From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A8D8C83F09 for ; Tue, 8 Jul 2025 12:48:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3F4D76B031A; Tue, 8 Jul 2025 08:48:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3A53E6B031B; Tue, 8 Jul 2025 08:48:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2E2566B031C; Tue, 8 Jul 2025 08:48:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1A53E6B031A for ; Tue, 8 Jul 2025 08:48:53 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 980DB1605CC for ; Tue, 8 Jul 2025 12:48:52 +0000 (UTC) X-FDA: 83641076904.17.5412A77 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by imf06.hostedemail.com (Postfix) with ESMTP id CE49A18000A for ; Tue, 8 Jul 2025 12:48:50 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=ispras.ru header.s=default header.b=tSaA0ILz; spf=pass (imf06.hostedemail.com: domain of pchelkin@ispras.ru designates 83.149.199.84 as permitted sender) smtp.mailfrom=pchelkin@ispras.ru; dmarc=pass (policy=none) header.from=ispras.ru ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751978931; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=OEaZ0Ie9Gp1IIt1ZeqiDzyAP1dwTvJmCCyIZ8LRzpZY=; b=pKL4tzGjyWaczM1jjgRLhQHwrgYUKHwdKIKWa6E9VQQLEOVaahNhMfwhdZZmunvR5xKCUM pzHr5iizbXtlBgT6Bj8+KYcZ3Y6wVS9BkBrprzyk7DtmlqRUJC20szkaSK1xjPq/jYgq7T OnYPf0kfVld76kQ6NWQIMbsYAPhOLgA= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=ispras.ru header.s=default header.b=tSaA0ILz; spf=pass (imf06.hostedemail.com: domain of pchelkin@ispras.ru designates 83.149.199.84 as permitted sender) smtp.mailfrom=pchelkin@ispras.ru; dmarc=pass (policy=none) header.from=ispras.ru ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751978931; a=rsa-sha256; cv=none; b=nBKR731sgca7E37AnZSl+T/WkAfktPFfWakdawSL2UN6JoJdhPIkUV1WBb3r8OQdpFIAQw ZF73sOdWAIbJlf2oKzMm9h6hpOneghIo4gQ1GSuoKJetN4qfF7eQiPWwdtXKvLoDaGoCV7 +c5YnCvF+grCKSgflc3XFRsz9wMjZ4Y= Received: from fedora.intra.ispras.ru (unknown [10.10.165.16]) by mail.ispras.ru (Postfix) with ESMTPSA id 02E2C4076182; Tue, 8 Jul 2025 12:48:49 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 02E2C4076182 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1751978929; bh=OEaZ0Ie9Gp1IIt1ZeqiDzyAP1dwTvJmCCyIZ8LRzpZY=; h=From:To:Cc:Subject:Date:From; b=tSaA0ILzxzt2K0uQXAoXGJ71M31EoMMCnwPuekcz2AT/4RAlDGs/HZzeIEJDnjRTx Ei9/LX71IHhGzXXnikrPzSQ88/Zyv5TW0BQQawSOKp5455PSF0i5uEShehxFRdF3Pj iky+ynX7uNllpLxEhpVx7ZWsXyYQmbVKNvExe8LU= From: Fedor Pchelkin To: stable@vger.kernel.org Cc: Fedor Pchelkin , Greg Kroah-Hartman , Andrew Morton , Oscar Salvador , Lorenzo Stoakes , Jann Horn , linux-mm@kvack.org, lvc-project@linuxtesting.org, Muchun Song , "Liam R. Howlett" , Vlastimil Babka , Pedro Falcato Subject: [PATCH 5.10/5.15] mm/hugetlb: fix assertion splat in hugetlb_split() Date: Tue, 8 Jul 2025 15:48:36 +0300 Message-ID: <20250708124837.939378-1-pchelkin@ispras.ru> X-Mailer: git-send-email 2.50.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Stat-Signature: zkdb5arzfd4zdo6hgb1n4f9xsgcea75c X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: CE49A18000A X-HE-Tag: 1751978930-639249 X-HE-Meta: U2FsdGVkX1+rBTcKRtlAx1tsATlIqQUCbmWGYC5X7Bap6sZXgcbWUpkJU3wmWh4Q9mbRjzRTMFmaYJYsGfPI1rzz0U3YtNxoNPZ+bGTLiq3tQCqpJfXLRd9msjB9+5R1wfU0y4S+dtHKO4fTbhQS4rj5VXx0YfJcdkC4YbJV5scLBY5T37UIcCOoV38JtqCI0+ln7v6RQfnypL+56AyqfazJFupTVU12nayitTGKKR0ofawLhoVawSN3necgSveLIb3yhRGXm8QGhVZlX5PIUa7BrBirvZfqk83vwm/vlv6QXmTzX+p40yYOfkt4tAzbFDwaiBNoVVp+rAtt/KbQ+PNofK4Aw/912g0dNJu+xNoIpR7ivsPMkNr8C2ATFfvz1z9bS2SHwYRycxTpTiFT6Qd9CQTu4JlT2x8IqUXCRBRRqhwmAYX0YS47QENL0ZXhPCtITKrRFi8kkj9MNe023IaE2/2E914TopUSPJQM6DvKwr7dKd/939DrB4gHtc1nhz57/D6timiEUsVAnESnbFW8gr5aNsvhVRAKrIPXx5fo+eN6mvVzIEhLdhjs5oh55zlLTwhubO5Hh6ibzUTcAmWJWlg2YKAv8A5YxuY0ihbHkM5I9iSGcSc+Mc7j+YAU5/0JKh2ibFX51hPTdYjt8scX9nD9WY7EHgFkpy6meucAFEHfpUyCzrsCoOmQtslmuCNC8dIfNWeuaiwDFkytYdXXIV2L/wL3ptsE0vw3hV1CnOkRlAB1AdX7VDFly+bsjGEKdRz9Z1hUdeCn28TmWAkhkwUxNgzmEwUOx4MmWen8NB3I0uD5XKrOlJilL40SFL1BrS5dVXvp/iTHu+je1Dq09HD8M9tjvIvCD/r8Hfhdi+df5oVz21VBei1wjs3vZCihTIfU9bAoo6JoA+MBXNnoWsCqY6+ma8zDVKzl2k1yDIyLamTfIpOMh6wwONBPwW+hBw3UW3Fciya56Aq 