From: "Michael S. Tsirkin" <mst@redhat•com>
To: Lorenzo Stoakes <ljs@kernel•org>
Cc: linux-kernel@vger•kernel.org,
"David Hildenbrand (Arm)" <david@kernel•org>,
"Jason Wang" <jasowang@redhat•com>,
"Xuan Zhuo" <xuanzhuo@linux•alibaba.com>,
"Eugenio Pérez" <eperezma@redhat•com>,
"Muchun Song" <muchun.song@linux•dev>,
"Oscar Salvador" <osalvador@suse•de>,
"Andrew Morton" <akpm@linux-foundation•org>,
"Liam R. Howlett" <liam@infradead•org>,
"Vlastimil Babka" <vbabka@kernel•org>,
"Mike Rapoport" <rppt@kernel•org>,
"Suren Baghdasaryan" <surenb@google•com>,
"Michal Hocko" <mhocko@suse•com>,
"Brendan Jackman" <jackmanb@google•com>,
"Johannes Weiner" <hannes@cmpxchg•org>, "Zi Yan" <ziy@nvidia•com>,
"Baolin Wang" <baolin.wang@linux•alibaba.com>,
"Nico Pache" <npache@redhat•com>,
"Ryan Roberts" <ryan.roberts@arm•com>,
"Dev Jain" <dev.jain@arm•com>, "Barry Song" <baohua@kernel•org>,
"Lance Yang" <lance.yang@linux•dev>,
"Hugh Dickins" <hughd@google•com>,
"Matthew Brost" <matthew.brost@intel•com>,
"Joshua Hahn" <joshua.hahnjy@gmail•com>,
"Rakie Kim" <rakie.kim@sk•com>,
"Byungchul Park" <byungchul@sk•com>,
"Gregory Price" <gourry@gourry•net>,
"Ying Huang" <ying.huang@linux•alibaba.com>,
"Alistair Popple" <apopple@nvidia•com>,
"Christoph Lameter" <cl@gentwo•org>,
"David Rientjes" <rientjes@google•com>,
"Roman Gushchin" <roman.gushchin@linux•dev>,
"Harry Yoo" <harry.yoo@oracle•com>,
"Axel Rasmussen" <axelrasmussen@google•com>,
"Yuanchu Xie" <yuanchu@google•com>, "Wei Xu" <weixugc@google•com>,
"Chris Li" <chrisl@kernel•org>,
"Kairui Song" <kasong@tencent•com>,
"Kemeng Shi" <shikemeng@huaweicloud•com>,
"Nhat Pham" <nphamcs@gmail•com>, "Baoquan He" <bhe@redhat•com>,
virtualization@lists•linux.dev, linux-mm@kvack•org,
"Andrea Arcangeli" <aarcange@redhat•com>,
"Miaohe Lin" <linmiaohe@huawei•com>
Subject: Re: [PATCH v10 02/37] mm: memory-failure: serialize TestSetPageHWPoison with zone->lock
Date: Mon, 8 Jun 2026 16:17:49 -0400 [thread overview]
Message-ID: <20260608160954-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <aibMs9DXuhH_5F2Z@lucifer>
On Mon, Jun 08, 2026 at 03:14:51PM +0100, Lorenzo Stoakes wrote:
> On Mon, Jun 08, 2026 at 09:48:34AM -0400, Michael S. Tsirkin wrote:
> > On Mon, Jun 08, 2026 at 10:43:21AM +0100, Lorenzo Stoakes wrote:
> > > On Mon, Jun 08, 2026 at 04:34:23AM -0400, Michael S. Tsirkin wrote:
> > > > TestSetPageHWPoison() is called without zone->lock, so its atomic
> > > > update to page->flags can race with non-atomic flag operations
> > > > that run under zone->lock in the buddy allocator.
> > > >
> > > > In particular, __free_pages_prepare() does:
> > > >
> > > > page->flags.f &= ~PAGE_FLAGS_CHECK_AT_PREP;
> > > >
> > > > This non-atomic read-modify-write, while correctly excluding
> > > > __PG_HWPOISON from the mask, can still lose a concurrent
> > > > TestSetPageHWPoison if the read happens before the poison bit
> > > > is set and the write happens after. Follow-up patches in this
> > > > series add similar non-atomic flag operations as well.
