From: David Hildenbrand <david@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
nvdimm@lists.linux.dev, David Hildenbrand <david@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Juergen Gross <jgross@suse.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>,
Dan Williams <dan.j.williams@intel.com>,
Alistair Popple <apopple@nvidia.com>,
Matthew Wilcox <willy@infradead.org>, Jan Kara <jack@suse.cz>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Zi Yan <ziy@nvidia.com>,
Baolin Wang <baolin.wang@linux.alibaba.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Nico Pache <npache@redhat.com>,
Ryan Roberts <ryan.roberts@arm.com>, Dev Jain <dev.jain@arm.com>,
Barry Song <baohua@kernel.org>, Vlastimil Babka <vbabka@suse.cz>,
Mike Rapoport <rppt@kernel.org>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>, Jann Horn <jannh@google.com>,
Pedro Falcato <pfalcato@suse.de>
Subject: [PATCH RFC 03/14] mm: compare pfns only if the entry is present when inserting pfns/pages
Date: Tue, 17 Jun 2025 17:43:34 +0200 [thread overview]
Message-ID: <20250617154345.2494405-4-david@redhat.com> (raw)
In-Reply-To: <20250617154345.2494405-1-david@redhat.com>
Doing a pte_pfn() etc. of something that is not a present page table
entry is wrong. Let's check in all relevant cases where we want to
upgrade write permissions when inserting pfns/pages whether the entry
is actually present.
It's not expected to have caused real harm in practice, so this is more a
cleanup than a fix for something that would likely trigger in some
weird circumstances.
At some point, we should likely unify the two pte handling paths,
similar to how we did it for pmds/puds.
Signed-off-by: David Hildenbrand <david@redhat.com>
---
mm/huge_memory.c | 4 ++--
mm/memory.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 8e0e3cfd9f223..e52360df87d15 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -1392,7 +1392,7 @@ static int insert_pmd(struct vm_area_struct *vma, unsigned long addr,
const unsigned long pfn = fop.is_folio ? folio_pfn(fop.folio) :
fop.pfn;
- if (write) {
+ if (write && pmd_present(*pmd)) {
if (pmd_pfn(*pmd) != pfn) {
WARN_ON_ONCE(!is_huge_zero_pmd(*pmd));
return -EEXIST;
@@ -1541,7 +1541,7 @@ static void insert_pud(struct vm_area_struct *vma, unsigned long addr,
const unsigned long pfn = fop.is_folio ? folio_pfn(fop.folio) :
fop.pfn;
- if (write) {
+ if (write && pud_present(*pud)) {
if (WARN_ON_ONCE(pud_pfn(*pud) != pfn))
return;
entry = pud_mkyoung(*pud);
diff --git a/mm/memory.c b/mm/memory.c
index a1b5575db52ac..9a1acd057ce59 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2137,7 +2137,7 @@ static int insert_page_into_pte_locked(struct vm_area_struct *vma, pte_t *pte,
pte_t pteval = ptep_get(pte);
if (!pte_none(pteval)) {
- if (!mkwrite)
+ if (!mkwrite || !pte_present(pteval))
return -EBUSY;
/* see insert_pfn(). */
@@ -2434,7 +2434,7 @@ static vm_fault_t insert_pfn(struct vm_area_struct *vma, unsigned long addr,
return VM_FAULT_OOM;
entry = ptep_get(pte);
if (!pte_none(entry)) {
- if (mkwrite) {
+ if (mkwrite && pte_present(entry)) {
/*
* For read faults on private mappings the PFN passed
* in may not match the PFN we have mapped if the
--
2.49.0
next prev parent reply other threads:[~2025-06-17 15:43 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-17 15:43 [PATCH RFC 00/14] mm: vm_normal_page*() + CoW PFNMAP improvements David Hildenbrand
2025-06-17 15:43 ` [PATCH RFC 01/14] mm/memory: drop highest_memmap_pfn sanity check in vm_normal_page() David Hildenbrand
2025-06-20 12:50 ` Oscar Salvador
2025-06-23 14:04 ` David Hildenbrand
2025-06-25 7:54 ` Oscar Salvador
2025-07-03 12:34 ` Lance Yang
2025-07-03 12:39 ` David Hildenbrand
2025-07-03 14:44 ` Lance Yang
2025-07-04 12:40 ` David Hildenbrand
