From patchwork Fri Jul 12 14:42:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13731871 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F9B3C2BD09 for ; Fri, 12 Jul 2024 14:42:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5EA646B007B; Fri, 12 Jul 2024 10:42:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 599706B0082; Fri, 12 Jul 2024 10:42:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 439CE6B0083; Fri, 12 Jul 2024 10:42:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 215B16B007B for ; Fri, 12 Jul 2024 10:42:56 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 7B7291A0B94 for ; Fri, 12 Jul 2024 14:42:55 +0000 (UTC) X-FDA: 82331367510.04.DA34EBC Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf09.hostedemail.com (Postfix) with ESMTP id 75D8114001F for ; Fri, 12 Jul 2024 14:42:52 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Os9RUKBC; spf=pass (imf09.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720795327; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=qL1WmhqHrdkgEQfSkzrg4ZwshTTtxr8eNmW6cIXKmXw=; b=bxOYjHX8gx+akhdgXPWqW/fiEUgEY90MMJEB6wIfyysZoD7fx79mkHOIL45z39R4Dky8nt cyjLc4L429DPZZv8UkTDeGnBLB/vrlGcTAP1kbMLleqgfw8jNtM3sW6XYyhvds/juq2lIR PehtXZsq5yWB96WQd5p8Z/3xnQ4grQw= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Os9RUKBC; spf=pass (imf09.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720795327; a=rsa-sha256; cv=none; b=z8XdINpWuyaUExnLk8ojNuaw4JHu9an0BTY/KQmFMzVGiy8Cqd+pVBV9+1eb/At9h9ernV 88FfiPRvySP6g3lOxwiGBozlZ4sigifTrGirRGzNCfMcY417eEM/tdGckCM8JeQpvQcKPl BIXwqjoaoIr4MK+8MhUP/o8lvA7nzgA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720795371; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qL1WmhqHrdkgEQfSkzrg4ZwshTTtxr8eNmW6cIXKmXw=; b=Os9RUKBC7kVDsMbHswLUEDCRtzxONUX8q1TvkxLzqgW+7/4P6tCjdjfdVFz/ltVa9keKe9 4kRZKbjlmX7G1+YjeuHNoP0j9nwkMDqCVo6lb2tMePNnAXQ+cjJohBfE6iyDZdJ2moN4Bo 8A0lxYWwlHBPb/DtUpQKBszDJsUiUuI= Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-608-M-MXx4LxMWKMTLG63cd2vA-1; Fri, 12 Jul 2024 10:42:48 -0400 X-MC-Unique: M-MXx4LxMWKMTLG63cd2vA-1 Received: by mail-qv1-f69.google.com with SMTP id 6a1803df08f44-6b5dc283dcfso923676d6.2 for ; Fri, 12 Jul 2024 07:42:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720795368; x=1721400168; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qL1WmhqHrdkgEQfSkzrg4ZwshTTtxr8eNmW6cIXKmXw=; b=EZItGpUJ4cIg2ieHGJCv+1D13H+ZAYnTCWx+ed0/r3cPK76KgNEYO7u8x9rOQSLrE2 SgRYNHt2xeXeqzGiPHSy+VlaS+tXbyTtIOoIRqhN3Iu9yUniSGuxrNcrBObnI5WG+wt9 BHjnHG2/y5CZeK5lK1eefC6+rjh+0oORQgzP0VzSnBGvZzc4QJGkEffPFN5sPuK6DRc6 IhD6yiD0AyGzyDtrieB27HcMB+VyGHUwnuzBRdAoSyPVhei2w0h4aVLLv9OCwy/baCEP bSwLsFStqW1oIRKeXFrT8DhSNqEp+Pulj4Nytm8u/PakQzhvQLWb5An0zNB9kWMGxKz3 ULzw== X-Forwarded-Encrypted: i=1; AJvYcCViEhnSBNhGXN60JM0x11Gxnl17imkgerdLiAqPoMAKcLSliFuxFF/nKAuHmfZ6XUMcZQ9me9M9LyJG8hQUJ39v07I= X-Gm-Message-State: AOJu0YwiL2W0HBkXaDlILqclwe0DWEJABkKcvPPUCd+oOgfwplr+wFrw Ggc/Z67qr5oDnV9Q6tFjkat7TSRWZ5IaB1D2xek+i5d+EFAjHw2z62+cLXsGYw27vy76MVXx0ju Y24Zl9hzMUax0lwFHMHYRMrgrB9GgQ5aLZIR5hrd6LLdjilWL X-Received: by 2002:a05:6214:514d:b0:6b2:b13d:5b75 with SMTP id 6a1803df08f44-6b61bc801a7mr119834576d6.1.1720795367984; Fri, 12 Jul 2024 07:42:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFeOScnWHFAYqzIrDECr2bZ2kxJhPeSR3us+DvzEHpXbWhPh5U0cpMTIvKk/Nyzyx623Ev09A== X-Received: by 2002:a05:6214:514d:b0:6b2:b13d:5b75 with SMTP id 6a1803df08f44-6b61bc801a7mr119834396d6.1.1720795367584; Fri, 12 Jul 2024 07:42:47 -0700 (PDT) Received: from x1n.redhat.com (pool-99-254-121-117.