From patchwork Tue Aug 23 22:11:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 12952645 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E2A2C32772 for ; Tue, 23 Aug 2022 22:11:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 84CF8940008; Tue, 23 Aug 2022 18:11:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7FBE0940007; Tue, 23 Aug 2022 18:11:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 69D0D940008; Tue, 23 Aug 2022 18:11:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 5A250940007 for ; Tue, 23 Aug 2022 18:11:44 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 20B17A0CAC for ; Tue, 23 Aug 2022 22:11:44 +0000 (UTC) X-FDA: 79832255328.10.32AF90D Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf26.hostedemail.com (Postfix) with ESMTP id BFC7F14003A for ; Tue, 23 Aug 2022 22:11:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661292703; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SqSTkWZMCrwSwsjSNzpe+ypA/kUjJyLN2b7ZHvSho3U=; b=ZYq5eHgtkXVWUfqLkxdvxYOhX0pdJUhF3FbQBYU271n4uQpzK4ZxJIT70xogtuZpKVRiWV Ffq0mUfZW62EVbPFAPjfBTKNQXs6Z9xD3jjiyNdRMvh4PgqoTaSGw/0uDcYsu+VWef6Qef IATxQ0iTnEB2GBF8gTcRaalKHjErFb4= Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-110-Fbs0F-AAMnCBDnphn1Va8A-1; Tue, 23 Aug 2022 18:11:42 -0400 X-MC-Unique: Fbs0F-AAMnCBDnphn1Va8A-1 Received: by mail-qt1-f197.google.com with SMTP id y12-20020ac8708c000000b00342f1bb8428so11509104qto.5 for ; Tue, 23 Aug 2022 15:11:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc; bh=SqSTkWZMCrwSwsjSNzpe+ypA/kUjJyLN2b7ZHvSho3U=; b=R3PjOQ7CKLpTAnyT7AfL8Q9Yuaa9lAHaHmRr4iCKBmip8Z6Sy88B7Sk1jkzn1qhC8X OtmbfDdpJSqoS7fkHna1ZFWAcS8bKo3xbQMcqMcoUWCNQIXtMT+LxeWpEUIObZaw6ugz J7lwE1yAD9isqoMaXvUa8Mg12v4CIA3s2i+pIxiSnE6+YOu5EgJo/nJgy1CsX6qPGHhy cExwO3nHzu/XEyPkYXjJjc92n5F9FZ4aXuuhZO9NbIBdCZO54P6mL9lzo/DVALfb4WVQ 7M/pX1V+qRcg8jaG0/xw8PqPtPBIPrAxFcNRsq8SHmTiBG2ak2z9Ylf41Rdb15yOZl76 CPCw== X-Gm-Message-State: ACgBeo06oNZSdgakj4XNpWhfEgyZZUgtWr84tpm/y8QwcOWoKwFMDKoq JoK3vYvjegx6A+n704TRiyPwSEQ+OrB+fXiscAcQXxZiY1eUQs7oR9SlJ3qwoBnO5XTVSYoxEE4 AItGmiSIDNEQ= X-Received: by 2002:ac8:58c8:0:b0:344:87c2:c495 with SMTP id u8-20020ac858c8000000b0034487c2c495mr21306102qta.631.1661292701313; Tue, 23 Aug 2022 15:11:41 -0700 (PDT) X-Google-Smtp-Source: AA6agR4lLdPjmsXBhe8LEZIi5nM1ZsA7umBVsvW+i6mZX+KoZuDvOiaboMlLZWVcvCAfdLMqUwSvCg== X-Received: by 2002:ac8:58c8:0:b0:344:87c2:c495 with SMTP id u8-20020ac858c8000000b0034487c2c495mr21306082qta.631.1661292700932; Tue, 23 Aug 2022 15:11:40 -0700 (PDT) Received: from localhost.localdomain (bras-base-aurron9127w-grc-35-70-27-3-10.dsl.bell.ca. [70.27.3.10]) by smtp.gmail.com with ESMTPSA id s11-20020a05620a29cb00b006bbd0ae9c05sm12319185qkp.130.2022.08.23.15.11.39 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 23 Aug 2022 15:11:40 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Andrew Morton , Huang Ying , peterx@redhat.com, David Hildenbrand , stable@vger.kernel.org, Yu Zhao Subject: [PATCH] mm/mprotect: Only reference swap pfn page if type match Date: Tue, 23 Aug 2022 18:11:38 -0400 Message-Id: <20220823221138.45602-1-peterx@redhat.