From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A737D63934 for ; Wed, 20 Nov 2024 12:31:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8B1446B0096; Wed, 20 Nov 2024 07:31:36 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 860CE6B0098; Wed, 20 Nov 2024 07:31:36 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7280A6B0099; Wed, 20 Nov 2024 07:31:36 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 532E06B0096 for ; Wed, 20 Nov 2024 07:31:36 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id C9FD880C08 for ; Wed, 20 Nov 2024 12:31:35 +0000 (UTC) X-FDA: 82806407712.21.2131547 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf29.hostedemail.com (Postfix) with ESMTP id 3E0EF120013 for ; Wed, 20 Nov 2024 12:30:24 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=korg header.b=nMfBdmaT; dmarc=pass (policy=none) header.from=linuxfoundation.org; spf=pass (imf29.hostedemail.com: domain of gregkh@linuxfoundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732105758; a=rsa-sha256; cv=none; b=M2g1602SllPBMzo5229ZcV7TiVVrFHKEJ0/rk9hPveWtNnrBZED0P9+/I41SxjeBK6EkUB 9YUO0aCjJkYES424dQ+9QaeQZ03RVeNh/xZh8P9XKW+yg5O8vWqvQ+crHyZ42xmzVGGOqZ D9Yd85tQu6d0HAUt5vt4FTiuVJ499Bw= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=korg header.b=nMfBdmaT; dmarc=pass (policy=none) header.from=linuxfoundation.org; spf=pass (imf29.hostedemail.com: domain of gregkh@linuxfoundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732105758; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:dkim-signature; bh=7B0EWKAhVxnN2ATcDiAXHuz8MNqwB6jxGIHIKFFU/Y8=; b=0M4GMskJQALqAiDDkVj82kpTuKqiRYsEnz8gA80Feyxm1lblkSLU8CqRnI9PjGIBeT9XAL adG3WwwYk9gHpDxhkb4jHLv+qa+PJTfmOztQXJ3Tjy3iiYRHWwl3xxPRrkhJmhv3w56q3a rMe2lmZ2z/g1cEhuDOrv1cnLu48sVjM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id E48E65C5473; Wed, 20 Nov 2024 12:30:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 46E20C4CECD; Wed, 20 Nov 2024 12:31:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1732105892; bh=LHC243Meex63fOcv3LoL8lu/OeXBp9HNjYuOkmiAbWs=; h=Subject:To:Cc:From:Date:In-Reply-To:From; b=nMfBdmaTJXl8QXXQrfd8utvNrRggS9kLRsYBr0htaD51iVXc3I3EIx0XGNdH779oz ri7cWw+d4C1nNWWmVM/wvfknvJxPUaHAICIdNbz06hTCNgDk3HuFAYsIuvLS0IoV0n TqJHnE6nEzlLo6EXWRNdptx78gNiBA9WQL+Qq4VM= Subject: Patch "mm/mmap: fix __mmap_region() error handling in rare merge failure case" has been added to the 6.12-stable tree To: Liam.Howlett@Oracle.com,Liam.Howlett@oracle.com,akpm@linux-foundation.org,gregkh@linuxfoundation.org,jannh@google.com,linux-mm@kvack.org,lorenzo.stoakes@oracle.com,syzbot+bc6bfc25a68b7a020ee1@syzkaller.appspotmail.com,vbabka@suse.cz Cc: From: Date: Wed, 20 Nov 2024 13:31:07 +0100 In-Reply-To: <20241119175945.2600945-1-Liam.Howlett@oracle.com> Message-ID: <2024112007-tarot-product-4b68@gregkh> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore