From patchwork Thu Aug 18 13:00:11 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miaohe Lin <linmiaohe@huawei.com>
X-Patchwork-Id: 12947858
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2FA24C00140
	for <linux-mm@archiver.kernel.org>; Thu, 18 Aug 2022 20:36:08 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id A6E058D0003; Thu, 18 Aug 2022 16:36:07 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A1C8C8D0002; Thu, 18 Aug 2022 16:36:07 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 932118D0003; Thu, 18 Aug 2022 16:36:07 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com
 [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 84D698D0002
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 16:36:07 -0400 (EDT)
Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 57AE342003
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 20:36:07 +0000 (UTC)
X-FDA: 79813870374.23.43C4474
Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255])
	by imf03.hostedemail.com (Postfix) with ESMTP id C3E5B23DF0
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 20:30:19 +0000 (UTC)
Received: from canpemm500002.china.huawei.com (unknown [172.30.72.56])
	by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4M7lKC2kMdz1N7Hm;
	Thu, 18 Aug 2022 20:57:19 +0800 (CST)
Received: from huawei.com (10.175.124.27) by canpemm500002.china.huawei.com
 (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 18 Aug
 2022 21:00:41 +0800
From: Miaohe Lin <linmiaohe@huawei.com>
To: <akpm@linux-foundation.org>, <naoya.horiguchi@nec.com>
CC: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
	<linmiaohe@huawei.com>
Subject: [PATCH 1/6] mm,
 hwpoison: fix page refcnt leaking in try_memory_failure_hugetlb()
Date: Thu, 18 Aug 2022 21:00:11 +0800
Message-ID: <20220818130016.45313-2-linmiaohe@huawei.com>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20220818130016.45313-1-linmiaohe@huawei.com>
References: <20220818130016.45313-1-linmiaohe@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.124.27]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 canpemm500002.china.huawei.com (7.192.104.244)
X-CFilter-Loop: Reflected
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1660854621;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=DgRU5PbBYmNCvXndidupOf4X+cIHJyNbseeZkdQKyJg=;
	b=4JET7oKACFYw7/d7OtYYcvB0CMEOSPCo0+F6FnKNDUaZ9D2Zr3eE3R0hx9Unjs5Bb53GPa
	g8NavvbNj6cJVsB42XvlWLaebMa//pwgzthPt/NbahtmvAMGq1IlqBgh9BsuKM3qvFYkjN
	Ii4wbrFRLHrBxmP5eKw9IWE1/vTgn8Y=
ARC-Authentication-Results: i=1;
	imf03.hostedemail.com;
	dkim=none;
	spf=pass (imf03.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.255 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660854621; a=rsa-sha256;
	cv=none;
	b=AuXKkVb+WDP7Nnv6t62cbZwgIj5iPs/7j0GY7rdOOVLxL2XNIsH2181k0nfA3AS/dVS0pm
	MOauD6Ca6n4j+qdIEXxHv7kaSvtpU03uwxozGy1lgiW7nEdewIKBWepj8/n5y7YJbTrAyZ
	wNtHXPIbgUPdw1K5ccitLiEBVv81JRc=
X-Stat-Signature: nu6337tsspp8cgbtztp6e4dsx6mjz47q
X-Rspamd-Queue-Id: C3E5B23DF0
X-Rspam-User: 
Authentication-Results: imf03.hostedemail.com;
	dkim=none;
	spf=pass (imf03.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.255 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
X-Rspamd-Server: rspam10
X-HE-Tag: 1660854619-1148
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

When hwpoison_filter() refuses to hwpoison a hugetlb page, the refcnt of
the page would have been incremented if res == 1. Using put_page() to fix
the refcnt leaking in this case.

Fixes: 405ce051236c ("mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb()")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
---
 mm/memory-failure.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index e48f6f6a259d..22840cd5fe59 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -1860,8 +1860,10 @@ static int try_memory_failure_hugetlb(unsigned long pfn, int flags, int *hugetlb
 
 	if (hwpoison_filter(p)) {
 		hugetlb_clear_page_hwpoison(head);
-		res = -EOPNOTSUPP;
-		goto out;
+		unlock_page(head);
+		if (res == 1)
+			put_page(head);
+		return -EOPNOTSUPP;
 	}
 