2025-07-07 6:31 ` Hugh Dickins
2025-07-07 13:19 ` David Hildenbrand
2025-07-08 2:52 ` Hugh Dickins
2025-07-11 15:30 ` David Hildenbrand
2025-07-11 18:49 ` Hugh Dickins
2025-07-11 18:57 ` David Hildenbrand
2025-06-25 7:55 ` Oscar Salvador
2025-07-03 14:50 ` Lance Yang
2025-06-17 15:43 ` [PATCH RFC 02/14] mm: drop highest_memmap_pfn David Hildenbrand
2025-06-20 13:04 ` Oscar Salvador
2025-06-20 18:11 ` Pedro Falcato
2025-06-17 15:43 ` David Hildenbrand [this message]
2025-06-20 13:27 ` [PATCH RFC 03/14] mm: compare pfns only if the entry is present when inserting pfns/pages Oscar Salvador
2025-06-23 19:22 ` David Hildenbrand
2025-06-20 18:24 ` Pedro Falcato
2025-06-23 19:19 ` David Hildenbrand
2025-06-17 15:43 ` [PATCH RFC 04/14] mm/huge_memory: move more common code into insert_pmd() David Hildenbrand
2025-06-20 14:12 ` Oscar Salvador
2025-07-07 2:48 ` Alistair Popple
2025-06-17 15:43 ` [PATCH RFC 05/14] mm/huge_memory: move more common code into insert_pud() David Hildenbrand
2025-06-20 14:15 ` Oscar Salvador
2025-07-07 2:51 ` Alistair Popple
2025-06-17 15:43 ` [PATCH RFC 06/14] mm/huge_memory: support huge zero folio in vmf_insert_folio_pmd() David Hildenbrand
2025-06-25 8:15 ` Oscar Salvador
2025-06-25 8:17 ` Oscar Salvador
2025-06-25 8:20 ` Oscar Salvador
2025-06-25 8:59 ` David Hildenbrand
2025-06-17 15:43 ` [PATCH RFC 07/14] fs/dax: use vmf_insert_folio_pmd() to insert the huge zero folio David Hildenbrand
2025-06-24 1:16 ` Alistair Popple
2025-06-25 9:03 ` David Hildenbrand
2025-07-04 13:22 ` David Hildenbrand
2025-07-07 11:50 ` Alistair Popple
2025-06-17 15:43 ` [PATCH RFC 08/14] mm/huge_memory: mark PMD mappings of the huge zero folio special David Hildenbrand
2025-06-25 8:32 ` Oscar Salvador
2025-07-14 12:41 ` David Hildenbrand
2025-06-17 15:43 ` [PATCH RFC 09/14] mm/memory: introduce is_huge_zero_pfn() and use it in vm_normal_page_pmd() David Hildenbrand
2025-06-25 8:37 ` Oscar Salvador
2025-06-17 15:43 ` [PATCH RFC 10/14] mm/memory: factor out common code from vm_normal_page_*() David Hildenbrand
2025-06-25 8:53 ` Oscar Salvador
2025-06-25 8:57 ` David Hildenbrand
2025-06-25 9:20 ` Oscar Salvador
2025-06-25 10:14 ` David Hildenbrand
2025-06-17 15:43 ` [PATCH RFC 11/14] mm: remove "horrible special case to handle copy-on-write behaviour" David Hildenbrand
2025-06-25 8:47 ` David Hildenbrand
2025-06-25 9:02 ` Oscar Salvador
2025-06-25 9:04 ` David Hildenbrand
2025-06-17 15:43 ` [PATCH RFC 12/14] mm: drop addr parameter from vm_normal_*_pmd() David Hildenbrand
2025-06-17 15:43 ` [PATCH RFC 13/14] mm: introduce and use vm_normal_page_pud() David Hildenbrand
2025-06-25 9:22 ` Oscar Salvador
2025-06-17 15:43 ` [PATCH RFC 14/14] mm: rename vm_ops->find_special_page() to vm_ops->find_normal_page() David Hildenbrand
2025-06-25 9:34 ` Oscar Salvador
2025-07-14 14:19 ` David Hildenbrand
2025-06-17 16:18 ` [PATCH RFC 00/14] mm: vm_normal_page*() + CoW PFNMAP improvements David Hildenbrand
2025-06-17 18:25 ` David Hildenbrand
2025-06-25 8:49 ` Lorenzo Stoakes
2025-06-25 8:55 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250617154345.2494405-4-david@redhat.com \
--to=david@redhat.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=apopple@nvidia.com \
--cc=baohua@kernel.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=brauner@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=dev.jain@arm.com \
--cc=jack@suse.cz \
--cc=jannh@google.com \
--cc=jgross@suse.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mhocko@suse.com \
--cc=npache@redhat.com \
--cc=nvdimm@lists.linux.dev \
--cc=oleksandr_tyshchenko@epam.com \
--cc=pfalcato@suse.de \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=sstabellini@kernel.org \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).