| Message ID | db42467a692d78c654ec5c1953329401bd8a9c34.1682859234.git.lstoakes@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
by smtp.lore.kernel.org (Postfix) with ESMTP id E82D5C77B60
for <linux-mm@archiver.kernel.org>; Sun, 30 Apr 2023 13:00:25 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
id 272C96B0072; Sun, 30 Apr 2023 09:00:25 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
id 222976B0074; Sun, 30 Apr 2023 09:00:25 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
id 0EA126B0075; Sun, 30 Apr 2023 09:00:25 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com
[216.40.44.12])
by kanga.kvack.org (Postfix) with ESMTP id 01D786B0072
for <linux-mm@kvack.org>; Sun, 30 Apr 2023 09:00:24 -0400 (EDT)
Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1])
by unirelay03.hostedemail.com (Postfix) with ESMTP id BF11DA063B
for <linux-mm@kvack.org>; Sun, 30 Apr 2023 13:00:24 +0000 (UTC)
X-FDA: 80738065968.12.E6906C3
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
[209.85.128.47])
by imf02.hostedemail.com (Postfix) with ESMTP id 417B980014
for <linux-mm@kvack.org>; Sun, 30 Apr 2023 13:00:20 +0000 (UTC)
Authentication-Results: imf02.hostedemail.com;
dkim=pass header.d=gmail.com header.s=20221208 header.b="ZgR/5hKi";
spf=pass (imf02.hostedemail.com: domain of lstoakes@gmail.com designates
209.85.128.47 as permitted sender) smtp.mailfrom=lstoakes@gmail.com;
dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=hostedemail.com;
s=arc-20220608; t=1682859621;
h=from:from:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:cc:mime-version:mime-version:
content-type:content-transfer-encoding:content-transfer-encoding:
in-reply-to:references:dkim-signature;
bh=gJoztnqwIQgpjaOP6X2OK+4rUxlcDJhg6AbeMdHGJLI=;
b=XcbdOCBmCK54rVqN3I8ShjLxwvQW6MXFkp4xermLci9cVdY5AbEzW8yCLf4OsqJtrSN/xu
1P7MI1t4bHN8eydT0P91/0ZOTI7hW8xNSiQxUd/wNV1SFiypDsLDYbu0U+4ag+rLdgHfMR
51YSzN067G6lysqVQwup0JsI3997ZU0=
ARC-Authentication-Results: i=1;
imf02.hostedemail.com;
dkim=pass header.d=gmail.com header.s=20221208 header.b="ZgR/5hKi";
spf=pass (imf02.hostedemail.com: domain of lstoakes@gmail.com designates
209.85.128.47 as permitted sender) smtp.mailfrom=lstoakes@gmail.com;
dmarc=pass (policy=none) header.from=gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682859621; a=rsa-sha256;
cv=none;
b=HRrESvBG9EU91nSGSl5B07ujeOS3JA96ofILi7NjjoKQqIhWibDocmEQcLkpKGllFOdDSQ
rnl3P41IcNYYRmmxyCvAgUdfY7EZaYn7YIaMa7sjKbwbkKRYnkXAXTsu5roC0zOEKpVFNw
XvN++nSM7ys3l7FVSP0vjC+A9t411W4=
Received: by mail-wm1-f47.google.com with SMTP id
5b1f17b1804b1-3f1cfed93e2so15039225e9.3
for <linux-mm@kvack.org>; Sun, 30 Apr 2023 06:00:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1682859619; x=1685451619;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=gJoztnqwIQgpjaOP6X2OK+4rUxlcDJhg6AbeMdHGJLI=;
b=ZgR/5hKiBoSBb3pYvmERFlJ9eIuK8McJDTki/qkZLZLcXXKBI0IPNGfJdIMAEBF2Vf
GruJzrHVSZ8oyoBwLtGtnYWHhbZdWoaUNFfOS9Nl2zQzyF/7RAoIAtqI2XgHIapgziWL
ZLsyAVdOnw30X0LCQCBf4IDRyaeInILd4N6DMC3GTMq8rhPGTgzWZrlw5T3DYyE6UfyO
