From patchwork Tue Sep 26 03:10:49 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Rik van Riel <riel@surriel.com>
X-Patchwork-Id: 13398615
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 56995E81810
	for <linux-mm@archiver.kernel.org>; Tue, 26 Sep 2023 03:13:36 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id BB35B6B011C; Mon, 25 Sep 2023 23:13:35 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B63776B011D; Mon, 25 Sep 2023 23:13:35 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A52596B011F; Mon, 25 Sep 2023 23:13:35 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com
 [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 93AE76B011C
	for <linux-mm@kvack.org>; Mon, 25 Sep 2023 23:13:35 -0400 (EDT)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 54240160DF5
	for <linux-mm@kvack.org>; Tue, 26 Sep 2023 03:13:35 +0000 (UTC)
X-FDA: 81277278390.03.D4074A0
Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147])
	by imf25.hostedemail.com (Postfix) with ESMTP id BBAB9A0004
	for <linux-mm@kvack.org>; Tue, 26 Sep 2023 03:13:33 +0000 (UTC)
Authentication-Results: imf25.hostedemail.com;
	dkim=none;
	spf=none (imf25.hostedemail.com: domain of riel@shelob.surriel.com has no SPF
 policy when checking 96.67.55.147) smtp.mailfrom=riel@shelob.surriel.com;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1695698013;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:references; bh=lo9SBe6E3yZylvB3m0vLKsYs1lYeEqPoJjVl7+P3TSY=;
	b=2XzflzddLhb5XATfo5TyK+Y13PQusWaC4ovbZTo9ws7BTc7k17jBKtDbsX11CJvZ+6xd9C
	kDyI1fjPOWIv6kJcWgC3E4jcEkOsy7Nriq2KR+Yxm8dUqq83xOldSs5etx823lfq5MfE9P
	+qqC4kjy8yJclnIMUAR1lJNToDi5goY=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1695698013; a=rsa-sha256;
	cv=none;
	b=UpMeS0Ulh/NutmEihucy6XcIoU0uqk6MeHhlsZup12kVgeqU0DMh6IcKpXDM1xEmoe++oK
	mcEWsmDJ62CkqUx9zJ8HcqKyxSFkFgq6/GUzxG7jDQdSOfH/9JSRExH54y7k5rD/8pnx0i
	e8GYCrifS3py9X5Kx725UYYvzxf96v0=
ARC-Authentication-Results: i=1;
	imf25.hostedemail.com;
	dkim=none;
	spf=none (imf25.hostedemail.com: domain of riel@shelob.surriel.com has no SPF
 policy when checking 96.67.55.147) smtp.mailfrom=riel@shelob.surriel.com;
	dmarc=none
Received: from imladris.home.surriel.com ([10.0.13.28]
 helo=imladris.surriel.com)
	by shelob.surriel.com with esmtpsa  (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <riel@shelob.surriel.com>)
	id 1qkyVD-00025y-0I;
	Mon, 25 Sep 2023 23:12:47 -0400
From: riel@surriel.com
To: linux-kernel@vger.kernel.org
Cc: kernel-team@meta.com,
	linux-mm@kvack.org,
	akpm@linux-foundation.org,
	muchun.song@linux.dev,
	mike.kravetz@oracle.com,
	leit@meta.com,
	willy@infradead.org
Subject: [PATCH v4 0/3] hugetlbfs: close race between MADV_DONTNEED and page
 fault
Date: Mon, 25 Sep 2023 23:10:49 -0400
Message-ID: <20230926031245.795759-1-riel@surriel.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
X-Stat-Signature: funmt138n3ris5cfpd3mojbje9tenopy
X-Rspamd-Server: rspam10
X-Rspamd-Queue-Id: BBAB9A0004
X-Rspam-User: 
X-HE-Tag: 1695698013-790236
X-HE-Meta: 
 U2FsdGVkX1+w+3IunYyJ/Ko5OufcgPRmdSw97hym31111oKg6AWppJYSuLLUVzBGYWtFdaQg6GC3ZuJJI6+n7DuCS6oCn6/A8tjHDGPJqp3Je4bAaNgTOzPLzrmB7XfMzT9EqfG9PRoSoZ3CDCRjIbUJPcs0AHKUjecC2z951LKFp0JqQlMvPv6hDHOodGG5POO9NTOcBOJl9NPWOtRTCZnvjAHJg1JEsYI+0xi+aS9NK1TIk79v2kCVQAPn/EI/5O38nvaVhKRQdixCr39trhT2GTc5uM+YKHWOLqJVH/rOtu1mqBwn9RPjzhNJSg2U4I5ToJP7Zm3G2VA5Yr7no+AI8TiQbfP7tbUszZoP2FLBXXnvUW8Vb6vGiq7EWat7sx+WqoFQM1Rqt7LvptBwTkZuArQAoGcNWCQLxKAIkVfOKbSVRElwfRV03EwxHXWb0Pux54FTflrddqQynBUAGqsMZ1K6ZEi/BFp8E8hEtU+gJmEyBYbbXz1+rKE4hlVMuW4IAYHpdil/Qk1Cye/WnHQgOE+520NN+wNJ0y9zEmuBufzHUYuQPHVlnyWI7rYd2Rq6tW7kUheEeS4yHV3/q3u6ARMbm0wMqjKUYVjHnKpyGM0YgDoFGrmt0yZ6J0VyeMkEwRvU8AUWqxRk0XMFOZl8kt3eiDEtNz2w3iZZplgYSe53zMcICzp2uDutmyREAEPAKqEcHKThj2ilwtUFakSQesXsb3N7Lh3ZBI5qwb4HToVAn69uymGxTPk3IqWv6/ZewhcXm61l/E4H+OdxIRPu0Z5fz9AxOyML/KvZm9Nhhj/4lfThVb+4A5L+txnrRvc4JcXbpaWosvxrgcsX7DCuoRw4rIF8CPvhByo4HHMJCQqeadF7Dj6gDLgXrQHg++rBEpJJWimoZozh4mnFHxuzix6TsRnQlLFxlVk9dnjQGqhLX1A84xQnjNaXgTIWOTbGCTHK0PuR9/Gc9Rt
 yZL0UAhM
 ztO4+p56oY6eVj8nNdWuAU4+lM2jrvyMRSB1cSezg52KwLWe7r7nCfhWoLWObkuIcRpWFv15DQ6q5tdXaWUD6/sUA4ThK79BswLdujOZclFfyiAXW86MoPHI7y0areFy0xMxtghkJCPPxYGZhrcyrLTS8RrFdHJHJb5wp05jXnhmbV8X4kZAEzUWW39SHl6jfnsPpiTiC6pbnzYqz2Xx8CzxYkjWpfcJbjlrIMpvkz+b/LMKlXpiZYuNt1DdKVXL2fKrpBPU39LHgpNXi7TUro6kuHw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

