From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB8AAC8303A for ; Tue, 1 Jul 2025 14:15:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5AF4D6B009E; Tue, 1 Jul 2025 10:15:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 586C66B009F; Tue, 1 Jul 2025 10:15:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4C46C6B00A1; Tue, 1 Jul 2025 10:15:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 3D1E96B009E for ; Tue, 1 Jul 2025 10:15:50 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id C43FF59122 for ; Tue, 1 Jul 2025 14:15:49 +0000 (UTC) X-FDA: 83615894418.12.7459613 Received: from out-180.mta0.migadu.com (out-180.mta0.migadu.com [91.218.175.180]) by imf08.hostedemail.com (Postfix) with ESMTP id BA3D2160006 for ; Tue, 1 Jul 2025 14:15:47 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=rwerCEIA; spf=pass (imf08.hostedemail.com: domain of lance.yang@linux.dev designates 91.218.175.180 as permitted sender) smtp.mailfrom=lance.yang@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751379348; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CbwuurgTDZ+BaZBkyMf18Zq8IPSFXnHhnJxSaiCg6gM=; b=Z7XZiYHZuKL8dfd8k0K+tQmSAcJZdRPjBi87LKnoDtENF6E52fAxcXyPsfFg28zQddWpA1 T5+R6kS9H1eUwrZYtexCE8cMlePfEl3sDM7I7nQzmtzFbr9eQVaLlj1G/5P5h0gp2SUBej JJTL/1CULB8iuW19m8wUn+e90bCaPfM= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=rwerCEIA; spf=pass (imf08.hostedemail.com: domain of lance.yang@linux.dev designates 91.218.175.180 as permitted sender) smtp.mailfrom=lance.yang@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751379348; a=rsa-sha256; cv=none; b=RF4cNwotMukJ4cE7/Y80oEyKLy5oLD945Jjy/ZwXX7JshAH8RuHMrNPqs51mycdEIV7hrv LtVh2WCflhrKFubAAhTGxxOZgG9AZ1W0PTGPavqbkWtqrQ56dEgNcBzonby+9YMKGsnkZb EijVA0dPjDLL5ZZtzt4yjHGTctNm9KM= Message-ID: <0a96ce38-163e-4566-b666-b074bd82c75a@linux.dev> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1751379345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CbwuurgTDZ+BaZBkyMf18Zq8IPSFXnHhnJxSaiCg6gM=; b=rwerCEIAJb39fesv0EF8pOU/ob/YjbEMZ4v0sWNU2xHq0OxhcXljvBD2n5VH+/cKs1v5qS GEq/jLdRP4QJopKUgt18uPvXuzdrO+Gw3KUgU3FysEGlvfuCeVyGbBJd7yShJDeT+1GSXC 8ObslLOB3iUPbBIQR6Kfi8w4SylwS7k= Date: Tue, 1 Jul 2025 22:15:27 +0800 MIME-Version: 1.0 Subject: Re: [PATCH v3 1/1] mm/rmap: fix potential out-of-bounds page table access during batched unmap Content-Language: en-US To: David Hildenbrand , akpm@linux-foundation.org, 21cnbao@gmail.com Cc: baolin.wang@linux.alibaba.com, chrisl@kernel.org, kasong@tencent.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, lorenzo.stoakes@oracle.com, ryan.roberts@arm.com, v-songbaohua@oppo.com, x86@kernel.org, huang.ying.caritas@gmail.com, zhengtangquan@oppo.com, riel@surriel.com, Liam.Howlett@oracle.com, vbabka@suse.cz, harry.yoo@oracle.com, mingzhe.yang@ly.com, stable@vger.kernel.org, Barry Song , Lance Yang References: <20250630011305.23754-1-lance.yang@linux.dev> <330f29ee-ba55-4ae6-a695-ddaba58d5cb8@redhat.com> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Lance