From patchwork Tue Sep 3 14:25:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Sistare X-Patchwork-Id: 13788801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91516CD3439 for ; Tue, 3 Sep 2024 14:25:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 279B28D0189; Tue, 3 Sep 2024 10:25:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 17C9B8D0151; Tue, 3 Sep 2024 10:25:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E2B928D018A; Tue, 3 Sep 2024 10:25:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C0AC08D0151 for ; Tue, 3 Sep 2024 10:25:38 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 75CB1C041B for ; Tue, 3 Sep 2024 14:25:38 +0000 (UTC) X-FDA: 82523650356.21.04D5EF3 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf08.hostedemail.com (Postfix) with ESMTP id 4E7E616002B for ; Tue, 3 Sep 2024 14:25:36 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=Hoif2JzH; spf=pass (imf08.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725373442; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=vr6pM4E+lFLBzV/5tEnmyQ757HAXInOvYWZ2E4pgf4g=; b=uYbnsAr2uk/3bkhzlff1tvsoHEMbeyJvBjtrplywNPuCxla8S732ECpZcNILOYI7SNl/Jm fHde+phkYdvmeeWx1lxRgBhSL9PDVpGcD25js+5stxdgLSN9qFGdOPfVfL7dRRf4DQ5klB U4fiVD00J89zEtaejFvNQWdUOzio6jU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725373442; a=rsa-sha256; cv=none; b=8luTHKbWyS+NeoeDCM5SKDX6cXhWcMObm0JPOpbaxCz13bAs9sa0Na1dbFiDkd/iv1Q8Hn YEkpEZO7h9W6PwR4PTOOqbm5HpJMW0C3+M6W9XPKUCRz1fmxBpj7D9KI45vTD3fRoy5ACA pW6Os/s0SxwyhSgMaqfGU1vPcCxYb3s= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=Hoif2JzH; spf=pass (imf08.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4837fVdp007602; Tue, 3 Sep 2024 14:25:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references; s= corp-2023-11-20; bh=vr6pM4E+lFLBzV/5tEnmyQ757HAXInOvYWZ2E4pgf4g=; b= Hoif2JzHhn5G7dpVUZpuf0xXHh8GwR9LCVSWfNM9j2T7c8imMxCGc48QD9im4yv9 pUZrUneJ/nOqh6Xs8PobdGC9a6hhn1tTCF5oQt1nhJss80pAQIpiM4h+jgVM073/ LRZqzYsnF4g1Tkl4ePjHxSlUaru8PQ/Qep8Brz8FTQeZ6OTFogQqyx0Ngt6f9iJO WpZzbgv730awQjDjCMgLqrxURuNhh+93e1GY0tUJxdXpLdKs2zOdraVd+2wNwud7 9QwOa/rnq9Lzz9iqLTsew4KfByJC+tjKvPuez4Nmhz5pOaQr9gMVQ9/TyGS2VL4L jRlXALnyzKpZ0nBIlelmSw== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 41dw51rxyv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:26 +0000 (GMT) Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 483E9cNQ001754; Tue, 3 Sep 2024 14:25:25 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 41bsmf1mcv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:25 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 483EPN4K023489; Tue, 3 Sep 2024 14:25:24 GMT Received: from ca-dev63.us.oracle.com (ca-dev63.us.oracle.com [10.211.8.221]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 41bsmf1maj-2; Tue, 03 Sep 2024 14:25:24 +0000 From: Steve Sistare To: linux-mm@kvack.org Cc: Vivek Kasireddy , Muchun Song , Andrew Morton , Matthew Wilcox , Peter Xu , David Hildenbrand , Jason Gunthorpe , Steve Sistare Subject: [PATCH V1 1/5] mm/filemap: fix filemap_get_folios_contig THP panic Date: Tue, 3 Sep 2024 07:25:17 -0700 Message-Id: <1725373521-451395-2-git-send-email-steven.sistare@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> References: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-03_02,2024-09-03_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2409030117 X-Proofpoint-ORIG-GUID: sL_Bk4pT-Ld6JPROeLzFPzJ7Tj08ZJla X-Proofpoint-GUID: sL_Bk4pT-Ld6JPROeLzFPzJ7Tj08ZJla X-Rspamd-Queue-Id: 4E7E616002B X-Stat-Signature: iu6cymx4wf738r3q5oducewxchd9fko3 X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1725373536-670300 X-HE-Meta: U2FsdGVkX1/JicL3CiaROBWtPpMabvrTzVoGwoR+6I4mV0GD2hNMhPwyf9Tvxkr7y2O3iUvtPQspcAcDQa2KP4cI9vh+znjhibBn8CVJ+zK9GOGOTfIBksaCpQ1dKVDN194pUc93m+GRFhDGXvOL/+DSw1N2RtoZ8na7MhW3XDvfjDrD7H1XRJIbHFJRYnugEJ2G7i3DQcyhyz3VYep9e0n03z8IbaTQn9S7Us3Foi6/i7LM7a2GygVpXY6wVW+JNp1i31KigqgAsvAXVCUh5JYjw+/A4h93o/dKXDQKABC2DZze10SE8QiAl08fiC1Rt/crp0bCwVAEhgmsEkYDbeXfgZqNntVBhi8sVIfg49AkM+vQ7oy4Jj3LmBOktic969fbk0Ox5QPfSE99DiOI9/+ksJ83iHi8F7OKB3glNmvYiL9IR4G7/J6Y3sb5tQpUV3QZrOf72EqxpBSwgJ730JRUiSDgkZ3B5zP6I9ssBeaMukWuBXf4e2JHcLi2sIW7+o9AQV1LsgL2e2UZproVYUWLxOutDa/hqZVP4teQUVZS//LR2hGR7y3X5Y/nUIU+j9i/LSF0HJydUOsund/2+WVEpdZ2F0LBtFF8dECyaYitYDqcYi9ZZhU2MUsgIIR73sUFkD0TDAizSFI50jjr1biJueLhrPLn79m/j7vZrDriE8rVolTlpqOvePgRnxELeQDDZ57Ln/p6d2uNC2TKbDTTXLnoHGmTAp+QC5y4TO7Tjdq//8ECCg8EQeOXF1JuSqxJyKTJSdBLkQY0wdI57MKEIbH8xnmqvAj/31z8Oy5BFyNgByro47XFjtFBcI6Ngenpt8SNShfgydcUTMMCHjWMZ2vO6TAfjIq+W2SComcTv/APky6YZWMicj9nrph37zFF+35H44z1tNXabtWb+skNzg0wS6MQUVHk3JwjkQ09x6WDCs96T4+6FInw+lPJLw+gas8P3tE0nNZUqFL