X-Rspamd-Queue-Id: 3E0EF120013 X-Stat-Signature: 5djx5o6h7531yjjk8f7cfgu4q4cd751i X-Rspam-User: X-Rspamd-Server: rspam05 X-HE-Tag: 1732105824-505 X-HE-Meta: U2FsdGVkX1/BG5IOoByw1e9F82esYQPcggKZfLUdRFdGK/ggRF4XYB6DJQVtE9qjspehYpQLw6wZPDBuVoWZc2U1rfA7Lx1f61gNUQqy9Td2ZXLA5EMsbuxQoNGYFf9b66n89aNgHrXP01y+ryz1+hGkwjEb2oZsMYotsNBGhNUAjdI4Trti+YF9osYa7GwzcTsfm+UwkLOyit0ExMe0kPfI7s6rh+EHnVFIc6QkaAa2pl0D1rullb1Z5oVvL0HjhyafRdcg02OSdJMhEz3wbXCV4ClO0qBAuZH3SRbaUX6MCWX0Nyd91ZbiPBVi+ld5riBjQ3JwYG9Q+u93IIJIuEz5qSU2NDIxw46R1C/zrTqdNHwOVtqTWvCjAVCAhGTF2HlHIkcCV3wQb28wWI5gMVjEIy5A4odBP1HN67FLTuSNFkk8Qkk+961IxliTgMnbL8C/yxXCQtpMBne4Tr93gE1Mbe9Df8st8AgUmBlivRGT9WXXARShyuhU73A1I9fDDk35EAwH0p6Vv4Zfir50sscEV2VhNK3CQSnGr2/VHvoJJ8s07tpLIaFWPREATD1eOkynOFGk5NVr2iPDD7ao9B92UTnSCNHK4rIeq0m3pEOiZE0ESENFz9fppXuF4YvFhBjRlTfF7jp/Uhu5rHepo0KhUmGp0kL6dRn2qFtyJeOr6w7tXlKEtwcqqbNxudy7uORXHE2y0OqMFJ7mIWAUWUdms8fnYqC8oqYBj5zmo4ZBsed0vog1+BZ0Mr96HHrM37mWH2jWUsKvzC7SHbilSTKlDBZCVJ8+KwCahreLvxKUXPpwwVkbnOO0AaqfUeb9+jDIhT8Y54xEthLFGDtqwjv28eqtMvspie2Lz8iOFGUfV0pg+T9qzlkqD/D2dNNvOYUVWlZb3/oA0pt8uUmpln5JESD1ot4JLnShl1V/R8Tw+cwT/Ja46mR4QY2jLaSua9hImJbcniSHkf5bGZe fWCxxFRZ AIfCJd+lqz3ZSTZ+gYP/r0XauQmJHdI7L4ataBahN0wMpQcjG/K9Zk8t9+3X/OtOeSUeV/JX0tG4EQeX+AD4b8JuQ+HVUcKA2sMbmGHSsEskSYgkZaM6kDXSmAAnns9hK5RuYLtSvUz6eWRz3PFVremklL+Eabk3jOl3fHcFQxNQzFWuj/c5/+gCoVGsur/NdxY5A01Q7F+ihzO+4Skp3EqygTzLUu9/OZuo9JYVxcfFIQwHU6ZxIL+nRVe4tG8dWldEbcN6K1IMq4/zQzzvwzJmGQN+nZMRjRkRE420myqXyc9x+RY4/WFCiTLwYVAJHSwMLJjxsqIWmPIa8hSOl0+mu7eNs4WkaLQli9gGtKGP1k+73xbQAp4ufxwTxE2/QPF18Z3JDVJgjm8neEiWcVGUUTt29ZahIO5Lpi/iyY3Uqa0Ct1X+2zm3tzeD42HR3FJv7KDYjGJp4bz1gtjwzUHpQcDEjlqVGksoaaqxyzL/qE2+V5uvKKipROPQVhELb0h649fjFGzzQLJksQ9/JKNiE91C4pJxr7TZJJWLxWcuvR3YrBq0EAj/LJJ5UzyYDa3eh1sMzCoS3ZDad+eHU3TQRNaEJI9Q7Qfae2M43bhhTEdUW6QTJkLnIvxaACMGxVF6fh63hs1GrlIZU01mrpqATxouyE90zaN3rjlBI8IsnwB6AT0fmWcb4oGkPu95xH1oRWef2YEhe8wR092ddUs6UOJAIRDTwNysU6KhBciQG5sPgqSpKQsEKrC4hCFkadmntaSdX3brGAmWv1SFBTXSZObHTHmqWT0rh+MBfQtkvmVk0ZtDu2hQjpfLjeXKMWwAaxC26Szxs1r0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This is a note to let you know that I've just added the patch titled mm/mmap: fix __mmap_region() error handling in rare merge failure case to the 6.12-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: mm-mmap-fix-__mmap_region-error-handling-in-rare-merge-failure-case.patch and it can be found in the queue-6.12 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From Liam.Howlett@oracle.com Wed Nov 20 13:30:17 2024 From: "Liam R. Howlett" Date: Tue, 19 Nov 2024 12:59:45 -0500 Subject: mm/mmap: fix __mmap_region() error handling in rare merge failure case To: stable@vger.kernel.