From patchwork Mon Feb 13 21:43:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vishal Moola X-Patchwork-Id: 13139130 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96ED1C636CC for ; Mon, 13 Feb 2023 21:44:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F285D6B0072; Mon, 13 Feb 2023 16:44:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id ED89A6B0074; Mon, 13 Feb 2023 16:44:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D9FFE6B0075; Mon, 13 Feb 2023 16:44:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id CDB906B0072 for ; Mon, 13 Feb 2023 16:44:44 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 9EB4914065D for ; Mon, 13 Feb 2023 21:44:44 +0000 (UTC) X-FDA: 80463598488.18.0B9E09D Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) by imf27.hostedemail.com (Postfix) with ESMTP id D196240010 for ; Mon, 13 Feb 2023 21:44:42 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=lT8whOn8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf27.hostedemail.com: domain of vishal.moola@gmail.com designates 209.85.160.177 as permitted sender) smtp.mailfrom=vishal.moola@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676324682; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=PMjkJ1eYl3zf7qSZsyUtmfeB/dxLtrLoGzbojUHWJkE=; b=R1OT6YnBAG8PX8XEdNVQYVJCLDHtLpCYZ4x+4hHb39EE/qCYkjax1MuaFkXKl+rJOYLUbp jj2vLs6JMIO4NAEerHGGkHFeSD/rzNChx5Bs2Y12FRec6egDQg0ahCkTDbAQv1TbEwVQno hYJN9bBKS4TcdLyfE3Aa1UBJNaOqVnY= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=lT8whOn8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf27.hostedemail.com: domain of vishal.moola@gmail.com designates 209.85.160.177 as permitted sender) smtp.mailfrom=vishal.moola@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676324682; a=rsa-sha256; cv=none; b=Rd8OZqQW3mwTbG+4YCh3Ij/zI57MRcKUBRhtCOC+ZZZw7702KWHqcCy7wEAxY8/hccoyuA BSx/LrM65krOmrbiaWqFHxbc0enJcRf7kmEsw7zVm/LsUKHDduVu2k3WtropTwfb/2U8Ha Sftu+zY9i9gnVNBCDt/x2lHNBSwZQ2w= Received: by mail-qt1-f177.google.com with SMTP id ch10so14381321qtb.11 for ; Mon, 13 Feb 2023 13:44:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=PMjkJ1eYl3zf7qSZsyUtmfeB/dxLtrLoGzbojUHWJkE=; b=lT8whOn8gf5ToU5Io0nnUhnl6h2TNN/8wCe2BW9i6KxPXAsofo4t3vsjG0Qja5P1d1 zo+dM0DgWssgF6z4uvPcSC2bowXIiE3yixSjhwypko6wxqObHePywCSWoSyr/fApY8nd EzLHL0mGEkNRplS93p8oMGcAtP7E8h5xe5EtbxDf0UQDluAmopl0Pa6yHhht7yPtmwEJ YQIZ+84RgWzbQPazylXVSSf30rPGx7LTwvDdRAZsDmZai2waYdTcY2sXP1kkytTUP94V