KgbvBvWr 8HJAxx9HNZNv6gBIjG7AfnrtuqB16DYpWbtWILTnzAagp/3avwNgBnQivzIgzWVIhgT1Xd37PcQfVfpKF0XPjdFjyjxNgUXUpJQ3oz6O9ecQ8Dyd+aNQDgsuvSf7dCRnAX5xk/MXLtnrbP8WxIofuJnBBzIyKPUN8AE3K8apbA3t/EH8dRe/DJXkxf01IkqUtM5tF8/fW40yGyHern6kH7n8kX9LSU0I9xQ46+rROLzMhQd20vVB5O5kLAw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: memfd_pin_folios on memory backed by THP panics if the requested start offset is not huge page aligned: BUG: kernel NULL pointer dereference, address: 0000000000000036 RIP: 0010:filemap_get_folios_contig+0xdf/0x290 RSP: 0018:ffffc9002092fbe8 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000002 The fault occurs here, because xas_load returns a folio with value 2: filemap_get_folios_contig() for (folio = xas_load(&xas); folio && xas.xa_index <= end; folio = xas_next(&xas)) { ... if (!folio_try_get(folio)) <-- BOOM "2" is an xarray sibling entry. We get it because memfd_pin_folios does not round the indices passed to filemap_get_folios_contig to huge page boundaries for THP, so we load from the middle of a huge page range see a sibling. (It does round for hugetlbfs, at the is_file_hugepages test). To fix, if the folio is a sibling, then return the next index as the starting point for the next call to filemap_get_folios_contig. Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare --- mm/filemap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/filemap.c b/mm/filemap.c index af99bf9..c385b7a 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2183,6 +2183,10 @@ unsigned filemap_get_folios_contig(struct address_space *mapping, if (xa_is_value(folio)) goto update_start; + /* If we landed in the middle of a THP, continue at its end. */ + if (xa_is_sibling(folio)) + goto update_start; + if (!folio_try_get(folio)) goto retry; From patchwork Tue Sep 3 14:25:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Sistare X-Patchwork-Id: 13788799 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34865CD343B for ; Tue, 3 Sep 2024 14:25:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F3BD88D0186; Tue, 3 Sep 2024 10:25:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EEB498D0151; Tue, 3 Sep 2024 10:25:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C93888D0188; Tue, 3 Sep 2024 10:25:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 984C48D0186 for ; Tue, 3 Sep 2024 10:25:37 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 59466A8508 for ; Tue, 3 Sep 2024 14:25:37 +0000 (UTC) X-FDA: 82523650314.13.0D43D90 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf21.hostedemail.com (Postfix) with ESMTP id 503CC1C001E for ; Tue, 3 Sep 2024 14:25:35 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=g0u9W6SZ; spf=pass (imf21.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725373511; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=L9Rm8iTKVva2a4OpJ7e5EjcvJ8aLQAojn8USqtozJwo=; b=CHgE4i4Od4/GRcO4xyZUWvax9LTD8aqtuzmaxuX5WOpzaeg51HQ8UI/0sefrDDZNPkGgbm jqpOLHdBlzMxo/8mDVvIJOffk6lLoLLUCHIwXDaYC9g0yRunMtUE5tD15rDkr/KgFdo43m yIqXl/2MUZHIWI3Xf+7HYx7/y2hDTF4= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=g0u9W6SZ; spf=pass (imf21.