From patchwork Fri Jul 7 03:38:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 13304353 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5202EEB64D9 for ; Fri, 7 Jul 2023 03:42:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 711278D0002; Thu, 6 Jul 2023 23:42:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6C01E8D0001; Thu, 6 Jul 2023 23:42:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5AE748D0002; Thu, 6 Jul 2023 23:42:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 4B4D78D0001 for ; Thu, 6 Jul 2023 23:42:26 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id D706D120C35 for ; Fri, 7 Jul 2023 03:42:25 +0000 (UTC) X-FDA: 80983418250.29.D83C3F5 Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176]) by imf05.hostedemail.com (Postfix) with ESMTP id 27253100002 for ; Fri, 7 Jul 2023 03:42:22 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b="H/q39WmX"; spf=pass (imf05.hostedemail.com: domain of songmuchun@bytedance.com designates 209.85.215.176 as permitted sender) smtp.mailfrom=songmuchun@bytedance.com; dmarc=pass (policy=quarantine) header.from=bytedance.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688701343; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=4dGEjrKfb91ScuG2fHCuxeZvT3NdSjT3lpyNvE2ruts=; b=bBvVGlspBiCZOYE2sm9W0UIrEpNGmKHkVmCi1iT/0QTGFtm6s7SLvYQjj+Np8fiJJnqCxu Np1hhT6cQuNAEC3cG8Z/eHpuM4lvGjcd88q8PF2FBcEVSsghCfXgtS6vrvZW8KypYUDTXp PuZK1KBeuaSTU+jgboYrM0EdaBd37vM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688701344; a=rsa-sha256; cv=none; b=cSlp4GFq8d/AI+IH5AXgYAug8SAq2+0msoxR2+lzdMnHlaApz5hsqNdSV9/8JMYzf9gcfP Gi1UoXe90l6HtZ5cz0Abi+D/6t7zfqLMt/lFOGgkVu3/wLeOepR2ndeylcdTcUXukHTB8z 7s0ZDSPzyIxPOtSBsqrJjkGMHQM6DgY= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b="H/q39WmX"; spf=pass (imf05.hostedemail.com: domain of songmuchun@bytedance.com designates 209.85.215.176 as permitted sender) smtp.mailfrom=songmuchun@bytedance.com; dmarc=pass (policy=quarantine) header.from=bytedance.com Received: by mail-pg1-f176.google.com with SMTP id 41be03b00d2f7-55b1238a013so1047850a12.3 for ; Thu, 06 Jul 2023 20:42:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1688701341; x=1691293341; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=4dGEjrKfb91ScuG2fHCuxeZvT3NdSjT3lpyNvE2ruts=; b=H/q39WmXRkCBvEDAvejs6WAFVt8g0mtum2v9xkdNxHcXvgXuXkcj/Kb0eClS6NWUPl LskgSNmTLZdZIDiJvTj0wYEONNaOXTNxc8cl9ql4ANzcoqLQB1LZ+aNW3Msf6S/gl205 lJfSCkLLHCEVcQCVotujdDswgZ+5h4Dppbt+mc0mREHR1L9v2WVPw6HGEElbds5VgODt KuqCZq06OFBt0jn8fuYNnYXPi99SjlF3LIv0ieItmgNeucvYas/tCqhUndTDmjCW8Hac BC3zx7Sj1rIUsX9is8/XkDwyyWws9d9jiCLhubDV95cQvyy/61arM57+5VSXeQEZKBz3 MYKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688701341; x=1691293341; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4dGEjrKfb91ScuG2fHCuxeZvT3NdSjT3lpyNvE2ruts=; b=CkIyDQ9ZdBgwolOC97xcoul+bsJCgUAra5vNXDHUAmQPiQH8Dz58ZbzXkXgvnWwH4v 