From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84319C54E65 for ; Thu, 22 May 2025 09:36:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C35446B0088; Thu, 22 May 2025 05:36:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BE6616B008A; Thu, 22 May 2025 05:36:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AAE2A6B008C; Thu, 22 May 2025 05:36:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8AA9F6B0088 for ; Thu, 22 May 2025 05:36:22 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 01EA7120D6C for ; Thu, 22 May 2025 09:36:21 +0000 (UTC) X-FDA: 83470038204.01.68FB4DF Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2058.outbound.protection.outlook.com [40.107.243.58]) by imf21.hostedemail.com (Postfix) with ESMTP id 0D8C81C0002 for ; Thu, 22 May 2025 09:36:18 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=ESev6Sfl; spf=pass (imf21.hostedemail.com: domain of shivankg@amd.com designates 40.107.243.58 as permitted sender) smtp.mailfrom=shivankg@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747906579; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=py5wyaDMD2kxNGSNWSLrwmrjEP6CQOHatCQjrbGF2+A=; b=fOj1Gdtw+Xn/kTl2wLXvq2lhMa4zoIiPR+sR+qQ0egCMRrvQrEnKcgx1MN6sAXxVYfob/L KODTp+verzDMTm4s4VxzKVjd5awdU3OIMIqpMkCdK9CRcl8gTlvIA7Z8I5aQuSc719qPbO Ylv6S2OblzyxrtIBt+lWybOk9+D0mTk= ARC-Authentication-Results: i=2; imf21.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=ESev6Sfl; spf=pass (imf21.hostedemail.com: domain of shivankg@amd.com designates 40.107.243.58 as permitted sender) smtp.mailfrom=shivankg@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1747906579; a=rsa-sha256; cv=pass; b=IR+UAYztAZsE0nYn4E0NB2Q0hy39fH/u/m0EgAXzEt8zyUGw0V1esR/k30+2dORwy5sq3l bju6xUyOCJAYqKtK9VcsHMipFqv0HuVzSBUUlDmPyveZwbf3WQjbTzODutNr6fJTIBlpEY JqiwmkkRFE5iPNqz0P0G7KUne+N0FX0= ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=S0Q840xZ4FY99tjSNDASAadNIGXmLzIQF0nJqEdkLIdEJbqoDcJXvDGeO7S/DknVKgRb9/h24cqECNeY0OLmpyEiQTSCAAkxbk1xk9xWMKarB+ha/mq9lfflElI6U/3Bj1T+BY36bRFS8kCYgnmLUDPcXmRFuVodMtCZCdGTcsNFbRuSIndVPvBWfQU5Pom3YYNnN4vrkt4qJwkf8OVwWUVV9Rx1M4oWVkCoFofgDqxRRQ7U9iMmRCYwh50aoE28mWYARpeqrug36Jjcp/sA5l1GkX/3Lq8jUtQmb4HNys4jspmpj5qBm2SxpydLJEpdtgveXyzGCGSFnf8YW28ECw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=py5wyaDMD2kxNGSNWSLrwmrjEP6CQOHatCQjrbGF2+A=; b=FcdW/E4/DEgLaW3iorspq3WMonB6wQSHvX/Nus4VwUKOJd26qsfhhnzUI9M6/7Eem2lMMM2uaLnpdZIvGdUH2C+GwwOnUnUYcUItk8/1HfHym8MbYrrtIhlTvhs/uMf27MWIrb/yYERBwpB5hA+pZWuvz6wjjOEnqgBHRRFkX3I4sD1yXlC2vSOozYIKesJYRGRmtRGXfFucNIuAc37Ae36sy6ZRb3GN5Ft1IZDh7jLlJU2AbYuKakps+a/zEpsOH0W6gzi+qptEG5KmuLjiW8Xc8KwBwgkqeCgTWmawdl7hRyXYXTY5e5eJDUnKTHAlYvsjORho2StuyyFtVgkcLw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linux-foundation.