From patchwork Tue Sep 3 14:25:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Sistare X-Patchwork-Id: 13788801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91516CD3439 for ; Tue, 3 Sep 2024 14:25:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 279B28D0189; Tue, 3 Sep 2024 10:25:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 17C9B8D0151; Tue, 3 Sep 2024 10:25:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E2B928D018A; Tue, 3 Sep 2024 10:25:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C0AC08D0151 for ; Tue, 3 Sep 2024 10:25:38 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 75CB1C041B for ; Tue, 3 Sep 2024 14:25:38 +0000 (UTC) X-FDA: 82523650356.21.04D5EF3 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf08.hostedemail.com (Postfix) with ESMTP id 4E7E616002B for ; Tue, 3 Sep 2024 14:25:36 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=Hoif2JzH; spf=pass (imf08.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725373442; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=vr6pM4E+lFLBzV/5tEnmyQ757HAXInOvYWZ2E4pgf4g=; b=uYbnsAr2uk/3bkhzlff1tvsoHEMbeyJvBjtrplywNPuCxla8S732ECpZcNILOYI7SNl/Jm fHde+phkYdvmeeWx1lxRgBhSL9PDVpGcD25js+5stxdgLSN9qFGdOPfVfL7dRRf4DQ5klB U4fiVD00J89zEtaejFvNQWdUOzio6jU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725373442; a=rsa-sha256; cv=none; b=8luTHKbWyS+NeoeDCM5SKDX6cXhWcMObm0JPOpbaxCz13bAs9sa0Na1dbFiDkd/iv1Q8Hn YEkpEZO7h9W6PwR4PTOOqbm5HpJMW0C3+M6W9XPKUCRz1fmxBpj7D9KI45vTD3fRoy5ACA pW6Os/s0SxwyhSgMaqfGU1vPcCxYb3s= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=Hoif2JzH; spf=pass (imf08.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4837fVdp007602; Tue, 3 Sep 2024 14:25:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references; s= corp-2023-11-20; bh=vr6pM4E+lFLBzV/5tEnmyQ757HAXInOvYWZ2E4pgf4g=; b= Hoif2JzHhn5G7dpVUZpuf0xXHh8GwR9LCVSWfNM9j2T7c8imMxCGc48QD9im4yv9 pUZrUneJ/nOqh6Xs8PobdGC9a6hhn1tTCF5oQt1nhJss80pAQIpiM4h+jgVM073/ LRZqzYsnF4g1Tkl4ePjHxSlUaru8PQ/Qep8Brz8FTQeZ6OTFogQqyx0Ngt6f9iJO WpZzbgv730awQjDjCMgLqrxURuNhh+93e1GY0tUJxdXpLdKs2zOdraVd+2wNwud7 9QwOa/rnq9Lzz9iqLTsew4KfByJC+tjKvPuez4Nmhz5pOaQr9gMVQ9/TyGS2VL4L jRlXALnyzKpZ0nBIlelmSw== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 41dw51rxyv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:26 +0000 (GMT) Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 483E9cNQ001754; Tue, 3 Sep 2024 14:25:25 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 41bsmf1mcv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:25 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 483EPN4K023489; Tue, 3 Sep 2024 14:25:24 GMT Received: from ca-dev63.us.oracle.com (ca-dev63.us.oracle.com [10.211.8.221]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 41bsmf1maj-2; Tue, 03 Sep 2024 14:25:24 +0000 From: Steve Sistare To: linux-mm@kvack.org Cc: Vivek Kasireddy , Muchun Song , Andrew Morton , Matthew Wilcox , Peter Xu , David Hildenbrand , Jason Gunthorpe , Steve Sistare Subject: [PATCH V1 1/5] mm/filemap: fix filemap_get_folios_contig THP panic Date: Tue, 3 Sep 2024 07:25:17 -0700 Message-Id: <1725373521-451395-2-git-send-email-steven.sistare@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> References: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-03_02,2024-09-03_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2409030117 X-Proofpoint-ORIG-GUID: sL_Bk4pT-Ld6JPROeLzFPzJ7Tj08ZJla X-Proofpoint-GUID: sL_Bk4pT-Ld6JPROeLzFPzJ7Tj08ZJla X-Rspamd-Queue-Id: 4E7E616002B X-Stat-Signature: iu6cymx4wf738r3q5oducewxchd9fko3 X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1725373536-670300 X-HE-Meta: U2FsdGVkX1/JicL3CiaROBWtPpMabvrTzVoGwoR+6I4mV0GD2hNMhPwyf9Tvxkr7y2O3iUvtPQspcAcDQa2KP4cI9vh+znjhibBn8CVJ+zK9GOGOTfIBksaCpQ1dKVDN194pUc93m+GRFhDGXvOL/+DSw1N2RtoZ8na7MhW3XDvfjDrD7H1XRJIbHFJRYnugEJ2G7i3DQcyhyz3VYep9e0n03z8IbaTQn9S7Us3Foi6/i7LM7a2GygVpXY6wVW+JNp1i31KigqgAsvAXVCUh5JYjw+/A4h93o/dKXDQKABC2DZze10SE8QiAl08fiC1Rt/crp0bCwVAEhgmsEkYDbeXfgZqNntVBhi8sVIfg49AkM+vQ7oy4Jj3LmBOktic969fbk0Ox5QPfSE99DiOI9/+ksJ83iHi8F7OKB3glNmvYiL9IR4G7/J6Y3sb5tQpUV3QZrOf72EqxpBSwgJ730JRUiSDgkZ3B5zP6I9ssBeaMukWuBXf4e2JHcLi2sIW7+o9AQV1LsgL2e2UZproVYUWLxOutDa/hqZVP4teQUVZS//LR2hGR7y3X5Y/nUIU+j9i/LSF0HJydUOsund/2+WVEpdZ2F0LBtFF8dECyaYitYDqcYi9ZZhU2MUsgIIR73sUFkD0TDAizSFI50jjr1biJueLhrPLn79m/j7vZrDriE8rVolTlpqOvePgRnxELeQDDZ57Ln/p6d2uNC2TKbDTTXLnoHGmTAp+QC5y4TO7Tjdq//8ECCg8EQeOXF1JuSqxJyKTJSdBLkQY0wdI57MKEIbH8xnmqvAj/31z8Oy5BFyNgByro47XFjtFBcI6Ngenpt8SNShfgydcUTMMCHjWMZ2vO6TAfjIq+W2SComcTv/APky6YZWMicj9nrph37zFF+35H44z1tNXabtWb+skNzg0wS6MQUVHk3JwjkQ09x6WDCs96T4+6FInw+lPJLw+gas8P3tE0nNZUqFL KgbvBvWr 8HJAxx9HNZNv6gBIjG7AfnrtuqB16DYpWbtWILTnzAagp/3avwNgBnQivzIgzWVIhgT1Xd37PcQfVfpKF0XPjdFjyjxNgUXUpJQ3oz6O9ecQ8Dyd+aNQDgsuvSf7dCRnAX5xk/MXLtnrbP8WxIofuJnBBzIyKPUN8AE3K8apbA3t/EH8dRe/DJXkxf01IkqUtM5tF8/fW40yGyHern6kH7n8kX9LSU0I9xQ46+rROLzMhQd20vVB5O5kLAw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: memfd_pin_folios on memory backed by THP panics if the requested start offset is not huge page aligned: BUG: kernel NULL pointer dereference, address: 0000000000000036 RIP: 0010:filemap_get_folios_contig+0xdf/0x290 RSP: 0018:ffffc9002092fbe8 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000002 The fault occurs here, because xas_load returns a folio with value 2: filemap_get_folios_contig() for (folio = xas_load(&xas); folio && xas.xa_index <= end; folio = xas_next(&xas)) { ... if (!folio_try_get(folio)) <-- BOOM "2" is an xarray sibling entry. We get it because memfd_pin_folios does not round the indices passed to filemap_get_folios_contig to huge page boundaries for THP, so we load from the middle of a huge page range see a sibling. (It does round for hugetlbfs, at the is_file_hugepages test). To fix, if the folio is a sibling, then return the next index as the starting point for the next call to filemap_get_folios_contig. Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare --- mm/filemap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/filemap.c b/mm/filemap.c index af99bf9..c385b7a 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2183,6 +2183,10 @@ unsigned filemap_get_folios_contig(struct address_space *mapping, if (xa_is_value(folio)) goto update_start; + /* If we landed in the middle of a THP, continue at its end. */ + if (xa_is_sibling(folio)) + goto update_start; + if (!folio_try_get(folio)) goto retry;