7oP1GVet/gH3RD/ZB3uJfLBhFUa5Rx7Jhp0LCnjrmRL7e66APvKNm6gpKkK7xbtIXKhW Ox4LNt7I+tCbrNqC/HCXxHgJRgOk4WzPwgNkWkdS2zHkk4fz9Wg6GU3W58Hvx3SF6QYD bkt6x84XRxSTDn7FlPu/M1qafr5jg43OadRuUr9RxkPR6YyY4zV1n6oCl7RB79qorRxy cDJhXitkbTNS7eY49I5XDrCL+WLjDK6DSooJnhW+LGiEtx0d27eSLbaSEWnRcapjQRKR htkQ== X-Gm-Message-State: ABy/qLb8/uJqHoKtzERMK+ARJo6TM45E/a0GpauGUMyDAq6PwrRTx13P I9pQKyiv0v+n0UmqBJ2QL1h/kQ== X-Google-Smtp-Source: APBJJlENymPkMLpnB+sJaPNWjjjbgqSsvHOuNXuxOmz2QUFvvx/qpFDPbecDxjTodrte//Jb1NXK2Q== X-Received: by 2002:a05:6a20:8408:b0:12d:39c6:9f94 with SMTP id c8-20020a056a20840800b0012d39c69f94mr4285144pzd.47.1688701341570; Thu, 06 Jul 2023 20:42:21 -0700 (PDT) Received: from PXLDJ45XCM.bytedance.net ([139.177.225.251]) by smtp.gmail.com with ESMTPSA id x1-20020a62fb01000000b00663b712bfbdsm1927743pfm.57.2023.07.06.20.42.17 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 06 Jul 2023 20:42:20 -0700 (PDT) From: Muchun Song To: mike.kravetz@oracle.com, muchun.song@linux.dev, akpm@linux-foundation.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Muchun Song Subject: [PATCH] mm: hugetlb_vmemmap: fix a race between vmemmap pmd split Date: Fri, 7 Jul 2023 11:38:59 +0800 Message-Id: <20230707033859.16148-1-songmuchun@bytedance.com> X-Mailer: git-send-email 2.39.2 (Apple Git-143) MIME-Version: 1.0 X-Stat-Signature: p153keab41xi87aghom7mtiixu6gipte X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 27253100002 X-Rspam-User: X-HE-Tag: 1688701342-889007 X-HE-Meta: U2FsdGVkX19e9WcgEPHuB8CqDe2e5TS4MWfQD8yxCYbyo0oSlFowRJ7feBR3XaHgERfZu4V4aJUBnM+7kQuGoUByv9rhbd/mFhwfUnsNW0u7FjZxmseGrhoSfX93o+l3v75wOMMjhSpsKun/ir0ABztScLkGLWiaAEj2GOSQki3NX7U0+3caRS2ZwqSlClvwnwcgEbvzO40oaFjg94m2XqoOPKcoUVQXVUseTSeHJc4kgqWeVH7/haoPJfNLn0Clwk+1P5LLkjObi3H4i2lhu+KftyortDyMi3pbdXrNYL63ZM4T5yIP4nYjVWmSxi80sZwgjI4T+sTlqCSbFsjB7BXIzlWwZoqIZRLIGQyipSxGAn04fy4e9hhjhlyOtXvF7qNBX7AQxpPRX0bAsBXxLcByuGy4aMrba7T8qu8ybasjNJjdc0m4OXiB1wuQcQe/ToRhB7U2y/ijx7TBMPyXROWH5bqY/MUy63XX3GWHX/GEKBtWHPzV2WhBdwY/tetXZY+oL/YOBcIm5GuWQtp4xCZcLB+TmrRzHJ0BOiYig6ZjaEgv5kiFW0dtd9Ta28tTay1wlY3H7B8FtgtTPAmnfTwKrIeqiRabl/aY25rzVfar9Buob/kD/YbEpoZ6zCVLLQRN+EotbDtMyIhkN0qqmCEFdxOLIiErUTOLW+HUF5+Sp0p5SYvO0g3oxtKBGiu5eIlv/vyvBo8ULsdvP4YuyfDfAEWt1ugDKY3L7IvURccaStKdIOKxzgPQ2uJKP29ohV0OU727QzvyqgWFHk471mYd5O2tZsITMJ8+0ggldFcyJSl9Avoa1Giv3AqFCnUvzoSp1X4/h02iwydJBM2wP6SPdj7nRMBiAj3fOwywxHOoJH+q9b+4r+HrMw4TFTfgcNfxH3nUR6bUc073vC7x98eCWA599lv+zemJ/c7VpMjk9IwhyspPl4FHu31y/HzqnNJm1uz2sz3PSE2VPe7 KYRFjMVJ dlj2KSX4HPyXQIVPe87zI6QWIrwyeHDILpcuI0IykMw3n0FOFinI+j0xFP68rFkUFvcLuKmcWblpTl3jYAJHuaCSRDKPggSVQvXeerpZIg21lnsmt3pU5tHtf75afw1n2AvOchYUEdO8URRgBq1+Zs69yWcNt+oiVZAiO1YaGmfk9Xon6Lv1mDtWwPTAlwWLOB9FzmrxJlx1vmPDB+KCG4afE37ed0w0zBaKTRwW3SkwmJvx4/NXyRYYukeymxo/drWpLYK+8rK5aqte7C2sypDBmDMUf1zC1P1s+88+k+A9tuydt28kDyq522S4apGzQra9sN6W921y7Iohw8XS0vQK2AMqGDDAOD2lkzAaKPG5wzZf3xQLecubq8ydwHASsKhGQXwLQIWCWzbwOjVQ9Sa9C4fQX3Z5HjZtHmFqz7C7MDBeZrYFrLXbTn+SeBxc/SWXAVFIm2QGV0vI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The