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6b61ba77767sm35825716d6.95.2024.07.12.07.42.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Jul 2024 07:42:47 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Andrew Morton , peterx@redhat.com, Alex Williamson , Jason Gunthorpe , Al Viro , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "Kirill A . Shutemov" , x86@kernel.org, Yan Zhao , Kevin Tian , Pei Li , David Hildenbrand , David Wang <00107082@163.com>, Bert Karwatzki , Sergey Senozhatsky Subject: [PATCH] mm/x86/pat: Only untrack the pfn range if unmap region Date: Fri, 12 Jul 2024 10:42:44 -0400 Message-ID: <20240712144244.3090089-1-peterx@redhat.com> X-Mailer: git-send-email 2.45.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 75D8114001F X-Stat-Signature: dz8wqxrhqkfm1orhnx43tsxiduosd7jd X-Rspam-User: X-HE-Tag: 1720795372-884093 X-HE-Meta: U2FsdGVkX1//eGn+xFxrSQMlk1bOXbQdqhb3nl+HV4tkoJC2xq4N3EbNM1/pp4rP9g5Q9TlUsR8Lr0fn9ipFeoUjGbmC946TDviBPSyRYDiurNEJz6rT7ACiTiWnfJ5CJZPGcL33dBis7f83100K/PTdC4f4+6ONPXfJJliI40xKYf7lGBBZ5lYIISVgKig6iTu2zLH1kp/VtyBxKF4oFx8MFYZRRX+ufWBo5vbu5Iv395cOTyY+wCoec6fuRHKHSs7H1S4XkNerdAJY7CzQtdS9zXbetNFUpxGAXifDx2oHQsi4d4JMqBJ5JI0owvLMftbEJGeqgNYS+RyL1+yEz04TDKOgioDkQ67e1by3aRMJFtLnYbXY7AP2yRhgx7GgotlV1/XtKbez8Njl7N/sDAKxj+FrQxMc28J1MzXxrrLlSSAkg7EwnealZ3qZ1f4zGfrAtAGom/hCoQQdETVy22PhAbiagUQxeTsknWSvbY07UrCZOvFJWOROoo2Z4T50V/QbNH6Yrz+pWIN9NDArLZPiPlhtUEtOd+dj1Hoi8NiBvMEjbr26GDO0mF8uPL/l5bnf2fLRZESJZPft4Vj9orb/5AkGgzRyZgwPlSdjLM7aYkPN3MoxSZg6KCyA+zLPD5DTh6bX+kM7fA6w/W5h+908HQ8egmBjq4qsVo6kegTWVsGMU9SV7OXbvgzwYVDq5nqThttOU7Dt9vlWg34A08pf1RZ5wfwbbSFfTseo5TGQJUnc/cNknWR/Bdkio1q4ch+K3hIXlam57I2MVLbTST25nCwc/uMs/IxYT/K1pyW4QOSznsbiYFnc978peEdoma7qMughumhJFXs4Lnl5rc+WRWuCiOPITB/NqK/v5zTxOBU59ZnaImjFhNKxQ64/3BV36pvjdii3TvCn1wMWbnNKEmPxAJruWYei+2HOQRO1pfAYcshbnpklJv5Xuqc5qcjhr/0ZWIclUAzuGNQ UNuvACgU 5DECVjQHy+5zMitmMxRMIgBhY5rgEDewwdfW+u/lSq9IINUVaNuIXIw1bik4obsCrveM7bwh5DDDDYc9kCWE0FHdPBcGeg9iCS4wbOCG+SxiZqHGmfFcnFRQAf8MnKb+IIAi6Sz9wZ3qOkZyaCZ230aF30524yddzdHeye8CkJVoh7kxUkpJUhk+hpp3EV7NsnRaG/zr4g1+ks0JcIg+AKyTzzH4YZBfmYpuBqiUhNCW++gO9lM3cuYocTcqW0GeJkVxwpzEWsxGn0qVZ9XH9F+GjpsUfTTo5iLfT3VX6cPkURCtPZlYjiEi3cjbWLKKTu+SGha6ekgaFu3LXjyko5u06bGaA1bkfw3ecZ2TKX8MNXgDxB+Xk2xOPDPlZh6olGqSxv83ah934HRFQUKBXpCiI2fh/Z3wxwuvCi4EcgZNpl0GqcbnDCoRb9kFpmCPw5heuqyt2actBxghua/Tv6EW7XMhlL5viw/0+HyBhvUavOB3PB5lVTsatEtZzSkXiYW1yVL93brITg5hDUvwcUCiUb5ZNAiTv7NrqFG/oLiId3hn4y+4Z0IKX0yEg2wD2mDUzjPr0eQZhjXR13Cwp/v5WSC1DJSn3jvRGJFqo2QJgIW6RbvVl9g620NQjHdq3mxbf3WgpccdsxGAeKAQRn/4t5yBLlxkh/htWMGtNZnTpESAfyuB1Nt8fzjktQci6VU6fLu/Axe7DLDULRx7SgXciqPRuVH4/Di/W+HFmekWPamw38TNj89uSw9V8QpG4kSThOjpoMTHkeeAqdd1ouFmB+18nJXmYupDAP2Mox3xlPa8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This patch is one patch of an old series [1] that got reposted standalone here, with the hope to fix some reported untrack_pfn() issues reported recently [2,3], where there used to be other fix [4] but unfortunately which looks like to cause other issues. The hope is this patch can fix it the right way. X86 uses pfn tracking to do pfnmaps. AFAICT, the tracking should normally start at mmap() of device drivers, then untracked when munmap(). However in the current code the untrack is done in unmap_single_vma(). This