From patchwork Fri May 24 00:54:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Barry Song <21cnbao@gmail.com> X-Patchwork-Id: 13672593 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A998C25B75 for ; Fri, 24 May 2024 00:55:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EAAF76B0085; Thu, 23 May 2024 20:55:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E5A446B0088; Thu, 23 May 2024 20:55:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D22D16B0089; Thu, 23 May 2024 20:55:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id B12DA6B0085 for ; Thu, 23 May 2024 20:55:06 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 344C4140767 for ; Fri, 24 May 2024 00:55:06 +0000 (UTC) X-FDA: 82151470212.14.BDE707A Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by imf24.hostedemail.com (Postfix) with ESMTP id 718DB180004 for ; Fri, 24 May 2024 00:55:04 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=W1fe407k; spf=pass (imf24.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.171 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1716512104; a=rsa-sha256; cv=none; b=1Ls7HcVps3w5s8zoDrKjicDE4wiu1xan0b1ryy6LbzdilW9l78IUDG4B+/RdYwR9q9bIHj jy09osYreSt/ActF5Ie1hLSVmR4Y6H+unsXex0i9qabfYe2lKV7c5zBZPeHSNkHRtlzQLr QcqlAiTaV7/FVnWNUZ3S/m5NwpoIcwU= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=W1fe407k; spf=pass (imf24.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.171 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1716512104; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=btdOk87mswYXidZeRThBlXVYcnXj0Y1fcw2iEYiTWQ4=; b=lyzsrVfxYWZ4T7wncDEQcntu7zsLpcxwZvMG2O2gq8WVfdSlE19JzWyeLwcbvF6DZYICEF 81J1dvfx5xTE8LY0eFNaWje4RJFfTOOD8af0wswLsJlP8yRD/bmuMl88i7adBvltZ/Zko0 YEqkfdQnRUhD+/Fav4Wtnb4j1XvWLLM= Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-6f67f4bebadso2805065b3a.0 for ; Thu, 23 May 2024 17:55:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716512103; x=1717116903; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=btdOk87mswYXidZeRThBlXVYcnXj0Y1fcw2iEYiTWQ4=; b=W1fe407kFRKLiuDx7IJvzFtqmmlmXG/b21CLRLfiSHfpKL9ZH3Qe9IYHr9y+vDGDS9 WreAZFkK0x1R7VTIIyafChpr2WavdmdqaFUnglv2y+MYX3h9JCEVt8gXdHDDDmJjrb47 l3lcH8BDtATSxl1JLdj2IQywqe3+1MT9EAj7tCtx1Iu+JOv022YPCgXPlgdXcyKAo+lL v8haH8CWCRp75WcWISB2qUrEFb+mhoahIFh5rpdApcRQZoF6i96loqhyfrpVjNXVD21h vhslSVybj4wlb6hMq2l/4TYSjK2avpo0V7w2NdPPFEfrGFtbMtXu6nQsrjEsDQ46A07B SxZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716512103; x=1717116903; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=btdOk87mswYXidZeRThBlXVYcnXj0Y1fcw2iEYiTWQ4=; b=C3/DJQNuWGs9jhqtA3tN/VA/ataubP8F5hLruKE0T99gzMmLmC18uFnI0ahRDGs4l7 