From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63431D6DDD3 for ; Fri, 15 Nov 2024 05:24:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8F5496B0089; Fri, 15 Nov 2024 00:24:41 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 8A5926B008A; Fri, 15 Nov 2024 00:24:41 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 76DF16B008C; Fri, 15 Nov 2024 00:24:41 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 5CAC76B0089 for ; Fri, 15 Nov 2024 00:24:41 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id D9DA81A0DF4 for ; Fri, 15 Nov 2024 05:24:40 +0000 (UTC) X-FDA: 82787188134.10.088BBFD Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 98E53140004 for ; Fri, 15 Nov 2024 05:24:09 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=korg header.b=ak2Qikcv; dmarc=pass (policy=none) header.from=linuxfoundation.org; spf=pass (imf23.hostedemail.com: domain of gregkh@linuxfoundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731648215; a=rsa-sha256; cv=none; b=3I8C4Zh/tBJbo0ji2sr9gKCuOg7qUavYuDClqhBHZlffgPF1kSzBSwypZWB/aiAvkox0h8 09vSZaoh1t1BIG65mfaIjDdAPBqYEocfgl5cQYWza1SLwPfguIKHvRIIiIlEBGHrgPsyOp f6P4WEm+930cca8bKSF/KQrttEkSG2A= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=korg header.b=ak2Qikcv; dmarc=pass (policy=none) header.from=linuxfoundation.org; spf=pass (imf23.hostedemail.com: domain of gregkh@linuxfoundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731648215; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:dkim-signature; bh=fd7h3RFo0lvtnnrTYztU7gepEzxHMMJXQGsr80DcfPE=; b=RI/szLGDo3UCNZwYeIJfSiAc/Bn210C+fmIB9PNmIRtbqRA0jAuARuzhL2CANvi00duSxn ZNcd9vZoWMAgIRbcxQMahM1OWVpzQ6Jb9k+SYY6Np5XLSe3NLwWiez6em9jMawf+LDTdiD 1LxAAR9ArP6XcraON+3TAzLqfg6ZHVs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D025F5C61B3; Fri, 15 Nov 2024 05:23:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5272FC4CECF; Fri, 15 Nov 2024 05:24:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1731648277; bh=3lHyaNUQg4RfCvcDp0bTXDXP8kjernkOWHYiQaVgN90=; h=Subject:To:Cc:From:Date:In-Reply-To:From; b=ak2Qikcvlx4XdCupQASWtgC80gsJPQpFiArzc9VoX2J6ZajaS3jQby8IB/8SthBHC kVnsV9FJdfqUcAKe3bUJXXdMORI00DznOzory7Da66ifru3s04ERPDc9o6wNSdBd6s 5i/7I5dBnL34De950Za1kQrQIdP7dr0DyHXvGGcM= Subject: Patch "mm/memory: add non-anonymous page check in the copy_present_page()" has been added to the 5.15-stable tree To: david@redhat.com,linux-mm@kvack.org,peterx@redhat.com,songyuanzheng@huawei.com,vbabka@suse.cz Cc: From: Date: Fri, 15 Nov 2024 06:24:12 +0100 In-Reply-To: <20241113163118.54834-2-vbabka@suse.cz> Message-ID: <2024111511-boxlike-dreamt-0201@gregkh> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore X-Rspam-User: X-Rspamd-Queue-Id: 98E53140004 X-Rspamd-Server: rspam01 X-Stat-Signature: fy9kmqynigps9igddbeitybbwu933rar X-HE-Tag: 