vCBcJn8nLFqB4O4j4jn2+/tZCBZmCsPwhT9rDO2duiLt9AjPTb33BnX9C5th0xkhqCTI
15PMHu4v8DyXCLY4JdT8x0WYTobF4U4lRo2FAEnDmN5pLFexb2+1sjvnBkv2B7X1mD/e
odeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1682859619; x=1685451619;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=gJoztnqwIQgpjaOP6X2OK+4rUxlcDJhg6AbeMdHGJLI=;
b=QSGykU/mmF/wJJbo5om/d6JCzPPyVjPzwLdUq8Csz9MPk4hg8AmrDOMJXFs2eca8Pp
mTvjeAbbrQyW32CUHuxmmcbyFTL8za45ZNxhZrIJHS/d1FNlQ8mEZhKvqLf9l1pkvr0a
cUedWkyjteQ1eO04uCqVYdfPd8EJPTSh5xmWuNgOGStTD1/W/WrRpVvLxBhIXqnDWOXZ
65XGEqL5MTM7Ar/fVy6zz+tZtF8yxNfEFmLWC3XWTnQKFkBegmn+KedNqAWGeuX2alVf
nE7B34YzFuoYdduwOn50tqRiFTB7oMc+bQCPSc5O7pOyyDI6JqxPha8wV4x/zJrIuUNG
tyYQ==
X-Gm-Message-State: AC+VfDxX+g61LfnlWpQP+uGRO2oyOguoCRHQwxtC0XqEq98EgXhlXi2m
041IFyQqjZMEstQvvOqfoqIgZHyN9l9ypQ==
X-Google-Smtp-Source:
ACHHUZ6ClPaB2tSn/cDdBaR8COWvv3/lZgNrssz1O0d5viNUQLB3qekLnwv4YW++IfTJ+QzTP1CFgw==
X-Received: by 2002:a05:600c:d7:b0:3f2:51e7:f110 with SMTP id
u23-20020a05600c00d700b003f251e7f110mr7729914wmm.32.1682859619121;
Sun, 30 Apr 2023 06:00:19 -0700 (PDT)
Received: from lucifer.home ([2a00:23c5:dc8c:8701:1663:9a35:5a7b:1d76])
by smtp.googlemail.com with ESMTPSA id
u5-20020a7bc045000000b003f32c9ea20fsm5228255wmc.11.2023.04.30.06.00.17
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 30 Apr 2023 06:00:18 -0700 (PDT)
From: Lorenzo Stoakes <lstoakes@gmail.com>
To: linux-mm@kvack.org,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Cc: "Liam R . Howlett" <Liam.Howlett@oracle.com>,
oliver.sang@intel.com,
Mel Gorman <mgorman@suse.de>,
stable@vger.kernel.org,
Lorenzo Stoakes <lstoakes@gmail.com>
Subject: [PATCH] mm/mempolicy: Correctly update prev when policy is equal on
mbind
Date: Sun, 30 Apr 2023 14:00:15 +0100
Message-Id:
<db42467a692d78c654ec5c1953329401bd8a9c34.1682859234.git.lstoakes@gmail.com>
X-Mailer: git-send-email 2.40.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspam-User:
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 417B980014
X-Stat-Signature: yxe977kommji96ewooosjxubuadn6pbs
X-HE-Tag: 1682859620-478710
X-HE-Meta:
U2FsdGVkX1+tvFt88QMZRw0ohvsGqlQlJOyc4pliV1GcQ+pnV03PF+7u6f7BRluBn0Ok+tQM8IVXAe2W58o6FUfdbR+t+O+CsJuoQFU1UTMFOOtDs8bCmX6cv9PGBEEgaspLIaHdjFsxJOF1cy18r8+sJWN0p7ATJivX8PBl9hcHMvuUmHZer+kqJ+3mYDyqEv3nZgFZj2VMiOpCwmcEQZtlfeB7NFfzxOFnqn49Qm+Am7Jg2iIP5p1/Fg5p11pBiTFw9rKfykq1wa8MJCFfzwnoZSk3L39ehE8+WGbyFPkB+O1wveG12zC03niitTtiowmxdiwOvKzMYhC/QJc6EqMDEL45GTwQA7M7lhWKbVHasIv1pSa7dqyiE7cWGQiARK4FSABegS+vX4Ac3t0pWiWzZKHmKtbcF8DzfSeH4PCtBRakq773j/6wMCWwj6LQeVfFuDPmtmYPiRw+9OZ4YRNLbB9ivwuYWyD9yJDJyWKnBnqRDekrzNzJvstlyoU+rCIhM95TZGCE7wstC3/rYDMZS9c/c1QdDuHHZ5btCt10OOtlA5mZg22ChrVk7qjgGfOkoDcqjt+tyzHixQcl9PgCq/Z189mTV0TcT6mlno546N+IVtNZUCnRhr4hfgwebMY+2RL89dUBVd97NLEs0eK0ZIm9ryViGvr63ti58FFYnEShIiTDbmcsmTdz1WffabJlcVf9Y9/ecNcWB1+1hMmDkX29uc6ORG0APbXYFC1oMVrSs/iZ1/b6+KgmGuxiqKQzsJ15VPpp4AVFqaJtRSQJ0PmjN9ih2An/DONCnlwNMuWnqYs+1cXZ6CEQpmXU8gbY+joSld+ca8gIiSPbgd7msyzX/vsqxXe+asynUUE+MzLahdEmaVIeT/PtmSy2WNcgtrY8/8D/8yLt4by82mK9IsrK1wqvWCx/7owOtOD1qTZnBu8xHm9enYMo3nEx2AbFyOKiCasAbG5n82b
6o9mg3AG