WuXYBR76SNtzlh3dKsThdDInzbTNaiHhrO5jCwfgy1hqZsp35W/tzNbi9LJgAYzYauhg fB3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PMjkJ1eYl3zf7qSZsyUtmfeB/dxLtrLoGzbojUHWJkE=; b=zI+WQA3i7eSqmazxpd03VOi3WKKEmtDLLkSp/p86GstZAdCnJJe1wyT+0aUPJC4wG+ ZvGvpowqFALc8yhnf8m5Pbz3cE3nweWzMGUMLikBU4CyJd/nPNPSAKZXDPPJQkO7UnTA 8SrvX9sqAsIuvFNAp/qZM9+q/SnNWlFy5j1NkidiVAhQhK/22+VgpXJQuz81spkJEKrO kAnKxYwCmrttDJzZdqal6UFJZ2sYimV8pE4WwbVV4nCli0W2uF9NFJ4WJrW5LEOmLx/n NDxgRBb2mYJ3xIq5CP4/QCu5OQgnJJUxxHax4OmZIYHUJCuovj8hoUQEj8fQ+VZzsML0 xuAA== X-Gm-Message-State: AO0yUKUFdpOhDOoiN5bGBGULKAxmYbAo1RzwWJ9mKzl+Us5nj8pPTxdI T4tNyDTtCvGstEW9KM2Ba00= X-Google-Smtp-Source: AK7set84lJ+QpaWCrTVzJEm1TAZ5wQPVE0OlQ1hvv8UYVxdEmSLD+Jv3DRpL/Eu+Zz9bQVDpq+c2uA== X-Received: by 2002:a05:622a:244:b0:3bb:855a:9ed7 with SMTP id c4-20020a05622a024400b003bb855a9ed7mr28464823qtx.42.1676324681937; Mon, 13 Feb 2023 13:44:41 -0800 (PST) Received: from fedora.mynetworksettings.com (pool-96-245-204-230.phlapa.fios.verizon.net. [96.245.204.230]) by smtp.googlemail.com with ESMTPSA id u9-20020ac87509000000b003b646a99aa6sm10047256qtq.77.2023.02.13.13.44.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Feb 2023 13:44:41 -0800 (PST) From: "Vishal Moola (Oracle)" To: akpm@linux-foundation.org Cc: willy@infradead.org, m.szyprowski@samsung.com, alex@ghiti.fr, linux-mm@kvack.org, "Vishal Moola (Oracle)" Subject: [PATCH] mm/khugepaged: Fix invalid page access in release_pte_pages() Date: Mon, 13 Feb 2023 13:43:24 -0800 Message-Id: <20230213214324.34215-1-vishal.moola@gmail.com> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: D196240010 X-Stat-Signature: ngxb6k8ykmoyd7okq8ooe7qrtgehtc6z X-HE-Tag: 1676324682-568154 X-HE-Meta: U2FsdGVkX19mExLtSTFphLlYwbqkTLto6Ga2wT/cBEhTPC31zBWjkoycV4KM6xlEJts/b843ei1nG4BDMdSzlMUcdDwhSAhUbwszmor9MrelmuatvAoB2QPVAnIkGMvq8/OkIV6pbwjRmipydQwpQ+QQhZX3AcOr8K+ihhXNCNjwvFwQYonDAuH7n89U/5hnFAkJcshhCzat47ElpzD4w1xuEtMTuO9UQxgvCmBCGo4puhzp9Lu46yR43auVoI/YrAWptY2kP0M2zzUXkXnsGK7bpnfV/TeecsKdS2ldBWyG2QvIEzVCgqeApFCnigALeCZBT1XdHrWwi5+DEJcK0j/lcTFF+I9VUuroGD6/YR1DSMDhIJu43WENXmcWrcMAyUBECTLuTVd9CQZulr6MhzYNyZpBUMdoa9VqRBNjH00IwwogHWqTxkO4Zoj5fW0QnHJvekCwYjSxiAYtwYTYigQ6/fa9o8OPDOw6VA0+nv7+k/gLKWbczSuzwdesc+UjQUS1l6vx4jyY0mSyNqhqhTTqVDPgyljy1+ybFIkpVnUdjo+MyTSF4XOo4j0UEFo9JYRM/WJDcLMiF9L98bOhwDTfkYWzSBq8Vk840qAsEC9GICJjbMmkBXp6/q2netpmcQ4/kn7kEyF1iIj8gdTTbqXF5x9YAJM089GzO97uDl6OHbtN5lUOgwkBTWu/1HJn4/lgPtnjTjMsVs9uzdtiFGFYBS1cvct2ZWdHT+8aZAkXNBTRkMGB0CqGUeAVNq58tF13+iAOjpMASOnfFumNYhiWHSkpj3wUQHelOkpY87Vz3XPPfhHS2Veo7xSyOuQZYBRpNKhFgJGkXzCUfnBAOV3xthuvMeZ8/z6kWIbbLljkmpH5Bmob1EPI0xxpmwPjHHVrROj6CJRV8QB0YcQhJ6iEZPHQFbxyqQEZaQ3BA1esiU9guh/MV3CmT+/A3BXI4ro17iTaMiJMZHuoMPR