 	/*

From patchwork Thu Aug 18 13:00:12 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miaohe Lin <linmiaohe@huawei.com>
X-Patchwork-Id: 12947995
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5CB26C00140
	for <linux-mm@archiver.kernel.org>; Thu, 18 Aug 2022 21:36:10 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id E54758D0002; Thu, 18 Aug 2022 17:36:09 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E03908D0001; Thu, 18 Aug 2022 17:36:09 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id CF1DC8D0002; Thu, 18 Aug 2022 17:36:09 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com
 [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id C1C6C8D0001
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 17:36:09 -0400 (EDT)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 7E0A880935
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 21:36:09 +0000 (UTC)
X-FDA: 79814021658.25.5F305F9
Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255])
	by imf30.hostedemail.com (Postfix) with ESMTP id DD87F8023B
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 21:34:40 +0000 (UTC)
Received: from canpemm500002.china.huawei.com (unknown [172.30.72.56])
	by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4M7lKC5p4Zz1N7NB;
	Thu, 18 Aug 2022 20:57:19 +0800 (CST)
Received: from huawei.com (10.175.124.27) by canpemm500002.china.huawei.com
 (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 18 Aug
 2022 21:00:41 +0800
From: Miaohe Lin <linmiaohe@huawei.com>
To: <akpm@linux-foundation.org>, <naoya.horiguchi@nec.com>
CC: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
	<linmiaohe@huawei.com>
Subject: [PATCH 2/6] mm,
 hwpoison: fix page refcnt leaking in unpoison_memory()
Date: Thu, 18 Aug 2022 21:00:12 +0800
Message-ID: <20220818130016.45313-3-linmiaohe@huawei.com>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20220818130016.45313-1-linmiaohe@huawei.com>
References: <20220818130016.45313-1-linmiaohe@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.124.27]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 canpemm500002.china.huawei.com (7.192.104.244)
X-CFilter-Loop: Reflected
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1660858482;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=1OjdLUuBjYrEgtjJJceoQofT/MiEpel7UFPZP2APbeQ=;
	b=JeXnbDDGFSgWV7YEux244DSGsmZepfzr7i1se91+KjFMP02FBc6r467RNFrY1uuGw1WDTN
	plx3yovqqMhk0K24vY6hukgh3BVBDKRSUAiZ+kZWA40UDpeE4AAOFiFE/6UMtlEKbR+uU4
	du3Om3z+tRjg1+E+dGrmBcjvxaZqFdk=
ARC-Authentication-Results: i=1;
	imf30.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf30.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.255 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660858482; a=rsa-sha256;
	cv=none;
	b=fIjnk2B12enq9Tzi7J3ImHuQ6SImJvGG/KcGW4jdAq+9wOFyOkg0dKdhGC0Z+LbfmascZL
	A/Hk7V1DVaUKej9bHaFHrLgMKixiBvWnH2gPMvrdPOIVxahppHPPZwRavzIZ6Ckw6Cn3Lq
	XdWbP5VtfyaubAczwHumEgj68J6mL+w=
Authentication-Results: imf30.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf30.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.255 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: DD87F8023B
X-Stat-Signature: nw61cmfry1eqt8753yfzs6gzj355n8ad
X-Rspam-User: 
X-HE-Tag: 1660858480-435947
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

When free_raw_hwp_pages() fails its work, the refcnt of the hugetlb page
would have been incremented if ret > 0. Using put_page() to fix refcnt
leaking in this case.

Fixes: debb6b9c3fdd ("mm, hwpoison: make unpoison aware of raw error info in hwpoisoned hugepage")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
---
 mm/memory-failure.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 22840cd5fe59..0c5ad7505b99 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -2378,6 +2378,7 @@ int unpoison_memory(unsigned long pfn)
 			count = free_raw_hwp_pages(page, false);
 			if (count == 0) {
 				ret = -EBUSY;
+				put_page(page);
 				goto unlock_mutex;
 			}
 		}

