From patchwork Sat May 19 01:35:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 10412467 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7364E6037D for ; Sat, 19 May 2018 01:45:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6A60428B11 for ; Sat, 19 May 2018 01:45:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5ED14289AB; Sat, 19 May 2018 01:45:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C7E6928926 for ; Sat, 19 May 2018 01:45:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9C0356B06AD; Fri, 18 May 2018 21:45:07 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 9712F6B06AE; Fri, 18 May 2018 21:45:07 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 887186B06AF; Fri, 18 May 2018 21:45:07 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf0-f200.google.com (mail-pf0-f200.google.com [209.85.192.200]) by kanga.kvack.org (Postfix) with ESMTP id 494FE6B06AD for ; Fri, 18 May 2018 21:45:07 -0400 (EDT) Received: by mail-pf0-f200.google.com with SMTP id s3-v6so5742934pfh.0 for ; Fri, 18 May 2018 18:45:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:subject:from :to:cc:date:message-id:in-reply-to:references:user-agent :mime-version:content-transfer-encoding; bh=BOEWCDcx29dMve2Er22wXH+1auRr2ah94T+SmJQwBts=; b=Km8bsRBsyqmLjxE3hnmlWYqtlz5S+z9pakCU39bDqaJdzmIDPL9awnazWQevAkHdnd zPOirWEyDf6yoN5S74g3gKPjLuGJSUH6ausfjXMFRmry0mNDiR2xJitbx2FkQpitVmAc Q+FVipGdT8+FPDJwkvQmWAh+YskQ0PuSlP9kC5jz6CDhLbEsAyKbr9TIa8pm1qIqoY/0 zAJ/AwkvyUK9z+IUOY7CaILjcSGxxHwZ1SI6i1YJ1g9LGYntzQXMp9CHwnj00OVQfRXA zmAgQ2uoO1+cbSq9aZdUJhHKiSNsLxxPEkOBRXfH1bpVXzWYQ6XhL8VUrRd6hMcSyZuY j/Zw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of dan.j.williams@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=dan.j.williams@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ALKqPwfh834BqO1lOkcaogML9T8LTX6pW24IwjTvvT2IkJmXzuZJtVw5 Qp1AaybYbSJFAu7l6n6NeeRlwaBBQrXwTw5AvnJN6QnYsVf1JC4K976W/K6tt7hhgHHe+kuRL7C qVuXHDs666U1Ar/9zlc0qKTTKZIFoklXPzqd/yLt+WDACEY46GB8v3ra1Ic2KPiKh1g== X-Received: by 2002:a17:902:8f84:: with SMTP id z4-v6mr11941734plo.194.1526694306996; Fri, 18 May 2018 18:45:06 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqvuxgc78rvrcz7bIjY5h2UOvnGfs8Md/PWEpmy+UpPmUfySp3buwPxYJ9QMoXMVrZ2Fwg4 X-Received: by 2002:a17:902:8f84:: with SMTP id z4-v6mr11941680plo.194.1526694305683; Fri, 18 May 2018 18:45:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526694305; cv=none; d=google.com; s=arc-20160816; b=aTbGZabLz4OAl2yttb1vWYcKu6ylekQXugWwybHYv6txFGLPU+JYx6lwdTrDdGoZgk oAIir2dUzT7wRYcv5oEf08bfA21vq/6r1New1JauG74Q70VXwBZ0vehv8PzDksV6Shmt 2z9WiXe6eRGYgTWcaxPOURP7N8SmTDHyK3v4bbNgEviRH0bg7D8k2oJ+0G50sY5fuRRU +4m2V1iDmKlLynOmjH15/CNTLRp5tu8PKRaXKtGKCBOUbXSShtT8LPf3NusMTvI6EZH2 MbWLKmxyJtT/6L2h5/wJbw46ROvNn2m8fv4llDUqNVMR+QtWngXEvGFIZRT2Iobr7b67 gQMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject :arc-authentication-results; bh=BOEWCDcx29dMve2Er22wXH+1auRr2ah94T+SmJQwBts=; b=noNQi10/2mniu5cVMPk4CyKef5caKAr4t9zr5uRKR+4F9BX1m2pRYg+sVqWzu9zf3N /GQ5Gh+EMtXlbOhdmIxO/+zjiKIbNHObeNlG++glpXLQ1l/eoCxastyRa0iVtHTYiNa8 yxPzZV9zPROMrUZxwJX0H0XXWYqmVWct+O+uF+O2Kqj3tN+zBslHgNHk+aZpI8QJ2MTC 72nvCMdBP0JLa0gVU22Ld6zjMTZ/kAypogSO6x6SNdr/i/iCW1m44t1cRTb9Tjaed0Nl G2BcEuxHAcLUMxNdhCe/qBVrFkIyF/xVsBhcRuFlxZFA2RAkZH4SnLgkqo5jE9Gfc6/2 3Y7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of dan.j.williams@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=dan.j.williams@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga18.intel.com (mga18.intel.com. [134.134.136.126]) by mx.google.com with ESMTPS id n11-v6si8167846plp.221.2018.05.18.18.45.