From patchwork Tue Sep  3 14:25:18 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steven Sistare <steven.sistare@oracle.com>
X-Patchwork-Id: 13788799
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 34865CD343B
	for <linux-mm@archiver.kernel.org>; Tue,  3 Sep 2024 14:25:39 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id F3BD88D0186; Tue,  3 Sep 2024 10:25:37 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id EEB498D0151; Tue,  3 Sep 2024 10:25:37 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C93888D0188; Tue,  3 Sep 2024 10:25:37 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com
 [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 984C48D0186
	for <linux-mm@kvack.org>; Tue,  3 Sep 2024 10:25:37 -0400 (EDT)
Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id 59466A8508
	for <linux-mm@kvack.org>; Tue,  3 Sep 2024 14:25:37 +0000 (UTC)
X-FDA: 82523650314.13.0D43D90
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com
 [205.220.165.32])
	by imf21.hostedemail.com (Postfix) with ESMTP id 503CC1C001E
	for <linux-mm@kvack.org>; Tue,  3 Sep 2024 14:25:35 +0000 (UTC)
Authentication-Results: imf21.hostedemail.com;
	dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=g0u9W6SZ;
	spf=pass (imf21.hostedemail.com: domain of steven.sistare@oracle.com
 designates 205.220.165.32 as permitted sender)
 smtp.mailfrom=steven.sistare@oracle.com;
	dmarc=pass (policy=reject) header.from=oracle.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1725373511;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:content-type:
	 content-transfer-encoding:in-reply-to:in-reply-to:
	 references:references:dkim-signature;
	bh=L9Rm8iTKVva2a4OpJ7e5EjcvJ8aLQAojn8USqtozJwo=;
	b=CHgE4i4Od4/GRcO4xyZUWvax9LTD8aqtuzmaxuX5WOpzaeg51HQ8UI/0sefrDDZNPkGgbm
	jqpOLHdBlzMxo/8mDVvIJOffk6lLoLLUCHIwXDaYC9g0yRunMtUE5tD15rDkr/KgFdo43m
	yIqXl/2MUZHIWI3Xf+7HYx7/y2hDTF4=
ARC-Authentication-Results: i=1;
	imf21.hostedemail.com;
	dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=g0u9W6SZ;
	spf=pass (imf21.hostedemail.com: domain of steven.sistare@oracle.com
 designates 205.220.165.32 as permitted sender)
 smtp.mailfrom=steven.sistare@oracle.com;
	dmarc=pass (policy=reject) header.from=oracle.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725373511; a=rsa-sha256;
	cv=none;
	b=N/nLrWX8LcNQdsj+6o3Ia4i8OQ4Q94BVZ2etPPx5Znt7ASAzgHO2Hr+eKTQKJtSDVrSTKT
	a5dcxytfwJtyzXKbvlntSP2bjTyVS1YkBWzkqJdkLh404Nvr1Eij8KA9GX6j2HRw2nqj6y
	nIXoOyamx8bKPv2C3VmZkpIVTXJxx1s=
Received: from pps.filterd (m0246617.ppops.net [127.0.0.1])
	by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 4837fUZM007563;
	Tue, 3 Sep 2024 14:25:28 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=
	from:to:cc:subject:date:message-id:in-reply-to:references; s=
	corp-2023-11-20; bh=L9Rm8iTKVva2a4OpJ7e5EjcvJ8aLQAojn8USqtozJwo=; b=
	g0u9W6SZAgTAkt6QuXg7NGMMpFj7Epk7RB5D7jT9vaLAfwznILILq5zDJkYYYVK8
	c4E1sbIM8YjkqRcUALp16CemqZK52Uso5DfuVbEmCl5E5O7Js7P5vOXNjtmiIJo2
	MmMQeAgoZnwxCVzOXpU9on1LHXtxjzdeG++De1YkXBgRKtfGfBRWC9GY5l51D4bu
	Bji/dFai7ljCCp/R43+HnBuii+NhhbKKFlzKFuwfkpl2xgwvU/VkYjdkgAHlLMjY
	1VGnJ5TdBfAqtIXhNa17+UBIOHNd6IE9JPEGYoVt22TU1HmNiHGM3/aPTMHRQa59
	c97ie/mH3rkL8vy8eHUl2g==
Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com
 (iadpaimrmta02.appoci.oracle.com [147.154.18.20])
	by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 41dw51rxyw-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 03 Sep 2024 14:25:27 +0000 (GMT)
Received: from pps.filterd
 (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
	by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2)
 with ESMTP id 483DNw5Y001679;
	Tue, 3 Sep 2024 14:25:26 GMT
Received: from pps.reinject (localhost [127.0.0.1])
	by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id
 41bsmf1mdt-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 03 Sep 2024 14:25:26 +0000
Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com
 (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 483EPN4M023489;
	Tue, 3 Sep 2024 14:25:26 GMT
Received: from ca-dev63.us.oracle.com (ca-dev63.us.oracle.com [10.211.8.221])
	by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id
 41bsmf1maj-3;
	Tue, 03 Sep 2024 14:25:25 +0000
From: Steve Sistare <steven.sistare@oracle.com>
To: linux-mm@kvack.org
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>,
        Muchun Song <muchun.song@linux.dev>,
        Andrew Morton <akpm@linux-foundation.org>,
        Matthew Wilcox <willy@infradead.org>, Peter Xu <peterx@redhat.com>,
        David Hildenbrand <david@redhat.com>,
 Jason Gunthorpe <jgg@nvidia.com>,
        Steve Sistare <steven.sistare@oracle.com>
Subject: [PATCH V1 2/5] mm/hugetlb: fix memfd_pin_folios free_huge_pages leak
Date: Tue,  3 Sep 2024 07:25:18 -0700
Message-Id: <1725373521-451395-3-git-send-email-steven.sistare@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com>
References: <1725373521-451395-1-git-send-email-steven.sistare@oracle.com>
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29
 definitions=2024-09-03_02,2024-09-03_01,2024-09-02_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0
 mlxscore=0
 mlxlogscore=999 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0
 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2407110000 definitions=main-2409030117
X-Proofpoint-ORIG-GUID: PjfZe6AgIoMeCarf8EzrhckuyMMfrB7T
X-Proofpoint-GUID: PjfZe6AgIoMeCarf8EzrhckuyMMfrB7T
X-Rspam-User: 
X-Stat-Signature: mtj777zb8ajy4h6gq8gupqahuudam6q4
X-Rspamd-Queue-Id: 503CC1C001E
X-Rspamd-Server: rspam11
X-HE-Tag: 1725373535-867643
X-HE-Meta: 
 U2FsdGVkX1+xpk2RJuEtUH9Dk2NBxLYJokIqJUNx/Ub9vcvchYo64kzw1PmeI9zJG26aLO/eYCbBirKfk+uZXoSfGdvKCAGCPzJ0w/fJoM67sQlOnA8/KJdXRSMUgUytMf7FREoGiwYeQaTQjvMwxCZhP9hBa9p1ZnKd4toXznRFPKgulh1+n+6kjSyNonr38zyt8UvoRfxrfP/T5Zp+Y8cBcZhc+njF7roEUT4jAD1vDsx6Pw8DNBGo93WlhZqNL3xCBgQKJZVpefGhJJW5BP/3vt8h9Md7h5XmS5JOp3FRD3CuNCznenfkMzrjm31DpSIXSC+bz2AW7UgrIoRTAhQVj6DAEyNOGykSY0FfIQlc1/nHW3i6P7e46QlHmavrD1hAQI1e6aKHfS6OIT6tzlIJwa8l5UKnWbATFuBrEwQADLyV/PMIOM2CdTS0zDqFM/MepoSBctNqVX5Q97zW97tBbBq0OgKTRiznaWI0zzvFUdv5V9p0/taep+53LDC8d6+hUtqO/vZ4/b0lvT9Yf2H67Kjael8nAIfjSiy1TOCSXppvuLrd6mbrpE/PKivL8Z3P6jkeSqoXWgXZYp+4RY7nCtSRDG8NKkchuh0TS/kFUJWazOOL38EAfGK4y2brdu2gQfQsLu4iAOFQrPrNzCsPorSFS6XM4F1hUr/+44wjTCtdJ878/alfNUbMTr1ImoO/y8en7ZuARFFO+jV+TTLABZbfFkUdD3agPYpwZalkq76GzqNHHUw5SUvd5Vu7g6X5ye/9am7Q2rozou0MaYBLYpqcDbAIUWkNb7TwsB1Jb0SWbwNfLEBd+JFa6uleiKfVMWBhkHPtodC0AKJA1DNqUDqWYSwAaQrXbuDjr2EkcTE8afnKP9f8WoadI2vspqcro5Fo/f10O2CU1L+CKFQ/N1zyozaCB9I8asDY2f78+pO2o83zG8l5T17q2oJ8vudpy9lCUJx8Jy5cTAf
 UbFFrLCq
 oE/F7l61jjG71UisrCSBpzZme994dHsVUVcCYm6absfV3XX07g7zQsib7xDbzvRXvGfKptLfoOe3E1hPZNQdNNbGaF5cMLTzP/osG4LPBO4j0ZJfOfu7nJMISCK1PrHKiJNzi+lP2PqVgHYVOh1i9PL2+8si5Ksbo3outZjGJsy2rdfV9ph8ng6S0nQ4oL9tZzL0orV00G1N0EjUae2nFkiMnnQ8ofYa1b13/FHQO+LPanbsIjnxdM39VuA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