mp/tsefUYU3MAW5Cm/RPZX+iknlSWf24uqWv8wXNrwm+r1Cs4Qmu0fVJOT+VRiwt2/xSjYAxzoTOodFp1ocqlOkzh85vPUgFwwN4iAJDydEDxZulsspYkHLl6kqd6IS+d2LI1AGAYvfLd9rLiZytuR82CRVqh/UrwWjN7GF/7l2e9QDJU98MBr3THaevJuQGnTv7usuKDvgZ29UDZBoP0I5EFl3hdAYiOD2aKF6yhVcRtpXUmybW8VlJm+wf0PQe5jd5+U6+hTscK1//fVnzt9xZL+aDOzJdGO4RqgjBXnmDy12tt+bsoKwmLXi6uZEtnOD7I9P4DtCSklNzbAz6vtsLrvQMh3+U74G7bndPorqnem5CVaIJcKtQ8ygWi5VwLyQ5htb8IMutpoPyhWVWH+9ZDKszeQQvpLh+dtzzVW6P+eM+sD2MKv3/MMllgxJfLtLq3s0hW9jYkmPq4MmM28Br7lzl3gH/izy5L0KSHVjW3tdknxcLD559suyYcHFcERDef
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000008, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
|
| Series |
mm/mempolicy: Correctly update prev when policy is equal on mbind
|
expand
|
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 2068b594dc88..1756389a0609 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -808,8 +808,10 @@ static int mbind_range(struct vma_iterator *vmi, struct vm_area_struct *vma, vmstart = vma->vm_start; } - if (mpol_equal(vma_policy(vma), new_pol)) + if (mpol_equal(vma_policy(vma), new_pol)) { + *prev = vma; return 0; + } pgoff = vma->vm_pgoff + ((vmstart - vma->vm_start) >> PAGE_SHIFT); merged = vma_merge(vmi, vma->vm_mm, *prev, vmstart, vmend, vma->vm_flags,
The refactoring in commit f4e9e0e69468 ("mm/mempolicy: fix use-after-free of VMA iterator") introduces a subtle bug which arises when attempting to apply a new NUMA policy across a range of VMAs in mbind_range(). The refactoring passes a **prev pointer to keep track of the previous VMA in order to reduce duplication, and in all but one case it keeps this correctly updated. The bug arises when a VMA within the specified range has an equivalent policy as determined by mpol_equal() - which unlike other cases, does not update prev. This can result in a situation where, later in the iteration, a VMA is found whose policy does need to change. At this point, vma_merge() is invoked with prev pointing to a VMA which is before the previous VMA. Since vma_merge() discovers the curr VMA by looking for the one immediately after prev, it will now be in a situation where this VMA is incorrect and the merge will not proceed correctly. This is checked in the VM_WARN_ON() invariant case with end > curr->vm_end, which, if a merge is possible, results in a warning (if CONFIG_DEBUG_VM is specified). I note that vma_merge() performs these invariant checks only after merge_prev/merge_next are checked, which is debatable as it hides this issue if no merge is possible even though a buggy situation has arisen. The solution is simply to update the prev pointer even when policies are equal. This caused a bug to arise in the 6.2.y stable tree, and this patch resolves this bug. Reported-by: kernel test robot <oliver.sang@intel.com> Link: https://lore.kernel.org/oe-lkp/202304292203.44ddeff6-oliver.sang@intel.com Fixes: f4e9e0e69468 ("mm/mempolicy: fix use-after-free of VMA iterator") Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com> --- mm/mempolicy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)