From patchwork Wed Apr 17 21:18:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13633851 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4762C4345F for ; Wed, 17 Apr 2024 21:18:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6249F6B0098; Wed, 17 Apr 2024 17:18:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 585366B0099; Wed, 17 Apr 2024 17:18:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2ED016B009A; Wed, 17 Apr 2024 17:18:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 13A476B0098 for ; Wed, 17 Apr 2024 17:18:47 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id BD94FA0628 for ; Wed, 17 Apr 2024 21:18:46 +0000 (UTC) X-FDA: 82020288252.16.0C0B6E7 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf03.hostedemail.com (Postfix) with ESMTP id DB40120006 for ; Wed, 17 Apr 2024 21:18:43 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=TD0XzgHp; spf=pass (imf03.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713388724; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=soVIv7S/cFD39BpNRdoqoVyCZSY1hvphkidLWmkZkAI=; b=YRNBfisLZXZn9zaqBfgUVzbdDXhnbehK4iwFKDI8rjFWiZh1hjDCiXtlWnqZv4Lw34+qBz MGrYhIC4nRmSlb+nOiIM9sEjpm21fihKXhzqC/g6QuEwBT3vypS7CUN83ncFlacOQ3oSv1 DIkoPaR+NBI9iBKHeVi99RViCLAAX7U= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=TD0XzgHp; spf=pass (imf03.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713388724; a=rsa-sha256; cv=none; b=SeBnJGqdJ/r/fbZmm63/ZTG/EukpvDeD/lcRbD6EiQzXkR/UZ+m+oBSsc9GUrPZT++fY0f n1IRqz70LTxCXxoQ+3MZcGhb2Ix5b2WB/0C0cadcBr+PF8pGNtFsq5mBZVGMPdmY0pcqpe 10C4QMdZMY9dvkclFKTAmiHsn5QCDx8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1713388723; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=soVIv7S/cFD39BpNRdoqoVyCZSY1hvphkidLWmkZkAI=; b=TD0XzgHpJ0ltit/3aDVJjStH5IVPadWnuDarw9JWIIh5kApleO+dLymdNSnEUdrAvyh0vg Do0pBwaxTPD+kiWcOYVxg9dxoEHNGoUAnOn+dAHnz/eKuimUCd4GQRGDnNOB2zJLhxS2c9 DUFuaRJ3bMXN+HDtb2RwV45dWUMQFQo= Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-441-NKw568tGNFW3l7-Y0QdeLg-1; Wed, 17 Apr 2024 17:18:42 -0400 X-MC-Unique: NKw568tGNFW3l7-Y0QdeLg-1 Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-6a0426da999so413126d6.2 for ; Wed, 17 Apr 2024 14:18:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713388721; x=1713993521; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=soVIv7S/cFD39BpNRdoqoVyCZSY1hvphkidLWmkZkAI=; b=w3TMTKDV38tLScs4wiYkcd8NH5LBswp059gYwMchXOzh7kmiglO/X4Lr4oHEP8rKKU HGZvmLUQdiqtJ+YgIZ28gzBqB+knFhfKYTcBGjI7RSJzT2L5jt9l7OHtEyeq5l0h2gEW oItoi4RlXviLToPY8h/YzKTH1tFARFjVZTAvuU8D2GvH0/C12nnoaiUoUmwGwlUC5jwV 97zP09rHj5HkTGXSo6g9DcEeiUjYdui4Bo5YWTqA+q5tt9B3NSVO49byffDNSA+rAVUg NEi06MuuleLqgg4dc1CW7wruBDQANHrUr5XSQ7TQ40C4amfYAW/xzB/UXun3aSwDSgak 49Tg== X-Gm-Message-State: AOJu0YyrlUwPlm4OHs9c3HSufzZJ2Zg8tq3pqwKK78KrwL1eOUXa7UKy 9GbXYugIYAuwdPhcfq4OrjcuIPTqk5J3w8woIC4PuiU0DqLWusZLKzLvcDd+iNVxXL/8Jj1aVQd wc4TPMr5r/x6/4t5BB4Tk9I2HQkxix2qK7jdb08j2673/VSdfH4/1xM9ngzFpN96Hts/aKRCYs8 a5XTi0zXOtby4Kuv36JfR4TmMLqou1qQ== X-Received: by 2002:a05:620a:40d5:b0:78e:db4f:11e8 with SMTP id g21-20020a05620a40d500b0078edb4f11e8mr665748qko.2.1713388721186; Wed, 17 Apr 2024 14:18:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF29e5f56ETIzCUQyLUa1pQN9jUqXmcKYHsWC/k2I1kVI2Yma0QJE36x4pPxkZnbBNtERvaag== X-Received: by 2002:a05:620a:40d5:b0:78e:db4f:11e8 with SMTP id g21-20020a05620a40d500b0078edb4f11e8mr665713qko.2.1713388720577; Wed, 17 Apr 2024 14:18:40 -0700 (PDT) Received: from x1n.redhat.com (pool-99-254-121-117.