From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A409C7115B for ; Thu, 19 Jun 2025 13:53:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9D5FD6B007B; Thu, 19 Jun 2025 09:53:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9875D6B0088; Thu, 19 Jun 2025 09:53:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8755B6B0089; Thu, 19 Jun 2025 09:53:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 7847C6B007B for ; Thu, 19 Jun 2025 09:53:40 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 2699457990 for ; Thu, 19 Jun 2025 13:53:40 +0000 (UTC) X-FDA: 83572293000.02.A7DFB26 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf30.hostedemail.com (Postfix) with ESMTP id EDF6280003 for ; Thu, 19 Jun 2025 13:53:37 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=RSqSqFOS; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=3Hd89UBV; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=wWKpEPUM; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=bMvxdIDi; spf=pass (imf30.hostedemail.com: domain of osalvador@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=osalvador@suse.de; dmarc=pass (policy=none) header.from=suse.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750341218; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QU7KKbijEzMms4D6GVjWRBs1rODRU8wDUnBXbCMlc1M=; b=SE22BQoKXZkfsBaKZ3hevcyZ8oduYiQvh3bRYNjGhsLnSDrZWgn2cy9LcK7+s50xapJPFI KsSg+1xH+JL6w5jhMuPyNukKT8JEmVrUFrv/N5MCAYBJJjt+LP80vTWPKBefo0WEZtnBH+ wRsts3UZuQ7bij/84HJYcwfGawxIcDc= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=RSqSqFOS; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=3Hd89UBV; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=wWKpEPUM; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=bMvxdIDi; spf=pass (imf30.hostedemail.com: domain of osalvador@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=osalvador@suse.de; dmarc=pass (policy=none) header.from=suse.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750341218; a=rsa-sha256; cv=none; b=xqwHO2hPgzD9wVW9CXejOoBPXZD7KdxtwEyJGRBuMiWL0oJlNqFKZNP1G1kPrYGWWGF/Jd 83uy59GI5izzCJ3mZM/Ut5SFmMf0ZxdAHFksgurKeQeT4nT9OXhKm5VBLTTYcgjGDJU+ci x4t/n68P17H+cJ06/dH1ek7gjChY9jU= Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 5CD8621237; Thu, 19 Jun 2025 13:53:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1750341216; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QU7KKbijEzMms4D6GVjWRBs1rODRU8wDUnBXbCMlc1M=; b=RSqSqFOSb61pa+atB+JGsI4s3YT7tpSSUWHjK+mmD2uKZpbuLBYxvvQGbpGoMVPZ5N+2QO H0DX9LXFUQwbZ024HOeFuhVwoyFoMuygwi2zPXF7rScG81WlideRdAHKeNm/QGZylENZG9 jv/KReXJ3G/3AM7ia4aCjB7QuQbDGuk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1750341216; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QU7KKbijEzMms4D6GVjWRBs1rODRU8wDUnBXbCMlc1M=; b=3Hd89UBVMfXSGIfBkjVao4/l/Y2SRVh/gbHiIT0yGygTQKgWg8F3FKUtodIuMj4MkAxgAC