might be problematic. For example, unmap_single_vma() can be used nowadays even for zapping a single page rather than the whole vmas. It's very confusing to do whole vma untracking in this function even if a caller would like to zap one page. It could simply be wrong. Such issue won't be exposed by things like MADV_DONTNEED won't ever work for pfnmaps and it'll fail the madvise() already before reaching here. However looks like it can be triggered like what was reported where invoked from an unmap request from a file vma. There's also work [5] on VFIO (merged now) to allow tearing down MMIO pgtables before an munmap(), in which case we may not want to untrack the pfns if we're only tearing down the pgtables. IOW, we may want to keep the pfn tracking information as those pfn mappings can be restored later with the same vma object. Currently it's not an immediate problem for VFIO, as VFIO uses UC- by default, but it looks like there's plan to extend that in the near future. IIUC, this was overlooked when zap_page_range_single() was introduced, while in the past it was only used in the munmap() path which wants to always unmap the region completely. E.g., commit f5cc4eef9987 ("VM: make zap_page_range() callers that act on a single VMA use separate helper") is the initial commit that introduced unmap_single_vma(), in which the chunk of untrack_pfn() was moved over from unmap_vmas(). Recover that behavior to untrack pfnmap only when unmap regions. [1] https://lore.kernel.org/r/20240523223745.395337-1-peterx@redhat.com [2] https://groups.google.com/g/syzkaller-bugs/c/FeQZvSbqWbQ/m/tHFmoZthAAAJ [3] https://lore.kernel.org/r/20240712131931.20207-1-00107082@163.com [4] https://lore.kernel.org/all/20240710-bug12-v1-1-0e5440f9b8d3@gmail.com/ [5] https://lore.kernel.org/r/20240523195629.218043-1-alex.williamson@redhat.com Cc: Alex Williamson Cc: Jason Gunthorpe Cc: Al Viro Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Kirill A. Shutemov Cc: x86@kernel.org Cc: Yan Zhao Cc: Kevin Tian Cc: Pei Li Cc: David Hildenbrand Cc: David Wang <00107082@163.com> Cc: Bert Karwatzki Cc: Sergey Senozhatsky Signed-off-by: Peter Xu Acked-by: David Hildenbrand --- NOTE: I massaged the commit message comparing to the rfc post [1], the patch itself is untouched. Also removed rfc tag, and added more people into the loop. Please kindly help test this patch if you have a reproducer, as I can't reproduce it myself even with the syzbot reproducer on top of mm-unstable. Instead of further check on the reproducer, I decided to send this out first as we have a bunch of reproducers on the list now.. --- mm/memory.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index 4bcd79619574..f57cc304b318 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1827,9 +1827,6 @@ static void unmap_single_vma(struct mmu_gather *tlb, if (vma->vm_file) uprobe_munmap(vma, start, end); - if (unlikely(vma->vm_flags & VM_PFNMAP)) - untrack_pfn(vma, 0, 0, mm_wr_locked); - if (start != end) { if (unlikely(is_vm_hugetlb_page(vma))) { /* @@ -1894,6 +1891,8 @@ void unmap_vmas(struct mmu_gather *tlb, struct ma_state *mas, unsigned long start = start_addr; unsigned long end = end_addr; hugetlb_zap_begin(vma, &start, &end); + if (unlikely(vma->vm_flags & VM_PFNMAP)) + untrack_pfn(vma, 0, 0, mm_wr_locked); unmap_single_vma(tlb, vma, start, end, &details, mm_wr_locked); hugetlb_zap_end(vma, &details);