From patchwork Fri May 28 00:46:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mina Almasry X-Patchwork-Id: 12285887 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-25.2 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,MISSING_HEADERS, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75467C47089 for ; Fri, 28 May 2021 00:47:01 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 14E6A6108D for ; Fri, 28 May 2021 00:47:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 14E6A6108D Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 151A76B006C; Thu, 27 May 2021 20:47:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0F7196B006E; Thu, 27 May 2021 20:47:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BA4486B0070; Thu, 27 May 2021 20:46:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0139.hostedemail.com [216.40.44.139]) by kanga.kvack.org (Postfix) with ESMTP id 79C906B006C for ; Thu, 27 May 2021 20:46:59 -0400 (EDT) Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 136D6181AF5C7 for ; Fri, 28 May 2021 00:46:59 +0000 (UTC) X-FDA: 78188800158.05.6DA2C38 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) by imf25.hostedemail.com (Postfix) with ESMTP id 2CC976000ECA for ; Fri, 28 May 2021 00:46:49 +0000 (UTC) Received: by mail-yb1-f201.google.com with SMTP id d4-20020a25b5c40000b02904f8e3c8c6c9so2394586ybg.14 for ; Thu, 27 May 2021 17:46:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:cc; bh=PlH95++B36nHBbK4Jduk7vzZIY/Sp5eibx3QUHpkfY4=; b=d8JjgOYRm5B+az3o5xuyhJh4s4yOm3NSMPpy9CvUAUdDygC5AmVSotAECzCOWOmOCK MtEFJvT/fk65zwVtYPJ1TEzGWEeN9Ca6yQDjrucYfC5pfTScNpzBQm9l187O49k7+yo8 ncN6n70im6MOOYNAsIho6nIgWGXR0TLfKrJGaggtrh5V7bEZuHwcLrYT207BjNul4F51 VXa+rKxgOFpC4IlNQDcb5aNKTXzQUQpVaEbDaKWn6f2OGeYOMAmdDgqKqetmyUKN3UOd Y+Ky2OCUKLTsa6/W9PbdMpIq6ERJtuNnbcztazqZkEYzAa4/DoW2pq3FSK62fzEusbFu h8uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:cc; bh=PlH95++B36nHBbK4Jduk7vzZIY/Sp5eibx3QUHpkfY4=; b=K8f9QcqroaZ0ey4+BBqGbW9j3Mi75b4/IyGaGb7+zOWfZpYReK8NhKlpKlxcf7NGk5 TEHaj3Q6+kBkCdlTjwWaU4w3Q4J3hEBBSyvxT6866Wuh5Qr7UD0pHJ2yA3o9uPwrLAxH PujJsKlyi4+c4/BaOrQvBqvggVtJ57JTjp4pucw23VzIOzY35OAS5uNJ7/cHUqvM17eC wJsicj/Oh2suUnkSboxmw5TW8LL8zPjI6RhBeN25ZGH7gtdgHBmn+BCN6LsxyeuC0Pub IvPdrCPOPSTQM3ETW/OSaJo1CT0tMrh8HcGPWNMdsWfHjJMqwDVR60YpDLOrUodnMJax HwiA== X-Gm-Message-State: AOAM532VK3L9uuOb62cNYWSQS3FtIkWWD4pr27HT/lgoZTeSlmYsGsUf oNRNAVRSUQxVHD6moRjiErS3VlEMpmMmI1uaLA== X-Google-Smtp-Source: ABdhPJypQIi7OLeQOMkKC8MqPd+cdGydq1CCA7pc+vFNILHmJek6bUDtkR6qrp28z/EouWBP2MGghJ0c3azUecOTpw== X-Received: from almasrymina.svl.corp.google.com ([2620:15c:2cd:202:b35:38bd:7e0f:3b1d]) (user=almasrymina job=sendgmr) by 2002:a25:7a41:: with SMTP id v62mr8586302ybc.225.1622162816966; Thu, 27 May 2021 17:46:56 -0700 (PDT) Date: Thu, 27 May 2021 17:46:49 -0700 Message-Id: <20210528004649.85298-1-almasrymina@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.32.0.rc0.204.g9fa02ecfa5-goog Subject: [PATCH v4] mm, hugetlb: Fix simple resv_huge_pages underflow on UFFDIO_COPY From: Mina Almasry Cc: Mina Almasry , Axel Rasmussen , Peter Xu , linux-mm@kvack.org, Mike Kravetz , Andrew Morton , linux-kernel@vger.kernel.org, stable@vger.kernel.org Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=google.com header.s=20161025 header.b=d8JjgOYR; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf25.hostedemail.com: domain of 3gD2wYAsKCMcnyzn54Bzv0nt11tyr.p1zyv07A-zzx8npx.14t@flex--almasrymina.bounces.google.com designates 209.85.219.201 as permitted sender) smtp.mailfrom=3gD2wYAsKCMcnyzn54Bzv0nt11tyr.p1zyv07A-zzx8npx.14t@flex--almasrymina.bounces.google.com X-Stat-Signature: 78ab3pifr6go478gg5cu4ahfwpyfp5qk X-Rspamd-Queue-Id: 2CC976000ECA X-Rspamd-Server: rspam02 X-HE-Tag: 1622162809-95471 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000020, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The userfaultfd hugetlb tests detect a resv_huge_pages underflow. This happens when hugetlb_mcopy_atomic_pte() is called with !is_continue on an index for which we already have a page in the cache. When this happens, we allocate a second page, double consuming the reservation, and then fail to insert the page into the cache and return -EEXIST. To fix this, we first if there exists a page in the cache which already consumed the reservation, and return -EEXIST immediately if so. There is still a rare condition where we fail to copy the page contents AND race with a call for hugetlb_no_page() for this index and again we will underflow resv_huge_pages. That is fixed in a more complicated patch not targeted for -stable. Test: Hacked the code locally such that resv_huge_pages underflows produce a warning, then: ./tools/testing/selftests/vm/userfaultfd hugetlb_shared 10 2 /tmp/kokonut_test/huge/userfaultfd_test && echo test success ./tools/testing/selftests/vm/userfaultfd hugetlb 10 2 /tmp/kokonut_test/huge/userfaultfd_test && echo test success Both tests succeed and produce no warnings. After the test runs number of free/resv hugepages is correct. Signed-off-by: Mina Almasry Cc: Axel Rasmussen Cc: Peter Xu Cc: linux-mm@kvack.org Cc: Mike Kravetz Cc: Andrew Morton Cc: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org Reviewed-by: Mike Kravetz --- mm/hugetlb.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) -- 2.32.0.rc0.204.g9fa02ecfa5-goog diff --git a/mm/hugetlb.c b/mm/hugetlb.c index ead5d12e0604..76e2a6efc165 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -4925,10 +4925,20 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm, if (!page) goto out; } else if (!*pagep) { - ret = -ENOMEM; + /* If a page already exists, then it's UFFDIO_COPY for + * a non-missing case. Return -EEXIST. + */ + if (vm_shared && + hugetlbfs_pagecache_present(h, dst_vma, dst_addr)) { + ret = -EEXIST; + goto out; + } + page = alloc_huge_page(dst_vma, dst_addr, 0); - if (IS_ERR(page)) + if (IS_ERR(page)) { + ret = -ENOMEM; goto out; + } ret = copy_huge_page_from_user(page, (const void __user *) src_addr,