From patchwork Thu Aug 18 13:00:13 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miaohe Lin <linmiaohe@huawei.com>
X-Patchwork-Id: 12947973
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EFD70C00140
	for <linux-mm@archiver.kernel.org>; Thu, 18 Aug 2022 21:15:18 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 6F9708E0001; Thu, 18 Aug 2022 17:15:18 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 681368D0002; Thu, 18 Aug 2022 17:15:18 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5227D8E0001; Thu, 18 Aug 2022 17:15:18 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com
 [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 42DBB8D0002
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 17:15:18 -0400 (EDT)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 00BD91A1A7C
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 21:15:17 +0000 (UTC)
X-FDA: 79813969116.30.077F675
Received: by imf21.hostedemail.com (Postfix, from userid 200)
	id 015941C00A1; Thu, 18 Aug 2022 15:59:11 +0000 (UTC)
Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189])
	by imf21.hostedemail.com (Postfix) with ESMTP id E3ACB1C388C
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 15:59:06 +0000 (UTC)
Received: from canpemm500002.china.huawei.com (unknown [172.30.72.57])
	by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4M7lMJ62f5zGpcF;
	Thu, 18 Aug 2022 20:59:08 +0800 (CST)
Received: from huawei.com (10.175.124.27) by canpemm500002.china.huawei.com
 (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 18 Aug
 2022 21:00:42 +0800
From: Miaohe Lin <linmiaohe@huawei.com>
To: <akpm@linux-foundation.org>, <naoya.horiguchi@nec.com>
CC: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
	<linmiaohe@huawei.com>
Subject: [PATCH 3/6] mm, hwpoison: fix extra put_page() in soft_offline_page()
Date: Thu, 18 Aug 2022 21:00:13 +0800
Message-ID: <20220818130016.45313-4-linmiaohe@huawei.com>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20220818130016.45313-1-linmiaohe@huawei.com>
References: <20220818130016.45313-1-linmiaohe@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.124.27]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 canpemm500002.china.huawei.com (7.192.104.244)
X-CFilter-Loop: Reflected
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660838348; a=rsa-sha256;
	cv=none;
	b=UFUYRNuopdM74qFNskclOFKWNqwqfK4/W7rElREsTGG+0gyWbvX5OukIEy6qprFR8g0irG
	qb34ssU6o4XhaX7xXh7yPDATEHflnQXfHuFclthN2c/F+JDH43Q9oBzM2uF724c0fd5nBt
	jeRbT9QxbtTP/fUFvdINg/7sNySs5qo=
ARC-Authentication-Results: i=1;
	imf21.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf21.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.189 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1660838348;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=z09LKwtbrH3Ub57kEyVhiVMCUeFKH6QYfIUUHEYEVuY=;
	b=HOAkvhruynuFzfHsexCk5xXYxB0dOARzhP+EjcMrbHBEToLM/pz9I3EgQdK2JZSwRqIojf
	iXmPS9g8NUFmdv41+gmAZA0RmrU8qwZcRmUdIls4AZeOYXVsfzSGVPWaK8D0aTQ1aTTHad
	FklzHVH7G6RHqomi2LZ4zSgkJoGusmI=
Authentication-Results: imf21.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf21.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.189 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
X-Rspam-User: 
X-Rspamd-Server: rspam07
X-Stat-Signature: wzwiuqkdt1u1xz56towc5i1zncwksqsn
X-Rspamd-Queue-Id: E3ACB1C388C
X-HE-Tag: 1660838346-554721
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

When hwpoison_filter() refuses to soft offline a page, the page refcnt
incremented previously by MF_COUNT_INCREASED would have been consumed
via get_hwpoison_page() if ret <= 0. So the put_ref_page() here will
put the extra one. Remove it to fix the issue.

Fixes: 9113eaf331bf ("mm/memory-failure.c: add hwpoison_filter for soft offline")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
---
 mm/memory-failure.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 0c5ad7505b99..7023c3d81273 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -2591,8 +2591,6 @@ int soft_offline_page(unsigned long pfn, int flags)
 	if (hwpoison_filter(page)) {
 		if (ret > 0)
 			put_page(page);
-		else
-			put_ref_page(ref_page);
 
 		mutex_unlock(&mf_mutex);
 		return -EOPNOTSUPP;

