From patchwork Thu Jun 15 23:10:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugh Dickins X-Patchwork-Id: 13281818 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECD98EB64D9 for ; Thu, 15 Jun 2023 23:10:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 22B418E0001; Thu, 15 Jun 2023 19:10:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1B4A76B0075; Thu, 15 Jun 2023 19:10:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 02DE58E0001; Thu, 15 Jun 2023 19:10:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id E2F686B0074 for ; Thu, 15 Jun 2023 19:10:07 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 980C880A8F for ; Thu, 15 Jun 2023 23:10:07 +0000 (UTC) X-FDA: 80906527254.07.25303F7 Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174]) by imf26.hostedemail.com (Postfix) with ESMTP id C0A6414000C for ; Thu, 15 Jun 2023 23:10:05 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=IEuubg8v; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of hughd@google.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=hughd@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1686870605; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RmZFNeoisH6VwOe/2FJwnr1e9y/lbk2gv9RdAR57kqc=; b=YZzPoV1eaqeE9ohkUlrnDvBl7YXYw2Lng1VKoW9oD9GMm4To3BPHxQoa26fn/+yKCAMzWV xo0FH+czLCEdLAMc4cGdlWHz5d7BjtfCT8oFiIFsLQQVbbnoaXJ8Xk65jFdtPKrKJctqS4 21coeZypiPjY9smIUzUePf+cgMhL/G8= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=IEuubg8v; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of hughd@google.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=hughd@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686870605; a=rsa-sha256; cv=none; b=7cO7faELiDbwTgHoR5hJiZZV4sH6I1hO8Ql+hx4ROTNOjNqseQgm7ciwWmeTmZifqnBG9u QM3wExOJFn/Ad2cY6T0/YE3I1N8M62tMJ50jmejhnczt77L/urKxnUialBxLYGaM0eB010 06I3P5NcsrxKPw8JCZ9a+43V/hqaldg= Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-5700e993f37so21129827b3.0 for ; Thu, 15 Jun 2023 16:10:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1686870605; x=1689462605; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=RmZFNeoisH6VwOe/2FJwnr1e9y/lbk2gv9RdAR57kqc=; b=IEuubg8vIRqVRwSn1395G+XEtc7B85JxK43FvVybY07OWsveSyZ5wJsa/qhDJi5K+f 2z4BB1oTpAZfWgHVO7bVGZxY63p2SO5CN3m2htDHyqWLCEY32bbtbvtLrdtb+FZx9aAg Hn4hagDUFw6lLpntWGZgt3Pm9gXqbOprY6Vv+qxOIl2OH5+lAY6GAulcnIHVr+LwoRzX 1F4cCgdXmMAp6621pzgpHLgPeICxIK6qNeguYPRpzPl9EfF9iflGyA51t6FRtYmkXa9U NFseJoNQRVWNARaoQ294DgGMeBDt15bo6QIrYusvgfytMyJ+SESA1p0/o5IZ7QbwvdW0 Iplg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686870605; x=1689462605; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=RmZFNeoisH6VwOe/2FJwnr1e9y/lbk2gv9RdAR57kqc=; b=BhxiLaKk2+6UUovFMAXA6MDB32mAcZ3YJAV4px8RZpcHQ30fbmdBv6I2VvnOgrTI0j kz5F/y3rJlpniEjjFjbWRQBm+ekX+abmFkJRZT9dqiq/K81uectUC/gdfNnne/CmaTh3 MJ4WjDQoKeWUyuD+nbBAYAOx6eA5zAjMiI3Z0SNyHK9Xv60FCeg86/W7cwmA17/ovdiK e6C9k8YAVflZOkLLMwcvV3/EMKJuLk97W+BpdRbZCiyYqa43OYVq1wAYa09+pD3mFUZS jAmOHkdFCkIIbMpaCx+gfvDDJxEVBtl9ksjOibV/GLcWRHA41SaZSMJyg/Dmd6P60YMe NBLA== X-Gm-Message-State: AC+VfDz4Snuhv4ljczabSpLYGVZuaY08zoDX9MssS9sbkUBCa6aYvbcc 2359FIC7TCZq2nWEIqihbH7WsQ== X-Google-Smtp-Source: ACHHUZ5bj4OcfS4JGbdLn1PLFW20i4mt9bA9DhWl+JUawc2n48xRkdgNXjwewweE3GNAnBMSOhAY6g== X-Received: by 2002:a25:4288:0:b0:bad:2353:2454 with SMTP id p130-20020a254288000000b00bad23532454mr8207229yba.11.1686870604660; Thu, 15 Jun 2023 16:10:04 -0700 (PDT) Received: from ripple.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id k7-20020a258c07000000b00bb0ae4221b8sm4175977ybl.43.2023.06.15.16.10.