stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page()
       [not found] <20230517022115.3033604-1-pcc@google.com>
@ 2023-05-17  2:21 ` Peter Collingbourne
  2023-05-17  3:40   ` Huang, Ying
                     ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Peter Collingbourne @ 2023-05-17  2:21 UTC (permalink / raw)
  To: Catalin Marinas
  Cc: Peter Collingbourne, Qun-wei Lin (林群崴),
	linux-arm-kernel, linux-mm, linux-kernel, surenb@google.com,
	david@redhat.com, Chinwen Chang (張錦文),
	kasan-dev@googlegroups.com,
	Kuan-Ying Lee (李冠穎),
	Casper Li (李中榮), gregkh@linuxfoundation.org,
	vincenzo.frascino, Alexandru Elisei, will, eugenis, Steven Price,
	stable

Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved
the call to swap_free() before the call to set_pte_at(), which meant that
the MTE tags could end up being freed before set_pte_at() had a chance
to restore them. Fix it by adding a call to the arch_swap_restore() hook
before the call to swap_free().

Signed-off-by: Peter Collingbourne <pcc@google.com>
Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965
Cc: <stable@vger.kernel.org> # 6.1
Fixes: c145e0b47c77 ("mm: streamline COW logic in do_swap_page()")
Reported-by: Qun-wei Lin (林群崴) <Qun-wei.Lin@mediatek.com>
Closes: https://lore.kernel.org/all/5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com/
---
v2:
- Call arch_swap_restore() directly instead of via arch_do_swap_page()

 mm/memory.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/mm/memory.c b/mm/memory.c
index f69fbc251198..fc25764016b3 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3932,6 +3932,13 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
 		}
 	}
 
+	/*
+	 * Some architectures may have to restore extra metadata to the page
+	 * when reading from swap. This metadata may be indexed by swap entry
+	 * so this must be called before swap_free().
+	 */
+	arch_swap_restore(entry, folio);
+
 	/*
 	 * Remove the swap entry and conditionally try to free up the swapcache.
 	 * We're already holding a reference on the page but haven't mapped it
-- 
2.40.1.606.ga4b1b128d6-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page()
  2023-05-17  2:21 ` [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page() Peter Collingbourne
@ 2023-05-17  3:40   ` Huang, Ying
  2023-05-17  8:37     ` David Hildenbrand
  2023-05-17 14:57   ` Steven Price
  2023-05-19 16:39   ` Catalin Marinas
  2 siblings, 1 reply; 5+ messages in thread
From: Huang, Ying @ 2023-05-17  3:40 UTC (permalink / raw)
  To: Peter Collingbourne
  Cc: Catalin Marinas, Qun-wei Lin (林群崴),
	linux-arm-kernel, linux-mm, linux-kernel, surenb@google.com,
	david@redhat.com, Chinwen Chang (張錦文),
	kasan-dev@googlegroups.com,
	Kuan-Ying Lee (李冠穎),
	Casper Li (李中榮), gregkh@linuxfoundation.org,
	vincenzo.frascino, Alexandru Elisei, will, eugenis, Steven Price,
	stable

Peter Collingbourne <pcc@google.com> writes:

> Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved
> the call to swap_free() before the call to set_pte_at(), which meant that
> the MTE tags could end up being freed before set_pte_at() had a chance
> to restore them. Fix it by adding a call to the arch_swap_restore() hook
> before the call to swap_free().
>
> Signed-off-by: Peter Collingbourne <pcc@google.com>
> Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965
> Cc: <stable@vger.kernel.org> # 6.1
> Fixes: c145e0b47c77 ("mm: streamline COW logic in do_swap_page()")
> Reported-by: Qun-wei Lin (林群崴) <Qun-wei.Lin@mediatek.com>
> Closes: https://lore.kernel.org/all/5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com/
> ---
> v2:
> - Call arch_swap_restore() directly instead of via arch_do_swap_page()
>
>  mm/memory.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/mm/memory.c b/mm/memory.c
> index f69fbc251198..fc25764016b3 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -3932,6 +3932,13 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
>  		}
>  	}
>  
> +	/*
> +	 * Some architectures may have to restore extra metadata to the page
> +	 * when reading from swap. This metadata may be indexed by swap entry
> +	 * so this must be called before swap_free().
> +	 */
> +	arch_swap_restore(entry, folio);
> +
>  	/*
>  	 * Remove the swap entry and conditionally try to free up the swapcache.
>  	 * We're already holding a reference on the page but haven't mapped it

Should you add

Suggested-by: David Hildenbrand <david@redhat.com>

for 1/3 and 2/3.