From patchwork Thu Aug 18 13:00:14 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miaohe Lin <linmiaohe@huawei.com>
X-Patchwork-Id: 12948088
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 01CF2C00140
	for <linux-mm@archiver.kernel.org>; Thu, 18 Aug 2022 22:29:21 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 7D7238D0003; Thu, 18 Aug 2022 18:29:21 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 786DE8D0002; Thu, 18 Aug 2022 18:29:21 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6507A8D0003; Thu, 18 Aug 2022 18:29:21 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com
 [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 563E18D0002
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 18:29:21 -0400 (EDT)
Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 3506541AF5
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 22:29:21 +0000 (UTC)
X-FDA: 79814155722.13.D380865
Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255])
	by imf31.hostedemail.com (Postfix) with ESMTP id 0616D237E0
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 22:04:47 +0000 (UTC)
Received: from canpemm500002.china.huawei.com (unknown [172.30.72.57])
	by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4M7lKD4xMjz1N7Mc;
	Thu, 18 Aug 2022 20:57:20 +0800 (CST)
Received: from huawei.com (10.175.124.27) by canpemm500002.china.huawei.com
 (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 18 Aug
 2022 21:00:42 +0800
From: Miaohe Lin <linmiaohe@huawei.com>
To: <akpm@linux-foundation.org>, <naoya.horiguchi@nec.com>
CC: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
	<linmiaohe@huawei.com>
Subject: [PATCH 4/6] mm,
 hwpoison: fix possible use-after-free in mf_dax_kill_procs()
Date: Thu, 18 Aug 2022 21:00:14 +0800
Message-ID: <20220818130016.45313-5-linmiaohe@huawei.com>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20220818130016.45313-1-linmiaohe@huawei.com>
References: <20220818130016.45313-1-linmiaohe@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.124.27]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 canpemm500002.china.huawei.com (7.192.104.244)
X-CFilter-Loop: Reflected
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1660860289;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=z76c0M26DZTjWALqkyWEGe8S3IDPi6PA2sajD12nn7M=;
	b=3I6LFlDZcRmgKPHA+MScz9FN8S7RMeMP9rWnvJUbYqAj4AioNGUuoYIUCE3GusG6xsbFEK
	2GDx3lNtINZBHSWdc2BQkspnRH2GJigv52c4BaH4JTfxtGQk7lE8K/QumRVcrkP0pE9o2w
	Glt8q+dOj3E7oCFBEUpZ9dLBW4fzkKA=
ARC-Authentication-Results: i=1;
	imf31.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf31.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.255 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660860289; a=rsa-sha256;
	cv=none;
	b=fpe3Fdbbd1+t/ucCiNsJMTkX/zXS1Qlay6PmcnuT08r9clOEWLJRjhXgSffu2N7qQGzfQT
	/zhyGu6yNjGc4q25mdx2TRweEn08f3h6x7IahzkXJgNTgyysDImuwbrqxm3mPyuA/zhQW1
	su+i52bFWz4HI7W9Sr4Qv2S4nEuEQyM=
X-Stat-Signature: 7f73jzegwykwytha89twp3bgos5iukct
X-Rspam-User: 
Authentication-Results: imf31.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf31.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.255 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
X-Rspamd-Server: rspam12
X-Rspamd-Queue-Id: 0616D237E0
X-HE-Tag: 1660860287-370307
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

After kill_procs(), tk will be freed without being removed from the to_kill
list. In the next iteration, the freed list entry in the to_kill list will
be accessed, thus leading to use-after-free issue. Fix it by reinitializing
the to_kill list after unmap_and_kill().

Fixes: c36e20249571 ("mm: introduce mf_dax_kill_procs() for fsdax case")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
---
 mm/memory-failure.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 7023c3d81273..a2f4e8b00a26 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -1658,6 +1658,8 @@ int mf_dax_kill_procs(struct address_space *mapping, pgoff_t index,
 		collect_procs_fsdax(page, mapping, index, &to_kill);
 		unmap_and_kill(&to_kill, page_to_pfn(page), mapping,
 				index, mf_flags);
+		/* Reinitialize to_kill list for later resuing. */
+		INIT_LIST_HEAD(&to_kill);
 unlock:
 		dax_unlock_mapping_entry(mapping, index, cookie);
 	}

