From patchwork Mon Nov 25 20:17:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Matthew Wilcox (Oracle)" X-Patchwork-Id: 13885243 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9098D59D6A for ; Mon, 25 Nov 2024 20:17:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5FDA66B0088; Mon, 25 Nov 2024 15:17:29 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 5AD6E6B0089; Mon, 25 Nov 2024 15:17:29 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 49C5E6B008C; Mon, 25 Nov 2024 15:17:29 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 2C4216B0088 for ; Mon, 25 Nov 2024 15:17:29 -0500 (EST) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A5D8F40196 for ; Mon, 25 Nov 2024 20:17:28 +0000 (UTC) X-FDA: 82825727334.04.CB2A858 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf28.hostedemail.com (Postfix) with ESMTP id 38B1EC0002 for ; Mon, 25 Nov 2024 20:17:18 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=OB20eP9T; spf=none (imf28.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732565842; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=CHHt0O7rL6AlsO2cAZIVKebUXT6Q6A4nPNqwf9n4YgQ=; b=7nCd4CbTTaEZg3JC9KvcB+sDAVH1AJoFh7bd2LEXpvTSwILRIhuhqfTobo/h4HJeARuwue X3c0tEoGfdKHPed9TDqbXjXLTA4MvKYtjkAhpGiuC2moYSPMGmmNwf5vg3rcI6fS/kdzko 083qNHfNDs322kx2+eTFV+gijygTq58= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=OB20eP9T; spf=none (imf28.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732565842; a=rsa-sha256; cv=none; b=tX+mcFOJR9+LVxxskV0aKjPb77E2Dv2e6I4ZeQf7eqoqIdGheuQ3ZrvTT7xsm8XnzdAvph 2TsmfD6xcjdo1qLlJQyZW/NDFavXmqEigACpHRUUW4IDQNoLp39jkrnlEdc3UfdifTkSQI hpVsCRIv+4Tw0rB+dwARvoZJaykE9To= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:In-Reply-To:References; bh=CHHt0O7rL6AlsO2cAZIVKebUXT6Q6A4nPNqwf9n4YgQ=; b=OB20eP9TLDKrc23czqVlgHa227 E7oMY9q7avJj/oSwF5aNqmMlncl5r6ftyptNoLcekbsDMahmjnz2woVFGTlUcMNYjdCIu5yVP5D6j a4NxaKnN/0MOXgw2CD8X2KViPEUrzd7t++994qcWfjQhC66zTSMMHwkaqLWfAH8pNhnKIbUFVC2MM C4KaD5gbA7XqCV8wPJEPH4sXiOZcfQRZADbaETfiIFesToFdonety/tQRMKksIEQBPfQc4t3V3kcD D9S8miBA4DrGsNblPNU3nThhCQ2pb6vfsFhsAN9kR84i7yVlWESw0a9o11HJ082gjsBYm99rTq2gA rSCKDLgw==; Received: from willy by casper.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1tFfWM-0000000CQsy-3kcc; Mon, 25 Nov 2024 20:17:22 +0000 From: "Matthew Wilcox (Oracle)" To: Andrew Morton Cc: "Matthew Wilcox (Oracle)" , Kees Cook , linux-mm@kvack.org, stable@vger.kernel.org Subject: [PATCH 1/2] mm: Open-code PageTail in folio_flags() and const_folio_flags() Date: Mon, 25 Nov 2024 20:17:18 +0000 Message-ID: <20241125201721.2963278-1-willy@infradead.org> X-Mailer: git-send-email 2.47.0 MIME-Version: 1.0 X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 38B1EC0002 X-Stat-Signature: h1g1oimh5gjdsy9zko8i9wbsx8naqayx X-Rspam-User: X-HE-Tag: 1732565838-283421 X-HE-Meta: U2FsdGVkX19tNaijtoZDUy0MzbuxYfnKQNmjc7GquE1Zv+wxFjHJDBxdvs1vI+9YuvfeT5NZIJ1xor4IHvrMzdRRCQ1CryjmM02QcbVwzDvXl9WYvoumPYNEJzNxmr+GhLMIAG99quNDbgjGGUIVQto6XmZx9RXjOWBKpBDCwcy6MHe97KIH95rc+mKAfkcBDHzSqLM3S0AZW9jg4sF+EFqP7hoP3rLxh6ssB4f8XeYUTelziP8sAi9WUmXKNu5YFX+kAUHbAGaFy4vyA8OPwn37LnM16b8VJJIE+xv70aYiTv2pLi6TicBkhwAGC6p9CM9i1X3UqUuhl8qeiaKaNMw5MNrjTyZ41MTVfkRm3xTlLnpwdCemrSEe1iK+A37JOSJygJHJRX6AZVhNGJwW2LXPHUupMFP3M8UzKIBiVfLwk85tZS8TmmIhykccH/1dy6KkteALmHeAfCOpIkkkBrmnflFmxCat9iHvrH/bKsodl/UkL3a0OSdziWfNwmm4+yfPr5SbYDMDeEro+C7ITlVqb4RRjSESISTTsOgWxjPmG9vQ5YpqX7kFklob0rzPtmAzHOPoBKH0jKGx71uLK9uSeH2Bd2KPAmjNUZdrRD5TZxRBCNLbKdgq9Gp6dmbUuDTnEC/vDKYdjDzvmxee+iNh1nnJiuKpmK2ljOiN2xPHjUIpzZkT13sRSALZVFz3/OMV88abTgjUSUwJkFEO1xBcuDFY8IMfhl9Gyo2bXhksj+Uoa0ccGo41OdMFbU9Bcn8OBdQrDkumTaTeARRqWngPZ1iUx6yplElfC2COp9sOYSPoHhTJwvlft0eHXRmHyVpXRjdjMI3JdhDLRRBaL/BXy9Jh/8r1SPulcBqgJI6GaY0cGi9+6W1W1qZZXysq35UrTRcpX/PYlAqh5zRVmi2LGBQS2klOZPi2p7niLOF4o9+yID7T8JqfEA4EGB74MTexszlaF3g95ACx43O fByFiwrW o66iDUCBVBpUmIDWU7SQuro08dYYm8amFa+Bj0TsXzjsAIvXh18q/ANTzJYph9/oS761vDwKj1WM/tCdlPQP1Ic0o2NS59dl5cpCZMIizhtEBHj6sRmcsAzxylUma9Kxs1dXE6D4qVGE29RuKjFtM0C3X6dlMPEVAbWZ936e90paa6Kh+i3+GqeVuDQWzR8aOvLANAjjoocYrbweoxcol3f9GyulP8oXfazacZYmRvYWRQyaJ64W50ym/jk5RFuDrwFrQViRzdpTuxcRW3vuJz3g+DYNQ3QbE8GBVZfUq0bVq/5lHtzbJPuocsQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: It is unsafe to call PageTail() in dump_page() as page_is_fake_head() will almost certainly return true when called on a head page that is copied to the stack. That will cause the VM_BUG_ON_PGFLAGS() in const_folio_flags() to trigger when it shouldn't. Fortunately, we don't need to call PageTail() here; it's fine to have a pointer to a virtual alias of the page's flag word rather than the real page's flag word. Fixes: fae7d834c43c (mm: add __dump_folio()) Signed-off-by: Matthew Wilcox (Oracle) Cc: stable@vger.kernel.org --- include/linux/page-flags.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h index 2220bfec278e..cf46ac720802 100644 --- a/include/linux/page-flags.h +++ b/include/linux/page-flags.h @@ -306,7 +306,7 @@ static const unsigned long *const_folio_flags(const struct folio *folio, { const struct page *page = &folio->page; - VM_BUG_ON_PGFLAGS(PageTail(page), page); + VM_BUG_ON_PGFLAGS(page->compound_head & 1, page); VM_BUG_ON_PGFLAGS(n > 0 && !test_bit(PG_head, &page->flags), page); return &page[n].flags; } @@ -315,7 +315,7 @@ static unsigned long *folio_flags(struct folio *folio, unsigned n) { struct page *page = &folio->page; - VM_BUG_ON_PGFLAGS(PageTail(page), page); + VM_BUG_ON_PGFLAGS(page->compound_head & 1, page); VM_BUG_ON_PGFLAGS(n > 0 && !test_bit(PG_head, &page->flags), page); return &page[n].flags; } From patchwork Mon Nov 25 20:17:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Matthew Wilcox (Oracle)" X-Patchwork-Id: 13885244 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CC73D59D67 for ; Mon, 25 Nov 2024 20:17:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 33FAF6B0089; Mon, 25 Nov 2024 15:17:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2794F6B008C; Mon, 25 Nov 2024 15:17:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0F3186B0092; Mon, 25 Nov 2024 15:17:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id E825A6B0089 for ; Mon, 25 Nov 2024 15:17:29 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id AB1AC1C6E94 for ; Mon, 25 Nov 2024 20:17:29 +0000 (UTC) X-FDA: 82825727292.23.9EF804C Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf25.hostedemail.com (Postfix) with ESMTP id 60035A0009 for ; Mon, 25 Nov 2024 20:17:25 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=TE0REL5d; dmarc=none; spf=none (imf25.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732565846; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=K+++vtIZMVtt4Tc0tDY1EnZo4+FLY6a0tS3n2H/3/pI=; b=UDD5cEnpsqwJ8HogqKLgVZz51sk8qN0FFIIWtJgQ20J+JwqDMUlWTZY6b5cnriusFNN7LE fSmXmOtFignaQPx36vhreX+1r5JMgHDGuSnJKwZNg8JMiFmjvNy2eT35u1DJldKQM9+8O7 9p6SjNHnadSUziIPaYNqbxKn/0lrSZ0= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=TE0REL5d; dmarc=none; spf=none (imf25.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732565846; a=rsa-sha256; cv=none; b=0XXDzgW51scO7rsF/SPefQW8EgwZ/DCufd3YD2wb9fx9UiW8InpTc/R5ki2DPgUfjU65l3 EBMmZ62syaSfXVtVIZFLgPpiNEm/RaO47V6oeie1Iu1vo6EVmaQmkEFwfEU3BAIq/U8dd2 OdJ33H/d2Gd3zNFbsfHneQk+jJCA2vM= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=K+++vtIZMVtt4Tc0tDY1EnZo4+FLY6a0tS3n2H/3/pI=; b=TE0REL5dlMeB2IYB6VZ27EWyoR aw7cQhTuZGScpzjNKdpGwgMgrCsMhX76XO7z6NYSjn61eRabWGYVhtLKQ91rNR3AkgeKEDkfruX// XGSC/p08fF6eQ26KyUnZZZQxsXwt8QrByUKains6OpVDNawQQYlQWG46naOfnf0/grk9JNSKlnA4y HG4tpT/Wnc59fuiDWTSvvVFezFYEx4/N/pVc6TnFL6YAGwPt45WK9AC0oj0TGFQQ5xYZXeaap0NFK p7hTeMcZYWmTDu3sxIX3nEDklNrSdJyCJWoARibvbG8kdk6sPI0wDIee43BuMgFl0cSJctCy/ntnq fzU/uLeg==; Received: from willy by casper.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1tFfWN-0000000CQt0-0Col; Mon, 25 Nov 2024 20:17:23 +0000 From: "Matthew Wilcox (Oracle)" To: Andrew Morton Cc: "Matthew Wilcox (Oracle)" , Kees Cook , linux-mm@kvack.org, stable@vger.kernel.org Subject: [PATCH 2/2] mm: Open-code page_folio() in dump_page() Date: Mon, 25 Nov 2024 20:17:19 +0000 Message-ID: <20241125201721.2963278-2-willy@infradead.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241125201721.2963278-1-willy@infradead.org> References: <20241125201721.2963278-1-willy@infradead.org> MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 60035A0009 X-Stat-Signature: o5w6df3u15ws6zruetwww1k4eighy7ik X-HE-Tag: 1732565845-391502 X-HE-Meta: U2FsdGVkX1++Yk/lUm/Rh+WNqb0pdRGyub/+8WcfgCFqRJLoApIbbw8329ri0JqhW6wqlL96EoQthS26lZnN/NzGDBuRxDMYW/gSLq9Qair9jI0d/vXP/dLuAD8HPXgLjzhMBfhEOkjiOC5w4Ik8M/kca+kyZUQpIG1NSxY6oWz+LhT2/pBcIxaXNiQaOSvauBwdbR2d7UmrcDFmhZ5nZWBvL3OMuj9Ij60Bsw3yFR6lr0SvLryCSRY2dpyItmBcDJ3SpLZwUUPaUdKiiNmRIhmhQebLr3+dtglw65sJr0vBjD9seQXMa9z4UdbDhifMoSHL65YfigR4SrPjIWqEOMdTOh6jZCCBjJAHaZzQPfJ2sFHdbMl0oeNK6tDGCFrUJeVu/Qc8vJbhb7wL8TEpFXLoPbOK0FKE8ui1WnzhU3rfFUP5XbRqOQHxKDerAIzErEauABA1+sEpEHFwMzabsxKDNztgtU+SETaEJeaMk15rsC4GClZYxMuxVkdH+/0C6+VV+7qOHmN575um0+XzNKy4CEBk0VHqayeqriTcCi0eGV9jrNo4Zm3E13KkqhMqdrgTpZioRIbm9rz7npw1z/Od5dP/pt3TQiLfhu/gyPbwis3l5DsJ9usT1o5T27XT6FHvErTPPv38pdYQ4X34NoMQsnfudzWQuWK44Pf2xurTRy0nrwHyzXF9873V1YBSrJwhEsW71ertUOWcm/euqJG/9U3ui2nPAzoAK5l1cDIUEjSXc27Op/hW6ory2z34wiM6gWMb03z0+K98Y0LMD2iu4E5b5r/5YkEAWIG1BU/K733sONL0Dq3EkJrnKm6610GTljELPDa5jakwXP/jV2Gx4ZEwSoi88NrhXCKCS8SNb9Yu6EFnclBeTH3bUPZJyrWEZ2oqsY0cCZ5D+kcZUETWy9aCogMGwFkZhM+Ae7RabwEXy6X5MSGSPgV+H3jjZfJ33Ielj7GUBXZbnny 9mQJcbZj 6tV2MdFp1eXeK7XMtgQa2ultrchy1MHXGQWgUjfaKL4hCpAPjM0M/thF1FpSl4C1U7SVEXBvL3pNnB3704PfVlypyClK8zxFFjCtiaIuTGT8ddfQv1j6vFnvBI+43zMCrcyhj/fM5AVq0jLuTeinB1pclig5i6zxM3QKYcsgcqcQ8wJDT76S4k62mwPpe4sTZbTPan/vC64yXdKYTnKbZ17xKb6k3KgZXNPA0g79md+9E5LGkNfuat99oWpurPBynQXoLWu/845p0NyRhkU250wZ6hW9vvZfUxGXN0ny3Cciu4qTMP++8xDqYGQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: page_folio() calls page_fixed_fake_head() which will misidentify this page as being a fake head and load off the end of 'precise'. We may have a pointer to a fake head, but that's OK because it contains the right information for dump_page(). gcc-15 is smart enough to catch this with -Warray-bounds: In function 'page_fixed_fake_head', inlined from '_compound_head' at ../include/linux/page-flags.h:251:24, inlined from '__dump_page' at ../mm/debug.c:123:11: ../include/asm-generic/rwonce.h:44:26: warning: array subscript 9 is outside +array bounds of 'struct page[1]' [-Warray-bounds=] Reported-by: Kees Cook Signed-off-by: Matthew Wilcox (Oracle) Fixes: fae7d834c43c (mm: add __dump_folio()) Cc: stable@vger.kernel.org --- mm/debug.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/mm/debug.c b/mm/debug.c index aa57d3ffd4ed..95b6ab809c0e 100644 --- a/mm/debug.c +++ b/mm/debug.c @@ -124,19 +124,22 @@ static void __dump_page(const struct page *page) { struct folio *foliop, folio; struct page precise; + unsigned long head; unsigned long pfn = page_to_pfn(page); unsigned long idx, nr_pages = 1; int loops = 5; again: memcpy(&precise, page, sizeof(*page)); - foliop = page_folio(&precise); - if (foliop == (struct folio *)&precise) { + head = precise.compound_head; + if ((head & 1) == 0) { + foliop = (struct folio *)&precise; idx = 0; if (!folio_test_large(foliop)) goto dump; foliop = (struct folio *)page; } else { + foliop = (struct folio *)(head - 1); idx = folio_page_idx(foliop, page); }