e6iwasCoWFQjNbDpaokK21lfnkZft8yX1FQhHiKhtKoyaGXXZy5RBHu+LAuy414wqQBC W2UFNDcWu6fhACc+OtqoywegzDPnwyjZTAOMUCjsvI9oIp4Hqx/i+qhefoLZxLGQWY7U uZN5H3rMrF1yLX7hL2H2Il8KKJ0Qagjewwx0HW1DQ3Xpb7VLf1ok3XblRwQ7uPQ9EjGs twfOIF2Wc7G6fEKsYNVQZdhb31l4siJeOesYSI+ZZjNRltX4vBIfxtJYxrZD8PPsLJBm bHIA== X-Forwarded-Encrypted: i=1; AJvYcCUH+nM05AkYlerpj2ARwKAZe1+qeblcyCPnjgIj9Q22/gNGcpBSkmuNQp1luPyReesoCchQyyEEICLvMRFYn1HsFC4= X-Gm-Message-State: AOJu0YzhUpuyW00eBCSezeR3PXcoFMIoH1OERJuD818GZqJpt9/HGpyr vCsJY713xq68cJIIW0tyy30XNP9yY+Unmkg2v7fyLj7/cxBNfjVb X-Google-Smtp-Source: AGHT+IFvwAGrb1aoG1lN2VJQK7/vDKkqVmBwD8ukAXrSTWGhK6vhiW+LH9ZzbgawCxVlb6aETJ7N1w== X-Received: by 2002:a05:6a20:9684:b0:1af:aeaa:6db4 with SMTP id adf61e73a8af0-1b212f19e21mr994255637.47.1716512103027; Thu, 23 May 2024 17:55:03 -0700 (PDT) Received: from localhost.localdomain ([2407:7000:8942:5500:aaa1:59ff:fe57:eb97]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f44c9c9065sm1881425ad.280.2024.05.23.17.54.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 17:55:02 -0700 (PDT) From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Barry Song , Lance Yang , Barry Song <21cnbao@gmail.com>, Ryan Roberts , David Hildenbrand , Jeff Xie , Kefeng Wang , Michal Hocko , Minchan Kim , Muchun Song , Peter Xu , Yang Shi , Yin Fengwei , Zach O'Keefe , Catalin Marinas , Will Deacon Subject: [PATCH] mm: arm64: Fix the out-of-bounds issue in contpte_clear_young_dirty_ptes Date: Fri, 24 May 2024 12:54:44 +1200 Message-Id: <20240524005444.135417-1-21cnbao@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Rspamd-Queue-Id: 718DB180004 X-Rspam-User: X-Rspamd-Server: rspam12 X-Stat-Signature: 5hgnig1niohxqfubxgjqm3d9qgyj7sf8 X-HE-Tag: 1716512104-33932 X-HE-Meta: U2FsdGVkX18Do6TT+toLfxr1Me2mv1pu6U8As1xacSMAb8wfQN5dLwZLhZYHCg2/mqcc6Gj2QPKv6jFhUGT11pWNuOlosElsSqX13ejsynDnC4+QhB3h8yOmCjOeA0UQneVKoIGFFAmKkeJFL/5Pna7chx1/ZVvy+nCDa167kJq6lFYVlUJL6fdEwyP4TPTbGsdzcd8iOgwBhra5MMZ3fZ55zeTUTH3M7fEH7BzMPS3xhyT8s76hlZXPC0d7RmqKduFGf2h5/USS9DU2hSqAytYo8DcA7sH2YsS4e1MSehTQPzMPqpo5CrXtBs0jfsG6eJY9rjznY0IoTkkNWb36lGVaV6Gsl1y+AqAvVBSK+VIDP44N8/KaD7xHvP0qoq0RxJmSrR1GoICWws5NMFN3mufhJq1CNDpCi3dtdfh5iu7lgtSVCTG0J35Gp1uM5uJky953lqQB0winlQf5DsP2SBNCtGpAJlR12OsnLP9owm/CRMJtWGFSJeZCq6mY8jAPxH2dO3PmGlQAUP5mONIGF0aaYZVBOSRWVLnnKXmxmf07OyMMfQ88ar/kWVoQtltyiPBygZ4Dt/vRt5JVLlW6+x/amMO/Ey8fB2Or9PYVIuESS0Dy3hM5t+neQMkPgCgUEmbxKGzQdl7T22Fz8zpaJ3jNt/ds0aXOxcna9XWCh1U3UBG4xmpnbBLaIbF34SgoOmhGZWSTzoTKpdlhZecCXyAmmeA/viDsZXPR6536c1XnLFUDeHiTo2bewsAhQMROqhq67Y1NbsAMeW03Z4ye5mLcMH2n05ERJxrdWJQmMaqnJCXQwdi8zjKDwjfmnhPdHYOyOJRnNlnwIKkre/c7DdDUFlXTYrT/p2ne8hbA/JtZcGxGLuJOwK4+fc/ftk0+DSVeAElXiQzl42eWGHP0feDDEa2dDu0XCtNqUKxQ54Gc1nYzFUH5hFViICJCg2URE9MKSUr+T+ag8gY+XA7 