Message ID | 20180824154542.26872-1-jack@suse.cz (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | mm: Fix warning in insert_pfn() | expand |
On Fri, Aug 24, 2018 at 05:45:42PM +0200, Jan Kara wrote: > In DAX mode a write pagefault can race with write(2) in the following > way: > > CPU0 CPU1 > write fault for mapped zero page (hole) > dax_iomap_rw() > iomap_apply() > xfs_file_iomap_begin() > - allocates blocks > dax_iomap_actor() > invalidate_inode_pages2_range() > - invalidates radix tree entries in given range > dax_iomap_pte_fault() > grab_mapping_entry() > - no entry found, creates empty > ... > xfs_file_iomap_begin() > - finds already allocated block > ... > vmf_insert_mixed_mkwrite() > - WARNs and does nothing because there > is still zero page mapped in PTE > unmap_mapping_pages() > > This race results in WARN_ON from insert_pfn() and is occasionally > triggered by fstest generic/344. Note that the race is otherwise > harmless as before write(2) on CPU0 is finished, we will invalidate page > tables properly and thus user of mmap will see modified data from > write(2) from that point on. So just restrict the warning only to the > case when the PFN in PTE is not zero page. > > Signed-off-by: Jan Kara <jack@suse.cz> I don't see this in linux-next. What's the status of this patch? Thanks, - Ted
On Wed, Oct 3, 2018 at 9:40 AM Theodore Y. Ts'o <tytso@mit.edu> wrote: > > On Fri, Aug 24, 2018 at 05:45:42PM +0200, Jan Kara wrote: > > In DAX mode a write pagefault can race with write(2) in the following > > way: > > > > CPU0 CPU1 > > write fault for mapped zero page (hole) > > dax_iomap_rw() > > iomap_apply() > > xfs_file_iomap_begin() > > - allocates blocks > > dax_iomap_actor() > > invalidate_inode_pages2_range() > > - invalidates radix tree entries in given range > > dax_iomap_pte_fault() > > grab_mapping_entry() > > - no entry found, creates empty > > ... > > xfs_file_iomap_begin() > > - finds already allocated block > > ... > > vmf_insert_mixed_mkwrite() > > - WARNs and does nothing because there > > is still zero page mapped in PTE > > unmap_mapping_pages() > > > > This race results in WARN_ON from insert_pfn() and is occasionally > > triggered by fstest generic/344. Note that the race is otherwise > > harmless as before write(2) on CPU0 is finished, we will invalidate page > > tables properly and thus user of mmap will see modified data from > > write(2) from that point on. So just restrict the warning only to the > > case when the PFN in PTE is not zero page. > > > > Signed-off-by: Jan Kara <jack@suse.cz> > > I don't see this in linux-next. What's the status of this patch? > It's in Andrew's tree. I believe we are awaiting the next -next release to rebase on latest mmotm.
On Wed, Oct 03, 2018 at 09:56:09AM -0700, Dan Williams wrote: > > It's in Andrew's tree. I believe we are awaiting the next -next > release to rebase on latest mmotm. Great, thanks for the update! - Ted
On Fri, 24 Aug 2018 17:45:42 +0200 Jan Kara <jack@suse.cz> wrote: > In DAX mode a write pagefault can race with write(2) in the following > way: > > CPU0 CPU1 > write fault for mapped zero page (hole) > dax_iomap_rw() > iomap_apply() > xfs_file_iomap_begin() > - allocates blocks > dax_iomap_actor() > invalidate_inode_pages2_range() > - invalidates radix tree entries in given range > dax_iomap_pte_fault() > grab_mapping_entry() > - no entry found, creates empty > ... > xfs_file_iomap_begin() > - finds already allocated block > ... > vmf_insert_mixed_mkwrite() > - WARNs and does nothing because there > is still zero page mapped in PTE > unmap_mapping_pages() > > This race results in WARN_ON from insert_pfn() and is occasionally > triggered by fstest generic/344. Note that the race is otherwise > harmless as before write(2) on CPU0 is finished, we will invalidate page > tables properly and thus user of mmap will see modified data from > write(2) from that point on. So just restrict the warning only to the > case when the PFN in PTE is not zero page. > > ... > > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -1787,10 +1787,15 @@ static int insert_pfn(struct vm_area_struct *vma, unsigned long addr, > * in may not match the PFN we have mapped if the > * mapped PFN is a writeable COW page. In the mkwrite > * case we are creating a writable PTE for a shared > - * mapping and we expect the PFNs to match. > + * mapping and we expect the PFNs to match. If they > + * don't match, we are likely racing with block > + * allocation and mapping invalidation so just skip the > + * update. > */ > - if (WARN_ON_ONCE(pte_pfn(*pte) != pfn_t_to_pfn(pfn))) > + if (pte_pfn(*pte) != pfn_t_to_pfn(pfn)) { > + WARN_ON_ONCE(!is_zero_pfn(pte_pfn(*pte))); > goto out_unlock; > + } > entry = *pte; Shouldn't we just remove the warning? We know it happens and we know why it happens and we know it's harmless. What's the point in scaring people?
