From patchwork Wed Jan 17 17:10:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Leitao X-Patchwork-Id: 13522034 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 936B0C47258 for ; Wed, 17 Jan 2024 17:11:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 388BF6B0085; Wed, 17 Jan 2024 12:11:15 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 310FF6B0087; Wed, 17 Jan 2024 12:11:15 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1B30C6B0088; Wed, 17 Jan 2024 12:11:15 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 05F316B0085 for ; Wed, 17 Jan 2024 12:11:15 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id CF93780F4C for ; Wed, 17 Jan 2024 17:11:14 +0000 (UTC) X-FDA: 81689443668.24.967099B Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) by imf26.hostedemail.com (Postfix) with ESMTP id D8967140020 for ; Wed, 17 Jan 2024 17:11:11 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf26.hostedemail.com: domain of breno.debian@gmail.com designates 209.85.208.176 as permitted sender) smtp.mailfrom=breno.debian@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705511472; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references; bh=zJ2+XhKbom46b/fZIunrod77ylLhDHU0KUj29SPzLh4=; b=jpQJiV2SP3B/W0hsafsf9KB42TT8ZmOceOO6QIopQ/9ZyYVnxDGZhqB9spjJzwVPFwM974 S0pLP0M3tL8rg/rPtTPfb7ORc1y+qm+OklPTmpVAbfpuA/6G0rbiEwuUBtpvR+IgEt6mxn NAWf1t6AgyaCbvz/rGjgvhM9s/olBHQ= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf26.hostedemail.com: domain of breno.debian@gmail.com designates 209.85.208.176 as permitted sender) smtp.mailfrom=breno.debian@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705511472; a=rsa-sha256; cv=none; b=J1QhKRFT5fKM6KuNbrd9HF9EYQYH/zNi+Xps1C3S/3ewwz/e4eOpTa8nkA8LGiOdd4yxr2 jNyoib9awBmXmsJW8C/uSUF5TmA7HkXApo8AHLtyY+bTqzGlvnGOqOmjrok+ZHbHAYiS3h ut+KP9lNRDELLctuv3QFBM8ywVd7+s4= Received: by mail-lj1-f176.google.com with SMTP id 38308e7fff4ca-2cdeb808889so12915811fa.3 for ; Wed, 17 Jan 2024 09:11:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705511470; x=1706116270; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zJ2+XhKbom46b/fZIunrod77ylLhDHU0KUj29SPzLh4=; b=Rq1HwVgpBtMpMBtWU6dTtnoBWoLz+hQDPoQvjRux3Dxtn9eXui/yHpkzhWDbpoN+pS uKdsXpuiW6XwHUEHY2fx+2TQX/BeE5MWDloSCUDAfNB3VzUbI6ej7BuOSn7mo1TpPsJB lqxECsT0CGPRL0n/LfUIBONVxhcFALSf5e184XP/sw2I7MUb9GSphwVhXfvkaHRd/Hl4 mcDKsEKndMREwCmzwrIsoe/0gvxogBM1QoMDg9eXiTuByy5OBtMnfuZ3lo6LNGLkyOYL evJq5PKrs33sz8cgc6MrXvA2NOCCEUsCjW/RXM7SC02+cgnzKOQmjqBKtfPgvdxioxgC 7dNg== X-Gm-Message-State: AOJu0YzvetzZOqO60yzP0JqIhEYa7CAdG1cBLip7HazxoBJD554zaCvF x1CpDIi2TfXkVdcNfIJYOKs= X-Google-Smtp-Source: AGHT+IFnH/+Zuk1XVIOMFL+q8gzXbBl2P9gmGhC9CO69p0IDBMTR+CLJKJ8hp3Wk4bGMy/MrxkhFTg== X-Received: by 2002:a2e:7d12:0:b0:2cd:98e3:42b3 with SMTP id y18-20020a2e7d12000000b002cd98e342b3mr3866977ljc.24.1705511469837; Wed, 17 Jan 2024 09:11:09 -0800 (PST) Received: from localhost (fwdproxy-cln-025.fbsv.net. [2a03:2880:31ff:19::face:b00c]) by smtp.gmail.com with ESMTPSA id i13-20020a05640200cd00b00559c71e70e3sm1547951edu.79.2024.01.17.09.11.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jan 2024 09:11:09 -0800 (PST) From: Breno Leitao To: Muchun Song , Andrew Morton Cc: lstoakes@gmail.com, willy@infradead.org, mike.kravetz@oracle.com, Rik van Riel , linux-mm@kvack.org (open list:HUGETLB SUBSYSTEM), linux-kernel@vger.kernel.org (open list) Subject: [PATCH 1/2] mm/hugetlb: Restore the reservation if needed Date: Wed, 17 Jan 2024 09:10:57 -0800 Message-Id: <20240117171058.2192286-1-leitao@debian.