From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED85AC7EE30 for ; Tue, 1 Jul 2025 14:03:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 91BEB6B00A1; Tue, 1 Jul 2025 10:03:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8CB666B00AA; Tue, 1 Jul 2025 10:03:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 793976B00AC; Tue, 1 Jul 2025 10:03:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 62DB86B00A1 for ; Tue, 1 Jul 2025 10:03:37 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id E20FF593C7 for ; Tue, 1 Jul 2025 14:03:36 +0000 (UTC) X-FDA: 83615863632.29.9E70113 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf01.hostedemail.com (Postfix) with ESMTP id 5D28640004 for ; Tue, 1 Jul 2025 14:03:34 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=cWsXRVdI; spf=pass (imf01.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=quarantine) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751378614; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RTx+g/ICXN+t4dz9YafghFmb5+aFmfAwgPNFgDgkBAM=; b=04JFYu7er8ySBelLRQ/Bov8jRwhrw0oPXqbuct+YJwa96EQ29lYhr6cU5pDU+2/O1u4X30 ErCvO2K5M60z96JLfeGV2v4+zDVfr/1kRXdbkIsuBHX+uBQk8qpGRAdNSuaVEOPo5YAlZQ p4RhSpg6JfbDZrGXqbcljYUFJfdk4CM= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=cWsXRVdI; spf=pass (imf01.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=quarantine) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751378614; a=rsa-sha256; cv=none; b=1+mysN2R2F2uPuHK6GIlGCa/fKonJ5q+o3CMikgxYunrLY0nCQyfXzU0l3gLj+oms1qTu3 kBEuCjoaHnPtyVCIzt2Pd1gLK6WAiwxrR+zgJ/j7WddGxFN8/mxOZT4m+HO963l4X9hE70 oL2jFloMFEzUg+HUN5jxrp8xgYG9UHg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1751378613; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=RTx+g/ICXN+t4dz9YafghFmb5+aFmfAwgPNFgDgkBAM=; b=cWsXRVdI8E1WwGMbYqrWCKc00YykzSKFuHjOg33nAzO/idwMfEwms15GaA2PAs8Cl06QTp hemYYmR1/8oQEaFS+PBuyu/qX1vqXuyO/TbJWJsUWDEr9qnJ1qzWtH6d0XD9u+D2CWhzd3 RoWgnk74pu4NyXKftWazK+OYxsme5Z8= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-340-QISiiw9lOouZ6nur3hqfSA-1; Tue, 01 Jul 2025 10:03:27 -0400 X-MC-Unique: QISiiw9lOouZ6nur3hqfSA-1 X-Mimecast-MFC-AGG-ID: QISiiw9lOouZ6nur3hqfSA_1751378593 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-3a4f6ba526eso2127421f8f.1 for ; Tue, 01 Jul 2025 07:03:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751378593; x=1751983393; h=content-transfer-encoding:in-reply-to:organization:autocrypt :content-language:from:references:cc:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=RTx+g/ICXN+t4dz9YafghFmb5+aFmfAwgPNFgDgkBAM=; b=Q5DAAcL10ic+DY16YZChjzR79NWbBStPq8F7cp68F+MhFdZk0X2y0EfU6eyeJwPDQn jzqMq2g7SK4uFhd2Hfp5gwrG2E/5Xw/2BllhYEI8h0gn3V2VG/DK4cLpYQEuUzRVopLJ 0F4jg/+4hr9iWuM/2he8SxT8Gif74G1O4D7DnQl/fb67I9iJhE4teRSXa2ZmQKmSCEpJ 