v4: fix unmap_vmas locking issue pointed out by Mike Kravetz, and resulting lockdep fallout
v3: fix compile error w/ lockdep and test case errors with patch 3
v2: fix the locking bug found with the libhugetlbfs tests.

Malloc libraries, like jemalloc and tcalloc, take decisions on when
to call madvise independently from the code in the main application.

This sometimes results in the application page faulting on an address,
right after the malloc library has shot down the backing memory with
MADV_DONTNEED.

Usually this is harmless, because we always have some 4kB pages
sitting around to satisfy a page fault. However, with hugetlbfs
systems often allocate only the exact number of huge pages that
the application wants.

Due to TLB batching, hugetlbfs MADV_DONTNEED will free pages outside of
any lock taken on the page fault path, which can open up the following
race condition:

       CPU 1                            CPU 2

       MADV_DONTNEED
       unmap page
       shoot down TLB entry
                                       page fault
                                       fail to allocate a huge page
                                       killed with SIGBUS
       free page

Fix that race by extending the hugetlb_vma_lock locking scheme to also
cover private hugetlb mappings (with resv_map), and pulling the locking 
from __unmap_hugepage_final_range into helper functions called from
zap_page_range_single. This ensures page faults stay locked out of
the MADV_DONTNEED VMA until the huge pages have actually been freed.

The third patch in the series is more of an RFC. Using the
invalidate_lock instead of the hugetlb_vma_lock greatly simplifies
the code, but at the cost of turning a per-VMA lock into a lock
per backing hugetlbfs file, which could slow things down when
multiple processes are mapping the same hugetlbfs file.