From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.2 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4548C433DB for ; Tue, 12 Jan 2021 09:53:55 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 46CC623102 for ; Tue, 12 Jan 2021 09:53:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 46CC623102 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id BCC436B017D; Tue, 12 Jan 2021 04:53:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B7CC48D0051; Tue, 12 Jan 2021 04:53:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A441D6B017F; Tue, 12 Jan 2021 04:53:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0096.hostedemail.com [216.40.44.96]) by kanga.kvack.org (Postfix) with ESMTP id 8EEB56B017D for ; Tue, 12 Jan 2021 04:53:54 -0500 (EST) Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 56E458248047 for ; Tue, 12 Jan 2021 09:53:54 +0000 (UTC) X-FDA: 77696661588.15.map08_441122327514 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin15.hostedemail.com (Postfix) with ESMTP id 208B51814B0C1 for ; Tue, 12 Jan 2021 09:53:54 +0000 (UTC) X-HE-Tag: map08_441122327514 X-Filterd-Recvd-Size: 3598 Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) by imf18.hostedemail.com (Postfix) with ESMTP for ; Tue, 12 Jan 2021 09:53:53 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 840D8AF58; Tue, 12 Jan 2021 09:53:52 +0000 (UTC) Date: Tue, 12 Jan 2021 10:53:50 +0100 From: Oscar Salvador To: Dan Williams Cc: linux-mm@kvack.org, Andrew Morton , Naoya Horiguchi , David Hildenbrand , Michal Hocko , stable@vger.kernel.org, vishal.l.verma@intel.com, linux-nvdimm@lists.01.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 4/5] mm: Fix page reference leak in soft_offline_page() Message-ID: <20210112095345.GA12534@linux> References: <161044407603.1482714.16630477578392768273.stgit@dwillia2-desk3.amr.corp.intel.com> <161044409809.1482714.11965583624142790079.stgit@dwillia2-desk3.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <161044409809.1482714.11965583624142790079.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Jan 12, 2021 at 01:34:58AM -0800, Dan Williams wrote: > The conversion to move pfn_to_online_page() internal to > soft_offline_page() missed that the get_user_pages() reference needs to > be dropped when pfn_to_online_page() fails. I would be more specific here wrt. get_user_pages (madvise). soft_offline_page gets called from more places besides madvise_*. > When soft_offline_page() is handed a pfn_valid() && > !pfn_to_online_page() pfn the kernel hangs at dax-device shutdown due to > a leaked reference. > > Fixes: feec24a6139d ("mm, soft-offline: convert parameter to pfn") > Cc: Andrew Morton > Cc: Naoya Horiguchi > Cc: David Hildenbrand > Cc: Michal Hocko > Cc: Oscar Salvador > Cc: > Signed-off-by: Dan Williams LGTM, thanks for catching this: Reviewed-by: Oscar Salvador A nit below. > --- > mm/memory-failure.c | 20 ++++++++++++++++---- > 1 file changed, 16 insertions(+), 4 deletions(-) > > diff --git a/mm/memory-failure.c b/mm/memory-failure.c > index 5a38e9eade94..78b173c7190c 100644 > --- a/mm/memory-failure.c > +++ b/mm/memory-failure.c > @@ -1885,6 +1885,12 @@ static int soft_offline_free_page(struct page *page) > return rc; > } > > +static void put_ref_page(struct page *page) > +{ > + if (page) > + put_page(page); > +} I am not sure this warrants a function. I would probably go with "if (ref_page).." in the two corresponding places, but not feeling strong here. > + > /** > * soft_offline_page - Soft offline a page. > * @pfn: pfn to soft-offline > @@ -1910,20 +1916,26 @@ static int soft_offline_free_page(struct page *page) > int soft_offline_page(unsigned long pfn, int flags) > { > int ret; > - struct page *page; > bool try_again = true; > + struct page *page, *ref_page = NULL; > + > + WARN_ON_ONCE(!pfn_valid(pfn) && (flags & MF_COUNT_INCREASED)); Did you see any scenario where this could happen? I understand that you are adding this because we will leak a reference in case pfn is not valid anymore. -- Oscar Salvador SUSE L3