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id c10-20020a37e10a000000b0078d667d1085sm18692qkm.84.2024.04.17.14.18.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 14:18:40 -0700 (PDT) From: Peter Xu To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: peterx@redhat.com, David Hildenbrand , Mina Almasry , Andrew Morton , Muchun Song , David Rientjes , syzbot+4b8077a5fccc61c385a1@syzkaller.appspotmail.com, linux-stable Subject: [PATCH 2/3] mm/hugetlb: Fix missing hugetlb_lock for resv uncharge Date: Wed, 17 Apr 2024 17:18:35 -0400 Message-ID: <20240417211836.2742593-3-peterx@redhat.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240417211836.2742593-1-peterx@redhat.com> References: <20240417211836.2742593-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Stat-Signature: 1zcgr5u76h18a8x3noh6xdhz963mfp38 X-Rspamd-Queue-Id: DB40120006 X-Rspamd-Server: rspam10 X-Rspam-User: X-HE-Tag: 1713388723-44132 X-HE-Meta: U2FsdGVkX18Zof14laQUuwfyhjUtfUpogAo/dVpIPAoaJnMnxsV+TDedNij7uer0iouIE1oKO5kcfsqoRvYeu+4teRFdw/7v8//j+bAU/2rxrcHpKYpXPPQrvRkvVW+uhckTgOL1jO41BZwTByu8pE7PpFUS7KgAM5h3tn62PgrkvlX5GwCYst/5AuEUR40dZGvS+AkzT13zuV/eu+NXUFPJWJkt5ZjUQXGb7ocA/Xv6hOElZFgXHE4j1GxUwc6toU5M/QR0LGt9L5uDMjim8TkT1Es64FYtUBzmu0AeAhZNaYfhUd+C1FPaGLCGJIFjnHEFYkk+HUvoQCoEmAxU7ghgJ/ksE/PoQWDtIbvXeD3H/iLzTpUCfImwsrH4cqtoFxZXRREA5AZ8niEkY8PLOugig1CSU5e7hDLhJKW62yKKMkugD2wrrTQILx85XL5Wh0zErqP9hW79P+xkm/MJTUv5x5+67klyssKPbJor77R3ENel+DGZlN5sWwGGthQ4uGaYBjvb00iBfk0ZnrbADRAB/48Y0lXdnfpSwmXh44Jr1Brm+Sk+r1oC9KoLJarWBPoGD4sU2zRdS+dZgQkosAsAl16NKZmZudJJefj8VQs+y9ypF3vCy7h8R2TrcK81zoSNfcYrkT9TmzFVsKr8sqf8NgI43e36mcOzn2mnh7Ab/DSOi0DyEwk1W0UiDNUnxSQ/1gFby6cn13bSO3VJg3RH70FnmsaJUxQdjV2tAeUVdnCLyA0PaCAegLjhDKaRZelKFTgNfOG+jIBSe3fi0XFxxSKOIc/afHhDFhwiu5SfEU9913RA8bej9GCzvEdpe+0M0hJYLYvfZl7dZHb8n8JfgJNBmzVD+j1JFhybnvtk/YQPYDit8ikTdgm6gfm2CxiVHCXE/o/fPN6IDterim4qQSnjRqkn1gbOiExvBh2XdLJatOZ61FXm+A1ignl22idzu8VO5VtAavjL1SK hqEiRRqx qHC5LGgV5ioLhvkPERMgtLv9MZHQHgYXOU18A68d3dSvrQT8ni3/FwWQLofAw7zEYqkzQaimvggyL6d576bs7TuLDxmJpn3jhPtY89S/2f6I0GcRT7K1p6dPgNXRuX/tUnSCBETJaxLpUekoyCZfza9Z71xbZDBuiMKNHAq3qsQ8q9AavpPWHWnK8LzEbu0Js/0VzAohQ8PjX8t8zoyQChEseFyzGcv/0sPPsv0hC0AuAUJY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Looks like a stable material, so have it copied. Reported-by: syzbot+4b8077a5fccc61c385a1@syzkaller.appspotmail.com Cc: Mina Almasry Cc: David Hildenbrand Cc: linux-stable Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu Reviewed-by: Mina Almasry --- mm/hugetlb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 26ab9dfc7d63..3158a55ce567 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3247,9 +3247,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)