It looks good for me for swap code related part.  Feel free to add

Acked-by: "Huang, Ying" <ying.huang@intel.com>

to 1/3 and 2/3.

Best Regards,
Huang, Ying

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page()
  2023-05-17  3:40   ` Huang, Ying
@ 2023-05-17  8:37     ` David Hildenbrand
  0 siblings, 0 replies; 5+ messages in thread
From: David Hildenbrand @ 2023-05-17  8:37 UTC (permalink / raw)
  To: Huang, Ying, Peter Collingbourne
  Cc: Catalin Marinas, Qun-wei Lin (林群崴),
	linux-arm-kernel, linux-mm, linux-kernel, surenb@google.com,
	Chinwen Chang (張錦文),
	kasan-dev@googlegroups.com,
	Kuan-Ying Lee (李冠穎),
	Casper Li (李中榮), gregkh@linuxfoundation.org,
	vincenzo.frascino, Alexandru Elisei, will, eugenis, Steven Price,
	stable

On 17.05.23 05:40, Huang, Ying wrote:
> Peter Collingbourne <pcc@google.com> writes:
> 
>> Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved
>> the call to swap_free() before the call to set_pte_at(), which meant that
>> the MTE tags could end up being freed before set_pte_at() had a chance
>> to restore them. Fix it by adding a call to the arch_swap_restore() hook
>> before the call to swap_free().
>>
>> Signed-off-by: Peter Collingbourne <pcc@google.com>
>> Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965
>> Cc: <stable@vger.kernel.org> # 6.1
>> Fixes: c145e0b47c77 ("mm: streamline COW logic in do_swap_page()")
>> Reported-by: Qun-wei Lin (林群崴) <Qun-wei.Lin@mediatek.com>
>> Closes: https://lore.kernel.org/all/5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com/
>> ---
>> v2:
>> - Call arch_swap_restore() directly instead of via arch_do_swap_page()
>>
>>   mm/memory.c | 7 +++++++
>>   1 file changed, 7 insertions(+)
>>
>> diff --git a/mm/memory.c b/mm/memory.c
>> index f69fbc251198..fc25764016b3 100644
>> --- a/mm/memory.c
>> +++ b/mm/memory.c
>> @@ -3932,6 +3932,13 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
>>   		}
>>   	}
>>   
>> +	/*
>> +	 * Some architectures may have to restore extra metadata to the page
>> +	 * when reading from swap. This metadata may be indexed by swap entry
>> +	 * so this must be called before swap_free().
>> +	 */
>> +	arch_swap_restore(entry, folio);
>> +
>>   	/*
>>   	 * Remove the swap entry and conditionally try to free up the swapcache.
>>   	 * We're already holding a reference on the page but haven't mapped it
> 
> Should you add
> 
> Suggested-by: David Hildenbrand <david@redhat.com>
> 
> for 1/3 and 2/3.

For 1/3, I think I rather only explained the problem in the first patch 
and didn't really suggest this.