SD8qp73h ZQ2Yq8vDVyIagJSUdEbKxaeVDgDWiH55+AW8JKX25cE8I0g/3EDRgWYAFIXbCvQPUAVlH+gHnOuYjU8Ppk2gz6MfVG/k3nnaDy5eLvWO3AzpnrOhWgRTxICcUz2cr96I3j/m94EX6WCF22Fby3Dsfin87Ac+T8QmH4b9DgmiofKPN1cswzpR8cukv7sNCgjf0RHndS/8TIMOIyGZeSh99K2bd5wBU6qVL5HALC9P1ZEgMinGGigVTC3YjpXc3d4F6o50V7TW4wIJ6c5qbcNlGtUEi81JkWcr8YCo9khH1+CPxTpSqOHZvZcCs8TEZseEii963+UuSBaW/Ls1gbLbV1MYZI1xRpCsasnDOF1taLij8ArqM4QVLGeczMAiQ1LbZ1Vnjfb9hIymGfWI+7CB+sKHUb+XxOZMcp83g67TxDsKZzwvtbgdzrq1nxpd05gfqJPQbRzjndnl3kwYTurIr+Yx6JEEM/xF4a3SVJhY1d3yk3X0MiSY416g4VLS5AqhzQ//Hq19JR8SuQMS3ZCl4Ilmfce5fdc2oj6Iv0Sbf91ls7l7bk8mjgdBppM1MmhiP8Uh7QWgN5nDPEtybMsPohBE3KJRuc6TGhyEQRgCifDzk7bWcUz/F5m3PA/RiEzPKhIi9bQU7JoeBTmVqCvK93NnFBX/x3D+7GKtf6OcgkCIeJhgWjTBERjeLYcFrmdoR4nq8lawKsL+qfy4FfhbNjIBVD+PfjF5XZh11RhrOn5+0rRgJy+BN+qRJTQ3JcYKDXQNtbFxiZUYTYaq4malLQYTBbA6XrNZ5Vt0nJqmfEItNufwQ4GzIK0Ue6ZxWjaFElgDZEC9308xAJwR5uQc0h8a0oCrYWJ5yCu4laM27SCosXTqOKROh1vJ3yaMd2WM5SVX2 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Barry Song We are passing a huge nr to __clear_young_dirty_ptes() right now. While we should pass the number of pages, we are actually passing CONT_PTE_SIZE. This is causing lots of crashes of MADV_FREE, panic oops could vary everytime. Fixes: 89e86854fb0a ("mm/arm64: override clear_young_dirty_ptes() batch helper") Cc: Lance Yang Cc: Barry Song <21cnbao@gmail.com> Cc: Ryan Roberts Cc: David Hildenbrand Cc: Jeff Xie Cc: Kefeng Wang Cc: Michal Hocko Cc: Minchan Kim Cc: Muchun Song Cc: Peter Xu Cc: Yang Shi Cc: Yin Fengwei Cc: Zach O'Keefe Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Barry Song Reviewed-by: Baolin Wang Acked-by: Lance Yang Acked-by: David Hildenbrand Acked-by: Chris Li Reviewed-by: Mark Rutland Tested-by: Mark Rutland --- arch/arm64/mm/contpte.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/contpte.c b/arch/arm64/mm/contpte.c index 9f9486de0004..a3edced29ac1 100644 --- a/arch/arm64/mm/contpte.c +++ b/arch/arm64/mm/contpte.c @@ -376,7 +376,7 @@ void contpte_clear_young_dirty_ptes(struct vm_area_struct *vma, * clearing access/dirty for the whole block. */ unsigned long start = addr; - unsigned long end = start + nr; + unsigned long end = start + nr * PAGE_SIZE; if (pte_cont(__ptep_get(ptep + nr - 1))) end = ALIGN(end, CONT_PTE_SIZE); @@ -386,7 +386,7 @@ void contpte_clear_young_dirty_ptes(struct vm_area_struct *vma, ptep = contpte_align_down(ptep); } - __clear_young_dirty_ptes(vma, start, ptep, end - start, flags); + __clear_young_dirty_ptes(vma, start, ptep, (end - start) / PAGE_SIZE, flags); } EXPORT_SYMBOL_GPL(contpte_clear_young_dirty_ptes);