From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=2sRG=ZK=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A9B00C43215
	for <linux-mm@archiver.kernel.org>; Mon, 18 Nov 2019 10:22:21 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 684C42084D
	for <linux-mm@archiver.kernel.org>; Mon, 18 Nov 2019 10:22:21 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=shutemov-name.20150623.gappssmtp.com header.i=@shutemov-name.20150623.gappssmtp.com header.b="dkjSly7K"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 684C42084D
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=shutemov.name
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id E9F3E6B0003; Mon, 18 Nov 2019 05:22:20 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E4EFB6B0006; Mon, 18 Nov 2019 05:22:20 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D642D6B0007; Mon, 18 Nov 2019 05:22:20 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0251.hostedemail.com [216.40.44.251])
	by kanga.kvack.org (Postfix) with ESMTP id C02FB6B0003
	for <linux-mm@kvack.org>; Mon, 18 Nov 2019 05:22:20 -0500 (EST)
Received: from smtpin09.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with SMTP id 92A93181AEF00
	for <linux-mm@kvack.org>; Mon, 18 Nov 2019 10:22:20 +0000 (UTC)
X-FDA: 76169008440.09.hope97_4e8a8f4cf8d4e
X-HE-Tag: hope97_4e8a8f4cf8d4e
X-Filterd-Recvd-Size: 4613
Received: from mail-lf1-f67.google.com (mail-lf1-f67.google.com [209.85.167.67])
	by imf35.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon, 18 Nov 2019 10:22:19 +0000 (UTC)
Received: by mail-lf1-f67.google.com with SMTP id i26so13363642lfl.2
        for <linux-mm@kvack.org>; Mon, 18 Nov 2019 02:22:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=shutemov-name.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:content-transfer-encoding:in-reply-to
         :user-agent;
        bh=qbPQwF0bssglb/RejZ5biijyFl/W/ftZF5sC8RlWOAE=;
        b=dkjSly7KUEUA/ht5aYTUHiK7ZjJxXg4jVvQkY5I1cC+nad/0aoZ0GrsQ28zALUP447
         6QkHABksQvdyOyaQcbfFyThusL9EEynzoq03YuzUVZcfPCoqj9rJtIb0Syzy/5CSIPI9
         dd/v9B02kVSilomcEhJd/RPYL1yh2GMoayYhmx7dj5+NLB0Werwqd/8VEzkDiuY1JIKt
         mPdFzi+JX1CPBP7ix3m6gkTnotXXSXUY9HuJY2Z7vKsJDkR6wsY+6DIQttnTiHoid43y
         TXXF6dQuyOqHMnzvpAhn4+nZyEKd/A0h6vnY1ajvstIbaa0a87l7/Ry89OsM3T8jqbl7
         IInQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:content-transfer-encoding
         :in-reply-to:user-agent;
        bh=qbPQwF0bssglb/RejZ5biijyFl/W/ftZF5sC8RlWOAE=;
        b=Hkg2bBodTMg8uN7HlItJYR1b3OFYunNXg5N3BuayqcnjLRatXl1JI/R8oi6E/ldXtT
         hyQ8bkiKyyiaf78S75i/NyBPyIbQYQexf/gKNpS/MYp/1y5oYkFP2vYd6X8bLY+9ItR5
         nP8fSHcnHnGL+cZS4YUwNCFpU42tBemmoDm1d5hdmdcWAxBV2+VA95E311EkOvj4r+TB
         NRbXvBf8qyLoWMFQZ7OEacA4k+/spmK0aZdqRYMOSzV3GD3GF+BiNenJHgjtyGMx5DCY
         BCXSSov2pGPcH/OZOB6yfj6BbnV5VztXWwmqZhjN2wXfiBtf4FnvK5pD3WXSkhAcpnof
         6vdA==
X-Gm-Message-State: APjAAAUc4mHm/3AL8BLWccBNf+Z/vIeseCVOtP7JoiwLHtXZfLM77z1S
	OqGsDJS4NYOVLaR7/hktd3C9QA==
X-Google-Smtp-Source: APXvYqyYnltIcki0IKgAOwiCoiixFAoOAltEYBQYq0Di6MZQ4sHR5hTascN4HEV9mxeGiKCWjuAtlQ==
X-Received: by 2002:ac2:5442:: with SMTP id d2mr19918744lfn.161.1574072537874;
        Mon, 18 Nov 2019 02:22:17 -0800 (PST)
Received: from box.localdomain ([86.57.175.117])
        by smtp.gmail.com with ESMTPSA id a18sm598055lfg.2.2019.11.18.02.22.16
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 18 Nov 2019 02:22:16 -0800 (PST)
Received: by box.localdomain (Postfix, from userid 1000)
	id B3F31100C23; Mon, 18 Nov 2019 13:22:19 +0300 (+03)
Date: Mon, 18 Nov 2019 13:22:19 +0300
From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Thomas =?utf-8?Q?Hellstr=C3=B6m?= <thomas_os@shipmail.org>,
	linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	Thomas Hellstrom <thellstrom@vmware.com>,
	Arnd Bergmann <arnd@arndb.de>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Matthew Wilcox <willy@infradead.org>
Subject: Re: [PATCH 2/2] mm: Fix a huge pud insertion race during faulting
Message-ID: <20191118102219.om5monxih7kfodyz@box>
References: <20191115115808.21181-1-thomas_os@shipmail.org>
 <20191115115808.21181-2-thomas_os@shipmail.org>
 <20191115115800.45c053abcdb550d70b9baec9@linux-foundation.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <20191115115800.45c053abcdb550d70b9baec9@linux-foundation.org>
User-Agent: NeoMutt/20180716
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Nov 15, 2019 at 11:58:00AM -0800, Andrew Morton wrote:
> On Fri, 15 Nov 2019 12:58:08 +0100 Thomas Hellstr=F6m (VMware) <thomas_=
os@shipmail.org> wrote:
>=20
> > A huge pud page can theoretically be faulted in racing with pmd_alloc=
()
> > in __handle_mm_fault(). That will lead to pmd_alloc() returning an
> > invalid pmd pointer. Fix this by adding a pud_trans_unstable() functi=
on
> > similar to pmd_trans_unstable() and check whether the pud is really s=
table
> > before using the pmd pointer.
> >=20
> > Race:
> > Thread 1:             Thread 2:                 Comment
> > create_huge_pud()                               Fallback - not taken.
> > 		      create_huge_pud()         Taken.
> > pmd_alloc()                                     Returns an invalid po=
inter.
>=20
> What are the user-visible runtime effects of this change?

Data corruption: kernel writes to a huge page thing it's page table.

> Is a -stable backport warranted?

I believe it is.

Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>

--=20
 Kirill A. Shutemov