> > > >
> > > > Fix by acquiring zone->lock around TestSetPageHWPoison and
> > > > around ClearPageHWPoison in the retry path. This
> > > > serializes with all buddy flag manipulation. The cost is
> > > > negligible: one lock/unlock in an extremely rare path
> > > > (hardware memory errors).
> > > >
> > > > Note: SetPageHWPoison and TestClearPageHWPoison calls elsewhere
> > > > in this file operate on pages already removed from the buddy
> > > > allocator or on non-buddy pages (DAX, hugetlb), so they do not
> > > > need zone->lock protection.
> > > >
> > > > Acked-by: Miaohe Lin <linmiaohe@huawei•com>
> > > > Signed-off-by: Michael S. Tsirkin <mst@redhat•com>
> > >
> > > Can we have Fixes: and Cc: stable and also send this separately please?
> > >
> > > These patches seem like unrelated fixups that you've discovered along the way,
> > > and don't belong as part of the already rather large series, unless I'm missing
> > > something here.
> > >
> > > Thanks, Lorenzo
> >
> > I think you are mising that they are a dependency, not unrelated.
>
> Then say so.
>
> > For example, this issue gets worse with the patchset as there are more
> > places that manipulate flags without atomics. No?
>
> It's your job to make that case, not mine.
>
> >
> >
> > You are welcome to send this to stable, but I think stable rules
> > preclude theoretical bugfixes.
>
> It's a dependency but also theoretical?
As in, the race is exteremely hard to trigger and I have no idea if it
triggers for anyone, but it's obvious from reading the code that
theoretically it exists? Yes.
> >
> > As for Fixes: the issue has been there for decades. I wouldn't know
> > what to attribute it for.
>
> Again, your job.
Alright, if you insist:
Fixes: 6a46079cf57a ("HWPOISON: The high level memory error handler in the VM v7")
now everyone running 2.6 kernels will backport this fix, I presume.
> >
> >
> > I guess I could send these separately, too, why not. Not sure
> > what this accomplishes, but hey. But is that an ack? You want
> > this fix merged even before the feature?
>
> I already made the case as to why, as have other maintainers.
>
> If you need to review what an ack looks like please consult
> https://docs.kernel.org/process/5.Posting.html
>
> Thanks, Lorenzo
I am merely asking if you want this patch in the set including
all these nits I had to fix.
--
MST
next prev parent reply other threads:[~2026-06-08 20:17 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-08 8:33 [PATCH v10 00/37] mm/virtio: skip redundant zeroing of host-zeroed pages Michael S. Tsirkin
2026-06-08 8:34 ` [PATCH v10 01/37] mm: mempolicy: fix interleave index calculation Michael S. Tsirkin
2026-06-08 9:43 ` Lorenzo Stoakes
2026-06-08 8:34 ` [PATCH v10 02/37] mm: memory-failure: serialize TestSetPageHWPoison with zone->lock Michael S. Tsirkin
2026-06-08 9:43 ` Lorenzo Stoakes
2026-06-08 13:48 ` Michael S. Tsirkin
2026-06-08 14:14 ` Lorenzo Stoakes
