From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81917C3DA4A for ; Thu, 11 Jul 2024 21:22:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 12DD86B00A6; Thu, 11 Jul 2024 17:22:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0DDCF6B00A8; Thu, 11 Jul 2024 17:22:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F0E536B00AB; Thu, 11 Jul 2024 17:22:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id D2A1D6B00A6 for ; Thu, 11 Jul 2024 17:22:22 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 7CD61A2B2B for ; Thu, 11 Jul 2024 21:22:22 +0000 (UTC) X-FDA: 82328745324.22.5FC76AE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id 9D759180031 for ; Thu, 11 Jul 2024 21:22:20 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=2Axne4Hi; spf=pass (imf24.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720732896; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LWu9eQE8vdP9oKvcHGSUX0X21u46Fk+lMvLmPc4VxI8=; b=A7OpABKD2Scx8rPPWww1cvJbuNk1EZ+0vZPz+72RZp7TvAQZVoHQUbpgXJVYrt3aktwxoR hreb6MJUUmcCfvX3P8voflF3lxJraYsF5i+SQwu7Yq0HQBsHr8cgZlniBBaV0Oy8P/hmJR rGZEgHzDdcxbNsL89ZRiQQmvwzTFYpw= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=2Axne4Hi; spf=pass (imf24.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720732896; a=rsa-sha256; cv=none; b=K/AVW5Vrtym++oD9crBzLqsGlul5rxzH3VvMuEnTewJ0eDwVbxLjEJIP5NBOkrQlFq1Orx aj1g+MrQ4miFCML70D2TJmVrplPdGg/4+NQ01zFNZNfyf2Ri1nxz7S7bGL6xHGDTxoBIgG A+WRyy9YMu/ue0zHAjmzKtJ1jz39U6s= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 87E1161DF0; Thu, 11 Jul 2024 21:22:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F0B24C116B1; Thu, 11 Jul 2024 21:22:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1720732939; bh=/mbJ+XRONhT7IsDgSCXno0F6qXvQkSst1AklRybqCpc=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=2Axne4Higf0e5oaGs16W1MWLjsHliczx94EyuzlopmRuR4GNroE40Fe/leNt32sQI XQ5+AAi5W97H1FlEBbOtUnWsVe1omKxakNtH/oWWl/NQkwn/mAqGWkV6LYOdDxW4a7 J3RzJRo860mSG0KlyWqAOZY/ERBtnEIABDdQSGb4= Date: Thu, 11 Jul 2024 14:22:18 -0700 From: Andrew Morton To: Pei Li Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, syzkaller-bugs@googlegroups.com, linux-kernel-mentees@lists.linuxfoundation.org, syzbot+35a4414f6e247f515443@syzkaller.appspotmail.com, David Hildenbrand Subject: Re: [PATCH] mm: Fix mmap_assert_locked() in follow_pte() Message-Id: <20240711142218.d7a6cec31366044cbb96a312@linux-foundation.org> In-Reply-To: <20240710-bug12-v1-1-0e5440f9b8d3@gmail.com> References: <20240710-bug12-v1-1-0e5440f9b8d3@gmail.