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=py5wyaDMD2kxNGSNWSLrwmrjEP6CQOHatCQjrbGF2+A=; b=ESev6SflGujx9iyLhdBv+z1CkXk5zUViSmoIiIGmxNeHDH5dbsfw947ozW76mPLM3p0DlSbK8zHHfwH08+xNMBzfJHxPLtws3Zhby3HqZjYugQvS9Lx/s3JKUOMgfgsV8fwRO0GP+k4DVjbDHjPFDcqAbj9wIki6qC1/F4P0e5U= Received: from BN9PR03CA0381.namprd03.prod.outlook.com (2603:10b6:408:f7::26) by SJ1PR12MB6170.namprd12.prod.outlook.com (2603:10b6:a03:45b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8746.30; Thu, 22 May 2025 09:36:15 +0000 Received: from BN3PEPF0000B36F.namprd21.prod.outlook.com (2603:10b6:408:f7:cafe::a7) by BN9PR03CA0381.outlook.office365.com (2603:10b6:408:f7::26) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8769.18 via Frontend Transport; Thu, 22 May 2025 09:36:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B36F.mail.protection.outlook.com (10.167.243.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8792.4 via Frontend Transport; Thu, 22 May 2025 09:36:14 +0000 Received: from kaveri.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 22 May 2025 04:36:06 -0500 From: Shivank Garg To: , , , CC: , , , , , , , , , , Subject: [PATCH] mm/khugepaged: Fix race with folio splitting in hpage_collapse_scan_file() Date: Thu, 22 May 2025 09:34:53 +0000 Message-ID: <20250522093452.6379-1-shivankg@amd.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B36F:EE_|SJ1PR12MB6170:EE_ X-MS-Office365-Filtering-Correlation-Id: aabdb723-f837-4755-c0a5-08dd99141877 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|1800799024|36860700013|7416014|13003099007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?CwJEregmRu2SXq74UAzYQnpxFtpT6ZAWD+JoPSpy/P6KFtf2534/j3MCYUX0?= =?us-ascii?Q?FkYXEWP0FEsBt1NUM8xbEQt2LL68aVyeFuKkQBohN7hT+ik7w22ngZAfO4ZO?= =?us-ascii?Q?/187SnocZwXWRkcNU/b+0JwnGZRgFjDrh2F58wJirE9OQK6Uarq08gbODh4K?= =?us-ascii?Q?WgOUz7BzWUeEUx2dgDpNYXEJUcIlmrzM9x3dSVDX84M0N9jx2TcY+ffEeIr6?= =?us-ascii?Q?c+pGt1ghnK6hIFbcZ/sJFk1Tl7zPpgKX8xRRqH9C0EdNomeG4q5gWfFN9RXw?= =?us-ascii?Q?n51OOGWAGTzQQADvawGPQPEWuFIWwxEdbfEGDW3kmjxuNW3y+4ICUI6G3poC?= =?us-ascii?Q?CmbGhGnEAibAJ+bm+31726rUXJpzBpCaMgdT1eSK5feK1W/cSl9kXuQo+o1Y?= =?us-ascii?Q?aO+MEyqxuCBFw9e8Tp17VjulChNnYbwKEAw8zA23o650DeiTlosONvzCX6z+?= =?us-ascii?Q?n+Dh/aD/LXKD052n20EEBugCe2PkARnYqc3A7n7pG4EuX2W9G5Di2O+p5v7G?= =?us-ascii?Q?lK9HklpmGm9L4XpmOPVwFDE391qK2IC7pC1aPwiLjyq5Qfv7faBtxvHwSdug?= =?us-ascii?Q?uI+8jx+fnFt3DbNbHOo1WNxUzeAIC46vftYd1MNKM9arwHyFsxUFN+EHgb/f?= =?us-ascii?Q?CJc7Vrz7sBG/fWxoHvpc7XdN3jCTZXGIbtVsIDr1LxWjrBy2g4ZJZL/Yhx89?= =?us-ascii?Q?mKXdyh70/HpNa5otqbgrkYyEsVXqc3P58Xz8oIYcZY7oW9XKkXXpobbIa6V1?