U+rUB5VIPedx2FxSrQgVwgG2W1FqlZZ2Tt6A8lyBt2K0 aNYTOswD 48kFcQ9I26Kp4+J/qa4bXuljvjL7AtfKEdvHa21Xh/zhDpLZj7f6FiNhrJ7f1GL8+viVVSndl0dlBsoz1Wmxw/pUOqIX5uhaIhiQg5XOH0MSfxniFKF6Ud1BFPqkXTcHY4gSaiPcDj8TtpIEUW0u8HProrqvwk/2qNUdUpSuCktFQwSkeLvI8OG/K2W0smv/JOkpMHuTyxaV/kcarOEkziiVrbnnSdUC42JjLkewNk7eMYefqOY4WX9TIfvtWn/yGowJER7ogmzv35MJ/fDJLmsJY7A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: v2: fix the locking bug found with the libhugetlbfs tests. Malloc libraries, like jemalloc and tcalloc, take decisions on when to call madvise independently from the code in the main application. This sometimes results in the application page faulting on an address, right after the malloc library has shot down the backing memory with MADV_DONTNEED. Usually this is harmless, because we always have some 4kB pages sitting around to satisfy a page fault. However, with hugetlbfs systems often allocate only the exact number of huge pages that the application wants. Due to TLB batching, hugetlbfs MADV_DONTNEED will free pages outside of any lock taken on the page fault path, which can open up the following race condition: CPU 1 CPU 2 MADV_DONTNEED unmap page shoot down TLB entry page fault fail to allocate a huge page killed with SIGBUS free page Fix that race by extending the hugetlb_vma_lock locking scheme to also cover private hugetlb mappings (with resv_map), and pulling the locking from __unmap_hugepage_final_range into helper functions called from zap_page_range_single. This ensures page faults stay locked out of the MADV_DONTNEED VMA until the huge pages have actually been freed. The third patch in the series is more of an RFC. Using the invalidate_lock instead of the hugetlb_vma_lock greatly simplifies the code, but at the cost of turning a per-VMA lock into a lock per backing hugetlbfs file, which could slow things down when multiple processes are mapping the same hugetlbfs file.