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 9D759180031 X-Stat-Signature: uziaar9bwmpw13tr85zwncjn7t3jkmn4 X-Rspam-User: X-HE-Tag: 1720732940-608722 X-HE-Meta: U2FsdGVkX1/R8c+XjIX8vMVXd9vQ2nSWzpDnhsypAqq9pcziYfL742IDA/LvJpFtl328IrBBr7U1gG5EaUUssm6hXeY1dlOxdgKkdQa1qijoG40RfJGaVBat4C5xjPoTJIH57oIsRS00fMe25Pu5ILzAflX6OMYNdhFd2od++YMP70UQUfzI2mHvJvPov31BO/mcg+aYeWHDaUIqkum+b3dn+y2k8CSH5swPr8cXn2iMdfU4e6m6Bf+J14dREN3LyXbb0JoZcLzuRymjymikE6BZqbdMbLOl9Mi/mpplNG6lfxNSX1gCy42jB1jgVLoIhs7Miqa17AygJRammA5WFO4YgLOxTZgeAwJ/iJQTtTKZ2/z9xXeNtbXG/iAWKyG1D0lIAYd8HMZWJkQABU3n/m5Wsfrz74wqaZIHn6BrLiyo2GB3p63woqNG2pWWKX+1lL6LbZGcsQP1gyPdqcDhknae8taQXANsDxcwtqbr/dk50QCuInnrSduUKsD1z8/eWvh870cGgG2M9kZp3kya+oo7aQdVO3A7hoCjFoxEDl6ei5B+wKWTSHmS++DtTlw6pmnbFn47NcTa4cIN3q/8UpdDTXzEy5Eo29Pmpk5mX2LQ0xQSrJ+P7kQwFOIJQFkphPbtgeRvNn1bLl+aP4jBvoanoPWLrnmBKQMoinl86DMjqt6Q21KxU8pT/aErcm5dgcEubGJwUesLaYkZDSVaHKAGJlsk+epQeHqBPoj1m5ar7t0ik2JqUuhSYaSfuMt1bQkVSJJ4Sby4smCUBHFF7jms9nV9RYIDMzr36LPZ8PXi8HZOOeKYNDD4MbWfRWVq7mI53rUbUM6IFNYHiJuNHfbvwxW61vbzABto/gAZrdCaguzU+4YAprVRfFBXmNdD6StgR02Nu6v1gJeZWlZPo9CUB/jikCX3yFR677JyL4YgXLrVDKHP63B8PG0aBNn91ZVAcB2DugX9Dh5TA36 Rpz9byto mX8sOH+Gr2KYIkflgbz2n4MLzOTRiZjlkiSq+yBe7Kwu7Zt7V7eUMaTHCVWOgFpJpx5sTDwUxSXevOC8le9hKPosRa7Z9cXXIyWn188Zb3uGHGcdTDacpHnU4ne0qTAbyp5mP2CWGHY9rsuZj1vpKXMjciOXfQI4G6chHSvmAdFDes6XOxgJ+iKf6/fXMmkgh8kSTcPOLLGgYm3Gfm0qqWVmjdozuEZKPeZOjRtx8WMPVCRYQLjPHUp48eLCZaCT5UoI8v4WctjYpVMb/bLkwIZD/udKf+5z9RMZTpwuUvfZi1a7wvJk98wXFbWgkN49zVGWNgM2meuzDaBjIo1i85+inOv4jOvfJxZu/WtI84BOknh01VjQ9dm80H2oDFLYGd1G6/r4kDKXeJtw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 10 Jul 2024 22:13:17 -0700 Pei Li wrote: > This patch fixes this warning by acquiring read lock before entering > untrack_pfn() while write lock is not held. > > syzbot has tested the proposed patch and the reproducer did not > trigger any issue. > Thanks. > --- > Syzbot reported the following warning in follow_pte(): > > WARNING: CPU: 3 PID: 5192 at include/linux/rwsem.h:195 rwsem_assert_held include/linux/rwsem.h:195 [inline] > WARNING: CPU: 3 PID: 5192 at include/linux/rwsem.h:195 mmap_assert_locked include/linux/mmap_lock.h:65 [inline] > WARNING: CPU: 3 PID: 5192 at include/linux/rwsem.h:195 follow_pte+0x414/0x4c0 mm/memory.c:5980 > > This is because we are assuming that mm->mmap_lock should be held when > entering follow_pte(). This is added in commit c5541ba378e3 (mm: > follow_pte() improvements). > > However, in the following call stack, we are not acquring the lock: > follow_phys arch/x86/mm/pat/memtype.c:957 [inline] > get_pat_info+0xf2/0x510 arch/x86/mm/pat/memtype.c:991 > untrack_pfn+0xf7/0x4d0 arch/x86/mm/pat/memtype.c:1104 > unmap_single_vma+0x1bd/0x2b0 mm/memory.c:1819 > zap_page_range_single+0x326/0x560 mm/memory.c:1920 > > In zap_page_range_single(), we passed mm_wr_locked as false, as we do > not expect write lock to be held. > In the special case where vma->vm_flags is set as VM_PFNMAP, we are > hitting untrack_pfn() which eventually calls into follow_phys. I included the above (very relevant) info in the changelog. And I added Fixes: c5541ba378e3 ("mm: follow_pte() improvements") and queued the patch for 6.10-rc7. Hopefully David can review it for us.