[v3,1/4] mm: update the memmap stat before page is freed

Message ID	20240808154237.220029-2-pasha.tatashin@soleen.com (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Pasha Tatashin <pasha.tatashin@soleen.com> To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-cxl@vger.kernel.org, cerasuolodomenico@gmail.com, hannes@cmpxchg.org, j.granados@samsung.com, lizhijian@fujitsu.com, muchun.song@linux.dev, nphamcs@gmail.com, pasha.tatashin@soleen.com, rientjes@google.com, rppt@kernel.org, souravpanda@google.com, vbabka@suse.cz, willy@infradead.org, dan.j.williams@intel.com, yi.zhang@redhat.com, alison.schofield@intel.com, david@redhat.com, yosryahmed@google.com Subject: [PATCH v3 1/4] mm: update the memmap stat before page is freed Date: Thu, 8 Aug 2024 15:42:34 +0000 Message-ID: <20240808154237.220029-2-pasha.tatashin@soleen.com> In-Reply-To: <20240808154237.220029-1-pasha.tatashin@soleen.com> References: <20240808154237.220029-1-pasha.tatashin@soleen.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Fixes for memmap accounting \| expand [v3,0/4] Fixes for memmap accounting [v3,1/4] mm: update the memmap stat before page is freed [v3,2/4] mm: don't account memmap on failure [v3,3/4] mm: add system wide stats items category [v3,4/4] mm: don't account memmap per-node

Message ID

20240808154237.220029-2-pasha.tatashin@soleen.com (mailing list archive)

State

New

Headers

From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: akpm@linux-foundation.org,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	linux-cxl@vger.kernel.org,
	cerasuolodomenico@gmail.com,
	hannes@cmpxchg.org,
	j.granados@samsung.com,
	lizhijian@fujitsu.com,
	muchun.song@linux.dev,
	nphamcs@gmail.com,
	pasha.tatashin@soleen.com,
	rientjes@google.com,
	rppt@kernel.org,
	souravpanda@google.com,
	vbabka@suse.cz,
	willy@infradead.org,
	dan.j.williams@intel.com,
	yi.zhang@redhat.com,
	alison.schofield@intel.com,
	david@redhat.com,
	yosryahmed@google.com
Subject: [PATCH v3 1/4] mm: update the memmap stat before page is freed
Date: Thu,  8 Aug 2024 15:42:34 +0000
Message-ID: <20240808154237.220029-2-pasha.tatashin@soleen.com>
In-Reply-To: <20240808154237.220029-1-pasha.tatashin@soleen.com>
References: <20240808154237.220029-1-pasha.tatashin@soleen.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

Fixes for memmap accounting | expand

Commit Message

Pasha Tatashin Aug. 8, 2024, 3:42 p.m. UTC

It is more logical to update the stat before the page is freed, to avoid
use after free scenarios.

Fixes: 15995a352474 ("mm: report per-page metadata information")
Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
---
 mm/hugetlb_vmemmap.c | 4 ++--
 mm/page_ext.c        | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

Comments

Yosry Ahmed Aug. 8, 2024, 5:17 p.m. UTC | #1

On Thu, Aug 8, 2024 at 8:42 AM Pasha Tatashin <pasha.tatashin@soleen.com> wrote:
>
> It is more logical to update the stat before the page is freed, to avoid
> use after free scenarios.
>
> Fixes: 15995a352474 ("mm: report per-page metadata information")
> Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>

Reviewed-by: Yosry Ahmed <yosryahmed@google.com>

> ---
>  mm/hugetlb_vmemmap.c | 4 ++--
>  mm/page_ext.c        | 8 ++++----
>  2 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/mm/hugetlb_vmemmap.c b/mm/hugetlb_vmemmap.c
> index 829112b0a914..fa83a7b38199 100644
> --- a/mm/hugetlb_vmemmap.c
> +++ b/mm/hugetlb_vmemmap.c
> @@ -185,11 +185,11 @@ static int vmemmap_remap_range(unsigned long start, unsigned long end,
>  static inline void free_vmemmap_page(struct page *page)
>  {
>         if (PageReserved(page)) {
> -               free_bootmem_page(page);
>                 mod_node_page_state(page_pgdat(page), NR_MEMMAP_BOOT, -1);
> +               free_bootmem_page(page);
>         } else {
> -               __free_page(page);
>                 mod_node_page_state(page_pgdat(page), NR_MEMMAP, -1);
> +               __free_page(page);
>         }
>  }
>
> diff --git a/mm/page_ext.c b/mm/page_ext.c
> index c191e490c401..962d45eee1f8 100644
> --- a/mm/page_ext.c
> +++ b/mm/page_ext.c
> @@ -330,18 +330,18 @@ static void free_page_ext(void *addr)
>         if (is_vmalloc_addr(addr)) {
>                 page = vmalloc_to_page(addr);
>                 pgdat = page_pgdat(page);
> +               mod_node_page_state(pgdat, NR_MEMMAP,
> +                                   -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
>                 vfree(addr);
>         } else {
>                 page = virt_to_page(addr);
>                 pgdat = page_pgdat(page);
> +               mod_node_page_state(pgdat, NR_MEMMAP,
> +                                   -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
>                 BUG_ON(PageReserved(page));
>                 kmemleak_free(addr);
>                 free_pages_exact(addr, table_size);
>         }
> -
> -       mod_node_page_state(pgdat, NR_MEMMAP,
> -                           -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
> -
>  }
>
>  static void __free_page_ext(unsigned long pfn)
> --
> 2.46.0.76.ge559c4bf1a-goog
>

Fan Ni Aug. 8, 2024, 5:17 p.m. UTC | #2

On Thu, Aug 08, 2024 at 03:42:34PM +0000, Pasha Tatashin wrote:
> It is more logical to update the stat before the page is freed, to avoid
> use after free scenarios.
> 
> Fixes: 15995a352474 ("mm: report per-page metadata information")
> Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>

Reviewed-by: Fan Ni <fan.ni@samsung.com>

> ---
>  mm/hugetlb_vmemmap.c | 4 ++--
>  mm/page_ext.c        | 8 ++++----
>  2 files changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/mm/hugetlb_vmemmap.c b/mm/hugetlb_vmemmap.c
> index 829112b0a914..fa83a7b38199 100644
> --- a/mm/hugetlb_vmemmap.c
> +++ b/mm/hugetlb_vmemmap.c
> @@ -185,11 +185,11 @@ static int vmemmap_remap_range(unsigned long start, unsigned long end,
>  static inline void free_vmemmap_page(struct page *page)
>  {
>  	if (PageReserved(page)) {
> -		free_bootmem_page(page);
>  		mod_node_page_state(page_pgdat(page), NR_MEMMAP_BOOT, -1);
> +		free_bootmem_page(page);
>  	} else {
> -		__free_page(page);
>  		mod_node_page_state(page_pgdat(page), NR_MEMMAP, -1);
> +		__free_page(page);
>  	}
>  }
>  
> diff --git a/mm/page_ext.c b/mm/page_ext.c
> index c191e490c401..962d45eee1f8 100644
> --- a/mm/page_ext.c
> +++ b/mm/page_ext.c
> @@ -330,18 +330,18 @@ static void free_page_ext(void *addr)
>  	if (is_vmalloc_addr(addr)) {
>  		page = vmalloc_to_page(addr);
>  		pgdat = page_pgdat(page);
> +		mod_node_page_state(pgdat, NR_MEMMAP,
> +				    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
>  		vfree(addr);
>  	} else {
>  		page = virt_to_page(addr);
>  		pgdat = page_pgdat(page);
> +		mod_node_page_state(pgdat, NR_MEMMAP,
> +				    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
>  		BUG_ON(PageReserved(page));
>  		kmemleak_free(addr);
>  		free_pages_exact(addr, table_size);
>  	}
> -
> -	mod_node_page_state(pgdat, NR_MEMMAP,
> -			    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
> -
>  }
>  
>  static void __free_page_ext(unsigned long pfn)
> -- 
> 2.46.0.76.ge559c4bf1a-goog
>

Yosry Ahmed Aug. 8, 2024, 5:20 p.m. UTC | #3

On Thu, Aug 8, 2024 at 10:17 AM Yosry Ahmed <yosryahmed@google.com> wrote:
>
> On Thu, Aug 8, 2024 at 8:42 AM Pasha Tatashin <pasha.tatashin@soleen.com> wrote:
> >
> > It is more logical to update the stat before the page is freed, to avoid
> > use after free scenarios.
> >
> > Fixes: 15995a352474 ("mm: report per-page metadata information")
> > Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
> > Reviewed-by: David Hildenbrand <david@redhat.com>
>
> Reviewed-by: Yosry Ahmed <yosryahmed@google.com>

Actually although I think this patch is correct, it shouldn't be
needed after patch 4 because we no longer use the page or pgdat to
update the stats.

>
> > ---
> >  mm/hugetlb_vmemmap.c | 4 ++--
> >  mm/page_ext.c        | 8 ++++----
> >  2 files changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/mm/hugetlb_vmemmap.c b/mm/hugetlb_vmemmap.c
> > index 829112b0a914..fa83a7b38199 100644
> > --- a/mm/hugetlb_vmemmap.c
> > +++ b/mm/hugetlb_vmemmap.c
> > @@ -185,11 +185,11 @@ static int vmemmap_remap_range(unsigned long start, unsigned long end,
> >  static inline void free_vmemmap_page(struct page *page)
> >  {
> >         if (PageReserved(page)) {
> > -               free_bootmem_page(page);
> >                 mod_node_page_state(page_pgdat(page), NR_MEMMAP_BOOT, -1);
> > +               free_bootmem_page(page);
> >         } else {
> > -               __free_page(page);
> >                 mod_node_page_state(page_pgdat(page), NR_MEMMAP, -1);
> > +               __free_page(page);
> >         }
> >  }
> >
> > diff --git a/mm/page_ext.c b/mm/page_ext.c
> > index c191e490c401..962d45eee1f8 100644
> > --- a/mm/page_ext.c
> > +++ b/mm/page_ext.c
> > @@ -330,18 +330,18 @@ static void free_page_ext(void *addr)
> >         if (is_vmalloc_addr(addr)) {
> >                 page = vmalloc_to_page(addr);
> >                 pgdat = page_pgdat(page);
> > +               mod_node_page_state(pgdat, NR_MEMMAP,
> > +                                   -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
> >                 vfree(addr);
> >         } else {
> >                 page = virt_to_page(addr);
> >                 pgdat = page_pgdat(page);
> > +               mod_node_page_state(pgdat, NR_MEMMAP,
> > +                                   -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
> >                 BUG_ON(PageReserved(page));
> >                 kmemleak_free(addr);
> >                 free_pages_exact(addr, table_size);
> >         }
> > -
> > -       mod_node_page_state(pgdat, NR_MEMMAP,
> > -                           -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
> > -
> >  }
> >
> >  static void __free_page_ext(unsigned long pfn)
> > --
> > 2.46.0.76.ge559c4bf1a-goog
> >

Pasha Tatashin Aug. 8, 2024, 5:37 p.m. UTC | #4

On Thu, Aug 8, 2024 at 1:21 PM Yosry Ahmed <yosryahmed@google.com> wrote:
>
> On Thu, Aug 8, 2024 at 10:17 AM Yosry Ahmed <yosryahmed@google.com> wrote:
> >
> > On Thu, Aug 8, 2024 at 8:42 AM Pasha Tatashin <pasha.tatashin@soleen.com> wrote:
> > >
> > > It is more logical to update the stat before the page is freed, to avoid
> > > use after free scenarios.
> > >
> > > Fixes: 15995a352474 ("mm: report per-page metadata information")
> > > Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
> > > Reviewed-by: David Hildenbrand <david@redhat.com>
> >
> > Reviewed-by: Yosry Ahmed <yosryahmed@google.com>
>
> Actually although I think this patch is correct, it shouldn't be
> needed after patch 4 because we no longer use the page or pgdat to
> update the stats.

Good point, also there is a warning that pgdat is not used anymore.

I will remove this patch from the series, and clean-up free_page_ext()
by removing pgdat, once patches 3/4 and 4/4 are reviewed.

Pasha

Pasha

diff --git a/mm/hugetlb_vmemmap.c b/mm/hugetlb_vmemmap.c
index 829112b0a914..fa83a7b38199 100644
--- a/mm/hugetlb_vmemmap.c
+++ b/mm/hugetlb_vmemmap.c
@@ -185,11 +185,11 @@  static int vmemmap_remap_range(unsigned long start, unsigned long end,
 static inline void free_vmemmap_page(struct page *page)
 {
 	if (PageReserved(page)) {
-		free_bootmem_page(page);
 		mod_node_page_state(page_pgdat(page), NR_MEMMAP_BOOT, -1);
+		free_bootmem_page(page);
 	} else {
-		__free_page(page);
 		mod_node_page_state(page_pgdat(page), NR_MEMMAP, -1);
+		__free_page(page);
 	}
 }
 
diff --git a/mm/page_ext.c b/mm/page_ext.c
index c191e490c401..962d45eee1f8 100644
--- a/mm/page_ext.c
+++ b/mm/page_ext.c
@@ -330,18 +330,18 @@  static void free_page_ext(void *addr)
 	if (is_vmalloc_addr(addr)) {
 		page = vmalloc_to_page(addr);
 		pgdat = page_pgdat(page);
+		mod_node_page_state(pgdat, NR_MEMMAP,
+				    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
 		vfree(addr);
 	} else {
 		page = virt_to_page(addr);
 		pgdat = page_pgdat(page);
+		mod_node_page_state(pgdat, NR_MEMMAP,
+				    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
 		BUG_ON(PageReserved(page));
 		kmemleak_free(addr);
 		free_pages_exact(addr, table_size);
 	}
-
-	mod_node_page_state(pgdat, NR_MEMMAP,
-			    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
-
 }
 
 static void __free_page_ext(unsigned long pfn)

[v3,1/4] mm: update the memmap stat before page is freed

Commit Message

Comments

Patch