2026-06-08 20:17 ` Michael S. Tsirkin [this message]
2026-06-08 16:20 ` Andrew Morton
2026-06-08 8:34 ` [PATCH v10 03/37] mm: page_alloc: propagate PageReported flag across buddy splits Michael S. Tsirkin
2026-06-08 9:52 ` Lorenzo Stoakes
2026-06-08 12:50 ` Matthew Wilcox
2026-06-08 8:34 ` [PATCH v10 04/37] mm: page_reporting: allow driver to set batch capacity Michael S. Tsirkin
2026-06-08 8:34 ` [PATCH v10 05/37] mm: hugetlb: remove dead alloc_hugetlb_folio stub Michael S. Tsirkin
2026-06-08 9:56 ` Lorenzo Stoakes
2026-06-08 8:35 ` [PATCH v10 06/37] mm: move vma_alloc_folio_noprof to page_alloc.c Michael S. Tsirkin
2026-06-08 10:05 ` Lorenzo Stoakes
2026-06-08 8:35 ` [PATCH v10 07/37] mm: thread user_addr through page allocator for cache-friendly zeroing Michael S. Tsirkin
2026-06-08 10:23 ` Lorenzo Stoakes
2026-06-08 11:06 ` Lorenzo Stoakes
2026-06-08 13:04 ` Matthew Wilcox
2026-06-08 13:09 ` Lorenzo Stoakes
2026-06-08 14:26 ` David Hildenbrand (Arm)
2026-06-08 14:31 ` Matthew Wilcox
2026-06-08 14:37 ` David Hildenbrand (Arm)
2026-06-08 14:44 ` Matthew Wilcox
2026-06-08 14:55 ` David Hildenbrand (Arm)
2026-06-08 19:33 ` Michael S. Tsirkin
2026-06-08 19:59 ` Gregory Price
2026-06-08 20:21 ` Zi Yan
2026-06-08 20:33 ` Michael S. Tsirkin
2026-06-08 20:40 ` Zi Yan
2026-06-08 21:04 ` Michael S. Tsirkin
2026-06-08 21:16 ` Zi Yan
2026-06-08 21:51 ` David Hildenbrand (Arm)
2026-06-08 22:28 ` Gregory Price
2026-06-08 11:08 ` David Hildenbrand (Arm)
2026-06-08 15:27 ` Zi Yan
2026-06-08 18:39 ` David Hildenbrand (Arm)
2026-06-08 19:43 ` Gregory Price
2026-06-08 19:52 ` Zi Yan
2026-06-08 20:25 ` Gregory Price
2026-06-08 20:37 ` Zi Yan
2026-06-08 20:56 ` Gregory Price
2026-06-08 21:03 ` Michael S. Tsirkin
2026-06-08 8:35 ` [PATCH v10 08/37] mm: add alloc_contig_frozen_pages_user " Michael S. Tsirkin
2026-06-08 10:29 ` Lorenzo Stoakes
2026-06-08 8:35 ` [PATCH v10 09/37] mm: hugetlb: thread user_addr through gigantic page allocation Michael S. Tsirkin
2026-06-08 8:36 ` [PATCH v10 10/37] mm: add folio_zero_user stub for configs without THP/HUGETLBFS Michael S. Tsirkin
2026-06-08 9:12 ` Lorenzo Stoakes
2026-06-08 8:36 ` [PATCH v10 11/37] mm: page_alloc: move prep_compound_page before post_alloc_hook Michael S. Tsirkin
2026-06-08 10:33 ` Lorenzo Stoakes
2026-06-08 8:36 ` [PATCH v10 12/37] mm: use folio_zero_user for user pages in post_alloc_hook Michael S. Tsirkin
2026-06-08 11:23 ` Lorenzo Stoakes
2026-06-08 15:53 ` Gregory Price
2026-06-08 19:45 ` Michael S. Tsirkin
2026-06-08 20:16 ` Gregory Price
2026-06-08 20:30 ` Michael S. Tsirkin
2026-06-08 20:53 ` Gregory Price
2026-06-08 21:16 ` Michael S. Tsirkin
2026-06-08 21:33 ` Gregory Price
2026-06-08 21:46 ` Michael S. Tsirkin
2026-06-08 21:53 ` Gregory Price
2026-06-08 19:42 ` Michael S. Tsirkin
2026-06-08 8:36 ` [PATCH v10 13/37] mm: use __GFP_ZERO in vma_alloc_zeroed_movable_folio Michael S. Tsirkin