memfd_pin_folios followed by unpin_folios fails to restore
free_huge_pages if the pages were not already faulted in, because the
folio refcount for pages created by memfd_alloc_folio never goes to 0.
memfd_pin_folios needs another folio_put to undo the folio_try_get
below:

memfd_alloc_folio()
  alloc_hugetlb_folio_nodemask()
    dequeue_hugetlb_folio_nodemask()
      dequeue_hugetlb_folio_node_exact()
        folio_ref_unfreeze(folio, 1);    ; adds 1 refcount
  folio_try_get()                        ; adds 1 refcount
  hugetlb_add_to_page_cache()            ; adds 512 refcount (on x86)

With the fix, after memfd_pin_folios + unpin_folios, the refcount for
the (unfaulted) page is 512, which is correct, as the refcount for a
faulted unpinned page is 513.

Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios")

Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
Acked-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
---
 mm/gup.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mm/gup.c b/mm/gup.c
index 54d0dc3..5b92f1d 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -3618,7 +3618,7 @@ long memfd_pin_folios(struct file *memfd, loff_t start, loff_t end,
 	pgoff_t start_idx, end_idx, next_idx;
 	struct folio *folio = NULL;
 	struct folio_batch fbatch;
-	struct hstate *h;
+	struct hstate *h = NULL;
 	long ret = -EINVAL;
 
 	if (start < 0 || start > end || !max_folios)
@@ -3662,6 +3662,8 @@ long memfd_pin_folios(struct file *memfd, loff_t start, loff_t end,
 							     &fbatch);
 			if (folio) {
 				folio_put(folio);
+				if (h)
+					folio_put(folio);
 				folio = NULL;
 			}