From patchwork Thu Aug 18 13:00:15 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miaohe Lin <linmiaohe@huawei.com>
X-Patchwork-Id: 12948102
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F3D14C00140
	for <linux-mm@archiver.kernel.org>; Thu, 18 Aug 2022 22:45:38 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 656758E0001; Thu, 18 Aug 2022 18:45:38 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 606958D0002; Thu, 18 Aug 2022 18:45:38 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4CEBF8E0001; Thu, 18 Aug 2022 18:45:38 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com
 [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 3F2DD8D0002
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 18:45:38 -0400 (EDT)
Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 1466742136
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 22:45:38 +0000 (UTC)
X-FDA: 79814196756.21.BB6D0FE
Received: by imf25.hostedemail.com (Postfix, from userid 200)
	id 655AEA1F9C; Thu, 18 Aug 2022 15:59:25 +0000 (UTC)
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
	by imf25.hostedemail.com (Postfix) with ESMTP id B4459A30A5
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 15:59:19 +0000 (UTC)
Received: from canpemm500002.china.huawei.com (unknown [172.30.72.56])
	by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4M7lKY569pzlWJd;
	Thu, 18 Aug 2022 20:57:37 +0800 (CST)
Received: from huawei.com (10.175.124.27) by canpemm500002.china.huawei.com
 (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 18 Aug
 2022 21:00:42 +0800
From: Miaohe Lin <linmiaohe@huawei.com>
To: <akpm@linux-foundation.org>, <naoya.horiguchi@nec.com>
CC: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
	<linmiaohe@huawei.com>
Subject: [PATCH 5/6] mm, hwpoison: kill procs if unmap fails
Date: Thu, 18 Aug 2022 21:00:15 +0800
Message-ID: <20220818130016.45313-6-linmiaohe@huawei.com>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20220818130016.45313-1-linmiaohe@huawei.com>
References: <20220818130016.45313-1-linmiaohe@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.124.27]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 canpemm500002.china.huawei.com (7.192.104.244)
X-CFilter-Loop: Reflected
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1660838364;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ki5NtQ0oDI6gXgyQ6smMSgP2f6NhEcutkbrblrpkVA8=;
	b=d5NN9dp0FTgLlRGAJaIjuIa6thmnm6wJlMSlSx3x0Uik06weNVXD9zr2Go1Kqa8ZyMNtBD
	//CDRaiyCS1WDwVsZazJo3AyWZ9JVZ53nGOpbNRqTJEa5LPRuukGSE9ngvddJRCzh2NGqi
	TKvblU9HK3cl+M9MdMHF47x3TxR3cgo=
ARC-Authentication-Results: i=1;
	imf25.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf25.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.188 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660838364; a=rsa-sha256;
	cv=none;
	b=d/p73syQ7KHmwtN8tE/NbS0FX+w95m5sbUae/seTHcf6fBrm/jvbZCLVjhGknRqgIRTFyi
	c551bQ0EsEgJU5/EcWViXOq3KrakewNN1ty9vtERUnmmUrZb5nVNstCMIwG9VQlYy4C9A/
	JBGSAfwQfXVQTghhCApJNxwNUH+iZDA=
X-Rspamd-Server: rspam10
X-Rspamd-Queue-Id: B4459A30A5
Authentication-Results: imf25.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf25.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.188 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
X-Rspam-User: 
X-Stat-Signature: a1rxrexz8con5bi6x37b3eri4m3x8aid
X-HE-Tag: 1660838359-75787
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

If try_to_unmap() fails, the hwpoisoned page still resides in the address
space of some processes. We should kill these processes or the hwpoisoned
page might be consumed later. collect_procs() is always called to collect
relevant processes now so they can be killed later if unmap fails.

Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
---
 mm/memory-failure.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index a2f4e8b00a26..5f9615a86296 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -1396,7 +1396,7 @@ static bool hwpoison_user_mappings(struct page *p, unsigned long pfn,
 	struct address_space *mapping;
 	LIST_HEAD(tokill);
 	bool unmap_success;
-	int kill = 1, forcekill;
+	int forcekill;
 	bool mlocked = PageMlocked(hpage);
 
 	/*
@@ -1437,7 +1437,6 @@ static bool hwpoison_user_mappings(struct page *p, unsigned long pfn,
 		if (page_mkclean(hpage)) {
 			SetPageDirty(hpage);
 		} else {
-			kill = 0;
 			ttu |= TTU_IGNORE_HWPOISON;
 			pr_info("%#lx: corrupted page was clean: dropped without side effects\n",
 				pfn);
@@ -1452,8 +1451,7 @@ static bool hwpoison_user_mappings(struct page *p, unsigned long pfn,
 	 * Error handling: We ignore errors here because
 	 * there's nothing that can be done.
 	 */
-	if (kill)
-		collect_procs(hpage, &tokill, flags & MF_ACTION_REQUIRED);
+	collect_procs(hpage, &tokill, flags & MF_ACTION_REQUIRED);
 
 	if (PageHuge(hpage) && !PageAnon(hpage)) {
 		/*
@@ -1495,7 +1493,8 @@ static bool hwpoison_user_mappings(struct page *p, unsigned long pfn,
 	 * use a more force-full uncatchable kill to prevent
 	 * any accesses to the poisoned memory.
 	 */
-	forcekill = PageDirty(hpage) || (flags & MF_MUST_KILL);
+	forcekill = PageDirty(hpage) || (flags & MF_MUST_KILL) ||
+		    !unmap_success;
 	kill_procs(&tokill, forcekill, !unmap_success, pfn, flags);
 
 	return unmap_success;