On Wed, Oct 10, 2018 at 5:37 PM Andrew Morton <akpm@linux-foundation.org> wrote: > > On Fri, 24 Aug 2018 17:45:42 +0200 Jan Kara <jack@suse.cz> wrote: > > > In DAX mode a write pagefault can race with write(2) in the following > > way: > > > > CPU0 CPU1 > > write fault for mapped zero page (hole) > > dax_iomap_rw() > > iomap_apply() > > xfs_file_iomap_begin() > > - allocates blocks > > dax_iomap_actor() > > invalidate_inode_pages2_range() > > - invalidates radix tree entries in given range > > dax_iomap_pte_fault() > > grab_mapping_entry() > > - no entry found, creates empty > > ... > > xfs_file_iomap_begin() > > - finds already allocated block > > ... > > vmf_insert_mixed_mkwrite() > > - WARNs and does nothing because there > > is still zero page mapped in PTE > > unmap_mapping_pages() > > > > This race results in WARN_ON from insert_pfn() and is occasionally > > triggered by fstest generic/344. Note that the race is otherwise > > harmless as before write(2) on CPU0 is finished, we will invalidate page > > tables properly and thus user of mmap will see modified data from > > write(2) from that point on. So just restrict the warning only to the > > case when the PFN in PTE is not zero page. > > > > ... > > > > --- a/mm/memory.c > > +++ b/mm/memory.c > > @@ -1787,10 +1787,15 @@ static int insert_pfn(struct vm_area_struct *vma, unsigned long addr, > > * in may not match the PFN we have mapped if the > > * mapped PFN is a writeable COW page. In the mkwrite > > * case we are creating a writable PTE for a shared > > - * mapping and we expect the PFNs to match. > > + * mapping and we expect the PFNs to match. If they > > + * don't match, we are likely racing with block > > + * allocation and mapping invalidation so just skip the > > + * update. > > */ > > - if (WARN_ON_ONCE(pte_pfn(*pte) != pfn_t_to_pfn(pfn))) > > + if (pte_pfn(*pte) != pfn_t_to_pfn(pfn)) { > > + WARN_ON_ONCE(!is_zero_pfn(pte_pfn(*pte))); > > goto out_unlock; > > + } > > entry = *pte; > > Shouldn't we just remove the warning? We know it happens and we know > why it happens and we know it's harmless. What's the point in scaring > people? tl;dr let's keep it. I think this fix effectively pushes this into "can't happen" territory, but if it does our dax assumptions are off somewhere else. So, I think this is useful for developers hacking around in the dax code to make sure they aren't breaking some fundamental assumption.
diff --git a/mm/memory.c b/mm/memory.c index 83aef222f11b..e82cd2125d72 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1787,10 +1787,15 @@ static int insert_pfn(struct vm_area_struct *vma, unsigned long addr, * in may not match the PFN we have mapped if the * mapped PFN is a writeable COW page. In the mkwrite * case we are creating a writable PTE for a shared - * mapping and we expect the PFNs to match. + * mapping and we expect the PFNs to match. If they + * don't match, we are likely racing with block + * allocation and mapping invalidation so just skip the + * update. */ - if (WARN_ON_ONCE(pte_pfn(*pte) != pfn_t_to_pfn(pfn))) + if (pte_pfn(*pte) != pfn_t_to_pfn(pfn)) { + WARN_ON_ONCE(!is_zero_pfn(pte_pfn(*pte))); goto out_unlock; + } entry = *pte; goto out_mkwrite; } else
In DAX mode a write pagefault can race with write(2) in the following way: CPU0 CPU1 write fault for mapped zero page (hole) dax_iomap_rw() iomap_apply() xfs_file_iomap_begin() - allocates blocks dax_iomap_actor() invalidate_inode_pages2_range() - invalidates radix tree entries in given range dax_iomap_pte_fault() grab_mapping_entry() - no entry found, creates empty ... xfs_file_iomap_begin() - finds already allocated block ... vmf_insert_mixed_mkwrite() - WARNs and does nothing because there is still zero page mapped in PTE unmap_mapping_pages() This race results in WARN_ON from insert_pfn() and is occasionally triggered by fstest generic/344. Note that the race is otherwise harmless as before write(2) on CPU0 is finished, we will invalidate page tables properly and thus user of mmap will see modified data from write(2) from that point on. So just restrict the warning only to the case when the PFN in PTE is not zero page. Signed-off-by: Jan Kara <jack@suse.cz> --- mm/memory.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)