Acked-by: David Hildenbrand <david@redhat.com>

-- 
Thanks,

David / dhildenb


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page()
  2023-05-17  2:21 ` [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page() Peter Collingbourne
  2023-05-17  3:40   ` Huang, Ying
@ 2023-05-17 14:57   ` Steven Price
  2023-05-19 16:39   ` Catalin Marinas
  2 siblings, 0 replies; 5+ messages in thread
From: Steven Price @ 2023-05-17 14:57 UTC (permalink / raw)
  To: Peter Collingbourne, Catalin Marinas
  Cc: Qun-wei Lin (林群崴), linux-arm-kernel,
	linux-mm, linux-kernel, surenb@google.com, david@redhat.com,
	Chinwen Chang (張錦文),
	kasan-dev@googlegroups.com,
	Kuan-Ying Lee (李冠穎),
	Casper Li (李中榮), gregkh@linuxfoundation.org,
	vincenzo.frascino, Alexandru Elisei, will, eugenis, stable

On 17/05/2023 03:21, Peter Collingbourne wrote:
> Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved
> the call to swap_free() before the call to set_pte_at(), which meant that
> the MTE tags could end up being freed before set_pte_at() had a chance
> to restore them. Fix it by adding a call to the arch_swap_restore() hook
> before the call to swap_free().
> 
> Signed-off-by: Peter Collingbourne <pcc@google.com>
> Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965
> Cc: <stable@vger.kernel.org> # 6.1
> Fixes: c145e0b47c77 ("mm: streamline COW logic in do_swap_page()")
> Reported-by: Qun-wei Lin (林群崴) <Qun-wei.Lin@mediatek.com>
> Closes: https://lore.kernel.org/all/5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com/

Reviewed-by: Steven Price <steven.price@arm.com>

> ---
> v2:
> - Call arch_swap_restore() directly instead of via arch_do_swap_page()
> 
>  mm/memory.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/mm/memory.c b/mm/memory.c
> index f69fbc251198..fc25764016b3 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -3932,6 +3932,13 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
>  		}
>  	}
>  
> +	/*
> +	 * Some architectures may have to restore extra metadata to the page
> +	 * when reading from swap. This metadata may be indexed by swap entry
> +	 * so this must be called before swap_free().
> +	 */
> +	arch_swap_restore(entry, folio);
> +
>  	/*
>  	 * Remove the swap entry and conditionally try to free up the swapcache.
>  	 * We're already holding a reference on the page but haven't mapped it


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page()
  2023-05-17  2:21 ` [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page() Peter Collingbourne
  2023-05-17  3:40   ` Huang, Ying
  2023-05-17 14:57   ` Steven Price
@ 2023-05-19 16:39   ` Catalin Marinas
  2 siblings, 0 replies; 5+ messages in thread
From: Catalin Marinas @ 2023-05-19 16:39 UTC (permalink / raw)
  To: Peter Collingbourne
  Cc: Qun-wei Lin (林群崴), linux-arm-kernel,
	linux-mm, linux-kernel, surenb@google.com, david@redhat.com,
	Chinwen Chang (張錦文),
	kasan-dev@googlegroups.com,
	Kuan-Ying Lee (李冠穎),
	Casper Li (李中榮), gregkh@linuxfoundation.org,
	vincenzo.frascino, Alexandru Elisei, will, eugenis, Steven Price,
	stable

On Tue, May 16, 2023 at 07:21:11PM -0700, Peter Collingbourne wrote:
> Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved
> the call to swap_free() before the call to set_pte_at(), which meant that
> the MTE tags could end up being freed before set_pte_at() had a chance
> to restore them. Fix it by adding a call to the arch_swap_restore() hook
> before the call to swap_free().
> 
> Signed-off-by: Peter Collingbourne <pcc@google.com>
> Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965
> Cc: <stable@vger.kernel.org> # 6.1
> Fixes: c145e0b47c77 ("mm: streamline COW logic in do_swap_page()")
> Reported-by: Qun-wei Lin (林群崴) <Qun-wei.Lin@mediatek.com>
> Closes: https://lore.kernel.org/all/5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com/

Acked-by: Catalin Marinas <catalin.marinas@arm.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-05-19 16:39 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20230517022115.3033604-1-pcc@google.com>
2023-05-17  2:21 ` [PATCH v3 1/3] mm: Call arch_swap_restore() from do_swap_page() Peter Collingbourne
2023-05-17  3:40   ` Huang, Ying
2023-05-17  8:37     ` David Hildenbrand
2023-05-17 14:57   ` Steven Price
2023-05-19 16:39   ` Catalin Marinas

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).