From patchwork Wed Mar 13 01:29:13 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peng Zhang <zhangpeng362@huawei.com>
X-Patchwork-Id: 13590821
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1F6EBC54E5D
	for <linux-mm@archiver.kernel.org>; Wed, 13 Mar 2024 01:29:33 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B00898E002D; Tue, 12 Mar 2024 21:29:32 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A894A8E0011; Tue, 12 Mar 2024 21:29:32 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 929A88E002D; Tue, 12 Mar 2024 21:29:32 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com
 [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 7F7748E0011
	for <linux-mm@kvack.org>; Tue, 12 Mar 2024 21:29:32 -0400 (EDT)
Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 34AB8140548
	for <linux-mm@kvack.org>; Wed, 13 Mar 2024 01:29:32 +0000 (UTC)
X-FDA: 81890283384.05.EE28539
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
	by imf05.hostedemail.com (Postfix) with ESMTP id 22FA6100004
	for <linux-mm@kvack.org>; Wed, 13 Mar 2024 01:29:28 +0000 (UTC)
Authentication-Results: imf05.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf05.hostedemail.com: domain of zhangpeng362@huawei.com designates
 45.249.212.188 as permitted sender) smtp.mailfrom=zhangpeng362@huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1710293370;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:in-reply-to:
	 references; bh=KJPnevTrjXiGP64+GxnJxbFIjEKKfG0Sz5sPcVm9+iU=;
	b=j/VrFbCWd1io6LteSTS7yKHI3asPtGdxpGDPQPpsgKgU+F8Ofdl2IRoehMrjFj7po8t6xA
	cijMnhWZefXJ6TDBYVK4xWFpc3eJ0d0tu15h++n+pNGT5tmIQ5Kc0QL1AnF9QfQ85Zr0O7
	qwvGUJTGADvhI4/KCgrZOlosjlmdMi0=
ARC-Authentication-Results: i=1;
	imf05.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf05.hostedemail.com: domain of zhangpeng362@huawei.com designates
 45.249.212.188 as permitted sender) smtp.mailfrom=zhangpeng362@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710293370; a=rsa-sha256;
	cv=none;
	b=N8oC5ArvwPUl460QiC0eADB7AEEx2OaLutv6FaW9p95q6b1m4zNM61qUazcUMlDa/hF2am
	MQp6d30zmR+veMRAPBzZrRbU4UvZUIG8e7tGYoxaqaBHpJNL+KnCfXITlVaEKx6nzsI+Sl
	PTlbBYsPB3mkEc+k6cM7P0Oe+T9rAek=
Received: from mail.maildlp.com (unknown [172.19.163.48])
	by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4TvXt75qYSzXj3j;
	Wed, 13 Mar 2024 09:26:55 +0800 (CST)
Received: from kwepemm600020.china.huawei.com (unknown [7.193.23.147])
	by mail.maildlp.com (Postfix) with ESMTPS id 3C9FF18007B;
	Wed, 13 Mar 2024 09:29:21 +0800 (CST)
Received: from localhost.localdomain (10.175.112.125) by
 kwepemm600020.china.huawei.com (7.193.23.147) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Wed, 13 Mar 2024 09:29:20 +0800
From: Peng Zhang <zhangpeng362@huawei.com>
To: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>
CC: <akpm@linux-foundation.org>, <willy@infradead.org>,
	<ying.huang@intel.com>, <fengwei.yin@intel.com>, <david@redhat.com>,
	<aneesh.kumar@linux.ibm.com>, <shy828301@gmail.com>, <hughd@google.com>,
	<wangkefeng.wang@huawei.com>, <sunnanyong@huawei.com>,
	<zhangpeng362@huawei.com>
Subject: [PATCH] filemap: replace pte_offset_map() with
 pte_offset_map_nolock()
Date: Wed, 13 Mar 2024 09:29:13 +0800
Message-ID: <20240313012913.2395414-1-zhangpeng362@huawei.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Originating-IP: [10.175.112.125]
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To
 kwepemm600020.china.huawei.com (7.193.23.147)
X-Rspamd-Server: rspam09
X-Rspamd-Queue-Id: 22FA6100004
X-Stat-Signature: 9xawxcuamtgyuomacjb5nqe81kkkkajr
X-Rspam-User: 
X-HE-Tag: 1710293368-742304
X-HE-Meta: 
 U2FsdGVkX1/bFeZk/P3ZWpmTT5Ce2EdiXU7hr59htikmQUf+uyNeAlGDikj8gZ1iwx775siZaMHOiLjoaBXe1CEfVfqX8dmh/BAGBSTCy1Q/DG5KgZFsUNJ42he7bRbP6C4AFwkAHs9N91vGD8WUhufBWJ4BLLhATHTTYhxtgXlIxqhWYywwESpe/vpio8W+6xHScPe8uVUzD4dBnGUKBmc8bG/DxyqqJHlx5ZmtIFz32dlzwWBhD7pnXs1hBjJuDFsU5SXkMaYtICetR86SBfKcGWzOzJ2je0P9oxhSpzUE47TP4qlOnyiQzPFFU+YZx11YlMxhs9ow6bQkFGJXwHiOR+tKZ6CelTCQaEZgC23azP0TzLJP8r0vXV/RwuZV2cpbo0ggJDflZfY0n4EyhSDDGoUzC1oXeQrNiHMbA9clhIu7jjs/TafE1CmvxlCYF6UBrIHRCqcUVeZH3HbNEJhEMU3SsTkBaJf2Wx+VwhG2QjIlU4t05hxxgZI3KcrXiMM0ju0U2qG6e8/v6n6emY/0h6LRC3B2jQe/hXKQaB+Fkg/3JxCeTr0fsNH8IZgaZXLYZOZe4sIBR0dbQID3f8vs4mfKZNn/cwRUs/j7cx8CEm+YePOIzNYhIeZC9Bcg+yflyk4ru3QA06iFvR58ofC//9oloizpDlItDuNHiZehe7mZJpikKhVs2Ru6yY01VGhvqIn7ZwJT0g/qs9P1+cWL7n/5pY5gKdN3V1txv9xqC/boAxXY65quib1bK8NNmGNdDOO7WCqfBU6XyLOsPD9AC2BGNH+D4nxGZ/ykBFGK3WjQHPIp0oscge7NZ3qnd14kI10ZnQv533kWgK18qMO6ESGAir1a7vnEVxVrKGQqbODnOo5UBtt3aX9sARsMY6Znmm91+vj6H2d+ZUfuLgJUjT2aCSwyW8p5rWEvQEkM7dR8UoxZIsDLgkyWEl2EbUeokVu7rkuuQICxHHF
 QtyyUW1e
 Q5LVQKvoGSi25GgIRBhsvTaywjV0tViumya2xy2EM5SrDp7E8vZk1dVqgz9EKlDCblLFwfYrIHPInSmmE1RDqP9CSEOAMKt76t6zDBHyh4FXBf4vpk/R1ZasEttkCfV3SBfZ6IgnD3C8SUiWo2U8pp0AKLuvvyc5L6WEgFDEIqF36Sia+nZchRhnaxzzgfumfO0h/QE9KkrIe2Fr2LF+wTB3RCA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

