| Message ID | 20190719233225.12243-1-rcampbell@nvidia.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | mm/migrate: initialize pud_entry in migrate_vma() | expand |
On 7/19/19 4:32 PM, Ralph Campbell wrote: > When CONFIG_MIGRATE_VMA_HELPER is enabled, migrate_vma() calls > migrate_vma_collect() which initializes a struct mm_walk but > didn't initialize mm_walk.pud_entry. (Found by code inspection) > Use a C structure initialization to make sure it is set to NULL. > > Fixes: 8763cb45ab967 ("mm/migrate: new memory migration helper for use with > device memory") > Cc: stable@vger.kernel.org > Signed-off-by: Ralph Campbell <rcampbell@nvidia.com> > Cc: "Jérôme Glisse" <jglisse@redhat.com> > Cc: Andrew Morton <akpm@linux-foundation.org> > --- > mm/migrate.c | 17 +++++++---------- > 1 file changed, 7 insertions(+), 10 deletions(-) > > diff --git a/mm/migrate.c b/mm/migrate.c > index 515718392b24..a42858d8e00b 100644 > --- a/mm/migrate.c > +++ b/mm/migrate.c > @@ -2340,16 +2340,13 @@ static int migrate_vma_collect_pmd(pmd_t *pmdp, > static void migrate_vma_collect(struct migrate_vma *migrate) > { > struct mmu_notifier_range range; > - struct mm_walk mm_walk; > - > - mm_walk.pmd_entry = migrate_vma_collect_pmd; > - mm_walk.pte_entry = NULL; > - mm_walk.pte_hole = migrate_vma_collect_hole; > - mm_walk.hugetlb_entry = NULL; > - mm_walk.test_walk = NULL; > - mm_walk.vma = migrate->vma; > - mm_walk.mm = migrate->vma->vm_mm; > - mm_walk.private = migrate; > + struct mm_walk mm_walk = { > + .pmd_entry = migrate_vma_collect_pmd, > + .pte_hole = migrate_vma_collect_hole, > + .vma = migrate->vma, > + .mm = migrate->vma->vm_mm, > + .private = migrate, > + }; Neatly done. > > mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm_walk.mm, > migrate->start, > Reviewed-by: John Hubbard <jhubbard@nvidia.com> thanks,
Hi,
[This is an automated email]
This commit has been processed because it contains a "Fixes:" tag,
fixing commit: 8763cb45ab96 mm/migrate: new memory migration helper for use with device memory.
The bot has tested the following trees: v5.2.1, v5.1.18, v4.19.59, v4.14.133.
v5.2.1: Build OK!
v5.1.18: Build OK!
v4.19.59: Failed to apply! Possible dependencies:
41b4deeaa123 ("RDMA/umem: Make ib_umem_odp into a sub structure of ib_umem")
597ecc5a0954 ("RDMA/umem: Get rid of struct ib_umem.odp_data")
5d6527a784f7 ("mm/mmu_notifier: use structure for invalidate_range_start/end callback")
ac46d4f3c432 ("mm/mmu_notifier: use structure for invalidate_range_start/end calls v2")
b5231b019d76 ("RDMA/umem: Use ib_umem_odp in all function signatures connected to ODP")
c9990ab39b6e ("RDMA/umem: Move all the ODP related stuff out of ucontext and into per_mm")
d4b4dd1b9706 ("RDMA/umem: Do not use current->tgid to track the mm_struct")
v4.14.133: Failed to apply! Possible dependencies:
155494dbbbf4 ("drm/amdgpu: Update kgd2kfd_shared_resources for dGPU support")
179c02fe90a4 ("drm/tve200: Add new driver for TVE200")
1b0c0f9dc5ca ("drm/amdgpu: move userptr BOs to CPU domain during CS v2")
1b1f42d8fde4 ("drm: move amd_gpu_scheduler into common location")
1ed3d2567c80 ("drm/amdgpu: keep the MMU lock until the update ends v4")
3fe89771cb0a ("drm/amdgpu: stop reserving the BO in the MMU callback v3")
4c660c8fbbf7 ("drm/amdgpu: Add submit IB function for KFD")
528e083d85bd ("drm/amdgpu: rename rmn to amn in the MMU notifier code (v2)")
60de1c1740f3 ("drm/amdgpu: use a rw_semaphore for MMU notifiers")
8cce58fe698a ("drm/amd: add new interface to query cu info")
93065ac753e4 ("mm, oom: distinguish blockable mode for mmu notifiers")
9f0a0b41ffcc ("drm/amdgpu: Add support for reporting VRAM usage")
a216ab09955d ("drm/amdgpu: fix userptr put_page handling")
a46a2cd103a8 ("drm/amdgpu: Add GPUVM memory management functions for KFD")
ac46d4f3c432 ("mm/mmu_notifier: use structure for invalidate_range_start/end calls v2")
b72cf4fca2bb ("drm/amdgpu: move taking mmap_sem into get_user_pages v2")
ca666a3c298f ("drm/amdgpu: stop using BO status for user pages")
d8d019ccffb8 ("drm/amdgpu: Add KFD eviction fence")
e52482dec836 ("drm/amdgpu: Add MMU notifier type for KFD userptr")
ebdebf428ae6 ("drm/amdgpu: add amdgpu interface to query cu info")
NOTE: The patch will not be queued to stable trees until it is upstream.
How should we proceed with this patch?