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-type: text/plain ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1661292703; a=rsa-sha256; cv=none; b=M6UhGGYToxr5HaSxd9A3iHF4obhHT1j1Cc5d/7nqmerEuEQH82gnux+gRXRO4Xu2CdZOEs PMqfY0cIt9wEc2zItqAheivTkD42wYq9EANYBruq0zlkdlL+36EbmW1X7TpzcK+qTUu+EJ xovGOtd8wkrlKs1yePzh03X6XtbR9nY= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=ZYq5eHgt; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf26.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1661292703; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=SqSTkWZMCrwSwsjSNzpe+ypA/kUjJyLN2b7ZHvSho3U=; b=gonLB+w6rC8Ezwu9vfylyA/ObskfQoYGvLP/F9dWl2s80s3tAdDjoF4UJ93TZeceYpQelQ qYN33lEeUU4jti6QG4UOKqOyrKkt/xJ8Tm3oWFcK0HvxZs9mM7Ra8bvbs/RltjI67/Wxg9 1w69G0/FGWJXOeFCQBF0k/Tz8G+hzRU= Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=ZYq5eHgt; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf26.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com X-Stat-Signature: e7u5ytafzpmg7u5w9qjsu5xnrg4zftfk X-Rspamd-Queue-Id: BFC7F14003A X-Rspamd-Server: rspam03 X-Rspam-User: X-HE-Tag: 1661292703-100103 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() to fetch PFN from swap entry" added a check in swp_offset_pfn() for swap type [1]: kernel BUG at include/linux/swapops.h:117! CPU: 46 PID: 5245 Comm: EventManager_De Tainted: G S O L 6.0.0-dbg-DEV #2 RIP: 0010:pfn_swap_entry_to_page+0x72/0xf0 Code: c6 48 8b 36 48 83 fe ff 74 53 48 01 d1 48 83 c1 08 48 8b 09 f6 c1 01 75 7b 66 90 48 89 c1 48 8b 09 f6 c1 01 74 74 5d c3 eb 9e <0f> 0b 48 ba ff ff ff ff 03 00 00 00 eb ae a9 ff 0f 00 00 75 13 48 RSP: 0018:ffffa59e73fabb80 EFLAGS: 00010282 RAX: 00000000ffffffe8 RBX: 0c00000000000000 RCX: ffffcd5440000000 RDX: 1ffffffffff7a80a RSI: 0000000000000000 RDI: 0c0000000000042b RBP: ffffa59e73fabb80 R08: ffff9965ca6e8bb8 R09: 0000000000000000 R10: ffffffffa5a2f62d R11: 0000030b372e9fff R12: ffff997b79db5738 R13: 000000000000042b R14: 0c0000000000042b R15: 1ffffffffff7a80a FS: 00007f549d1bb700(0000) GS:ffff99d3cf680000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000440d035b3180 CR3: 0000002243176004 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: change_pte_range+0x36e/0x880 change_p4d_range+0x2e8/0x670 change_protection_range+0x14e/0x2c0 mprotect_fixup+0x1ee/0x330 do_mprotect_pkey+0x34c/0x440 __x64_sys_mprotect+0x1d/0x30 It triggers because pfn_swap_entry_to_page() could be called upon e.g. a genuine swap entry. Fix it by only calling it when it's a write migration entry where the page* is used. [1] https://lore.kernel.org/lkml/CAOUHufaVC2Za-p8m0aiHw6YkheDcrO-C3wRGixwDS32VTS+k1w@mail.gmail.com/ Fixes: 6c287605fd56 ("mm: remember exclusively mapped anonymous pages with PG_anon_exclusive") Cc: David Hildenbrand Cc: Reported-by: Yu Zhao Signed-off-by: Peter Xu Tested-by: Yu Zhao Reviewed-by: David Hildenbrand --- mm/mprotect.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mm/mprotect.c b/mm/mprotect.c index f2b9b1da9083..4549f5945ebe 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -203,10 +203,11 @@ static unsigned long change_pte_range(struct mmu_gather *tlb, pages++; } else if (is_swap_pte(oldpte)) { swp_entry_t entry = pte_to_swp_entry(oldpte); - struct page *page = pfn_swap_entry_to_page(entry); pte_t newpte; if (is_writable_migration_entry(entry)) { + struct page *page = pfn_swap_entry_to_page(entry); + /* * A protection check is difficult so * just be safe and disable write