MfpbRwgS0ITmfZBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1750341215; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QU7KKbijEzMms4D6GVjWRBs1rODRU8wDUnBXbCMlc1M=; b=wWKpEPUMNJIbUkg5YNnUMXzmAQ/wlFza3xofQIZ8M4cgSbkpIFVo78B884nst/vrzWEldi irx4vmdRTsNv69nFP/NnCbQNSD2XlCS1i8soxM6gAeXcg6RZIHu09+YVNpMmd87ew0i0qP 7cu8xjW9XGKVBFkzV7HK4O/mvE+Iq0w= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1750341215; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QU7KKbijEzMms4D6GVjWRBs1rODRU8wDUnBXbCMlc1M=; b=bMvxdIDiNxzMpKzcscns5t4kbU1NiSeUAxIIwr/FaNem4/kDno+OwtPSBko4hfJ2AeW2wo LARfFQQu2t9PNMBA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id B7674136CC; Thu, 19 Jun 2025 13:53:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id k5idKF4WVGjMFwAAD6G6ig (envelope-from ); Thu, 19 Jun 2025 13:53:34 +0000 Date: Thu, 19 Jun 2025 15:53:28 +0200 From: Oscar Salvador To: Vivek Kasireddy Cc: dri-devel@lists.freedesktop.org, linux-mm@kvack.org, syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com, Steve Sistare , Muchun Song , David Hildenbrand , Andrew Morton Subject: Re: [PATCH] mm/hugetlb: Don't crash when allocating a folio if there are no resv Message-ID: References: <20250618052840.1036164-1-vivek.kasireddy@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250618052840.1036164-1-vivek.kasireddy@intel.com> X-Rspamd-Action: no action X-Rspamd-Queue-Id: EDF6280003 X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: hyz4nehunh7h9k7q5jduhq4t1jh3srep X-HE-Tag: 1750341217-374546 X-HE-Meta: U2FsdGVkX1/5qwAiVB7eZrinnqDPtC7TxY9XURETh9zU+tpwJn5g4AmjVvM069+AEm48RtpjnmEFr44Uh8Iv3D28k0DB7UFF7yzq87Vi56AZr2WASGWdmTzbVVsNGrlWyjdupgvD5I8cVNXAWSD4VghAuXTwqwosmps+so8B+tEzgyDFJ8fuKepdZqPr/bYi2EyTGscTG+KI/boaSuAqRg7qNhtFNf3RYmR8B44kj1AKBV2yc4xSU/z3s01Zwwe34TtqZXOmxiI0e9CjVUh3kmNGO1uYlc1sa0Bjx8donOfwuA9LmUNWPnsDHv/9/oH1nmocIHIPkRHVCvTDCKvTMhGy0B4LB9O2FgQrxhgmRq91xIR/FKb5ZqdqhLRIu4sRMSANKwkqA68RTmndDMv7oeOv/gQpLRRTH51UMRLyeqXS4DXZWlDa7FA2k8+kOVSCo0UFzboY/F2ElG+xKAv0FwEu0ivzDzbT1R3rUJxyh+oUZCIRICsJyQhEUt8susnYDXiQEl8UK3dd9ON3WlsuwAuv3kHQvqYHtNm+JlEUR7EgIdYQevhrYBUHJ1ExfVOpBAFdm0vIhptK3HUvP2siLi9GOj2hrJC03NzpzjylnqzijQ/jJFkfqyeV8KjDCnAWjlaYvwhr4rFAfYxy2O6SCEZt5P1/5VjoBGwQKM7BcVI9Rba+1IdWAVRkxxkzwM7DNkfGM2NTMQkvdbifKRovNPpe+tyWtvLslcJzgqSD/Am5xuQ6W2lFaNG0eFHy1J56jZqntZoM1bSySmh/4zxu8U0qoH4EwqqSIgFA3ScnYlWxSQhgdDRFNZhfU7q5Xrhok/b/QZ/ruv9YeclckOImHTOSUV9BCElGWf02SR7Q0vFUALDmCCaJeDYnekqQyIbgbU3JhzhSFkdodQC6Gc9Sa1TLLE2oWgWUj9Vp9bTiSWY/7IsQab2NCr7m3F4n9Vcc86+UaV5n7BNx/V+AVyB 64nTBKHO S+Q6wOL4ddQuvHtc/qRQIv80Nfc74k43Uz3upo+Dj5ctt8fLifPcmlmqLT+heHKWX7u6wpCUIN9RCMMU61fBunluqP4cmC3SbOZAnIVXpkLpPu1wl2w5a1K3NmihG3usXwKbbE9immIQcLIol77SupEOHkDwKR95Y+NKzqEOibFjGxvWdpln7HYusOMOM/EYNLtW3Jv9hnCewakf5W9A4yMn/xxboFEBZf1z5Bvo9RN4axbIUqOU8ztdCFhyd9cX7bLyrdi0d0MVDzEkdIXg8sH5ND7IFswptZYIuoP4skXlJCsIO6uLiiO0p9ihf+ijpuZK/Z79E+LFk7aBKZpAgtmq+P/1N7AQz7JpDSXwfwi3i3Nir9jSudx+kzRue1etVTUGslWLhkUEyQ/x1zxLhTfQinpNm8BGlLOBVWnZzU78LUapU4bcv3Y7+hOeh4APWkicTqSgIVn9IQno9URlFZwgfZBKwKb+tUwh6vj8pfOZGjhqBqp/+7V8RfsGA8UHRVaibGUDS+SzVFVwL/FQbnBP8VGN7JDoF6huM1p+hZTaHRwD0Ucc/zTW9pbYhgajto4eWqs4jLG6q8aoS8AYFDkPB4UYf8x+P5k8O