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Lorenzo Stoakes , Jann Horn , "Liam R. Howlett" , syzbot+bc6bfc25a68b7a020ee1@syzkaller.appspotmail.com, Vlastimil Babka Message-ID: <20241119175945.2600945-1-Liam.Howlett@oracle.com> From: "Liam R. Howlett" The mmap_region() function tries to install a new vma, which requires a pre-allocation for the maple tree write due to the complex locking scenarios involved. Recent efforts to simplify the error recovery required the relocation of the preallocation of the maple tree nodes (via vma_iter_prealloc() calling mas_preallocate()) higher in the function. The relocation of the preallocation meant that, if there was a file associated with the vma and the driver call (mmap_file()) modified the vma flags, then a new merge of the new vma with existing vmas is attempted. During the attempt to merge the existing vma with the new vma, the vma iterator is used - the same iterator that would be used for the next write attempt to the tree. In the event of needing a further allocation and if the new allocations fails, the vma iterator (and contained maple state) will cleaned up, including freeing all previous allocations and will be reset internally. Upon returning to the __mmap_region() function, the error is available in the vma_merge_struct and can be used to detect the -ENOMEM status. Hitting an -ENOMEM scenario after the driver callback leaves the system in a state that undoing the mapping is worse than continuing by dipping into the reserve. A preallocation should be performed in the case of an -ENOMEM and the allocations were lost during the failure scenario. The __GFP_NOFAIL flag is used in the allocation to ensure the allocation succeeds after implicitly telling the driver that the mapping was happening. The range is already set in the vma_iter_store() call below, so it is not necessary and is dropped. Reported-by: syzbot+bc6bfc25a68b7a020ee1@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/x/log.txt?x=17b0ace8580000 Fixes: 5de195060b2e2 ("mm: resolve faulty mmap_region() error path behaviour") Signed-off-by: Liam R. Howlett Reviewed-by: Vlastimil Babka Reviewed-by: Lorenzo Stoakes Cc: Jann Horn Cc: Signed-off-by: Greg Kroah-Hartman --- mm/mmap.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1491,7 +1491,18 @@ static unsigned long __mmap_region(struc vm_flags = vma->vm_flags; goto file_expanded; } - vma_iter_config(&vmi, addr, end); + + /* + * In the unlikely even that more memory was needed, but + * not available for the vma merge, the vma iterator + * will have no memory reserved for the write we told + * the driver was happening. To keep up the ruse, + * ensure the allocation for the store succeeds. + */ + if (vmg_nomem(&vmg)) { + mas_preallocate(&vmi.mas, vma, + GFP_KERNEL|__GFP_NOFAIL); + } } vm_flags = vma->vm_flags; Patches currently in stable-queue which might be from Liam.Howlett@oracle.com are queue-6.12/mm-mmap-fix-__mmap_region-error-handling-in-rare-merge-failure-case.patch