From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9907FEB64DC for ; Mon, 3 Jul 2023 06:37:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F3FA08E0095; Mon, 3 Jul 2023 02:37:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EF0CB8E007C; Mon, 3 Jul 2023 02:37:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DDF288E0095; Mon, 3 Jul 2023 02:37:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id CAB5D8E007C for ; Mon, 3 Jul 2023 02:37:24 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 9638516058B for ; Mon, 3 Jul 2023 06:37:24 +0000 (UTC) X-FDA: 80969344008.22.9AE7882 Received: from out-12.mta0.migadu.com (out-12.mta0.migadu.com [91.218.175.12]) by imf25.hostedemail.com (Postfix) with ESMTP id 95F75A0017 for ; Mon, 3 Jul 2023 06:37:22 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="n/Jxl3fb"; spf=pass (imf25.hostedemail.com: domain of naoya.horiguchi@linux.dev designates 91.218.175.12 as permitted sender) smtp.mailfrom=naoya.horiguchi@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688366243; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qgtl3KNejjhGEFo01vKVSysKHUjXjywDSUtFXciTS1E=; b=8ZCrPwtbRvAlq6A/nwRy+LKKALq6qoivfr5lYFrG2rs9OGOyF6d6VKiT5my+hBGzjabWxB qW7OxFfiBUV1TQGhdPrhfeu6acEYVmo13Bvk263XKYNOh6ekoVomvia4txHW3lnYTE+RcQ Un4VI7OjaHVMt7bPraQ7sG+/osvWO6A= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688366243; a=rsa-sha256; cv=none; b=HPsY99bId6DTSCosfyx+VO43EwMLiz6nhuG/1YvQLv44ZnOgWgTYwYgx+ano5SxFKH3HHI W+wjLvjWWxK0RlctugtqNSuLjYfHrhzrsxg4HwqBy3xx0my3xbVTCZ2o6CG9OTNPg6lFYM 7WJn82dtBOKhCdACA4zs/WkTDMkBia4= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="n/Jxl3fb"; spf=pass (imf25.hostedemail.com: domain of naoya.horiguchi@linux.dev designates 91.218.175.12 as permitted sender) smtp.mailfrom=naoya.horiguchi@linux.dev; dmarc=pass (policy=none) header.from=linux.dev Date: Mon, 3 Jul 2023 15:37:13 +0900 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1688366240; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qgtl3KNejjhGEFo01vKVSysKHUjXjywDSUtFXciTS1E=; b=n/Jxl3fbSyGprRr6uYBzHo7yc4dLFYDR4dt+n80peUyflF+Xzu8sLTlg8sU2GQebeUGJnM ClNEb5IjHUFQe4DEO2UOm5mp84wX4ZV2Sd/afQdnzXxVygoHwj3lqPOC0LGCYwJp0YOrMM a3sECEZhChEr1HkaNUBlrLdOEwhSMzk= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Naoya Horiguchi To: Miaohe Lin Cc: akpm@linux-foundation.org, naoya.horiguchi@nec.