1731648249-512303 X-HE-Meta: U2FsdGVkX1+s81xHwmEuZurovKp3O7v7zZXvd433tjg60W3w2lXfCRwfklQTcvFuaP0NrO9xX6bJ/g3VjA+hutTmFt4LBvCv9Mlj/p55tEpejg2/EJoiusAIR6c3tWMNKfWAf+NmhzyJpbtsUMGrl07FjUJa485OiF5NbktKR7TyZ5c08apB9e0bxP0KdekRzFrCP4XU5mCk4OVB9ZPucXlZ+x9qPZv3/ubI9wcVK+QVskf8QQIhN+2hb+87Sv2q6XD/IDdkk2+Smgd0WH8lm9/b/MM/ijyvo/29mTY9TU9wGQxMGZpIxpDbI177K21Rp2a5Sn76GjZh+yDnJoa1Ht54rEwjHL0+l55pPpgla8wiwSsK7xsfih2H3IsO/UW37XxpD31C4x4f9m9eGIuaouHoe7hF95dCaLXxMHjPo0lglIosivwThZ2++g9fJ/788RuB399WkUjyIadvUHSxpfDTJMIKfbWDzKxk2WmG89P2Ja3Dj76fvXC3TyGb1Vs6iEPaW41tndmxEJiRo5qFBGvwBMfsIjeEtBzYdOPaLeBqbIsFEPqIwK6uCQIhXELelqYmToR9HFH8yfqCDI4L5Wpf8B2HZgSIVqqN0GVc4Tfsys41j5oWnAdDEH/J5BAU5X8hhA2OenD+IpkJiqHRi7r3hECrVZChLW3VpJWrUcwOVlOLBAZdWPW+84Fo4d1RGTcnxuY/V66a63GF35X0ckgB2tfbtU4+ils3aIP8xwdhrjM0WlbF0JMTQxk2BKZiDmXO0euZXncEObcMS6YCFhkxp3nGyl3XSq9UnxyTtSU5PW04K901fcFdNiJhava0rOzNPIBq4HZmZ3uSNczzsLf3wXbZ4m1ZFjbzo7Ps5rjSC/aqTiIOKGmYoAdv3CWnP9yqG+R/9Mwzvy49zFMh4sdswOdSJGokbUQDFibzXzbYUIpwwGVaF2sTYadiOLpz2BA3E+kZ6Rrby76PYOl ROanSYrO zzhG+A8BUyiUbLIKCKJ9y+PovnyWfmEasAvm0wiZK8tDK3U+alKm5fFyk2VezApHTLXxThF0BmNBvJaIwk84o39Mxws+79qju4Icp1NKjYJa4S+ZAij/idBi+DZVAk2rPX29KyCA3uNp1i6HVZwPcaIrZpzEmfoNDJJi84IkdqA9tKanSXEhGYuJuys7P2w3la7qZgHGzF19Eci/up3PQWRkMwxXSTqc/KaEKqqLWhDY/NVBFaaqoaxPihoYZJRDXhFE4WmlaHxMN0U+spVUfDP0oZIZIQ1dHiXCfoFQHlOluphhuN3AR0GVdUxsFl/tUbl+8ti9HFX+pBKB4LI6iUd63PHmpk0jD5Q173epjJB4OM+ClBweRolEiwkW/24CHZpCQR19uf+fXTywnC/+GSTtso7+GivsDV0E1R/JHLHfT68QmCIw4ggFAILeHCQcJCZA2oYfG9myt/x76iwkA1p8vb1J2UB4js1X9iBcJTabyh0e2vRuxUv01yCUdhAbrFv3fAZGmJ1awLWgvCuUsaDlX/FQXL1qRmLrcZdC/nK3BF5TkBmug4uzbLNUIuiYIwSC9z9ynhG1GTm0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This is a note to let you know that I've just added the patch titled mm/memory: add non-anonymous page check in the copy_present_page() to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From vbabka@suse.cz Fri Nov 15 06:17:06 2024 From: Vlastimil Babka Date: Wed, 13 Nov 2024 17:31:19 +0100 Subject: mm/memory: add non-anonymous page check in the copy_present_page() To: stable@vger.kernel.org Cc: David Hildenbrand , Peter Xu , linux-mm@kvack.org, Yuanzheng Song , Vlastimil Babka Message-ID: <20241113163118.54834-2-vbabka@suse.cz> From: Yuanzheng Song The vma->anon_vma of the child process may be NULL because the entire vma does not contain anonymous pages. In this case, a BUG will occur when the copy_present_page() passes a copy of a non-anonymous page of that vma to the page_add_new_anon_rmap() to set up new anonymous rmap. ------------[ cut here ]------------ kernel BUG at mm/rmap.c:1052! Internal error: Oops - BUG: 0 [#1] SMP Modules linked in: CPU: 4 PID: 4652 Comm: test Not tainted 5.15.75 #1 Hardware name: linux,dummy-virt (DT) pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __page_set_anon_rmap+0xc0/0xe8 lr : __page_set_anon_rmap+0xc0/0xe8 sp : ffff80000e773860 x29: ffff80000e773860 x28: fffffc13cf006ec0 x27: ffff04f3ccd68000 x26: ffff04f3c5c33248 x25: 0000000010100073 x24: ffff04f3c53c0a80 x23: 0000000020000000 x22: 0000000000000001 x21: 0000000020000000 x20: fffffc13cf006ec0 x19: 0000000000000000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : ffffdddc5581377c x8 : 0000000000000000 x7 : 0000000000000011 x6 : ffff2717a8433000 x5 : ffff80000e773810 x4 : ffffdddc55400000 x3 : 0000000000000000 x2 : ffffdddc56b20000 x1 : ffff04f3c9a48040 x0 : 0000000000000000 Call trace: __page_set_anon_rmap+0xc0/0xe8 page_add_new_anon_rmap+0x13c/0x200 copy_pte_range+0x6b8/0x1018 copy_page_range+0x3a8/0x5e0 dup_mmap+0x3a0/0x6e8 dup_mm+0x78/0x140 copy_process+0x1528/0x1b08 kernel_clone+0xac/0x610 __do_sys_clone+0x78/0xb0 __arm64_sys_clone+0x30/0x40 invoke_syscall+0x68/0x170 el0_svc_common.constprop.0+0x80/0x250 do_el0_svc+0x48/0xb8 el0_svc+0x48/0x1a8 el0t_64_sync_handler+0xb0/0xb8 el0t_64_sync+0x1a0/0x1a4 Code: 97f899f4 f9400273 17ffffeb 97f899f1 (d4210000) ---[ end trace dc65e5edd0f362fa ]--- Kernel panic - not syncing: Oops - BUG: Fatal exception SMP: stopping secondary CPUs Kernel Offset: 0x5ddc4d400000 from 0xffff800008000000 PHYS_OFFSET: 0xfffffb0c80000000 CPU features: 0x44000cf1,00000806 Memory Limit: none ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]--- This problem has been fixed by the commit ("mm/rmap: split page_dup_rmap() into page_dup_file_rmap() and page_try_dup_anon_rmap()"), but still exists in the linux-5.15.y branch. This patch is not applicable to this version because of the large version differences. Therefore, fix it by adding non-anonymous page check in the copy_present_page(). Cc: stable@vger.kernel.org Fixes: 70e806e4e645 ("mm: Do early cow for pinned pages during fork() for ptes") Signed-off-by: Yuanzheng Song Signed-off-by: Vlastimil Babka Reviewed-by: David Hildenbrand Signed-off-by: Greg Kroah-Hartman --- mm/memory.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/mm/memory.c +++ b/mm/memory.c @@ -903,6 +903,17 @@ copy_present_page(struct vm_area_struct if (likely(!page_needs_cow_for_dma(src_vma, page))) return 1; + /* + * The vma->anon_vma of the child process may be NULL + * because the entire vma does not contain anonymous pages. + * A BUG will occur when the copy_present_page() passes + * a copy of a non-anonymous page of that vma to the + * page_add_new_anon_rmap() to set up new anonymous rmap. + * Return 1 if the page is not an anonymous page. + */ + if (!PageAnon(page)) + return 1; + new_page = *prealloc; if (!new_page) return -EAGAIN; Patches currently in stable-queue which might be from vbabka@suse.cz are queue-5.15/mm-krealloc-fix-mte-false-alarm-in-__do_krealloc.patch queue-5.15/mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch