Re: [PATCH 1/5] mm/vmscan: put the redirtied MADV_FREE pages back to anonymous LRU list

[John Hubbard]

On 7/15/21 4:30 AM, Miaohe Lin wrote:
...
> > > > So, it seems lockless GUP can redirty the MADV_FREE page. But is it ok to just release
> > > > a redirtied MADV_FREE pages? Because we hold the last reference here and the page will
> > > > be freed anyway...
> > >
> > > I don't see how lockless GUP can redirty the page.  It can grab the
> > > refcount, thus making the refcount here two.  Then the call to freeze
> > > here fails and the page stays on the list.  But the lockless GUP checks
> > > the page is still in the page table (and discovers it isn't, so releases
> > > the reference count).  Am I missing a path that lets lockless GUP dirty
> > > the page?
> >
> > If a device driver pins some pages using gup, and the device then uses dma
> > to write to those pages, then you could get there. That story is part of the
> > reasoning that led to creating pin_user_pages(), which btw does not yet
> > fully solve that case.
>
> Many thanks for your explanation.
> So the similar scenario that is clarified in the __remove_mapping() is possible:

I probably should have added that the scenario I was describing is broken even
before any patches that you might apply here. I was just trying to ensure that
the complete list of scenarios was known.



thanks,
--
John Hubbard
NVIDIA