5SS0R/UO wlCxGE4NEDN652jvOAgLROjMMVtYZhzBTwsoFT1PCBTWuORdQHEAMbTIuNUCg//XFowoB20/Lsnur0gphJBKdFS2tCBwZk0lwuNzj5/uFomRW5fLH92B80jHRMR4o8ckxD33J+nzTX+aIAJM7jGSmvaDuefkT99FU6YL5l+tMH400L6Np7UvHocenaW5kmNauCkaTR1YU+CUWZuM8hPoEJLTGZF25O5syJlMCJ54Xs5YFdvcG1jiQX5/TaxNGS3n3MbuhjdnhMEaZRQziYW5qirL0g45me9K20GVoQC/7ACmDKD1hxPBHfcE9AyQ6+sTA5z7LUfK0o7lPQVmyYCr6jkbHmTkhhG59HlrGFQTS79N6zsLMPCzCgMCtF8SbEbiVzrYsX+XIBJVRfiqdb+mD5sU2AxCY0CsRycJqJpal7FrkiCZmPJOBwpMMMGxWfoJqobwKxOzzrL03HiJP13NF34EPCkUkStHvigJJNQytsBpaBGRM76M4QYrfgzEfnipJJqTyjeAYv5DvAxc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: No upstream commit exists for this patch. The following assertion is firing on 5.10 to 6.1 stable kernels after backport of upstream commit 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before"): WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline] WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Modules linked in: CPU: 0 PID: 11489 Comm: syz-executor.4 Not tainted 6.1.142-syzkaller-00296-gfd0df5221577 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:i_mmap_assert_write_locked include/linux/fs.h:503 [inline] RIP: 0010:hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Call Trace: __vma_adjust+0xd73/0x1c10 mm/mmap.c:736 vma_adjust include/linux/mm.h:2745 [inline] __split_vma+0x459/0x540 mm/mmap.c:2385 do_mas_align_munmap+0x5f2/0xf10 mm/mmap.c:2497 do_mas_munmap+0x26c/0x2c0 mm/mmap.c:2646 __mmap_region mm/mmap.c:2694 [inline] mmap_region+0x19f/0x1770 mm/mmap.c:2912 do_mmap+0x84b/0xf20 mm/mmap.c:1432 vm_mmap_pgoff+0x1af/0x280 mm/util.c:520 ksys_mmap_pgoff+0x41f/0x5a0 mm/mmap.c:1478 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x46a269 Those branches lack commit ccf1d78d8b86 ("mm/mmap: move vma_prepare before vma_adjust_trans_huge") so the needed locks are taken just after the newly added hugetlb_split(). Adjust the position of vma_adjust_trans_huge() blocks with the lock-taking code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before") Signed-off-by: Fedor Pchelkin --- Tested with testcases/kernel/mem/hugetlb/hugemmap suite provided by LTP. For the report see: https://lore.kernel.org/stable/CAG48ez3LqUwXxhRY56tqQCpfGJsJ-GeXFG9FCcTZEBo2bWOK8Q@mail.gmail.com/T/#u mm/mmap.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index 8c188ed3738a..13669a33a515 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -832,16 +832,6 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, } } again: - /* - * Get rid of huge pages and shared page tables straddling the split - * boundary. - */ - vma_adjust_trans_huge(orig_vma, start, end, adjust_next); - if (is_vm_hugetlb_page(orig_vma)) { - hugetlb_split(orig_vma, start); - hugetlb_split(orig_vma, end); - } - if (file) { mapping = file->f_mapping; root = &mapping->i_mmap; @@ -881,6 +871,16 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, vma_interval_tree_remove(next, root); } + /* + * Get rid of huge pages and shared page tables straddling the split + * boundary. + */ + vma_adjust_trans_huge(orig_vma, start, end, adjust_next); + if (is_vm_hugetlb_page(orig_vma)) { + hugetlb_split(orig_vma, start); + hugetlb_split(orig_vma, end); + } + if (start != vma->vm_start) { vma->vm_start = start; start_changed = true; -- 2.50.0