2026-06-08 10:39 ` Lorenzo Stoakes
2026-06-08 10:55 ` Lorenzo Stoakes
2026-06-08 8:37 ` [PATCH v10 14/37] mm: remove arch vma_alloc_zeroed_movable_folio overrides Michael S. Tsirkin
2026-06-08 11:29 ` Lorenzo Stoakes
2026-06-08 8:37 ` [PATCH v10 15/37] mm: alloc_anon_folio: pass raw fault address to vma_alloc_folio Michael S. Tsirkin
2026-06-08 11:35 ` Lorenzo Stoakes
2026-06-08 8:37 ` [PATCH v10 16/37] mm: alloc_swap_folio: " Michael S. Tsirkin
2026-06-08 11:37 ` Lorenzo Stoakes
2026-06-08 15:59 ` Gregory Price
2026-06-08 20:09 ` Michael S. Tsirkin
2026-06-08 8:37 ` [PATCH v10 17/37] mm: page_reporting: skip redundant zeroing of host-zeroed reported pages Michael S. Tsirkin
2026-06-08 12:00 ` Lorenzo Stoakes
2026-06-08 16:09 ` Gregory Price
2026-06-08 18:40 ` Matthew Wilcox
2026-06-08 19:55 ` Michael S. Tsirkin
2026-06-08 8:38 ` [PATCH v10 18/37] mm: page_alloc: use aliasing checks instead of user_alloc_needs_zeroing Michael S. Tsirkin
2026-06-08 11:39 ` Lorenzo Stoakes
2026-06-08 8:38 ` [PATCH v10 19/37] mm: page_alloc: clear PG_zeroed on buddy merge if not both zero Michael S. Tsirkin
2026-06-08 11:47 ` Lorenzo Stoakes
2026-06-08 8:38 ` [PATCH v10 20/37] mm: page_alloc: preserve PG_zeroed in page_del_and_expand Michael S. Tsirkin
2026-06-08 8:38 ` [PATCH v10 21/37] mm: page_alloc: propagate PG_zeroed in split_large_buddy Michael S. Tsirkin
2026-06-08 8:38 ` [PATCH v10 22/37] mm: add free_frozen_pages_zeroed Michael S. Tsirkin
2026-06-08 12:06 ` Lorenzo Stoakes
2026-06-08 8:38 ` [PATCH v10 23/37] mm: page_alloc: skip kernel_init_pages for FPI_ZEROED when safe Michael S. Tsirkin
2026-06-08 12:18 ` Lorenzo Stoakes
2026-06-08 8:38 ` [PATCH v10 24/37] mm: add put_page_zeroed and folio_put_zeroed Michael S. Tsirkin
2026-06-08 12:25 ` Lorenzo Stoakes
2026-06-08 12:46 ` David Hildenbrand (Arm)
2026-06-08 14:08 ` Michael S. Tsirkin
2026-06-08 14:28 ` David Hildenbrand (Arm)
2026-06-08 19:58 ` Michael S. Tsirkin
2026-06-08 8:39 ` [PATCH v10 25/37] mm: use __GFP_ZERO in alloc_anon_folio Michael S. Tsirkin
2026-06-08 12:29 ` Lorenzo Stoakes
2026-06-08 8:39 ` [PATCH v10 26/37] mm: vma_alloc_anon_folio_pmd: pass raw fault address to vma_alloc_folio Michael S. Tsirkin
2026-06-08 12:30 ` Lorenzo Stoakes
2026-06-08 8:39 ` [PATCH v10 27/37] mm: use __GFP_ZERO in vma_alloc_anon_folio_pmd Michael S. Tsirkin
2026-06-08 12:32 ` Lorenzo Stoakes
2026-06-08 8:39 ` [PATCH v10 28/37] mm: hugetlb: add gfp parameter and skip zeroing for zeroed pages Michael S. Tsirkin
2026-06-08 12:44 ` Lorenzo Stoakes
2026-06-08 8:39 ` [PATCH v10 29/37] mm: memfd: skip zeroing for zeroed hugetlb pool pages Michael S. Tsirkin
2026-06-08 12:47 ` Lorenzo Stoakes
2026-06-08 8:39 ` [PATCH v10 30/37] mm: page_reporting: add per-page zeroed bitmap for host feedback Michael S. Tsirkin
2026-06-08 8:39 ` [PATCH v10 31/37] virtio_balloon: submit reported pages as individual buffers Michael S. Tsirkin
