From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83598C433EF for ; Mon, 25 Apr 2022 19:11:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242434AbiDYTOP (ORCPT ); Mon, 25 Apr 2022 15:14:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244903AbiDYTOG (ORCPT ); Mon, 25 Apr 2022 15:14:06 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B9A012C8CD for ; Mon, 25 Apr 2022 12:10:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B3955B81A28 for ; Mon, 25 Apr 2022 19:10:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6B103C385A4; Mon, 25 Apr 2022 19:10:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1650913855; bh=scpmqc85zznNruQHLKY6PbRnHqlDSQ6qvM/X+nAkVgU=; h=Date:To:From:Subject:From; b=wASdQZ0k4O3y31xgDU2pVqcJB79cf6LYEkhNwSV8mOM4BGeJhVAJJ5bj5Ljfz5629 X3okDovDtARQhDJkPR5HXRxIpKh2meftN9Qa2LsH+TtXcNnQhEvZZltL7hWakew8dg uvYaSd+1pgdWO/0BsAKENCBMEIXoz8BbP94m1DzE= Date: Mon, 25 Apr 2022 12:10:54 -0700 To: mm-commits@vger.kernel.org, ying.huang@intel.com, songmuchun@bytedance.com, naoya.horiguchi@nec.com, mike.kravetz@oracle.com, mgorman@techsingularity.net, hch@lst.de, dhowells@redhat.com, david@redhat.com, cl@linux.com, linmiaohe@huawei.com, akpm@linux-foundation.org From: Andrew Morton Subject: + mm-migration-fix-potential-pte_unmap-on-an-not-mapped-pte.patch added to -mm tree Message-Id: <20220425191055.6B103C385A4@smtp.kernel.org> Precedence: bulk Reply-To: linux-kernel@vger.kernel.org List-ID: X-Mailing-List: mm-commits@vger.kernel.org The patch titled Subject: mm/migration: fix potential pte_unmap on an not mapped pte has been added to the -mm tree. Its filename is mm-migration-fix-potential-pte_unmap-on-an-not-mapped-pte.patch This patch should soon appear at https://ozlabs.org/~akpm/mmots/broken-out/mm-migration-fix-potential-pte_unmap-on-an-not-mapped-pte.patch and later at https://ozlabs.org/~akpm/mmotm/broken-out/mm-migration-fix-potential-pte_unmap-on-an-not-mapped-pte.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Miaohe Lin Subject: mm/migration: fix potential pte_unmap on an not mapped pte __migration_entry_wait and migration_entry_wait_on_locked assume pte is always mapped from caller. But this is not the case when it's called from migration_entry_wait_huge and follow_huge_pmd. Add a hugetlbfs variant that calls hugetlb_migration_entry_wait(ptep == NULL) to fix this issue. Link: https://lkml.kernel.org/r/20220425132723.34824-5-linmiaohe@huawei.com Fixes: 30dad30922cc ("mm: migration: add migrate_entry_wait_huge()") Signed-off-by: Miaohe Lin Suggested-by: David Hildenbrand Cc: Christoph Hellwig Cc: Christoph Lameter Cc: David Howells Cc: Huang Ying Cc: Mike Kravetz Cc: Muchun Song Cc: Naoya Horiguchi Cc: Mel Gorman Signed-off-by: Andrew Morton --- include/linux/swapops.h | 12 ++++++++---- mm/hugetlb.c | 4 ++-- mm/migrate.c | 23 +++++++++++++++++++---- 3 files changed, 29 insertions(+), 10 deletions(-) --- a/include/linux/swapops.h~mm-migration-fix-potential-pte_unmap-on-an-not-mapped-pte +++ a/include/linux/swapops.h @@ -244,8 +244,10 @@ extern void __migration_entry_wait(struc spinlock_t *ptl); extern void migration_entry_wait(struct mm_struct *mm, pmd_t *pmd, unsigned long address); -extern void migration_entry_wait_huge(struct vm_area_struct *vma, - struct mm_struct *mm, pte_t *pte); +#ifdef CONFIG_HUGETLB_PAGE +extern void __migration_entry_wait_huge(pte_t *ptep, spinlock_t *ptl); +extern void migration_entry_wait_huge(struct vm_area_struct *vma, pte_t *pte); +#endif #else static inline swp_entry_t make_readable_migration_entry(pgoff_t offset) { @@ -271,8 +273,10 @@ static inline void __migration_entry_wai spinlock_t *ptl) { } static inline void migration_entry_wait(struct mm_struct *mm, pmd_t *pmd, unsigned long address) { } -static inline void migration_entry_wait_huge(struct vm_area_struct *vma, - struct mm_struct *mm, pte_t *pte) { } +#ifdef CONFIG_HUGETLB_PAGE +static inline void __migration_entry_wait_huge(pte_t *ptep, spinlock_t *ptl) { } +static inline void migration_entry_wait_huge(struct vm_area_struct *vma, pte_t *pte) { } +#endif static inline int is_writable_migration_entry(swp_entry_t entry) { return 0; --- a/mm/hugetlb.c~mm-migration-fix-potential-pte_unmap-on-an-not-mapped-pte +++ a/mm/hugetlb.c @@ -5681,7 +5681,7 @@ vm_fault_t hugetlb_fault(struct mm_struc */ entry = huge_ptep_get(ptep); if (unlikely(is_hugetlb_entry_migration(entry))) { - migration_entry_wait_huge(vma, mm, ptep); + migration_entry_wait_huge(vma, ptep); return 0; } else if (unlikely(is_hugetlb_entry_hwpoisoned(entry))) return VM_FAULT_HWPOISON_LARGE | @@ -6899,7 +6899,7 @@ retry: } else { if (is_hugetlb_entry_migration(pte)) { spin_unlock(ptl); - __migration_entry_wait(mm, (pte_t *)pmd, ptl); + __migration_entry_wait_huge((pte_t *)pmd, ptl); goto retry; } /* --- a/mm/migrate.c~mm-migration-fix-potential-pte_unmap-on-an-not-mapped-pte +++ a/mm/migrate.c @@ -315,12 +315,27 @@ void migration_entry_wait(struct mm_stru __migration_entry_wait(mm, ptep, ptl); } -void migration_entry_wait_huge(struct vm_area_struct *vma, - struct mm_struct *mm, pte_t *pte) +#ifdef CONFIG_HUGETLB_PAGE +void __migration_entry_wait_huge(pte_t *ptep, spinlock_t *ptl) { - spinlock_t *ptl = huge_pte_lockptr(hstate_vma(vma), mm, pte); - __migration_entry_wait(mm, pte, ptl); + pte_t pte; + + spin_lock(ptl); + pte = huge_ptep_get(ptep); + + if (unlikely(!is_hugetlb_entry_migration(pte))) + spin_unlock(ptl); + else + migration_entry_wait_on_locked(pte_to_swp_entry(pte), NULL, ptl); +} + +void migration_entry_wait_huge(struct vm_area_struct *vma, pte_t *pte) +{ + spinlock_t *ptl = huge_pte_lockptr(hstate_vma(vma), vma->vm_mm, pte); + + __migration_entry_wait_huge(pte, ptl); } +#endif #ifdef CONFIG_ARCH_ENABLE_THP_MIGRATION void pmd_migration_entry_wait(struct mm_struct *mm, pmd_t *pmd) _ Patches currently in -mm which might be from linmiaohe@huawei.com are mm-shmem-make-shmem_init-return-void.patch mm-memcg-remove-unneeded-nr_scanned.patch mm-mmapc-use-helper-mlock_future_check.patch mm-mremap-use-helper-mlock_future_check.patch mm-mremap-avoid-unneeded-do_munmap-call.patch mm-memory-failurec-minor-cleanup-for-hwpoisonhandlable.patch mm-memory-failurec-dissolve-truncated-hugetlb-page.patch mm-vmscan-remove-obsolete-comment-in-get_scan_count.patch mm-vmscan-fix-comment-for-current_may_throttle.patch mm-vmscan-fix-comment-for-isolate_lru_pages.patch mm-z3fold-declare-z3fold_mount-with-__init.patch mm-z3fold-remove-obsolete-comment-in-z3fold_alloc.patch mm-z3fold-minor-clean-up-for-z3fold_free.patch mm-z3fold-remove-unneeded-page_mapcount_reset-and-clearpageprivate.patch mm-z3fold-remove-confusing-local-variable-l-reassignment.patch mm-z3fold-move-decrement-of-pool-pages_nr-into-__release_z3fold_page.patch mm-z3fold-remove-redundant-list_del_init-of-zhdr-buddy-in-z3fold_free.patch mm-z3fold-remove-unneeded-page_headless-check-in-free_handle.patch mm-compaction-use-helper-isolation_suitable.patch drivers-base-nodec-fix-compaction-sysfs-file-leak.patch mm-mempolicy-clean-up-the-code-logic-in-queue_pages_pte_range.patch mm-migration-remove-unneeded-local-variable-mapping_locked.patch mm-migration-remove-unneeded-local-variable-page_lru.patch mm-migration-use-helper-function-vma_lookup-in-add_page_for_migration.patch mm-migration-use-helper-macro-min-in-do_pages_stat.patch mm-migration-avoid-unneeded-nodemask_t-initialization.patch mm-migration-remove-some-duplicated-codes-in-migrate_pages.patch mm-migration-fix-potential-page-refcounts-leak-in-migrate_pages.patch mm-migration-fix-potential-invalid-node-access-for-reclaim-based-migration.patch mm-migration-fix-possible-do_pages_stat_array-racing-with-memory-offline.patch mm-madvise-fix-potential-pte_unmap_unlock-pte-error.patch mm-madvise-free-hwpoison-and-swapin-error-entry-in-madvise_free_pte_range.patch mm-compaction-remove-unneeded-return-value-of-kcompactd_run.patch mm-compaction-remove-unneeded-pfn-update.patch mm-compaction-remove-unneeded-assignment-to-isolate_start_pfn.patch mm-compaction-clean-up-comment-for-sched-contention.patch mm-compaction-clean-up-comment-about-suitable-migration-target-recheck.patch mm-compaction-use-compact_cluster_max-in-compactionc.patch mm-compaction-use-helper-compound_nr-in-isolate_migratepages_block.patch mm-compaction-clean-up-comment-about-async-compaction-in-isolate_migratepages.patch mm-compaction-avoid-possible-null-pointer-dereference-in-kcompactd_cpu_online.patch mm-compaction-make-compaction_zonelist_suitable-return-false-when-compact_success.patch mm-compaction-simplify-the-code-in-__compact_finished.patch mm-compaction-make-sure-highest-is-above-the-min_pfn.patch mm-swapfile-unuse_pte-can-map-random-data-if-swap-read-fails.patch mm-swapfile-fix-lost-swap-bits-in-unuse_pte.patch mm-migration-reduce-the-rcu-lock-duration.patch mm-migration-remove-unneeded-lock-page-and-pagemovable-check.patch mm-migration-return-errno-when-isolate_huge_page-failed.patch mm-migration-fix-potential-pte_unmap-on-an-not-mapped-pte.patch