--
Thanks,
Sasha
On 7/20/19 1:32 AM, Ralph Campbell wrote: > When CONFIG_MIGRATE_VMA_HELPER is enabled, migrate_vma() calls > migrate_vma_collect() which initializes a struct mm_walk but > didn't initialize mm_walk.pud_entry. (Found by code inspection) > Use a C structure initialization to make sure it is set to NULL. > > Fixes: 8763cb45ab967 ("mm/migrate: new memory migration helper for use with > device memory") > Cc: stable@vger.kernel.org > Signed-off-by: Ralph Campbell <rcampbell@nvidia.com> > Cc: "Jérôme Glisse" <jglisse@redhat.com> > Cc: Andrew Morton <akpm@linux-foundation.org> So this bug can manifest by some garbage address on stack being called, right? I wonder, how comes it didn't actually happen yet? > --- > mm/migrate.c | 17 +++++++---------- > 1 file changed, 7 insertions(+), 10 deletions(-) > > diff --git a/mm/migrate.c b/mm/migrate.c > index 515718392b24..a42858d8e00b 100644 > --- a/mm/migrate.c > +++ b/mm/migrate.c > @@ -2340,16 +2340,13 @@ static int migrate_vma_collect_pmd(pmd_t *pmdp, > static void migrate_vma_collect(struct migrate_vma *migrate) > { > struct mmu_notifier_range range; > - struct mm_walk mm_walk; > - > - mm_walk.pmd_entry = migrate_vma_collect_pmd; > - mm_walk.pte_entry = NULL; > - mm_walk.pte_hole = migrate_vma_collect_hole; > - mm_walk.hugetlb_entry = NULL; > - mm_walk.test_walk = NULL; > - mm_walk.vma = migrate->vma; > - mm_walk.mm = migrate->vma->vm_mm; > - mm_walk.private = migrate; > + struct mm_walk mm_walk = { > + .pmd_entry = migrate_vma_collect_pmd, > + .pte_hole = migrate_vma_collect_hole, > + .vma = migrate->vma, > + .mm = migrate->vma->vm_mm, > + .private = migrate, > + }; > > mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm_walk.mm, > migrate->start, >
On 8/26/19 8:11 AM, Vlastimil Babka wrote: > On 7/20/19 1:32 AM, Ralph Campbell wrote: >> When CONFIG_MIGRATE_VMA_HELPER is enabled, migrate_vma() calls >> migrate_vma_collect() which initializes a struct mm_walk but >> didn't initialize mm_walk.pud_entry. (Found by code inspection) >> Use a C structure initialization to make sure it is set to NULL. >> >> Fixes: 8763cb45ab967 ("mm/migrate: new memory migration helper for use with >> device memory") >> Cc: stable@vger.kernel.org >> Signed-off-by: Ralph Campbell <rcampbell@nvidia.com> >> Cc: "Jérôme Glisse" <jglisse@redhat.com> >> Cc: Andrew Morton <akpm@linux-foundation.org> > > So this bug can manifest by some garbage address on stack being called, right? I > wonder, how comes it didn't actually happen yet? Right. Probably because HMM isn't widely being used in production yet. > >> --- >> mm/migrate.c | 17 +++++++---------- >> 1 file changed, 7 insertions(+), 10 deletions(-) >> >> diff --git a/mm/migrate.c b/mm/migrate.c >> index 515718392b24..a42858d8e00b 100644 >> --- a/mm/migrate.c >> +++ b/mm/migrate.c >> @@ -2340,16 +2340,13 @@ static int migrate_vma_collect_pmd(pmd_t *pmdp, >> static void migrate_vma_collect(struct migrate_vma *migrate) >> { >> struct mmu_notifier_range range; >> - struct mm_walk mm_walk; >> - >> - mm_walk.pmd_entry = migrate_vma_collect_pmd; >> - mm_walk.pte_entry = NULL; >> - mm_walk.pte_hole = migrate_vma_collect_hole; >> - mm_walk.hugetlb_entry = NULL; >> - mm_walk.test_walk = NULL; >> - mm_walk.vma = migrate->vma; >> - mm_walk.mm = migrate->vma->vm_mm; >> - mm_walk.private = migrate; >> + struct mm_walk mm_walk = { >> + .pmd_entry = migrate_vma_collect_pmd, >> + .pte_hole = migrate_vma_collect_hole, >> + .vma = migrate->vma, >> + .mm = migrate->vma->vm_mm, >> + .private = migrate, >> + }; >> >> mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm_walk.mm, >> migrate->start, >> >
diff --git a/mm/migrate.c b/mm/migrate.c index 515718392b24..a42858d8e00b 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2340,16 +2340,13 @@ static int migrate_vma_collect_pmd(pmd_t *pmdp, static void migrate_vma_collect(struct migrate_vma *migrate) { struct mmu_notifier_range range; - struct mm_walk mm_walk; - - mm_walk.pmd_entry = migrate_vma_collect_pmd; - mm_walk.pte_entry = NULL; - mm_walk.pte_hole = migrate_vma_collect_hole; - mm_walk.hugetlb_entry = NULL; - mm_walk.test_walk = NULL; - mm_walk.vma = migrate->vma; - mm_walk.mm = migrate->vma->vm_mm; - mm_walk.private = migrate; + struct mm_walk mm_walk = { + .pmd_entry = migrate_vma_collect_pmd, + .pte_hole = migrate_vma_collect_hole, + .vma = migrate->vma, + .mm = migrate->vma->vm_mm, + .private = migrate, + }; mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm_walk.mm, migrate->start,
When CONFIG_MIGRATE_VMA_HELPER is enabled, migrate_vma() calls migrate_vma_collect() which initializes a struct mm_walk but didn't initialize mm_walk.pud_entry. (Found by code inspection) Use a C structure initialization to make sure it is set to NULL. Fixes: 8763cb45ab967 ("mm/migrate: new memory migration helper for use with device memory") Cc: stable@vger.kernel.org Signed-off-by: Ralph Campbell <rcampbell@nvidia.com> Cc: "Jérôme Glisse" <jglisse@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> --- mm/migrate.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-)