local variable @page in __split_vmemmap_huge_pmd() to obtain a pmd page without holding page_table_lock may possiblely get the page table page instead of a huge pmd page. The effect may be in set_pte_at() since we may pass an invalid page struct, if set_pte_at() wants to access the page struct (e.g. CONFIG_PAGE_TABLE_CHECK is enabled), it may crash the kernel. So fix it. And inline __split_vmemmap_huge_pmd() since it only has one user. Fixes: d8d55f5616cf ("mm: sparsemem: use page table lock to protect kernel pmd operations") Signed-off-by: Muchun Song Reviewed-by: Mike Kravetz --- mm/hugetlb_vmemmap.c | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/mm/hugetlb_vmemmap.c b/mm/hugetlb_vmemmap.c index c2007ef5e9b0..4b9734777f69 100644 --- a/mm/hugetlb_vmemmap.c +++ b/mm/hugetlb_vmemmap.c @@ -36,14 +36,22 @@ struct vmemmap_remap_walk { struct list_head *vmemmap_pages; }; -static int __split_vmemmap_huge_pmd(pmd_t *pmd, unsigned long start) +static int split_vmemmap_huge_pmd(pmd_t *pmd, unsigned long start) { pmd_t __pmd; int i; unsigned long addr = start; - struct page *page = pmd_page(*pmd); - pte_t *pgtable = pte_alloc_one_kernel(&init_mm); + struct page *head; + pte_t *pgtable; + + spin_lock(&init_mm.page_table_lock); + head = pmd_leaf(*pmd) ? pmd_page(*pmd) : NULL; + spin_unlock(&init_mm.page_table_lock); + if (!head) + return 0; + + pgtable = pte_alloc_one_kernel(&init_mm); if (!pgtable) return -ENOMEM; @@ -53,7 +61,7 @@ static int __split_vmemmap_huge_pmd(pmd_t *pmd, unsigned long start) pte_t entry, *pte; pgprot_t pgprot = PAGE_KERNEL; - entry = mk_pte(page + i, pgprot); + entry = mk_pte(head + i, pgprot); pte = pte_offset_kernel(&__pmd, addr); set_pte_at(&init_mm, addr, pte, entry); } @@ -65,8 +73,8 @@ static int __split_vmemmap_huge_pmd(pmd_t *pmd, unsigned long start) * be treated as indepdenent small pages (as they can be freed * individually). */ - if (!PageReserved(page)) - split_page(page, get_order(PMD_SIZE)); + if (!PageReserved(head)) + split_page(head, get_order(PMD_SIZE)); /* Make pte visible before pmd. See comment in pmd_install(). */ smp_wmb(); @@ -80,20 +88,6 @@ static int __split_vmemmap_huge_pmd(pmd_t *pmd, unsigned long start) return 0; } -static int split_vmemmap_huge_pmd(pmd_t *pmd, unsigned long start) -{ - int leaf; - - spin_lock(&init_mm.page_table_lock); - leaf = pmd_leaf(*pmd); - spin_unlock(&init_mm.page_table_lock); - - if (!leaf) - return 0; - - return __split_vmemmap_huge_pmd(pmd, start); -} - static void vmemmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, struct vmemmap_remap_walk *walk)