From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 26B8BC433EF
	for <linux-mm@archiver.kernel.org>; Thu,  7 Jul 2022 00:43:09 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 90A5C6B0072; Wed,  6 Jul 2022 20:43:08 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8B9C46B0073; Wed,  6 Jul 2022 20:43:08 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 7A8D26B0074; Wed,  6 Jul 2022 20:43:08 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 695AF6B0072
	for <linux-mm@kvack.org>; Wed,  6 Jul 2022 20:43:08 -0400 (EDT)
Received: from smtpin31.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 370AC2075B
	for <linux-mm@kvack.org>; Thu,  7 Jul 2022 00:43:08 +0000 (UTC)
X-FDA: 79658454456.31.1666887
Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147])
	by imf15.hostedemail.com (Postfix) with ESMTP id B1668A0034
	for <linux-mm@kvack.org>; Thu,  7 Jul 2022 00:43:06 +0000 (UTC)
Received: from imladris.surriel.com ([96.67.55.152])
	by shelob.surriel.com with esmtpsa  (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
	(Exim 4.95)
	(envelope-from <riel@shelob.surriel.com>)
	id 1o9Fbd-000657-Ni;
	Wed, 06 Jul 2022 20:42:57 -0400
Message-ID: <cf744705857d80ac9c8c06cb08a334f43e51d0a9.camel@surriel.com>
Subject: Re: [PATCH] mm: fix page leak with multiple threads mapping the
 same page
From: Rik van Riel <riel@surriel.com>
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, Josef Bacik
	 <josef@toxicpanda.com>
Cc: linux-mm@kvack.org, akpm@linux-foundation.org, Matthew Wilcox
	 <willy@infradead.org>, Chris Mason <clm@fb.com>
Date: Wed, 06 Jul 2022 20:42:56 -0400
In-Reply-To: <20220706224657.3xbhbkflernezlxy@black.fi.intel.com>
References: 
	<2b798acfd95c9ab9395fe85e8d5a835e2e10a920.1657051137.git.josef@toxicpanda.com>
	 <20220706224657.3xbhbkflernezlxy@black.fi.intel.com>
Content-Type: multipart/signed; micalg="pgp-sha256";
	protocol="application/pgp-signature"; boundary="=-rpa0puOeFQn+/JoTf8pf"
User-Agent: Evolution 3.42.4 (3.42.4-1.fc35) 
MIME-Version: 1.0
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1657154586; a=rsa-sha256;
	cv=none;
	b=1D78gtRWvzhL42BvtmJc1MN2n4UzXwBKQUggCV/CiyvvR8y/73HaadDeIgCnck8L2G9Rgc
	rvMh5CIrRNmPZY+v67Oc3qcBzI4FtuK5PWmxfOwqf27lqyj8yscKJG62glL7fepwtIfGD4
	GKx9V4uXHtAiuPGPUGUKc2VPdsfk0Pg=
ARC-Authentication-Results: i=1;
	imf15.hostedemail.com;
	dkim=none;
	dmarc=none;
	spf=none (imf15.hostedemail.com: domain of riel@shelob.surriel.com has no SPF policy when checking 96.67.55.147) smtp.mailfrom=riel@shelob.surriel.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1657154586;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ffu0FmoMj55nrKvgCagaYCW/5o908TghrVn+6sjfB80=;
	b=MpZE0Hms+SuHr2Y3/bxCT7yn2r93ReCNzWrM9CgdgMzd7moodue6HZrfQlx135OsLZD/tS
	yhEXU9uVoCnOtYH5SuV1YLD2nCF8u6rmE5RlsimuBDPJL4an2WxQaeAPsgEQzEzCf0pyqP
	nVY8K/5EOhHoRa5b1lmQtdqpu0ggoD0=
X-Rspamd-Server: rspam04
X-Rspam-User: 
Authentication-Results: imf15.hostedemail.com;
	dkim=none;
	dmarc=none;
	spf=none (imf15.hostedemail.com: domain of riel@shelob.surriel.com has no SPF policy when checking 96.67.55.147) smtp.mailfrom=riel@shelob.surriel.com
X-Stat-Signature: ggrekk7g9adz7aqpzod8gatzyi7iazxi
X-Rspamd-Queue-Id: B1668A0034
X-HE-Tag: 1657154586-973324
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>


--=-rpa0puOeFQn+/JoTf8pf
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 2022-07-07 at 01:46 +0300, Kirill A. Shutemov wrote:
> On Tue, Jul 05, 2022 at 04:00:36PM -0400, Josef Bacik wrote:
> >=20
> > Fix this by returning VM_FAULT_NOPAGE in the
> > pmd_devmap_trans_unstable()
> > case, this makes us drop the ref on the page properly, and now my
> > reproducer no longer leaks the huge pages.
> >=20
> > Fixes: f9ce0be71d1f ("mm: Cleanup faultaround and finish_fault()
> > codepaths")
> > Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> > Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
> > Signed-off-by: Josef Bacik <josef@toxicpanda.com>
> > Signed-off-by: Rik van Riel <riel@surriel.com>
> > Signed-off-by: Chris Mason <clm@fb.com>
>=20
> Cc: stable@=C2=A0

Yes, it should.  How do we send a patch to stable@
after the start of the thread?


> > --- a/mm/memory.c
> > +++ b/mm/memory.c
> > @@ -4371,7 +4371,7 @@ vm_fault_t finish_fault(struct vm_fault *vmf)
> > =C2=A0
> > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0/* See comment in handl=
e_pte_fault() */
> > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if (pmd_devmap_trans_un=
stable(vmf->pmd))
> > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0return 0;
> > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0return VM_FAULT_NOPAGE;
>=20
> Comment update would be nice.
>=20
> Other instances of pmd_devmap_trans_unstable() return 0 in the fault
> path.
> Explanation would be helpful.
>=20
The explanation is that by the time we get to
finish_fault, we already have a reference on a
page, and we need to ensure that reference
gets released by the caller.

VM_FAULT_NOPAGE is one of the ways to indicate
that the page should be freed.

--=20
All Rights Reversed.

--=-rpa0puOeFQn+/JoTf8pf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEKR73pCCtJ5Xj3yADznnekoTE3oMFAmLGLBAACgkQznnekoTE
3oPCGgf/YPNwn0cjjtXDdyMDB6hG7aSwHJbs+pFrBsNRuoImkirzwejeWevdOGbC
rThRmhWI+AbbmTwKgifIFhOlKVjQ8nRgyuvrwewmCjJKhhbM+CdPVkn9z9zhL7LX
MusLHSXP0W+XCcMnjhzVrQCuGmGATMEUF72e6f4/bILs1AAWyDQGtjihVtyVHOLy
1hL4Gog3WCOwGG5B9ZECoP2eWAGmaeawa7dxSNPXonlRA2TI6uw697fYaNHn/06z
ZP6Q+b0yvJLJSUK7lPRxI+U18cr4QCJB1KNnOxFj1Z4Mcp3aodwkLGTGsGppxtoS
Pn/Bhh+lP6QnxP6oWxoPmubf/CrzuA==
=BNw2
-----END PGP SIGNATURE-----

--=-rpa0puOeFQn+/JoTf8pf--