From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C797C30653 for ; Thu, 4 Jul 2024 18:40:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1DDC86B00A4; Thu, 4 Jul 2024 14:40:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 164966B00B9; Thu, 4 Jul 2024 14:40:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 005666B00BA; Thu, 4 Jul 2024 14:40:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id D22936B00A4 for ; Thu, 4 Jul 2024 14:40:43 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 7701A410C5 for ; Thu, 4 Jul 2024 18:40:43 +0000 (UTC) X-FDA: 82302936366.19.8DD92E6 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id 99A441C001F for ; Thu, 4 Jul 2024 18:40:41 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=PWhx7M6v; spf=pass (imf21.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720118428; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6xsIZSJq3LF+fON4O7z1Hd/2r7mt6BE/QKrzmYiC6fc=; b=FLvHuQnEkZDWMYEPevPBT4/kIihqarMW/rFbOFHZft4x46nFgRIRhg3W//rIb9LM2MtHXA n7RcxJbvlRxhf9LXhUOeR14dFPb62VO4Vf3DHDJH4ltKqW0ICDR+KoZIaY4x82V6Ek7MTw 784v0Ji1UjFbD/Pa13SRP00cRGEu/RA= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=PWhx7M6v; spf=pass (imf21.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720118428; a=rsa-sha256; cv=none; b=x5kQr5KpfeAMdesnfkDrAqBBAGN939SYrhiaEFHufncHBtK2IqYuCpfyNaDG0lTr2GQegl H54bLDcCot9oac4pIYvQNjMgt4ELymi2SdBAQNpvb3RE8NYNY06O/SaQUHbPQ77Fp1EZNn dNM59CKRBDcbGxmiHow9thHa9z1cGdg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 724E162890; Thu, 4 Jul 2024 18:40:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B4AE0C3277B; Thu, 4 Jul 2024 18:40:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1720118440; bh=nhg+Bi09+TPPdWbw61GDrYuj2tqg++lywQVcHOgIO+g=; h=Date:From:To:Subject:In-Reply-To:References:From; b=PWhx7M6v0H2jvvAPaDzQTKcyjy7tQ7/R70XHudmBNfID8Iwa3Ke30BBG3P15WknlF Thx3VYDp4lK0pz5NWTFj+58PzZX/RQJfhs1hAiai4R7nspy0ko3cF4B38zUjJXvPf8 66FLDn8uVLDBx6YLribdSAENqz4UX8cwm6SdvZDM= Date: Thu, 4 Jul 2024 11:40:39 -0700 From: Andrew Morton To: Peng Zhang , , , , , , , , , , , Subject: Re: [PATCH] filemap: replace pte_offset_map() with pte_offset_map_nolock() Message-Id: <20240704114039.4fd0739593cd0a96fe428496@linux-foundation.org> In-Reply-To: <20240625140643.bf4a1a19b0d534d802764610@linux-foundation.org> References: <20240313012913.2395414-1-zhangpeng362@huawei.com> <20240625140643.bf4a1a19b0d534d802764610@linux-foundation.org> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 99A441C001F X-Stat-Signature: caffgmh3fmncee54jfroth1iwd61zqna X-Rspam-User: X-HE-Tag: 1720118441-455265 X-HE-Meta: U2FsdGVkX192uMrF8tEDzXo8WuNexJqQbjHCwGD+15ibvLEBnQFgr5Z3ejqXhCIvzp0UB+wTrc0SB842LeeQ9jhw6uuhpxldXiOGMrGJSm+r57utf4Tb1n4BnKR02PnVfGEgiUJgU/hO9TxNTA1YEyLgrqzK2KHO/dSWFyVwFELJyvMNalK97WSrxavg7HGnrm3vPf9//TW9/pKmJdVEBFslAcjxv/PRkp6gCu32E7BSASh1bjhw60Y6HVjxQobJU+gNAbbUTD/EDRk97toCYvxocTqqLEHeV6fLhYSJLNfOgcOWJCDH3Rg0Z+i4G8vvcFysZs5tfPCVpgN8lvrvPBIMwz7Z72D+lTQGIRF/dWP4dE4kTQeE/VqpKPgeMZ7UVH0UGOo8Eu/2q3nNQXGVez/wE+sjq/MWbyYWeQJyttrWCH1CKLrEkoYwLix3+4C2XxkRnmSnXVdWNUbdvSgls9swww+5OKv9MQofUcQXHh0kBcIxER50As3O0uqc3GPvF4k+0KxvUXkkMxCn9E0szMvPOeDuoGAWISwQOk1Yu0DcAaFSQDRt9mEdzwrwbgiT6r8I4cJ8d4E3veRPx65pvpOS6D/Iewdk4D0VkC8ec+Y+W5F0xskK9fsYs3N5tNlUp15ihU0ZjH/omSA2HCr02iplwvMsofYBAUCgYH/VDqakweux7LTMTaH+DCCEdb1S23XXAswOo6oAVVeCMwiJPNfL3B4AjwpksyEez4MN2dnHIj9yK6IYqElLJso7fX4a7VcVw5k0VDZpSbx5N3m1M5zZN3YLdFl0L9/nXx/FVI7y1q7TmjFQVCb8z1qpW8j5wOxumTu7sGw1voYpjj9fctUegoy6uoxhEv4s+BeGgmkkfBs8kJS6/X6tGJzLK8D8r4w0pY1ooQLmdNJPcifbP4rDWMP78pnI7qWHVVKVkY1DNp2JalXuB79n0wTN8uyzQkgwRiqWFXYBr4K2FYo ++5zNATl K8S37qnuQOAJljJIULGkeLL4b+8Ebxc9DrQ6/a4JXUGH2TKNI/24FcZg897P+M+vMxwJGAyx0COYrXDm6/oLfzsolXQuXOU09XHY25gXN9WHBEst6UYRV/rlWauaVsesDR7sDlOCgRfj8nZ9Pc+NFKISuhLAWnD+Orqnb97A+tsia5m8UyeOXr2N8drqDXbj4BCP+M0/Ro+hqHbS/bGpR3aw2dkwBmXyXl3cTqS8Ed1ccxlfFbkz/ktYnM1QdZj6Tos0Lt2T5Sa/uvTlpzPmMhYUNs6cn/HYMPYsC1VSuA22l4Rv7MG+6qpUaWY3D6KYNOWjCA88fNZOnHLAst5+MX8H3PtdrOsyj/ZtCpfxRxyaiBka4+jzmHSpFE7X/c4aTRxV9RdHXDvdcL+oKV5xv2TCCS43y6J2VtqlkwcIicW73ZqVFJpv/EZjCogjm9fIrTA/e0BbgqbAx0/sI3Kn/IIa466aneFau5avk9bbgVVddebYbeSTtlS2XBSMDdX9vDKs7KhU/gkWprumKp6WKnM+5h24r4iqUWDef5TecQjyuvOK7f7Ydz+RA44zid8dwXtPmtL3e6qOpUGeBEurGHm01bw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 25 Jun 2024 14:06:43 -0700 Andrew Morton wrote: > On Wed, 13 Mar 2024 09:29:13 +0800 Peng Zhang wrote: > > > From: ZhangPeng > > > > The vmf->ptl in filemap_fault_recheck_pte_none() is still set from > > handle_pte_fault(). But at the same time, we did a pte_unmap(vmf->pte). > > After a pte_unmap(vmf->pte) unmap and rcu_read_unlock(), the page table > > may be racily changed and vmf->ptl maybe fails to protect the actual > > page table. > > Fix this by replacing pte_offset_map() with pte_offset_map_nolock(). > > > > ... > > > > --- a/mm/filemap.c > > +++ b/mm/filemap.c > > @@ -3207,7 +3207,8 @@ static vm_fault_t filemap_fault_recheck_pte_none(struct vm_fault *vmf) > > if (!(vmf->flags & FAULT_FLAG_ORIG_PTE_VALID)) > > return 0; > > > > - ptep = pte_offset_map(vmf->pmd, vmf->address); > > + ptep = pte_offset_map_nolock(vma->vm_mm, vmf->pmd, vmf->address, > > + &vmf->ptl); > > if (unlikely(!ptep)) > > return VM_FAULT_NOPAGE; > > > > whoops, I'm still sitting on this because I didn't know whether we > should backport it. > > And... guess what I say next. Can we please describe what are the > userspace visible effects of the bug? > Nobody? Oh well, I'll add cc:stable amd move this into mm-hotfixes. From: ZhangPeng Subject: filemap: replace pte_offset_map() with pte_offset_map_nolock() Date: Wed, 13 Mar 2024 09:29:13 +0800 The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault(). But at the same time, we did a pte_unmap(vmf->pte). After a pte_unmap(vmf->pte) unmap and rcu_read_unlock(), the page table may be racily changed and vmf->ptl maybe fails to protect the actual page table. Fix this by replacing pte_offset_map() with pte_offset_map_nolock(). Link: https://lkml.kernel.org/r/20240313012913.2395414-1-zhangpeng362@huawei.com Fixes: 58f327f2ce80 ("filemap: avoid unnecessary major faults in filemap_fault()") Signed-off-by: ZhangPeng Suggested-by: David Hildenbrand Reviewed-by: David Hildenbrand Cc: Aneesh Kumar K.V Cc: "Huang, Ying" Cc: Hugh Dickins Cc: Kefeng Wang Cc: Matthew Wilcox (Oracle) Cc: Nanyong Sun Cc: Yang Shi Cc: Yin Fengwei Cc: Signed-off-by: Andrew Morton --- mm/filemap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/filemap.c~filemap-replace-pte_offset_map-with-pte_offset_map_nolock +++ a/mm/filemap.c @@ -3231,7 +3231,8 @@ static vm_fault_t filemap_fault_recheck_ if (!(vmf->flags & FAULT_FLAG_ORIG_PTE_VALID)) return 0; - ptep = pte_offset_map(vmf->pmd, vmf->address); + ptep = pte_offset_map_nolock(vma->vm_mm, vmf->pmd, vmf->address, + &vmf->ptl); if (unlikely(!ptep)) return VM_FAULT_NOPAGE; _