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jun 2023 16:10:04 -0700 (PDT) Date: Thu, 15 Jun 2023 16:10:00 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@ripple.attlocal.net To: Andrew Morton cc: Hugh Dickins , Mike Kravetz , Mike Rapoport , "Kirill A. Shutemov" , Matthew Wilcox , David Hildenbrand , Suren Baghdasaryan , Qi Zheng , Yang Shi , Mel Gorman , Peter Xu , Peter Zijlstra , Will Deacon , Yu Zhao , Alistair Popple , Ralph Campbell , Ira Weiny , Steven Price , SeongJae Park , Lorenzo Stoakes , Huang Ying , Naoya Horiguchi , Christophe Leroy , Zack Rusin , Jason Gunthorpe , Axel Rasmussen , Anshuman Khandual , Pasha Tatashin , Miaohe Lin , Minchan Kim , Christoph Hellwig , Song Liu , Thomas Hellstrom , Ryan Roberts , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH v2 28/32 fix] mm/memory: allow pte_offset_map[_lock]() to fail: fix In-Reply-To: Message-ID: <1a4db221-7872-3594-57ce-42369945ec8d@google.com> References: MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: C0A6414000C X-Stat-Signature: 8qfscd951int66bzqk6jz75heujsb4qj X-HE-Tag: 1686870605-111594 X-HE-Meta: U2FsdGVkX1+zXOnU1NGXFtpBJ9T6Wlf86q8Nf3wgRC8YlyVv94QVIL7d1zVkq4DGe2UFjDwPmgXCGKqY3v8ybiaq4oJv/Lhzc7YZAQzce2toRxy3fYnwLeLq/DdaiXfmB4Au8pLzzCsP6l5acfYFaeLjfBfsbs17fVpc0pZy8lpDK4VklZHuaLM2fKIPLN8KH9U4cyAVjsdAWo/ZY84QyLxeibMvxGPHnYSJJ7u45PFfdxHM8hh1px1W/eodp3oPq18y9Lq69g6X3ScY0Ga7Cua1x0EeqZSIJA6iPBRLh+Peeyz6wh1+dzd16IlE5PSu5HSr+W9cS9LLXtlBIFg/nchWu38IvL0tk+doty++mD3sYJIAoQs9ifPHHpn1XgI5vPAFPQpuxb3SgATpFDKVyTBDbwAw/tLoriC8cF/n7+N30LamNktRpM/HoW5SOA/8YsdKJCNDQIqc57iGgPGu7Xe8ae7eUMZMPtw555N4OZGVpuA0+AlzKri5duf9yjXwHLy3n3nSd18TQWU7bsrx3PKb117VxctvFZTKK+MzIfYxAu6YEBQ3YtCWqwUAlwe8TG9Rw0+QxYSCkiDfMOOcy3KolHx7dke3AchkHjiRCSzywhgpYfMWxX6V2c5f2zMextEcmMetVomIVeAmmsNfwfSaiUMHJsY3aMo47SYmipQ2G4NY9IcO63ITbeKJsl+8ApyBmYCaij5dlhBifUS7oQ1k2Vn0RukM138bgdkXyUmYz+2JBA2rTTAxbtjWjuAfdZOJZ5PJ1tdLX6/Qvj6vlS2PC2KTLst8d4QsG8b43d3kw8FFP5hG20x/niC6gzcm+Xj65RIgiHC8xJGncTH/82B/rMn3E97M6TaLgLwmYTaUjBUGetdPriwcvJcnBCJVKiqwUV9EDEJBL6xUmQN2Tk+T2lD5qna8Q/Qqcs0yC93Mj5IsHUMmFBd4NxKl7Ma1leuDavPmmS6o1d2RL2E qa5zEpVe RXNEO7GUaaBDBapxJiIg6ezvu4QIxCMnNGTSMFoUAUFqBpWWb3XyqFDeRa5uFsEuJa8XOF5q68W4OCuXl46af0Zs78sIz8jocisaVy1dEy89QSIDwR8KAu5YsvbEfQ+gxjlKRKNtG8Fp+4eX80pQ/43ISKKvrUy+/VUmHL5Md7xE+mUoV0ZDDY1lEva5d2bU6X3BDtqfg2P8th2avqHoq/d9EmZuggQTLMsfV7/JDAUWuBJ3+otv5E5b80jJlGeO2Y9JW5XoeSBVRDtzZ3cAGxP8FVPGxsr/QHuPixal1ue26I1VMTiAuN9K7mFwBPK0ZBIVycY85O4LlA+Y9yXB751DCMR5HRmA8w0bhs27Us7cAU5JUOnoolZKEiWb0jLEOAJiswk0khg7AaDvfxgzZlm0k/Wv0ioPbUo7bO53eKEmQyyk2e/PctdQGZA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: __wp_page_copy_user() was liable to call update_mmu_tlb() with NULL vmf->pte in two places: not a problem today, but could become a problem later when pte_offset_map_lock() fails. Signed-off-by: Hugh Dickins --- Andrew, please add this as a fix patch for later merge into my "mm/memory: allow" patch in mm-unstable: it's something noticed while researching the bug Nathan reported, but not so serious - thanks. mm/memory.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index 4ec46eecefd3..cdadcff5ab26 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2843,7 +2843,8 @@ static inline int __wp_page_copy_user(struct page *dst, struct page *src, * Other thread has already handled the fault * and update local tlb only */ - update_mmu_tlb(vma, addr, vmf->pte); + if (vmf->pte) + update_mmu_tlb(vma, addr, vmf->pte); ret = -EAGAIN; goto pte_unlock; } @@ -2867,7 +2868,8 @@ static inline int __wp_page_copy_user(struct page *dst, struct page *src, vmf->pte = pte_offset_map_lock(mm, vmf->pmd, addr, &vmf->ptl); if (unlikely(!vmf->pte || !pte_same(*vmf->pte, vmf->orig_pte))) { /* The PTE changed under us, update local tlb */ - update_mmu_tlb(vma, addr, vmf->pte); + if (vmf->pte) + update_mmu_tlb(vma, addr, vmf->pte); ret = -EAGAIN; goto pte_unlock; }