xYmL0Z/6 PDux4l9v8x3q69prYdzBZzBO31szE27VBAcSZjTcWloan8zjp4irJ0IDWGwIBLCDtPeiEeiMoaKoq6oBqOGUVTGvQ1KgVadmISBWN8b93KSUXWo5jQ5ugSB/lRf7o12K25Qgartz0bMHF6y1QeXPyJp6POh6dHWQhGq19aCJb4CU30J647jhlkyozVyK/ShZBTcwN3xieG8evvEqTYZ8l5KON5RHGCyveiM7yUkn4QOpZxt1GJ5bZmen8hLIQD+nBoa/cWFUvwIwZZU5oZqw1xxZpe/SN1V+AFwu/1dg9M7231YUhW74Y9PWBocAY0eyA5q2G6bn7Nuo3QeZtZ1gPPWsmgRPbb9lY3KPCi5ihPlFlgCFmzQ7GehSq+gDIwxYun4nDMDPKTo+xqWko+zOuOlPft27teNnWPKI0sxjOlpW5h81tq+qO5eAkM9Wo/SOn08rRrPP1IiwQ3i+JB5CtPF5ltpD2nOpRonTODZL7Xy33w+7DhbAtFrfXkQzRzXMcKmpAlNdbib/goNCrLgzs6iYYXUhdNiPFn2TwWR0l/9Gj27PHeQasGOknAu7lUdcWS95p9+Mgmh5G0V4o1z+wkdhSvAEgctGe6jEvpkHTez7X9huQ8ED1IPLQYn6PYJFo2uNyhPjUkCLPb8WxxrBkpRs08VoBj6ZXXWZLcb9T/7ZexccYdQTWRm81Yde/pRB8AZb44fiRzCcW0oC46zdCtO9rxL+1wxVd8TxqcSIh4mdDOXEG2PkZ4eX8Kw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: release_pte_pages() converts from a pfn to a folio by using pfn_folio(). If the pte is not mapped, pfn_folio() will result in undefined behavior which ends up causing a kernel panic[1]. Only call pfn_folio() once we have validated that the pte is both valid and mapped to fix the issue. [1] https://lore.kernel.org/linux-mm/ff300770-afe9-908d-23ed-d23e0796e899@samsung.com/ Fixes: 9bdfeea46f49 ("mm/khugepaged: convert release_pte_pages() to use folios") Reported-by: Marek Szyprowski Debugged-by: Alexandre Ghiti Cc: Matthew Wilcox Signed-off-by: Vishal Moola (Oracle) Tested-by: Marek Szyprowski Reviewed-by: Alexandre Ghiti Tested-by: Alexandre Ghiti Reviewed-by: David Hildenbrand Reviewed-by: Yang Shi --- mm/khugepaged.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index b39ab219d5b7..bd54b957f69a 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -511,11 +511,17 @@ static void release_pte_pages(pte_t *pte, pte_t *_pte, while (--_pte >= pte) { pte_t pteval = *_pte; + unsigned long pfn; - folio = pfn_folio(pte_pfn(pteval)); - if (!pte_none(pteval) && !is_zero_pfn(pte_pfn(pteval)) && - !folio_test_large(folio)) - release_pte_folio(folio); + if (pte_none(pteval)) + continue; + pfn = pte_pfn(pteval); + if (is_zero_pfn(pfn)) + continue; + folio = pfn_folio(pfn); + if (folio_test_large(folio)) + continue; + release_pte_folio(folio); } list_for_each_entry_safe(folio, tmp, compound_pagelist, lru) {