From patchwork Thu Aug 18 13:00:16 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miaohe Lin <linmiaohe@huawei.com>
X-Patchwork-Id: 12947901
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 94A11C00140
	for <linux-mm@archiver.kernel.org>; Thu, 18 Aug 2022 21:02:34 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 19CED8D0003; Thu, 18 Aug 2022 17:02:34 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 126218D0002; Thu, 18 Aug 2022 17:02:34 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id F09608D0003; Thu, 18 Aug 2022 17:02:33 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com
 [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id DF3D58D0002
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 17:02:33 -0400 (EDT)
Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id BC0F01A2291
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 21:02:33 +0000 (UTC)
X-FDA: 79813936986.04.D8324FF
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187])
	by imf05.hostedemail.com (Postfix) with ESMTP id 468311006A3
	for <linux-mm@kvack.org>; Thu, 18 Aug 2022 20:58:33 +0000 (UTC)
Received: from canpemm500002.china.huawei.com (unknown [172.30.72.56])
	by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4M7lLZ5N68znTYd;
	Thu, 18 Aug 2022 20:58:30 +0800 (CST)
Received: from huawei.com (10.175.124.27) by canpemm500002.china.huawei.com
 (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 18 Aug
 2022 21:00:43 +0800
From: Miaohe Lin <linmiaohe@huawei.com>
To: <akpm@linux-foundation.org>, <naoya.horiguchi@nec.com>
CC: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
	<linmiaohe@huawei.com>
Subject: [PATCH 6/6] mm, hwpoison: avoid trying to unpoison reserved page
Date: Thu, 18 Aug 2022 21:00:16 +0800
Message-ID: <20220818130016.45313-7-linmiaohe@huawei.com>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20220818130016.45313-1-linmiaohe@huawei.com>
References: <20220818130016.45313-1-linmiaohe@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.124.27]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 canpemm500002.china.huawei.com (7.192.104.244)
X-CFilter-Loop: Reflected
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1660856315;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=h8JOndS46/RcjgxrDpgN7LFg53DbMpjkcyMzE5PQBUg=;
	b=wsl/rwO/ppDKgpDL8jaKpbpF27EOtfk54jMs78o9CfO8/C78GiGgFTGzlX3N7tRc8raG/K
	qn2GDP48/CwHNRI+qegq96TjRoGzNtoL5MYe3vpuD9xlK4WWoc5mEhvwf1xrwPG9QqE0u2
	ouXvDzjzCBZSi1mspjcYg1ylO9KVSJw=
ARC-Authentication-Results: i=1;
	imf05.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf05.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.187 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660856315; a=rsa-sha256;
	cv=none;
	b=Lh+X0JRjbQHisFHOCVToQxkTFbH2+Vxi0OpgQFDf4Q6ciZVnjyoCFMdESabw5FpN4v7xTB
	xiAhKHMEehlwZ7uPhcyZObH2o5Is82Vgi9J0C9/RkcOWvUJKP47FY/D7wVvZcwUJgj1K8B
	z0NIgI4HDGB69NuqyQcGrowrApbmCPQ=
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: 468311006A3
X-Stat-Signature: pj7irf6pxf5heqzb4a5b79swgr778bw6
Authentication-Results: imf05.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf05.hostedemail.com: domain of linmiaohe@huawei.com designates
 45.249.212.187 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com
X-Rspam-User: 
X-HE-Tag: 1660856313-682331
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

For reserved pages, HWPoison flag will be set without increasing the page
refcnt. So we shouldn't even try to unpoison these pages and thus decrease
the page refcnt unexpectly. Add a PageReserved() check to filter this case
out and remove the below unneeded zero page (zero page is reserved) check.

Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
---
 mm/memory-failure.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 5f9615a86296..c831c41bb092 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -2355,7 +2355,7 @@ int unpoison_memory(unsigned long pfn)
 		goto unlock_mutex;
 	}
 
-	if (PageSlab(page) || PageTable(page))
+	if (PageSlab(page) || PageTable(page) || PageReserved(page))
 		goto unlock_mutex;
 
 	ret = get_hwpoison_page(p, MF_UNPOISON);
@@ -2386,7 +2386,7 @@ int unpoison_memory(unsigned long pfn)
 		freeit = !!TestClearPageHWPoison(p);
 
 		put_page(page);
-		if (freeit && !(pfn == my_zero_pfn(0) && page_count(p) == 1)) {
+		if (freeit) {
 			put_page(page);
 			ret = 0;
 		}