X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jun 17, 2025 at 10:28:40PM -0700, Vivek Kasireddy wrote: > There are cases when we try to pin a folio but discover that it has > not been faulted-in. So, we try to allocate it in memfd_alloc_folio() > but there is a chance that we might encounter a fatal crash/failure > (VM_BUG_ON(!h->resv_huge_pages) in alloc_hugetlb_folio_reserve()) if > there are no active reservations at that instant. This issue was > reported by syzbot: > > kernel BUG at mm/hugetlb.c:2403! > Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI > CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted > 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS > 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 > RIP: 0010:alloc_hugetlb_folio_reserve+0xbc/0xc0 mm/hugetlb.c:2403 > Code: 1f eb 05 e8 56 18 a0 ff 48 c7 c7 40 56 61 8e e8 ba 21 cc 09 4c 89 > f0 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 35 18 a0 ff 90 <0f> 0b 66 > 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f > RSP: 0018:ffffc9000d3d77f8 EFLAGS: 00010087 > RAX: ffffffff81ff6beb RBX: 0000000000000000 RCX: 0000000000100000 > RDX: ffffc9000e51a000 RSI: 00000000000003ec RDI: 00000000000003ed > RBP: 1ffffffff34810d9 R08: ffffffff81ff6ba3 R09: 1ffffd4000093005 > R10: dffffc0000000000 R11: fffff94000093006 R12: dffffc0000000000 > R13: dffffc0000000000 R14: ffffea0000498000 R15: ffffffff9a4086c8 > FS: 00007f77ac12e6c0(0000) GS:ffff88801fc00000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f77ab54b170 CR3: 0000000040b70000 CR4: 0000000000352ef0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > > memfd_alloc_folio+0x1bd/0x370 mm/memfd.c:88 > memfd_pin_folios+0xf10/0x1570 mm/gup.c:3750 > udmabuf_pin_folios drivers/dma-buf/udmabuf.c:346 [inline] > udmabuf_create+0x70e/0x10c0 drivers/dma-buf/udmabuf.c:443 > udmabuf_ioctl_create drivers/dma-buf/udmabuf.c:495 [inline] > udmabuf_ioctl+0x301/0x4e0 drivers/dma-buf/udmabuf.c:526 > vfs_ioctl fs/ioctl.c:51 [inline] > __do_sys_ioctl fs/ioctl.c:906 [inline] > __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > Therefore, prevent the above crash by replacing the VM_BUG_ON() > with WARN_ON_ONCE() as there is no need to crash the system in > this situation and instead we could just warn and fail the > allocation. > > Fixes: 26a8ea80929c ("mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak") > Reported-by: syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=a504cb5bae4fe117ba94 > Cc: Steve Sistare > Cc: Muchun Song > Cc: David Hildenbrand > Cc: Andrew Morton > Signed-off-by: Vivek Kasireddy Who is supossed to reserve these hugepages? hugetlb_reserve_pages() is only called at mmap/file setup, and you mention that you try to allocate the folios even before mmap, so who's in charge of making those reservations for you? -- Oscar Salvador SUSE Labs