From patchwork Wed Nov 3 20:22:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yang Shi X-Patchwork-Id: 12601565 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E05FC433FE for ; Wed, 3 Nov 2021 20:23:03 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1809E6109F for ; Wed, 3 Nov 2021 20:23:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1809E6109F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 901CD6B006C; Wed, 3 Nov 2021 16:23:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8B0116B0072; Wed, 3 Nov 2021 16:23:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 79F746B0073; Wed, 3 Nov 2021 16:23:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0086.hostedemail.com [216.40.44.86]) by kanga.kvack.org (Postfix) with ESMTP id 6A58A6B006C for ; Wed, 3 Nov 2021 16:23:02 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 035457147D for ; Wed, 3 Nov 2021 20:23:02 +0000 (UTC) X-FDA: 78768743004.19.4859B5B Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by imf27.hostedemail.com (Postfix) with ESMTP id 9AC217000091 for ; Wed, 3 Nov 2021 20:23:01 +0000 (UTC) Received: by mail-pl1-f172.google.com with SMTP id u11so3491712plf.3 for ; Wed, 03 Nov 2021 13:23:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=FB36Sz9xaSOuhojZsirNmM4Fac3UYkPFaEPW7F3xjy0=; b=TZkCoymatDNmz9fAPGOcwzksGrRgFeWlQYuDhjzk8lxhd/kNQmNVOL0RNVRGMWT7mG XvXqVuYU60JDX1hFW0B4QDb/LHBWMDpnkQEJY6Ik5KlirqzbCNgGIWfhiav7qYFF7Di+ FZvw78XGU4YEKCxUz9u/CMuTi3iX5CUsbVrfaRs0woE4qhAdxGWvNaRAJ8jonS3Kn2kG qxWj7PcY75IyKCfcht/miCltXuw6ILWvoaBudd/3JVFRLruI3ETt0pBJKhEmzi9kl+w8 +Bu8eyEfnKdogYbcBNk7hxtPDsVhSJiaoIZl0ntOAOBM88s5F8NbZnZAMnsfqK8Vo4Xi dRpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=FB36Sz9xaSOuhojZsirNmM4Fac3UYkPFaEPW7F3xjy0=; b=ygCjD0i7/GYNZVtvbdaSu/YZD6zzrrrdpIjaI3HmWJ/MVFlp6riWsLFgKjR1iG6kBd honBV3aCUFo6nWNKumgVcbZ/zMW9dulWtt6u76mofNqwqo5zBNz1hiIKZPwGoXfg9VJa NxZ9AD918Zd/vHG3eMnYpNw9tIzaTT6QLrFRKG2B2iv40y7Ug/VvXDFuPDwWRJBlwXxT PIwoxG0XYxtHWgQc+7bvQfM75CfcDm+cVk3CexulPTlthsdx4y7txDIpjrtycu5S7L8Z 06yWHSuxH1zCKn71Eg/pUO4tDu8ahaOuYzoB4Z+lDWK+f36By/D4a8F0SqXaxfNBKxmY 3a0w== X-Gm-Message-State: AOAM531RPEKSTlqO5rkJ8MlYyRad9wi9uroxaiLwyuPVKboW6PdSGgzV 8aEKVy4EPgZySawdFaZJ7UI= X-Google-Smtp-Source: ABdhPJw4b9b2Drq+EVQJDZJtNyQ4qeqLw/lhvtJts7NUJVQ3adQsl1+oAH7ZTp2v+ekJw5iw9Gxhww== X-Received: by 2002:a17:90b:1e0c:: with SMTP id pg12mr11786165pjb.135.1635970980723; Wed, 03 Nov 2021 13:23:00 -0700 (PDT) Received: from localhost.localdomain (c-73-93-239-127.hsd1.ca.comcast.net. [73.93.239.127]) by smtp.gmail.com with ESMTPSA id t12sm5839863pjo.44.2021.11.03.13.22.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Nov 2021 13:22:59 -0700 (PDT) From: Yang Shi To: gregkh@linuxfoundation.org, hughd@google.com, sunhao.th@gmail.com, willy@infradead.org, kirill.shutemov@linux.intel.com, songliubraving@fb.com, andrea.righi@canonical.com, akpm@linux-foundation.org Cc: shy828301@gmail.com, stable@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [stable 5.10 PATCH] mm: khugepaged: skip huge page collapse for special files Date: Wed, 3 Nov 2021 13:22:58 -0700 Message-Id: <20211103202258.3564-1-shy828301@gmail.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 9AC217000091 X-Stat-Signature: mdmasn6y59b1qtioqxn1xazkzkhqtnoi Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=TZkCoyma; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf27.hostedemail.com: domain of shy828301@gmail.com designates 209.85.214.172 as permitted sender) smtp.mailfrom=shy828301@gmail.com X-HE-Tag: 1635970981-253008 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: commit a4aeaa06d45e90f9b279f0b09de84bd00006e733 upstream. The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VM_EXEC. The intended usecase is to avoid TLB misses for large text segments. But it doesn't restrict the file types so a THP could be collapsed for a non-regular file, for example, block device, if it is opened readonly and mapped with EXEC permission. This may cause bugs, like [1] and [2]. This is definitely not the intended usecase, so just collapse THP for regular files in order to close the attack surface. [shy828301@gmail.com: fix vm_file check [3]] Link: https://lore.kernel.org/lkml/CACkBjsYwLYLRmX8GpsDpMthagWOjWWrNxqY6ZLNQVr6yx+f5vA@mail.gmail.com/ [1] Link: https://lore.kernel.org/linux-mm/000000000000c6a82505ce284e4c@google.com/ [2] Link: https://lkml.kernel.org/r/CAHbLzkqTW9U3VvTu1Ki5v_cLRC9gHW+znBukg_ycergE0JWj-A@mail.gmail.com [3] Link: https://lkml.kernel.org/r/20211027195221.3825-1-shy828301@gmail.com Fixes: 99cb0dbd47a1 ("mm,thp: add read-only THP support for (non-shmem) FS") Signed-off-by: Hugh Dickins Signed-off-by: Yang Shi Reported-by: Hao Sun Reported-by: syzbot+aae069be1de40fb11825@syzkaller.appspotmail.com Cc: Matthew Wilcox Cc: Kirill A. Shutemov Cc: Song Liu Cc: Andrea Righi Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- mm/khugepaged.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index ee8812578563..5c36848022de 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -443,21 +443,24 @@ static bool hugepage_vma_check(struct vm_area_struct *vma, if (!transhuge_vma_enabled(vma, vm_flags)) return false; + if (vma->vm_file && !IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - + vma->vm_pgoff, HPAGE_PMD_NR)) + return false; + /* Enabled via shmem mount options or sysfs settings. */ - if (shmem_file(vma->vm_file) && shmem_huge_enabled(vma)) { - return IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - vma->vm_pgoff, - HPAGE_PMD_NR); - } + if (shmem_file(vma->vm_file)) + return shmem_huge_enabled(vma); /* THP settings require madvise. */ if (!(vm_flags & VM_HUGEPAGE) && !khugepaged_always()) return false; - /* Read-only file mappings need to be aligned for THP to work. */ + /* Only regular file is valid */ if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && vma->vm_file && (vm_flags & VM_DENYWRITE)) { - return IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - vma->vm_pgoff, - HPAGE_PMD_NR); + struct inode *inode = vma->vm_file->f_inode; + + return S_ISREG(inode->i_mode); } if (!vma->anon_vma || vma->vm_ops)