38lgAoq8R3wLmVPl55OIdgqtIcRPtw3E/uKFyZOpNYBSbokTyaQRTtMMJk1IATCb/O3k 48k7vS/ESHo3XH5rNiSoVOsDH7ciiBJN/spbfmBrs4slY/egAIkYYfwuhSRj4SPjxIBv mvdg== X-Forwarded-Encrypted: i=1; AJvYcCXGDw4pHIEYiChzncsbd8ZVigRawb1VSRwD8YKsfSwxZqmmvUk/pXvBuVWoAtnnRvHLlMYNouSMlg==@kvack.org X-Gm-Message-State: AOJu0YyvlIKniLJUGqJLFMKdhEf45b5ZRf5wyaiJDuAxkbAstLQ/Snxf 9C1n2XYXJLvzjz59RyyjTb5fxNooj9cdx/iImWZ7Dd+GuDq/LOdK3+UpPownPRn0OP/leOXGldI EGqmYCYTSru1PVbZjrSnpgFc9PXMzygXqolVfHxhuy02MI4SEU9U7 X-Gm-Gg: ASbGncuv3gu13CbASszQtfqmMD6sr5lc3aIY1vrxgqM60f3lPAx6J0JoGgNZ4fkB6/w HEoQEW+XazbMLRp+gBr/j7v9Kt7kYdTfW/pjWObNsEnbPZPkOljw3DR7WsmvKvPMuyIckIPscnf j4xRunteqmtBO8aM5zejnaTc9TwruI6CmxUVKnPToD3k6wINSfDYzqCv4YjANzth7kZ4k2HhVlw VbCq+7CdTFDLijPegyUaK8TPD2oV14s8GfZshT3JvJfUO6/48akEShWp38qgWfKcC/Ume+2h7S+ 1mo+LyQU/BrmnHckETvgb7K3kvL42X3uVsEVT7sj95brE+rtrbyyUkvAc52um0T4Q7fWyiFAxp2 hSmRhUfFvgSLFz9RL+diuTwRW6RkM3XJjnf63X/K9ARjGYCdWlQ== X-Received: by 2002:adf:b64f:0:b0:3a0:9dfc:da4 with SMTP id ffacd0b85a97d-3a8ff5201efmr11485705f8f.42.1751378591828; Tue, 01 Jul 2025 07:03:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG7R3QME11ZBj9+BG46czHqpSceP+vF115DNdQ6LNVtWM1I1Qv3+VwohoaUOVRnSiIQOjQm8w== X-Received: by 2002:adf:b64f:0:b0:3a0:9dfc:da4 with SMTP id ffacd0b85a97d-3a8ff5201efmr11485359f8f.42.1751378588233; Tue, 01 Jul 2025 07:03:08 -0700 (PDT) Received: from ?IPV6:2003:d8:2f18:7500:202e:b0f1:76d6:f9af? (p200300d82f187500202eb0f176d6f9af.dip0.t-ipconnect.de. [2003:d8:2f18:7500:202e:b0f1:76d6:f9af]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a87e947431sm13377312f8f.0.2025.07.01.07.03.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 01 Jul 2025 07:03:07 -0700 (PDT) Message-ID: <330f29ee-ba55-4ae6-a695-ddaba58d5cb8@redhat.com> Date: Tue, 1 Jul 2025 16:03:06 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 1/1] mm/rmap: fix potential out-of-bounds page table access during batched unmap To: Lance Yang , akpm@linux-foundation.org, 21cnbao@gmail.com Cc: baolin.wang@linux.alibaba.com, chrisl@kernel.org, kasong@tencent.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, lorenzo.stoakes@oracle.com, ryan.roberts@arm.com, v-songbaohua@oppo.com, x86@kernel.org, huang.ying.caritas@gmail.com, zhengtangquan@oppo.com, riel@surriel.com, Liam.Howlett@oracle.com, vbabka@suse.cz, harry.yoo@oracle.com, mingzhe.yang@ly.com, stable@vger.kernel.org, Barry Song , Lance Yang References: <20250630011305.23754-1-lance.yang@linux.dev> From: David Hildenbrand Autocrypt: addr=david@redhat.com; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW AgMBAh4BAheAAhkBFiEEG9nKrXNcTDpGDfzKTd4Q9wD/g1oFAl8Ox4kFCRKpKXgACgkQTd4Q 9wD/g1oHcA//a6Tj7SBNjFNM1iNhWUo1lxAja0lpSodSnB2g4FCZ4R61SBR4l/psBL73xktp rDHrx4aSpwkRP6Epu6mLvhlfjmkRG4OynJ5HG1gfv7RJJfnUdUM1z5kdS8JBrOhMJS2c/gPf