= =?us-ascii?Q?gTqmJ/Y93jOqUTWnjsQcYKlYIWy6XzqIZ0xBeAtPKwxTFah4ABC4PRxt3uOn?= =?us-ascii?Q?JCSOQoNaqxacCby2Crt7BeeBshxaO/gtxjp9FuWkRIFL+lOawdQpwfqxF5if?= =?us-ascii?Q?VYq5WJZ+TJuMqsZGpelVT2vp5YAXIf9yAji1BUzZWSV9OrQBxZcOvA+hwyoM?= =?us-ascii?Q?RDKoDC3oHID7fHuy0Oa/58/qCEgug8Zp0iSmYAS2zreq+Ak3LXUA542DfjZS?= =?us-ascii?Q?0MhnAyv4aofECZs587dJlu3Sr9EFVtaRsa/vazJqcgQaP276ZgCyQrqxSeW8?= =?us-ascii?Q?+lXKT3+WFpaYB6HjVV81NJRej0DMftYVE4WriQjh/7QiEFVCdQ9z+8Lvxk2s?= =?us-ascii?Q?Bv9A1xH1aNhxICq4BqAczerqs87L3B4+Do40KK9VlQ4RXxh+EOOCk4OfZ1Z4?= =?us-ascii?Q?HUXtAg/pwLO7XwbvV41dfHOIWdfyJ/O93+KTkqyVBSQprDsPBgFzE2wLNfYy?= =?us-ascii?Q?GzrqUYbV8dIFeex/odmBODEObXAFH4a8kWijpAoAl2QhWljrwyzdtNzhJ/ta?= =?us-ascii?Q?Cxi53HC0ccr9ck+AgizqqCRMIU9hFZ10MBxUsUZvdLkTUtzDkrOyoxbbRN2j?= =?us-ascii?Q?eTGIXNGW6zndkGs6v+RgmseZ+TjBkxDm/yrUWEREp2UZUEXqKeVjkpq5KVZO?= =?us-ascii?Q?K4Bb85+pmUx9JXSWamk/SaZQPmKuVGo8+tJ4RqiODsjnKRMITRuLeA=3D=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(1800799024)(36860700013)(7416014)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2025 09:36:14.4955 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aabdb723-f837-4755-c0a5-08dd99141877 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B36F.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6170 X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 0D8C81C0002 X-Stat-Signature: qj1tkkmipa9fo4d5kwkruyumr3bw5tu4 X-Rspam-User: X-HE-Tag: 1747906578-517194 X-HE-Meta: U2FsdGVkX19RFpB1OyHwEhdUrcuuP1OISpHw3oqUYVOXgwI2jj8rvyVWcyP5AyPBrEKd59gJadQda53C/fGLoZM9njwbOUabT+mKQRZZl0IDKdWJ9bSIQzSX15iL/XWin3q2eTOREQCN1u07UAqiBE+82yV6iNbE1/ZuQ7xx8WAqYJ1rb2ZEzX46ZqJp7TcRAMwPcsT5UIgBO6acdjL5MOlz1BRv7IAcwAi8DijiaGP0qj2vUUS9R32UVIzC0oMTqhhNt8Stgh/L27fp7/bwkv46zUYJNRpR7QWxj7lWNnfUPAJG1X7LA2Yi2W0XuBlHIezFSraVHcDKLBCxlzzKaVlEgq588Dgfe3DFHJmCTnG3Ryo/Cv97B8vsIp2jHznKxsBRbX9FJ5z6cRUO6XnPAqhuupdI107XN+aNSirHowFgv4Rd53m9jy2HqHuaPGB4BFCNNxC3GSZewONRBUO5O1OkxdXQjxqwpwknYiGFGPIZlAWy2gIjLRVEtUJJMKSACF3yMyoj2u22vOHwvgK0Zu5poFf8kexjKZBx1JkLq5Sh1Zl9am9T0wJyynuZdU/wAqo2Xu3EREpWZ3HmI7Pv7iwz4TO/XmV5FBIVNmGEF7Vvo5ArBtHe6GH8FrSmh13D+pYO8fEXuBeEHFEeAgFV/5KXQFNEKlap6Unzv/EqsOsiRPgtu5E4e2+delIyRhNjeYFzi3zj8O0O6YN5abw6Mau/cyYe8rQclYLXeFUNGxq7CAlqgpNEwJO5/M9aB5RgBUSBirGQEBfAdSwwU61cqxDPM6e8TMlH7Aek+XHgOpF+vDRlKiPCAlFFpagjvCnZrSPSfXC7DdZOUVaGc7p6zrXq+vSMlGowSVBzfAbBT98Nkr1/Y18tg/VcUMSFK5fHCAlqyuRi8hyxhOfWlb9hyM9g6vuoNonQDYdLH7RAB7rUN9Ws7ioLrEVvIDHmW5QyUut6WSKL6mCDIEx+OUe SESTkP1Q +oS+hPii4fczycdiSVTITrojri4VLPq5yMC1Tkt0ErIhNbPP4JEjA62KmtNEoHeXpFrJXFstLAyUpgwph8xyABTWEqvAO45iQqIWb9P8B38W2sKWsduqidpQfoaC396ouUjvhNuJU1rJh1Xxmd1rfiZXMXkSno8YX1YtpNgH/n1sFLlDvZAivOTp+12w8Ryq4S1JUbiDn3vaRLaZGeVP4qPtitfw//dNUbRnFGf8KLMYL7Ly02NxX7+Xzb6jW6WjWGg6KzNFZ/TqNtaKKvC/pEKarlxSqLt05CCX73KAqjj+84IXiNHnlboEMmBeyH0BvHXhW4UksEttx8gGeGcnkLNBGHFDyRk+ieImyCAdjGQM2kGENaa1kXHGi8A1+2iZTrlKXuNLzX/ApeTqi0A02zRZjepQZArnTs9bxO+qBUO1o5DN9q78cOqgSdGM8XSNcvpbfl3sH/fQNc7rND1kR1MaY22nA6rCFgklFD+01b7KAZbuKZt01qKagiOuxr6BxjZ6PddKcx+h5BMImyiUfgSfFJ+SNj4J3eMve1zXg0wrNgMdSS3aZjQUKP1L+rX6U95ozLavMfiO4eIRYI4IONOq0q7xcL8lfbbd5bmyUOBs8P8S8WW48jeFqOwB640Jf2q2XbxoiKf5DJ8l07fnrMEyCS3QPkrB9ogITfIcydDGj8kwuYFrmJYd90nUJU2q0csAbBzIZAWXD5Q2Tg+FuAi3LbD8iouqmNkATGmneBvJdGlqonyZ/MF58+obV+qrLEn1oQLyex/vaPGSQ+VOhBOxuHLf4cfih1v6JibC4JZfAsGLKGUeoEqkireRIllfaPRoxU/US7kJMJ8e09BkcpLl7VZbiVkFKWbSebzGUxlzGa0hcVkuffnPJIJegbI1MqsbMzGuykg4njRM0yVtSpy2yTA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: folio_mapcount() checks folio_test_large() before proceeding to folio_large_mapcount(), but there exists a race window where a folio could be split between these checks which triggered the VM_WARN_ON_FOLIO(!folio_test_large(folio), folio) in folio_large_mapcount(). Take a temporary folio reference in hpage_collapse_scan_file() to prevent races with concurrent folio splitting/freeing. This prevent potential incorrect large folio detection. Reported-by: syzbot+2b99589e33edbe9475ca@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/6828470d.a70a0220.38f255.000c.GAE@google.com Fixes: 05c5323b2a34 ("mm: track mapcount of large folios in single value") Suggested-by: David Hildenbrand Signed-off-by: Shivank Garg --- mm/khugepaged.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index cc945c6ab3bd..6e8902f9d88c 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -2295,6 +2295,17 @@ static int hpage_collapse_scan_file(struct mm_struct *mm, unsigned long addr, continue; } + if (!folio_try_get(folio)) { + xas_reset(&xas); + continue; + } + + if (unlikely(folio != xas_reload(&xas))) { + folio_put(folio); + xas_reset(&xas); + continue; + } + if (folio_order(folio) == HPAGE_PMD_ORDER && folio->index == start) { /* Maybe PMD-mapped */ @@ -2305,23 +2316,27 @@ static int hpage_collapse_scan_file(struct mm_struct *mm, unsigned long addr, * it's safe to skip LRU and refcount checks before * returning. */ + folio_put(folio); break; } node = folio_nid(folio); if (hpage_collapse_scan_abort(node, cc)) { result = SCAN_SCAN_ABORT; + folio_put(folio); break; } cc->node_load[node]++; if (!folio_test_lru(folio)) { result = SCAN_PAGE_LRU; + folio_put(folio); break; } if (!is_refcount_suitable(folio)) { result = SCAN_PAGE_COUNT; + folio_put(folio); break; } @@ -2333,6 +2348,7 @@ static int hpage_collapse_scan_file(struct mm_struct *mm, unsigned long addr, */ present += folio_nr_pages(folio); + folio_put(folio); if (need_resched()) { xas_pause(&xas); -- 2.34.1