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 May 2018 18:45:05 -0700 (PDT) Received-SPF: pass (google.com: domain of dan.j.williams@intel.com designates 134.134.136.126 as permitted sender) client-ip=134.134.136.126; Authentication-Results: mx.google.com; spf=pass (google.com: domain of dan.j.williams@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=dan.j.williams@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 May 2018 18:45:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,417,1520924400"; d="scan'208";a="225492164" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by orsmga005.jf.intel.com with ESMTP; 18 May 2018 18:45:05 -0700 Subject: [PATCH v11 3/7] mm: fix __gup_device_huge vs unmap From: Dan Williams To: linux-nvdimm@lists.01.org Cc: stable@vger.kernel.org, Jan Kara , Jan Kara , david@fromorbit.com, hch@lst.de, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Date: Fri, 18 May 2018 18:35:08 -0700 Message-ID: <152669370864.34337.13815113039455146564.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: <152669369110.34337.14271778212195820353.stgit@dwillia2-desk3.amr.corp.intel.com> References: <152669369110.34337.14271778212195820353.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-2-gc94f MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP get_user_pages_fast() for device pages is missing the typical validation that all page references have been taken while the mapping was valid. Without this validation truncate operations can not reliably coordinate against new page reference events like O_DIRECT. Cc: Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Reported-by: Jan Kara Reviewed-by: Jan Kara Signed-off-by: Dan Williams --- mm/gup.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/mm/gup.c b/mm/gup.c index 76af4cfeaf68..84dd2063ca3d 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -1456,32 +1456,48 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr, return 1; } -static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr, +static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { unsigned long fault_pfn; + int nr_start = *nr; + + fault_pfn = pmd_pfn(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); + if (!__gup_device_huge(fault_pfn, addr, end, pages, nr)) + return 0; - fault_pfn = pmd_pfn(pmd) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); - return __gup_device_huge(fault_pfn, addr, end, pages, nr); + if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) { + undo_dev_pagemap(nr, nr_start, pages); + return 0; + } + return 1; } -static int __gup_device_huge_pud(pud_t pud, unsigned long addr, +static int __gup_device_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { unsigned long fault_pfn; + int nr_start = *nr; + + fault_pfn = pud_pfn(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT); + if (!__gup_device_huge(fault_pfn, addr, end, pages, nr)) + return 0; - fault_pfn = pud_pfn(pud) + ((addr & ~PUD_MASK) >> PAGE_SHIFT); - return __gup_device_huge(fault_pfn, addr, end, pages, nr); + if (unlikely(pud_val(orig) != pud_val(*pudp))) { + undo_dev_pagemap(nr, nr_start, pages); + return 0; + } + return 1; } #else -static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr, +static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { BUILD_BUG(); return 0; } -static int __gup_device_huge_pud(pud_t pud, unsigned long addr, +static int __gup_device_huge_pud(pud_t pud, pud_t *pudp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { BUILD_BUG(); @@ -1499,7 +1515,7 @@ static int gup_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, return 0; if (pmd_devmap(orig)) - return __gup_device_huge_pmd(orig, addr, end, pages, nr); + return __gup_device_huge_pmd(orig, pmdp, addr, end, pages, nr); refs = 0; page = pmd_page(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); @@ -1537,7 +1553,7 @@ static int gup_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr, return 0; if (pud_devmap(orig)) - return __gup_device_huge_pud(orig, addr, end, pages, nr); + return __gup_device_huge_pud(orig, pudp, addr, end, pages, nr); refs = 0; page = pud_page(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);