Yang In-Reply-To: <330f29ee-ba55-4ae6-a695-ddaba58d5cb8@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: BA3D2160006 X-Stat-Signature: 5d7ro3s6aqn56hwes6dz5hz8ie51p6jm X-Rspam-User: X-HE-Tag: 1751379347-695743 X-HE-Meta: U2FsdGVkX1/GFTfsuTD/5HMKPInVSFNBHz2L9ZFHq2AylAODuv7+UvwjpoJrFmMu8uNFaItZK0ES1lL/RXRZnPmUqWaiqbiiqrJGvIGawv23NVS2HJa4sY0REHOLnZkX3siXPGbwZo081RzbRRUVz9mHvglo0BeCKi6iRlMutBdJrbSEuvDKNowzDbEiaAsCxt/9sdYvOnguLTBouq62SIb3JmANXwqx0N2JgqlIj4vgTWqu3qIOrS+bLqm1I/jAu80CMO8yMUo1E3iG7NV9FZA9hN5uyGZ48M1gr3o0WldzdFx9rrMeNvGEBdeLtdgAN7nh6lI8f9DGjUSp1ewAIuBsxgqz8YzYbaWUuTNfSV3znqWUCI2MT/eG/WycpUF4i6wxaEt4RT1kJ1VBTCr9dxNslJt6NulJ2ZTCRVSf1t50avt3NRvI0KXTBf73fJe2Tr9qdmT6ylW1zCPT+3F7G3yaACzlpTwJUx2Ttn/Kcm+4sL+J37+Njm4XhMyj1tdZenKRkzuSUKY71qNlFbBhZSc7kYo5801yl7fuaXs7jVPFNsVe0xApPK+Hbm9wSyGKoVCijvTNiBor9NZIVOy17y9wJzaRYDulAXcouJ0oorwwiWXl4K5LfFP1eyreycrgBRn+5tCyThW8/84t5OB71fEjnJhV6UY+UeOi9GlKDgG4yUAWYNj1OLRlArMaEbZ+h9B+NV71GKf8CnbOXBHzdVqG8aXt8nSrkgWB7OKiIydsZRUhCRyQVgtarkUsTRHAhQeEmuHPDsSjhFNkjnQR4JTkoJNJ7RsBLxZs5hPf+ESMTeCzRbuWev8eyguNX8zF4RKFqnttRJkcWj0kf7quQ0SFGPnjWZ8Q8fBXgiIxpuyvXPJtDQQDzI4QtkukBCv+Q1GQzvXeyo5hbEq8izlPCSubUsnkokDmWoa/M0igfU+QqN/2bCXLZ/nUvsWo2BGhrggJB/JjDR8oOdc2Buh KisRMvWq l9eU+Q8hwzT6yv4L5x0f3tBTZIiP0S9GQVFtak1CzAwjG59kTsN9j2iaotJUoFq/6jgtKmXw6Ge4ZCtM3Hajz2RQcKT+Y86t2BK/LvDhEIYhEHXHIEe5f1/1OD8edc72kKn7IsyR0l/oVlctRUdfT6KpI3lz34BUfP97mA8XFL969qZU1Z2FsEkeLOWF7HTEdEUF/ggryRFhoyuCq4JtY5IJSq8LRXos1wxVrp6j3zuG5ExfLsOvkkrK/F905ixBJw8koV9akG+4qO02EWvIPBMYnRKUIQnBUOAvOhrX54OOdP6M6h3oao4SmGF2QGmoPFnWb87HBNwUcbIAWPHsenaTTEw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2025/7/1 22:03, David Hildenbrand wrote: > On 30.06.25 03:13, Lance Yang wrote: >> From: Lance Yang >> >> As pointed out by David[1], the batched unmap logic in try_to_unmap_one() >> may read past the end of a PTE table when a large folio's PTE mappings >> are not fully contained within a single page table. >> >> While this scenario might be rare, an issue triggerable from userspace >> must >> be fixed regardless of its likelihood. This patch fixes the out-of-bounds >> access by refactoring the logic into a new helper, >> folio_unmap_pte_batch(). >> >> The new helper correctly calculates the safe batch size by capping the >> scan >> at both the VMA and PMD boundaries. To simplify the code, it also >> supports >> partial batching (i.e., any number of pages from 1 up to the calculated >> safe maximum), as there is no strong reason to special-case for fully >> mapped folios. >> >> [1] https://lore.kernel.org/linux-mm/ >> a694398c-9f03-4737-81b9-7e49c857fcbe@redhat.com >> >> Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large >> folios during reclamation") >> Cc: >> Acked-by: Barry Song >> Suggested-by: David Hildenbrand > > Realized this now: This should probably be a "Reported-by:" with the > "Closes:" and and a link to my mail. Got it. Both tags (Reported-by/Closes) will be in the next commit ;)