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725373511; a=rsa-sha256; cv=none; b=N/nLrWX8LcNQdsj+6o3Ia4i8OQ4Q94BVZ2etPPx5Znt7ASAzgHO2Hr+eKTQKJtSDVrSTKT a5dcxytfwJtyzXKbvlntSP2bjTyVS1YkBWzkqJdkLh404Nvr1Eij8KA9GX6j2HRw2nqj6y nIXoOyamx8bKPv2C3VmZkpIVTXJxx1s= Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4837fUZM007563; Tue, 3 Sep 2024 14:25:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references; s= corp-2023-11-20; bh=L9Rm8iTKVva2a4OpJ7e5EjcvJ8aLQAojn8USqtozJwo=; b= g0u9W6SZAgTAkt6QuXg7NGMMpFj7Epk7RB5D7jT9vaLAfwznILILq5zDJkYYYVK8 c4E1sbIM8YjkqRcUALp16CemqZK52Uso5DfuVbEmCl5E5O7Js7P5vOXNjtmiIJo2 MmMQeAgoZnwxCVzOXpU9on1LHXtxjzdeG++De1YkXBgRKtfGfBRWC9GY5l51D4bu Bji/dFai7ljCCp/R43+HnBuii+NhhbKKFlzKFuwfkpl2xgwvU/VkYjdkgAHlLMjY 1VGnJ5TdBfAqtIXhNa17+UBIOHNd6IE9JPEGYoVt22TU1HmNiHGM3/aPTMHRQa59 c97ie/mH3rkL8vy8eHUl2g== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 41dw51rxyw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:27 +0000 (GMT) Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 483DNw5Y001679; Tue, 3 Sep 2024 14:25:26 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 41bsmf1mdt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:26 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 483EPN4M023489; Tue, 3 Sep 2024 14:25:26 GMT Received: from ca-dev63.us.oracle.com (ca-dev63.us.oracle.com [10.211.8.221]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 41bsmf1maj-3; Tue, 03 Sep 2024 14:25:25 +0000 From: Steve Sistare To: linux-mm@kvack.org Cc: Vivek Kasireddy , Muchun Song , Andrew Morton , Matthew Wilcox , Peter Xu , David Hildenbrand , Jason Gunthorpe , Steve Sistare Subject: [PATCH V1 2/5] mm/hugetlb: fix memfd_pin_folios free_huge_pages leak Date: Tue, 3 Sep 2024 07:25:18 -0700 Message-Id: <1725373521-451395-3-git-send-email-steven.sistare@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> References: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-03_02,2024-09-03_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2409030117 X-Proofpoint-ORIG-GUID: PjfZe6AgIoMeCarf8EzrhckuyMMfrB7T X-Proofpoint-GUID: PjfZe6AgIoMeCarf8EzrhckuyMMfrB7T X-Rspam-User: X-Stat-Signature: mtj777zb8ajy4h6gq8gupqahuudam6q4 X-Rspamd-Queue-Id: 503CC1C001E X-Rspamd-Server: rspam11 X-HE-Tag: 1725373535-867643 X-HE-Meta: U2FsdGVkX1+xpk2RJuEtUH9Dk2NBxLYJokIqJUNx/Ub9vcvchYo64kzw1PmeI9zJG26aLO/eYCbBirKfk+uZXoSfGdvKCAGCPzJ0w/fJoM67sQlOnA8/KJdXRSMUgUytMf7FREoGiwYeQaTQjvMwxCZhP9hBa9p1ZnKd4toXznRFPKgulh1+n+6kjSyNonr38zyt8UvoRfxrfP/T5Zp+Y8cBcZhc+njF7roEUT4jAD1vDsx6Pw8DNBGo93WlhZqNL3xCBgQKJZVpefGhJJW5BP/3vt8h9Md7h5XmS5JOp3FRD3CuNCznenfkMzrjm31DpSIXSC+bz2AW7UgrIoRTAhQVj6DAEyNOGykSY0FfIQlc1/nHW3i6P7e46QlHmavrD1hAQI1e6aKHfS6OIT6tzlIJwa8l5UKnWbATFuBrEwQADLyV/PMIOM2CdTS0zDqFM/MepoSBctNqVX5Q97zW97tBbBq0OgKTRiznaWI0zzvFUdv5V9p0/taep+53LDC8d6+hUtqO/vZ4/b0lvT9Yf2H67Kjael8nAIfjSiy1TOCSXppvuLrd6mbrpE/PKivL8Z3P6jkeSqoXWgXZYp+4RY7nCtSRDG8NKkchuh0TS/kFUJWazOOL38EAfGK4y2brdu2gQfQsLu4iAOFQrPrNzCsPorSFS6XM4F1hUr/+44wjTCtdJ878/alfNUbMTr1ImoO/y8en7ZuARFFO+jV+TTLABZbfFkUdD3agPYpwZalkq76GzqNHHUw5SUvd5Vu7g6X5ye/9am7Q2rozou0MaYBLYpqcDbAIUWkNb7TwsB1Jb0SWbwNfLEBd+JFa6uleiKfVMWBhkHPtodC0AKJA1DNqUDqWYSwAaQrXbuDjr2EkcTE8afnKP9f8WoadI2vspqcro5Fo/f10O2CU1L+CKFQ/N1zyozaCB9I8asDY2f78+pO2o83zG8l5T17q2oJ8vudpy9lCUJx8Jy5cTAf UbFFrLCq oE/F7l61jjG71UisrCSBpzZme994dHsVUVcCYm6absfV3XX07g7zQsib7xDbzvRXvGfKptLfoOe3E1hPZNQdNNbGaF5cMLTzP/osG4LPBO4j0ZJfOfu7nJMISCK1PrHKiJNzi+lP2PqVgHYVOh1i9PL2+8si5Ksbo3outZjGJsy2rdfV9ph8ng6S0nQ4oL9tZzL0orV00G1N0EjUae2nFkiMnnQ8ofYa1b13/FHQO+LPanbsIjnxdM39VuA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: memfd_pin_folios followed by unpin_folios fails to restore free_huge_pages if the pages were not already faulted in, because the folio refcount for pages created by memfd_alloc_folio never goes to 0. memfd_pin_folios needs another folio_put to undo the folio_try_get below: memfd_alloc_folio() alloc_hugetlb_folio_nodemask() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() folio_ref_unfreeze(folio, 1); ; adds 1 refcount folio_try_get() ; adds 1 refcount hugetlb_add_to_page_cache() ; adds 512 refcount (on x86) With the fix, after memfd_pin_folios + unpin_folios, the refcount for the (unfaulted) page is 512, which is correct, as the refcount for a faulted unpinned page is 513. Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare Acked-by: Vivek Kasireddy --- mm/gup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mm/gup.c b/mm/gup.c index 54d0dc3..5b92f1d 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -3618,7 +3618,7 @@ long memfd_pin_folios(struct file *memfd, loff_t start, loff_t end, pgoff_t start_idx, end_idx, next_idx; struct folio *folio = NULL; struct folio_batch fbatch; - struct hstate *h; + struct hstate *h = NULL; long ret = -EINVAL; if (start < 0 || start > end || !max_folios) @@ -3662,6 +3662,8 @@ long memfd_pin_folios(struct file *memfd, loff_t start, loff_t end, &fbatch); if (folio) { folio_put(folio); + if (h) + folio_put(folio); folio = NULL; } From patchwork Tue Sep 3 14:25:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Sistare X-Patchwork-Id: 13788802 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B8F2CD343A for ; Tue, 3 Sep 2024 14:25:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0BF328D018B; Tue, 3 Sep 2024 10:25:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 032CA8D018A; Tue, 3 Sep 2024 10:25:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D1B2D8D018B; Tue, 3 Sep 2024 10:25:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id A82558D0151 for ; Tue, 3 Sep 2024 10:25:44 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 65A294046E for ; Tue, 3 Sep 2024 14:25:44 +0000 (UTC) X-FDA: 82523650608.17.0D66D62 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf13.hostedemail.com (Postfix) with ESMTP id 5B88E20021 for ; Tue, 3 Sep 2024 14:25:42 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=AMuVrZt6; spf=pass (imf13.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725373495; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=Rn6dnVmBMFUBHIqthBqsmiWctyRCK2BSKIV6bpRJTFk=; b=HnDkNUy09bXZ/8s837d/EjkEs/HJtTCB62LUetP3NsWPh2s2BFmI5+746fVsK/KXCHeLed vaYUXKG0CTYeY2PVfGDrgAosb+YNNmrm2hqtWjEj6lz5/lZyYN/LhRyJHKSfQgylmcWwgB yJwi9zPWl/RxfWTD67NZswoesHo506E= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=AMuVrZt6; spf=pass (imf13.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725373495; a=rsa-sha256; cv=none; b=ZaMd4F3K+c5AunrrivMHpAuszixRhPzGUFRGOe1q7q6kQHUwvopVqyUh9VXCshR+HuuFBe MBQO6onfFwtwtGIN0HvIcnbv2e5kYZIqnJyW3biBHU1Hs3JPCHcMO/UUllZqyUgbUIYx3X hj83MG944Ix3yhCmcpflqRLAtQxnrVg= Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4837fTXa008145; Tue, 3 Sep 2024 14:25:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references; s= corp-2023-11-20; bh=Rn6dnVmBMFUBHIqthBqsmiWctyRCK2BSKIV6bpRJTFk=; b= AMuVrZt6fEJ80mvfWWTszRmkkJjRhKXpaxoLMSiqLEZ7OUyj8jApeOtiFU4FHUti a7EG118KIqJbrP3MoJRB8UjmBiXz1z5bZf5iK1jSgAOpQ0OX1xNGpMAvJor9oilD hYUu6sAYnd4Cwx70Nrdn/IDCuquG7ZsZEv/8A2rGO9yTV02kYmuvPTbmupl6d98F 21qsWA4BWds0DEKMk77oVSrio8+uCmmimD8O7Ip90WitwaNAKwMySIO8EPAqikrd L+zdJnt1AVvsvNJLgcPdotR65kVNa4Wg1Jpu/3rFMpS4QynVTGvn4AzbBltoUJfg nANzutKiU1e8QsBfidNdCw== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 41duyj12bp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:29 +0000 (GMT) Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 483E1F9v001728; Tue, 3 Sep 2024 14:25:27 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 41bsmf1med-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:27 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 483EPN4O023489; Tue, 3 Sep 2024 14:25:27 GMT Received: from ca-dev63.us.oracle.com (ca-dev63.us.oracle.com [10.211.8.221]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 41bsmf1maj-4; Tue, 03 Sep 2024 14:25:27 +0000 From: Steve Sistare To: linux-mm@kvack.org Cc: Vivek Kasireddy , Muchun Song , Andrew Morton , Matthew Wilcox , Peter Xu , David Hildenbrand , Jason Gunthorpe , Steve Sistare Subject: [PATCH V1 3/5] mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak Date: Tue, 3 Sep 2024 07:25:19 -0700 Message-Id: <1725373521-451395-4-git-send-email-steven.sistare@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> References: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-03_02,2024-09-03_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2409030117 X-Proofpoint-GUID: mZn8bbOgrxDizi0AmwcAtSBQRu7FB2YS X-Proofpoint-ORIG-GUID: mZn8bbOgrxDizi0AmwcAtSBQRu7FB2YS X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 5B88E20021 X-Stat-Signature: mo74k8p1hh64npxc3njxdfja946b73pb X-HE-Tag: 1725373542-124374 X-HE-Meta: U2FsdGVkX19Ab/Jf1SsCbj9Tb13fGssCzgXV/5hDZcCYAYGujQUB3gCX8reRt5DXjY8AycM0CEHBIkyt37uadxVw7tuJvozxac/2v2ul8TCH1i8sibPKdY6kautpr5Ne2akKcSzvzuvE6xYRMRs8GAL4ImpxEJ3cgUJwodT0qf/RaHIyXA7vAbhKZQjqjWL2KGSXz+Ig8RlDOWpKnb8S4XqZobrU4e3ql2DN6+w4dwoBrvHRzZTUdX/XEWgDH5NSRDfQ10MojfladNoibNZW9tfglCFoPonPIF2pGzIFzIoTZ8lU+AzNwX6JvF8STs8jOPb0oDnjhKgisGVp64qZ0mnDwfaxR22mK0C2jr61T0MeZrXh5jjKHURPyjK+YyVGPxjhaZUPhSMVt9WW1Q2vXcbBG70YI8WjvOvnuqz4JH5vnbJRFRqNjV+4kMo3Cxv6DG1XICZKi4hh207pDU4L4hBhYWsDTo8yoIsyMzBxgxAjUipbXzjmwHyKQO4m8nROW7MioALSss+6WRkKPigqWRW+6/oqara5gLFNhHFcPJrve1ZoUC9TP1Y72TH4etnEslxOgUClmSIjiZZXSGEhzMECtL8NAYU4p6or8MXKnJ/1ce2J8Nkq7MzZWe06m8059saOacwrwQqFlGlAXzHeZWw6piAxUPgPAdZanX9ygJ2Nj5v/xi4rkR9gfnakvz4vpZMj3Opo9rIRnlDX/tln0ngZde4G6cPt91M/IT68kzzVZ9f1Q9OcHxpVoD2PBbBcUYT/G1svHUnq8M0WAYgpzrtI22XD9QVU2F359jwcDBP0CKqmR6uwkams5uI/yQl7/SMA61yHtnTgjTM9qEOjnWvxH+9eCEeRHmUhTClnNFEyYGJQalPVpbtVgxNzoJE8uCueqynCYo3fJ5GXqHM7LFGQ2+8/b+EiBbQqSYImobHZHByvULH2IYb7EYUWYQ/S7Brt2aG1hHuwjGKr3n+ VD7VHpL2 7o0ruSNOdjo8wOnlgOTdXxmqkTZD0HYSDOaVrsIAoF40r32r5tAI2dfAl2ZhBcY/u/sq5odzwozjXWk/Bl7FQE7u6TkHhVhtm+3ucQSMl4wNadLPqZr3unIk3msI+7kVMyKCFvbGX0wi50EZZzXE3YvG/dwwEbqEKAWCa3Lpv5r7m07/hQC+/WvuALUwezNQ18FWSaegtzfHNZzpxK25MNZhT1QQ4yTdklt8Iiv+trrwWi7Sg+RHKkzEHgw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: memfd_pin_folios followed by unpin_folios leaves resv_huge_pages elevated if the pages were not already faulted in. During a normal page fault, resv_huge_pages is consumed here: hugetlb_fault() alloc_hugetlb_folio() dequeue_hugetlb_folio_vma() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() free_huge_pages-- resv_huge_pages-- During memfd_pin_folios, the page is created by calling alloc_hugetlb_folio_nodemask instead of alloc_hugetlb_folio, and resv_huge_pages is not modified: memfd_alloc_folio() alloc_hugetlb_folio_nodemask() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() free_huge_pages-- alloc_hugetlb_folio_nodemask has other callers that must not modify resv_huge_pages. Therefore, to fix, define an alternate version of alloc_hugetlb_folio_nodemask for this call site that adjusts resv_huge_pages. Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare Acked-by: Vivek Kasireddy --- include/linux/hugetlb.h | 10 ++++++++++ mm/hugetlb.c | 17 +++++++++++++++++ mm/memfd.c | 9 ++++----- 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 45bf05a..3ddd69b 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -695,6 +695,9 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, nodemask_t *nmask, gfp_t gfp_mask, bool allow_alloc_fallback); +struct folio *alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, + nodemask_t *nmask, gfp_t gfp_mask); + int hugetlb_add_to_page_cache(struct folio *folio, struct address_space *mapping, pgoff_t idx); void restore_reserve_on_error(struct hstate *h, struct vm_area_struct *vma, @@ -1062,6 +1065,13 @@ static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, } static inline struct folio * +alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, + nodemask_t *nmask, gfp_t gfp_mask) +{ + return NULL; +} + +static inline struct folio * alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, nodemask_t *nmask, gfp_t gfp_mask, bool allow_alloc_fallback) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index aaf508b..c2d44a1 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2564,6 +2564,23 @@ struct folio *alloc_buddy_hugetlb_folio_with_mpol(struct hstate *h, return folio; } +struct folio *alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, + nodemask_t *nmask, gfp_t gfp_mask) +{ + struct folio *folio; + + spin_lock_irq(&hugetlb_lock); + folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, preferred_nid, + nmask); + if (folio) { + VM_BUG_ON(!h->resv_huge_pages); + h->resv_huge_pages--; + } + + spin_unlock_irq(&hugetlb_lock); + return folio; +} + /* folio migration callback function */ struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, nodemask_t *nmask, gfp_t gfp_mask, bool allow_alloc_fallback) diff --git a/mm/memfd.c b/mm/memfd.c index e7b7c52..bfe0e71 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -82,11 +82,10 @@ struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) gfp_mask = htlb_alloc_mask(hstate_file(memfd)); gfp_mask &= ~(__GFP_HIGHMEM | __GFP_MOVABLE); - folio = alloc_hugetlb_folio_nodemask(hstate_file(memfd), - numa_node_id(), - NULL, - gfp_mask, - false); + folio = alloc_hugetlb_folio_reserve(hstate_file(memfd), + numa_node_id(), + NULL, + gfp_mask); if (folio && folio_try_get(folio)) { err = hugetlb_add_to_page_cache(folio, memfd->f_mapping, From patchwork Tue Sep 3 14:25:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Sistare X-Patchwork-Id: 13788803 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 512E4CD343A for ; Tue, 3 Sep 2024 14:25:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3691E8D0151; Tue, 3 Sep 2024 10:25:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2B98E8D018C; Tue, 3 Sep 2024 10:25:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E4FEA8D0151; Tue, 3 Sep 2024 10:25:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id BB1978D018A for ; Tue, 3 Sep 2024 10:25:44 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 76225C03DB for ; Tue, 3 Sep 2024 14:25:44 +0000 (UTC) X-FDA: 82523650608.09.064D8BB Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf18.hostedemail.com (Postfix) with ESMTP id 4CFD21C0008 for ; Tue, 3 Sep 2024 14:25:42 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=XBJDv5Ca; spf=pass (imf18.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725373448; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=FzV8EX4BQiwM4vVwOQ334d+6m0RyMfcpZu8PckWd74g=; b=HgRJt3NAkzXxuvqvTcH3ibBK34pxiZOyAbLubqVYI6ut76F6UlXrfZmfclZzUUUbbJa5iF A/uYKx9ETmHckY+EpSZ5Yyo/oMxxIal1DPJ0ZUtg/U06tDzR4vpCDv/8FetxXNx06xHCgs Jr5Xfe9BveK4/L8bqeIkaoorTW74txQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725373448; a=rsa-sha256; cv=none; b=tIdrWy1GsPIpsmIqSHJZ6nEcBZFTXuE1DVivVpCOt/IhvXLNxnHe5KLx5vZ1XPSvzo6kWE 3CVX9EPpYVDfM/2Kdf1d06BPkkxvEzExDd618qn0ptQFEGipZzpQpmBbQOIIuwzOFkCdZD J3cM2u1MEJFk3v9C8doFXPKzxVJmoZU= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=XBJDv5Ca; spf=pass (imf18.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com Received: from pps.filterd (m0333521.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4837fYmS026699; Tue, 3 Sep 2024 14:25:30 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references; s= corp-2023-11-20; bh=FzV8EX4BQiwM4vVwOQ334d+6m0RyMfcpZu8PckWd74g=; b= XBJDv5CaWEn2t67eUkMMb+7Wp3p6gKOBzRsAm6sOBTsuheYvS3dcYN0PRFxRw0fS KSNjFDAveduGo5TNiSy/HU2Ltg0dcbn0tDU/A1OT4qxXoxcX//QqiOjrvdTtafWY 9WmTycXLfQDBs8jeJiK/a5yrh5LF2CZHojeb4FxMnqGLkqawcgWYTheHjMINqMiE Gy5inScSoYB5f98PDiYyrbQU9AHIlHlMSm4y0w4GuTkobz6bHfB6EzU2Jmx+LbRK 7nBA0cQ+qU9d2uLljklTqeLzpVCrFvdHh33WfhgxRfqazqzTG5zfiWiGDd7+3MPR waeVEeKHsb67Quk8y9JW/g== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 41dr0jsb95-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:30 +0000 (GMT) Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 483EMN1o001737; Tue, 3 Sep 2024 14:25:28 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 41bsmf1mf4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:28 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 483EPN4Q023489; Tue, 3 Sep 2024 14:25:28 GMT Received: from ca-dev63.us.oracle.com (ca-dev63.us.oracle.com [10.211.8.221]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 41bsmf1maj-5; Tue, 03 Sep 2024 14:25:28 +0000 From: Steve Sistare To: linux-mm@kvack.org Cc: Vivek Kasireddy , Muchun Song , Andrew Morton , Matthew Wilcox , Peter Xu , David Hildenbrand , Jason Gunthorpe , Steve Sistare Subject: [PATCH V1 4/5] mm/gup: fix memfd_pin_folios hugetlb page allocation Date: Tue, 3 Sep 2024 07:25:20 -0700 Message-Id: <1725373521-451395-5-git-send-email-steven.sistare@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> References: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-03_02,2024-09-03_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2409030117 X-Proofpoint-GUID: RSGcJb7xOCIx7vID57sAgnj-AvsO56kQ X-Proofpoint-ORIG-GUID: RSGcJb7xOCIx7vID57sAgnj-AvsO56kQ X-Rspamd-Queue-Id: 4CFD21C0008 X-Stat-Signature: uuq1nuuhephohc85w5odt4jr5dxryqrf X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1725373542-432258 X-HE-Meta: U2FsdGVkX1/g7ZEBi4kidCXlcpsi0e4AE68KAroKAyJCmxAfpaEskXmlo794w3ys9E3blLhRtw5EJUvRRxnA/O9BwVRk8cr8bVgokAHoL60kY8nNXGC/xH2/kQAO1EymyQKKxZFbStDj3CDalOLJ69uYEfn9yNOTk8uIDxMLkUn/cpJRMhdStLZ1U4gGVSyQ67DBvi4nJ8qG6eHkAREvQ+9moD+/u8ySQ3kd6HJTy+M14joGd37G1bBOg60CzomytrJ0vtJYnMvANglaVjMV3ma1S3SX5VXHpPM9HTD5z7RWz/jPE05NCocwwniqVbWYAiaOjpTvqIM/qXiX/pcYzfR9/JDA7w6LWk3TlkENe5PuaXrlDaKPkVyu8Upoxq5sLoVeLJ2UT2EV9XbXYQGyQWceRJcFg3uBh+zo1gr+hEQ1em4+n02ZiNg71TfMUVAuwkB3/aiQn7XRtA3C/fyOnUDiEtkRMMLK8CBHQJL2Mik7U2O/seWjwZuTsD1kW5KTCursYiej467FMh3zE9m3zYB4lhSbZ1ZUw+n/NK5VARvIqH7h9JmFNVtaJw7jEyPcEzRZ/ZzxbGmoI/olLspBb1/A5VXc0G/ImGeO0jd+fC3nVTJPkcW4qQ6R6VtEfxCP52FH3Na5Iji6E+aBdMS+4jHbPlqTOma9s3X5/jekrlSO/dN2aGGIb0Wajs71j/S5bOi0DGJsBPnWSyJ2E5fM+f1ZXi/bvl1SNEo/teMQL7N2rBsRnyPH483KfMXswqKRR3gkVvRhWOrYKu6VI6MkDz+0G0DZthn2fg6cHzyaBVzDRqRZMk/QZ1qR54BoupCkseI0EvxT90vhLNJ7bvRjdLLjzbMp3g3rXIPagI46GtZZhYPG8Rmdo2WhQMtcVyB6oUgLOchzV4LyR1AgioRvl/O3KECU9OFPuAGj4klQj8NXJBcgG3p6d9dHCw+sbSYU1iwJBQ1ESoSF1vS/zGr uXX3SYda H27HzX+KL0n2Jh8h4n1qReLMFNsmc9I9yqtOTUeAA9PRvYfnK9KYKl1U3Og2Y04TEncrIm0K4Cbn5tuQF0mRaJsMnWGVBiv2Mm2ryPmY+/ypbhIoHbBJS7pP+AXJYu1aGQDLguNPRU5FwnD+/lOd9vVPHjCyrH9KYSGOuU0xNSO/US39O8mSQ/mQLU78K1eCAMK9JL9SwKuqAJGewIya8wyaFtOVhfq9ZYIWoynOM4kMTE7PF2RMtVtc0Ow== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When memfd_pin_folios -> memfd_alloc_folio creates a hugetlb page, the index is wrong. The subsequent call to filemap_get_folios_contig thus cannot find it, and fails, and memfd_pin_folios loops forever. To fix, adjust the index for the huge_page_order. memfd_alloc_folio also forgets to unlock the folio, so the next touch of the page calls hugetlb_fault which blocks forever trying to take the lock. Unlock it. Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare Acked-by: Vivek Kasireddy --- mm/memfd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index bfe0e71..bcb131d 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -79,10 +79,13 @@ struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) * alloc from. Also, the folio will be pinned for an indefinite * amount of time, so it is not expected to be migrated away. */ - gfp_mask = htlb_alloc_mask(hstate_file(memfd)); + struct hstate *h = hstate_file(memfd); + + gfp_mask = htlb_alloc_mask(h); gfp_mask &= ~(__GFP_HIGHMEM | __GFP_MOVABLE); + idx >>= huge_page_order(h); - folio = alloc_hugetlb_folio_reserve(hstate_file(memfd), + folio = alloc_hugetlb_folio_reserve(h, numa_node_id(), NULL, gfp_mask); @@ -95,6 +98,7 @@ struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) free_huge_folio(folio); return ERR_PTR(err); } + folio_unlock(folio); return folio; } return ERR_PTR(-ENOMEM); From patchwork Tue Sep 3 14:25:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Sistare X-Patchwork-Id: 13788800 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEFB0CD343A for ; Tue, 3 Sep 2024 14:25:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E2AD48D0188; Tue, 3 Sep 2024 10:25:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D65AF8D0189; Tue, 3 Sep 2024 10:25:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C05B68D0188; Tue, 3 Sep 2024 10:25:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 9A9158D0151 for ; Tue, 3 Sep 2024 10:25:38 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 525F11C418C for ; Tue, 3 Sep 2024 14:25:38 +0000 (UTC) X-FDA: 82523650356.08.CDFCE6F Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf05.hostedemail.com (Postfix) with ESMTP id 35F7A10001F for ; Tue, 3 Sep 2024 14:25:34 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=UKPg1mot; dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf05.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725373511; a=rsa-sha256; cv=none; b=p3pcLVz/IgqrIBufjIlTKm+cUS5qxf7uVM4Q5B8+nUQBjeVC5AZajf+23K+NodOLATNQzv tvlaj2Nu7sPqFC0vJBIg5XqLegllmkNgd8Oj4v9F02VEzqUldFZDKy4I3y+VyMj5NL7gF5 O8baR5LLhRAjvjqVcT5q+CG5m9FnEAM= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=UKPg1mot; dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf05.hostedemail.com: domain of steven.sistare@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=steven.sistare@oracle.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725373511; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=Ua1uUMucl8Iy4dE29g80WUno/uFNzfFVhk67xhZQ69M=; b=QJKqw1H/VFf6WVfD33ff39a9CK0DyqVF0mFC/AJVLxotZ21nstokeJLXVNwReEMqRcuwvL txMMH4hmX31Roa7InEPJrbdNpPrGwsBio7dDzAlmXWEw3CmbE0DsVK+KhiWFZxU8BmOIoc iV8gH6Rf+KhDiE/fvmlJjpHnz78ArZI= Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4837fWgi009041; Tue, 3 Sep 2024 14:25:31 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references; s= corp-2023-11-20; bh=Ua1uUMucl8Iy4dE29g80WUno/uFNzfFVhk67xhZQ69M=; b= UKPg1mot8oIMkXC+Z8Pbmkpr1oQBgPvz6ZSx1xOgcXfMwVUr+gu9gPnxHhkddYB4 8b2Pmosz4gpBbZlCSin+goyuF3+AlUvpbfcp2ChWRAE75evaZ3hYqXNIePUTuh9v aStiDFAasOO5MNsl7i07phHeE6l9ynbNJWHIdjI3o75hbOPyIziCsTKPeYsgLXdK 3e7iBMRe1u2HqINPxkZH7WfT8xF1LyZ1373VbrkzeOqcxuoD+TZP0Ehqj2xikH8/ jrP81ggglNHG5+Ot1ebBB1OoOvzNbw4mQnW4VYmpjPhPk1YzC8geP7rfmdDxGitv Ht5VY3mbpSG/2+gt0GSd8w== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 41duw7s2c8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:31 +0000 (GMT) Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 483EBaCh001690; Tue, 3 Sep 2024 14:25:30 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 41bsmf1mfx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 03 Sep 2024 14:25:29 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 483EPN4S023489; Tue, 3 Sep 2024 14:25:29 GMT Received: from ca-dev63.us.oracle.com (ca-dev63.us.oracle.com [10.211.8.221]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 41bsmf1maj-6; Tue, 03 Sep 2024 14:25:29 +0000 From: Steve Sistare To: linux-mm@kvack.org Cc: Vivek Kasireddy , Muchun Song , Andrew Morton , Matthew Wilcox , Peter Xu , David Hildenbrand , Jason Gunthorpe , Steve Sistare Subject: [PATCH V1 5/5] mm/gup: fix memfd_pin_folios alloc race panic Date: Tue, 3 Sep 2024 07:25:21 -0700 Message-Id: <1725373521-451395-6-git-send-email-steven.sistare@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> References: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com> X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-03_02,2024-09-03_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2409030117 X-Proofpoint-GUID: 4auxgC3hOI8BlqtrTgalHvobms0vbYbK X-Proofpoint-ORIG-GUID: 4auxgC3hOI8BlqtrTgalHvobms0vbYbK X-Rspam-User: X-Rspamd-Queue-Id: 35F7A10001F X-Rspamd-Server: rspam01 X-Stat-Signature: rz61e7ntfr3ypbpcp736i63rzmymszkf X-HE-Tag: 1725373534-270154 X-HE-Meta: U2FsdGVkX18cXG5zB1wZdNY6OmB5ivp9WYbHG1a41dMhCYvhtahPyYhb56QARQhRGUnOnPsjXLKW2LZWwomay3vCLiQ1CSgNBO6pZV6HtC/Ith417CwDt2dGpuzu61gL6ac2t5AbNhiakuhRDDOemgRaAl01G2dM3VesqJc+3w7bjtEUddNmg7Ao50pMK9bTQP9HFRAUEOIlv9yz4Jcf1/FqMrvSzd0t3PDzoBg1U92mAt4R3EyVnNqYmOGppcKTomeUZgjozcZ1Eg3VieuFQl0irF3ZXcZS7nf4B5hvEsFObEhRWg/wxxKx8S12/tC6Rq7iWrVgzf0FIrtMr/wSkvKRwzw2gdtNnUf1O2Bo5kPAaqwd8m9ee2cANAy4Znhc1lqZtUMiDMeh6QsGKW4lVBBPiq1z6KX659o0oVpKXJnIiH39JlXMIb6VEDH+6B7+ojTny1enxWwvExGEP5DtkqsujioX5SvDl7aCZUvWpYSlC6a3VhtzbmvU4JZZSB8TaD396xxpEvCfEQ1YtIFGjK4yJWUnKj3IkNemCuQ6eSFkC2AiU6iBkerhNe5QMORy0P2tojuxWnxLUC9vuwBZHAJYObXbYNR9alU9HrnlKNXrZcro4e90+6pkU9BicGP4H0ABOTIn7Wo9OhosMLIblYbkAvHPAvNKwLsfx62P0kvCYiOG7AzEuf+Arl4dlhpVYv0ThRv7Fcoq7OuuZ7aOe8inrdMu2HE7L3EjRHNyR9w+kV4+sNp9NZrVshIqWBRCifr7lf+bT0PYgyNov17O85qFOzqA4Mz+0qeqXo451rrDc0YuODvosjikxJWt6216DvvIAvNnIajfO8qHkBkkODuPDkEf7nhVNgEHCMElZ3OB7mwzl4xFKSkIXzAvlaWwcW5ocUKBXMaOzKRB0ZwsD4tNptTt9RTp+N+kSMy7ww/+TwMc66yFSdy9yR6iPEkOIjn/4BJ/t46IykBiW9j gd5knrH3 vzV5V0BrID7XobUtPnM4PoANl1LNKYxXE5N0zic+cZ3zkV2zEc58FYvZ1z2AFDugda29HxSAHFAeOOCcK3rrF8XtkNTetgTsnDRSTfE/6/L6v9MbLJCNyjxBnidBk8YTN01D0zNPz0LcllJwWERxIxiEPNw1JwnvdxJUr+3no0MC3rReMTLs2hEOo9VTxidthYGpUiuLnNngto93JMuf7MziVy9qvbleAK61T+YKv+UFx9IbIJDVpldpTbw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: If memfd_pin_folios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here: folio = memfd_alloc_folio(memfd, start_idx); if (IS_ERR(folio)) { ret = PTR_ERR(folio); if (ret != -EEXIST) goto err; then on the next trip through the "while start_idx" loop we panic here: if (folio) { folio_put(folio); To fix, set the folio to NULL on error. Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare Acked-by: Vivek Kasireddy --- mm/gup.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/gup.c b/mm/gup.c index 5b92f1d..bccabaa 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -3705,6 +3705,7 @@ long memfd_pin_folios(struct file *memfd, loff_t start, loff_t end, ret = PTR_ERR(folio); if (ret != -EEXIST) goto err; + folio = NULL; } } }