2026-06-08 8:40 ` [PATCH v10 32/37] virtio_balloon: disable indirect descriptors Michael S. Tsirkin
2026-06-08 8:40 ` [PATCH v10 33/37] mm: page_reporting: add flush parameter with page budget Michael S. Tsirkin
2026-06-08 8:40 ` [PATCH v10 34/37] virtio_balloon: skip zeroing for host-zeroed reported pages Michael S. Tsirkin
2026-06-08 8:40 ` [PATCH v10 35/37] virtio_balloon: disable reporting zeroed optimization for confidential guests Michael S. Tsirkin
2026-06-08 8:40 ` [PATCH v10 36/37] mm: balloon: use put_page_zeroed for zeroed balloon pages Michael S. Tsirkin
2026-06-08 11:10 ` David Hildenbrand (Arm)
2026-06-08 8:40 ` [PATCH v10 37/37] virtio_balloon: implement VIRTIO_BALLOON_F_DEVICE_INIT_ON_INFLATE Michael S. Tsirkin
2026-06-08 9:17 ` [PATCH v10 00/37] mm/virtio: skip redundant zeroing of host-zeroed pages Lorenzo Stoakes
2026-06-08 12:52 ` Lorenzo Stoakes
2026-06-08 11:02 ` Vlastimil Babka (SUSE)
2026-06-08 11:13 ` Vlastimil Babka (SUSE)
2026-06-08 15:45 ` Gregory Price
2026-06-08 17:50 ` Lorenzo Stoakes
2026-06-08 19:39 ` Michael S. Tsirkin
2026-06-08 14:21 ` Matthew Wilcox
2026-06-08 20:02 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260608160954-mutt-send-email-mst@kernel.org \
--to=mst@redhat$(echo .)com \
--cc=aarcange@redhat$(echo .)com \
--cc=akpm@linux-foundation$(echo .)org \
--cc=apopple@nvidia$(echo .)com \
--cc=axelrasmussen@google$(echo .)com \
--cc=baohua@kernel$(echo .)org \
--cc=baolin.wang@linux$(echo .)alibaba.com \
--cc=bhe@redhat$(echo .)com \
--cc=byungchul@sk$(echo .)com \
--cc=chrisl@kernel$(echo .)org \
--cc=cl@gentwo$(echo .)org \
--cc=david@kernel$(echo .)org \
--cc=dev.jain@arm$(echo .)com \
--cc=eperezma@redhat$(echo .)com \
--cc=gourry@gourry$(echo .)net \
--cc=hannes@cmpxchg$(echo .)org \
--cc=harry.yoo@oracle$(echo .)com \
--cc=hughd@google$(echo .)com \
--cc=jackmanb@google$(echo .)com \
--cc=jasowang@redhat$(echo .)com \
--cc=joshua.hahnjy@gmail$(echo .)com \
--cc=kasong@tencent$(echo .)com \
--cc=lance.yang@linux$(echo .)dev \
--cc=liam@infradead$(echo .)org \
--cc=linmiaohe@huawei$(echo .)com \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linux-mm@kvack$(echo .)org \
--cc=ljs@kernel$(echo .)org \
--cc=matthew.brost@intel$(echo .)com \
--cc=mhocko@suse$(echo .)com \
--cc=muchun.song@linux$(echo .)dev \
--cc=npache@redhat$(echo .)com \
--cc=nphamcs@gmail$(echo .)com \
--cc=osalvador@suse$(echo .)de \
--cc=rakie.kim@sk$(echo .)com \
--cc=rientjes@google$(echo .)com \
--cc=roman.gushchin@linux$(echo .)dev \
--cc=rppt@kernel$(echo .)org \
--cc=ryan.roberts@arm$(echo .)com \
--cc=shikemeng@huaweicloud$(echo .)com \
--cc=surenb@google$(echo .)com \
--cc=vbabka@kernel$(echo .)org \
--cc=virtualization@lists$(echo .)linux.dev \
--cc=weixugc@google$(echo .)com \
--cc=xuanzhuo@linux$(echo .)alibaba.com \
--cc=ying.huang@linux$(echo .)alibaba.com \
--cc=yuanchu@google$(echo .)com \
--cc=ziy@nvidia$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox