From: Andrew Morton <akpm@linux-foundation.org>
To: Mike Kravetz <mike.kravetz@oracle.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org,
Matthew Wilcox <willy@infradead.org>,
Ackerley Tng <ackerleytng@google.com>,
Sidhartha Kumar <sidhartha.kumar@oracle.com>,
Muchun Song <songmuchun@bytedance.com>,
vannapurve@google.com, erdemaktas@google.com
Subject: Re: [PATCH 1/1] page cache: fix page_cache_next/prev_miss off by one
Date: Fri, 2 Jun 2023 17:59:20 -0700 [thread overview]
Message-ID: <20230602175920.4891c718afd2b20b7cd620cb@linux-foundation.org> (raw)
In-Reply-To: <20230602225747.103865-2-mike.kravetz@oracle.com>
On Fri, 2 Jun 2023 15:57:47 -0700 Mike Kravetz <mike.kravetz@oracle.com> wrote:
> Ackerley Tng reported an issue with hugetlbfs fallocate here[1]. The
> issue showed up after the conversion of hugetlb page cache lookup code
> to use page_cache_next_miss.
So I'm assuming
Fixes: d0ce0e47b323 ("mm/hugetlb: convert hugetlb fault paths to use alloc_hugetlb_folio()")
?
> Code in hugetlb fallocate, userfaultfd
> and GUP is now using page_cache_next_miss to determine if a page is
> present the page cache. The following statement is used.
>
> present = page_cache_next_miss(mapping, index, 1) != index;
>
> There are two issues with page_cache_next_miss when used in this way.
> 1) If the passed value for index is equal to the 'wrap-around' value,
> the same index will always be returned. This wrap-around value is 0,
> so 0 will be returned even if page is present at index 0.
> 2) If there is no gap in the range passed, the last index in the range
> will be returned. When passed a range of 1 as above, the passed
> index value will be returned even if the page is present.
> The end result is the statement above will NEVER indicate a page is
> present in the cache, even if it is.
>
> As noted by Ackerley in [1], users can see this by hugetlb fallocate
> incorrectly returning EEXIST if pages are already present in the file.
> In addition, hugetlb pages will not be included in core dumps if they
> need to be brought in via GUP. userfaultfd UFFDIO_COPY also uses this
> code and will not notice pages already present in the cache. It may try
> to allocate a new page and potentially return ENOMEM as opposed to
> EEXIST.
>
> Both page_cache_next_miss and page_cache_prev_miss have similar issues.
> Fix by:
> - Check for index equal to 'wrap-around' value and do not exit early.
> - If no gap is found in range, return index outside range.
> - Update function description to say 'wrap-around' value could be
> returned if passed as index.
>
> [1] https://lore.kernel.org/linux-mm/cover.1683069252.git.ackerleytng@google.com/
>
next prev parent reply other threads:[~2023-06-03 0:59 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-02 22:57 [PATCH 0/1] RESEND fix page_cache_next/prev_miss off by one error Mike Kravetz
2023-06-02 22:57 ` [PATCH 1/1] page cache: fix page_cache_next/prev_miss off by one Mike Kravetz
2023-06-03 0:59 ` Andrew Morton [this message]
2023-06-03 2:24 ` Mike Kravetz
2023-06-05 17:26 ` Ackerley Tng
2023-06-06 22:41 ` Mike Kravetz
2023-06-06 23:35 ` Ackerley Tng
2023-06-03 0:55 ` [PATCH 0/1] RESEND fix page_cache_next/prev_miss off by one error Andrew Morton
2023-06-03 2:22 ` Mike Kravetz
-- strict thread matches above, loose matches on Subject: below --
2023-05-04 23:38 [PATCH 0/1] " Mike Kravetz
2023-05-04 23:38 ` [PATCH 1/1] page cache: fix page_cache_next/prev_miss off by one Mike Kravetz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230602175920.4891c718afd2b20b7cd620cb@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=ackerleytng@google.com \
--cc=erdemaktas@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mike.kravetz@oracle.com \
--cc=sidhartha.kumar@oracle.com \
--cc=songmuchun@bytedance.com \
--cc=vannapurve@google.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.