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Rspamd-Queue-Id: D8967140020 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: mgwjbay8knth83rzmombqwxokzdhwcgk X-HE-Tag: 1705511471-907000 X-HE-Meta: U2FsdGVkX1/n1WxIYosz9KgzSFgzRbczIvSLULM1Nnh6lt1GcUM1aLWiQpgsA7zJ2nz8/m8WLOzvU6kUyTyHCzm3Tkdj1Z0nDXaytMyPNQDq+pJypcMweROQQyiS4WR36YQjUN7xQcim41T6TSiHKXwn0qgqTz5tXzjCrwOjXNDf4J7yErLNRM/uWfbQYBjNIaG2y6BBbC6ZXoDGSu7MHEUNXZPYW/ee9okCba3MaklXB1Ap8xWmVQQXmJWu3NtmdpwelHNc7p0M2eRvMCbc/oDRDDu0nUj6rIlm57bfkQvA5N2bfeRaI8q5wCySTHG2ikaManSqoJBZnxAx+Lg54uTpKJGt9E8vtLR2KoloxgiGG6zYk0MHwL5RHMbt5DNyO9idR5qRlPQiIbIwv7uwubmQbpJaM64mZo6U1fQtF5uyseZ1ViLHGp3vdHI15C39rh8QenQsqbFg1fHYFZai+/+NZx87mJwPj2bPBqFDK4mGUmZMGEBqbf10yFUrSGKDz0QJ9e/yPDpbG+JjvgSe/X3V9+h4C8/Ivjavc5bySBTJtXcy0ehZJodpu1zX/iTwY+fKU63psus8wiFUxLVNvh6kYAK5tnwohG1CsO1qMaTuDbHrbGH1hI+nbFsp6KtzRVVaPk5UL4qc+H6uJkMXHK71BLyaWZjkkE7+LpsDhYsxBvA7j6OaBvpaT8dymaVO7M+DRk5Dwj3hBbC2f2LFvAgP8cmg8EmVUQ+5zaUKQuoFYnaCGvvGhvVTyGHEUYInK9+QO0PUzFNQxMWiIgJQ3PRY2QuHMSfKLowuk4/UyketJ6ksP4zIlvc3ypKWndeMIyyxSx5PwlmsnivDaZmkycCSW7yRJRPy0p3yHSgewC2tYZoW2wRdECKtjR/6/Wh7AHovPjjtJD6ctimbD5+P3hR3hfGCnTe/NUVzRyKwrEomuqivjbuNwKnUH7dV6WNTmvMxXKjvM6Wd3CnvC6Q r4kTZoZR tWb6IFhTTs9g0HGspHdhOieYhrt3+heapfQbHZv8tIJXTGH1CZXfD+OvAk/5budmQUJpKc55WfmiWvFzYLW2HFyGj/Eq9db7+W8DCQvbgrqoktHVnmW7kGJ9ttm4q717tY9Mi9ZEwZbH0C8PszCFgWHE9tWjO1wkKIahlyq0vhIXjccRe/U+U+7y6u5P+8Ro+gwcPhcxk2dmvOwhEGFZlRaIBYl0wJJ11d/ECgJYV3Iya6QkpbtsL4GvKknx9yYgmWzRNXHcDH32UcXa5g5mGbPvmsNpnyn6aCc0xZhsqgRa3/daefdAa2J8CuYWT7GnnL9ygFkZIdVxggZV2HQICrI5ymWDB3RAgKnGJFNQkcMpTTGwH9iL3a0RG179h4q7F7UMaY7lRFYABSs/Xy7Zyyyg5bsjH+hOuk9ZciRtlrQkIXr9mXAgsdM4JdepwWGlxjPBpX6YPEy3pKXKH+N6vqsH/dcBkvyoKNiZQdL3eRcxOWvPKqdWWGrDscglbOQBsdX09ut7dNZpFAks1jQUAx9aW8C1k9kpIftCY+cHQ5BB1U9DcmoI5Mu250YzXXaOWXBJn X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently there is a bug that a huge page could be stolen, and when the original owner tries to fault in it, it causes a page fault. You can achieve that by: 1) Creating a single page echo 1 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages 2) mmap() the page above with MAP_HUGETLB into (void *ptr1). * This will mark the page as reserved 3) touch the page, which causes a page fault and allocates the page * This will move the page out of the free list. * It will also unreserved the page, since there is no more free page 4) madvise(MADV_DONTNEED) the page * This will free the page, but not mark it as reserved. 5) Allocate a secondary page with mmap(MAP_HUGETLB) into (void *ptr2). * it should fail, but, since there is no more available page. * But, since the page above is not reserved, this mmap() succeed. 6) Faulting at ptr1 will cause a SIGBUS * it will try to allocate a huge page, but there is none available A full reproducer is in selftest. See https://lore.kernel.org/all/20240105155419.1939484-1-leitao@debian.org/ Fix this by restoring the reserved page if necessary. If the page being unmapped has HPAGE_RESV_OWNER set, and needs a reservation, set the restore_reserve flag, which will move the page from free to reserved. Suggested-by: Rik van Riel Signed-off-by: Breno Leitao --- mm/hugetlb.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index ed1581b670d4..fa2c17767e44 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5677,6 +5677,16 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, hugetlb_count_sub(pages_per_huge_page(h), mm); hugetlb_remove_rmap(page_folio(page)); + if (is_vma_resv_set(vma, HPAGE_RESV_OWNER) && + vma_needs_reservation(h, vma, start)) { + /* + * Restore the reservation if needed, otherwise the + * backing page could be stolen by someone. + */ + folio_set_hugetlb_restore_reserve(page_folio(page)); + vma_add_reservation(h, vma, address); + } + spin_unlock(ptl); tlb_remove_page_size(tlb, page, huge_page_size(h)); /*