From: ZhangPeng <zhangpeng362@huawei.com>

The vmf->ptl in filemap_fault_recheck_pte_none() is still set from
handle_pte_fault(). But at the same time, we did a pte_unmap(vmf->pte).
After a pte_unmap(vmf->pte) unmap and rcu_read_unlock(), the page table
may be racily changed and vmf->ptl maybe fails to protect the actual
page table.
Fix this by replacing pte_offset_map() with pte_offset_map_nolock().

Fixes: 58f327f2ce80 ("filemap: avoid unnecessary major faults in filemap_fault()")
Suggested-by: David Hildenbrand <david@redhat.com>
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
 mm/filemap.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/filemap.c b/mm/filemap.c
index 31ab455c4537..222adac7c9c5 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -3207,7 +3207,8 @@ static vm_fault_t filemap_fault_recheck_pte_none(struct vm_fault *vmf)
 	if (!(vmf->flags & FAULT_FLAG_ORIG_PTE_VALID))
 		return 0;
 
-	ptep = pte_offset_map(vmf->pmd, vmf->address);
+	ptep = pte_offset_map_nolock(vma->vm_mm, vmf->pmd, vmf->address,
+				     &vmf->ptl);
 	if (unlikely(!ptep))
 		return VM_FAULT_NOPAGE;