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm: memory-failure: fix potential page refcnt leak in memory_failure() Message-ID: <20230703063713.GA3012709@ik1-406-35019.vs.sakura.ne.jp> References: <20230701072837.1994253-1-linmiaohe@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230701072837.1994253-1-linmiaohe@huawei.com> X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 95F75A0017 X-Rspam-User: X-Stat-Signature: j8ppefgse13gcr3tpob3smuhwkigmhtb X-Rspamd-Server: rspam03 X-HE-Tag: 1688366242-642294 X-HE-Meta: U2FsdGVkX1+6444G09BkSlxSuq4nZuT7p0UlFwj3Tro+7/MUDViNq3U2hnZRl6cDSj+4WmVr6pAMTFVxHhV9GTfz5b3JYW9HUvc0pbvbRhnSUdPHhVBMSREr7zAPkJZVpbZGmXoHBaevoNpc4A5T8ksnocttddk4FFgIvhMBqsdZPtiu55h5SE2mjwaIAtCPUgrYpVSiJz8kCJDJ3xoM/6gCi6BCU9tCwjML6kRfvd3P5ZCSEMjtZlbB2HhYYGDZpuOLQeQJ9JjMSPmatczXyaFqeeOWUDNWC6cBmZABExllFPwO8+DDzS3Y49qF9QkWNaQfmsLMf1GFJUkQpWw7x+w0llaREiqtup+8bLRZbRMw2PVx9C8FOj6ft6CDBMAKp74ygEcepZeXhHKHdwD0iOR+BKQ8wG3PqvkyLU87mH+J9zH+nIyBmwzwheoNyR40KSnks4SQQ7ppoLGbUZIlXC11mPCWHNQerXNYoAO7JnZZFhJ4vJ00+YvGvmHNycF1b5sB+6vPXSiqm4v6K9G1oyJ9ltwn1fLwDhrXZEoGK+j0nqBql0cCn7b7SowkeRu+suGU9322tfHSPn1a8zzU/eydx64x9Sd7N2/JCLghyU32MC4OLENRADKpgZcuysw3NeOOJuP1i7Fn2fGkMfXbBRbT/ZoZmp/57fyyDSgcDen4oVF9DCmhdbwA183i5XSWFSKWnJrotUd8HT503i8EtMcmA893QsXkBGzO2Q9gf3Czdxbht5/hlYoj2NUegw+pUHDOjH3w483P0m//0+zGiqGgM+iZySYd56rQggE3EUrt4wv456l4Hj2sd0A4BL8jtb8rzuzX134iIr4SpRC7Vf7liwvFnofq7qdsFulFXmHfs6LCrWopfC0La39oZwrakGiSFNgHng6K14yYdrkJuAk72tKpRHBfyoBL8/SFXRiDUvP5+Qrtzrm6VKf9ppC3Mb/7KwFuHSl0N1bVsIQ F6dSaIM+ nDJMR+39A1DLOhPFSgrd406tQuhJpiE8y6ws10NwjFojYIPOQas/g09E5IcXFq0ClOHeWlwPlOl8e8rkWmaIw+ovAliwZvwI/dpN4nisf7zfvi3QtPXv7dVzEuEb12W4WHRptLT1AvgYKIDM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, Jul 01, 2023 at 03:28:37PM +0800, Miaohe Lin wrote: > put_ref_page() is not called to drop extra refcnt when comes from madvise > in the case pfn is valid but pgmap is NULL leading to page refcnt leak. Is this test scenario realistic one? I don't think that we can call madvise() for such a device memory page. If this is the case, this issue can be thought as potentioal one (so no need to send to stable). > > Fixes: 1e8aaedb182d ("mm,memory_failure: always pin the page in madvise_inject_error") > Signed-off-by: Miaohe Lin Anyway, the patch looks good to me. Thanks you. Acked-by: Naoya Horiguchi > --- > mm/memory-failure.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/mm/memory-failure.c b/mm/memory-failure.c > index e245191e6b04..65e2d4c5b50d 100644 > --- a/mm/memory-failure.c > +++ b/mm/memory-failure.c > @@ -2080,8 +2080,6 @@ static int memory_failure_dev_pagemap(unsigned long pfn, int flags, > { > int rc = -ENXIO; > > - put_ref_page(pfn, flags); > - > /* device metadata space is not recoverable */ > if (!pgmap_pfn_valid(pgmap, pfn)) > goto out; > @@ -2157,6 +2155,7 @@ int memory_failure(unsigned long pfn, int flags) > > if (pfn_valid(pfn)) { > pgmap = get_dev_pagemap(pfn, NULL); > + put_ref_page(pfn, flags); > if (pgmap) { > res = memory_failure_dev_pagemap(pfn, flags, > pgmap); > -- > 2.33.0 > > >