wv1TGRq2XdMPnfY2o0CxRqpcLkx4vBODvJGl2mQyJF/gPepdDfcT8/PY9BJ7FL6Hrq1gnAo4 3Iv9qV0JiT2wmZciNyYQhmA1V6dyTRiQ4YAc31zOo2IM+xisPzeSHgw3ONY/XhYvfZ9r7W1l pNQdc2G+o4Di9NPFHQQhDw3YTRR1opJaTlRDzxYxzU6ZnUUBghxt9cwUWTpfCktkMZiPSDGd KgQBjnweV2jw9UOTxjb4LXqDjmSNkjDdQUOU69jGMUXgihvo4zhYcMX8F5gWdRtMR7DzW/YE BgVcyxNkMIXoY1aYj6npHYiNQesQlqjU6azjbH70/SXKM5tNRplgW8TNprMDuntdvV9wNkFs 9TyM02V5aWxFfI42+aivc4KEw69SE9KXwC7FSf5wXzuTot97N9Phj/Z3+jx443jo2NR34XgF 89cct7wJMjOF7bBefo0fPPZQuIma0Zym71cP61OP/i11ahNye6HGKfxGCOcs5wW9kRQEk8P9 M/k2wt3mt/fCQnuP/mWutNPt95w9wSsUyATLmtNrwccz63XOwU0EVcufkQEQAOfX3n0g0fZz Bgm/S2zF/kxQKCEKP8ID+Vz8sy2GpDvveBq4H2Y34XWsT1zLJdvqPI4af4ZSMxuerWjXbVWb T6d4odQIG0fKx4F8NccDqbgHeZRNajXeeJ3R7gAzvWvQNLz4piHrO/B4tf8svmRBL0ZB5P5A 2uhdwLU3NZuK22zpNn4is87BPWF8HhY0L5fafgDMOqnf4guJVJPYNPhUFzXUbPqOKOkL8ojk CXxkOFHAbjstSK5Ca3fKquY3rdX3DNo+EL7FvAiw1mUtS+5GeYE+RMnDCsVFm/C7kY8c2d0G NWkB9pJM5+mnIoFNxy7YBcldYATVeOHoY4LyaUWNnAvFYWp08dHWfZo9WCiJMuTfgtH9tc75 7QanMVdPt6fDK8UUXIBLQ2TWr/sQKE9xtFuEmoQGlE1l6bGaDnnMLcYu+Asp3kDT0w4zYGsx 5r6XQVRH4+5N6eHZiaeYtFOujp5n+pjBaQK7wUUjDilPQ5QMzIuCL4YjVoylWiBNknvQWBXS lQCWmavOT9sttGQXdPCC5ynI+1ymZC1ORZKANLnRAb0NH/UCzcsstw2TAkFnMEbo9Zu9w7Kv AxBQXWeXhJI9XQssfrf4Gusdqx8nPEpfOqCtbbwJMATbHyqLt7/oz/5deGuwxgb65pWIzufa N7eop7uh+6bezi+rugUI+w6DABEBAAHCwXwEGAEIACYCGwwWIQQb2cqtc1xMOkYN/MpN3hD3 AP+DWgUCXw7HsgUJEqkpoQAKCRBN3hD3AP+DWrrpD/4qS3dyVRxDcDHIlmguXjC1Q5tZTwNB boaBTPHSy/Nksu0eY7x6HfQJ3xajVH32Ms6t1trDQmPx2iP5+7iDsb7OKAb5eOS8h+BEBDeq 3ecsQDv0fFJOA9ag5O3LLNk+3x3q7e0uo06XMaY7UHS341ozXUUI7wC7iKfoUTv03iO9El5f XpNMx/YrIMduZ2+nd9Di7o5+KIwlb2mAB9sTNHdMrXesX8eBL6T9b+MZJk+mZuPxKNVfEQMQ a5SxUEADIPQTPNvBewdeI80yeOCrN+Zzwy/Mrx9EPeu59Y5vSJOx/z6OUImD/GhX7Xvkt3kq Er5KTrJz3++B6SH9pum9PuoE/k+nntJkNMmQpR4MCBaV/J9gIOPGodDKnjdng+mXliF3Ptu6 3oxc2RCyGzTlxyMwuc2U5Q7KtUNTdDe8T0uE+9b8BLMVQDDfJjqY0VVqSUwImzTDLX9S4g/8 kC4HRcclk8hpyhY2jKGluZO0awwTIMgVEzmTyBphDg/Gx7dZU1Xf8HFuE+UZ5UDHDTnwgv7E th6RC9+WrhDNspZ9fJjKWRbveQgUFCpe1sa77LAw+XFrKmBHXp9ZVIe90RMe2tRL06BGiRZr jPrnvUsUUsjRoRNJjKKA/REq+sAnhkNPPZ/NNMjaZ5b8Tovi8C0tmxiCHaQYqj7G2rgnT0kt WNyWQQ== Organization: Red Hat In-Reply-To: <20250630011305.23754-1-lance.yang@linux.dev> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: QFFDfGime3Uv6ffIU_0fyHwfb2SFgLDbY7UVwML5li0_1751378593 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 5D28640004 X-Stat-Signature: 9f7rt5o67m7oink5gj9knsc4s5ihka7p X-HE-Tag: 1751378614-23154 X-HE-Meta: U2FsdGVkX1+V1Iph0P+m300X/OSKZVU2Vhouc9KXLHednuQrX2vcpQtwr+mJXhsLM0KZms+qj161CyHXbFqGWxh0qEPN2iGrw8NZ2GNrB+UnoDdgf1ROprqdHoJuvyJ4aGyRMekGZ+dlIvJSl+hFxEgg752oc2FauGB/viEimpDIw1rqRNN/gqvMSO5F40XJdKb6Md/A+27tyxi0ScKgtsp5O/DR1Ub5ECBQkD6Vnht/Qrx7lljzDx6MYfktseDDlNQOZtvR6Z5H/yPnCHHzvhzGRdsIQaVHh+38Dt8xK7irfIBrQvv78N1z2Wc21+NoqsKBo2mlUjth2BpZ1DBBNrJzthHw2tAMCK2M4/QT5PF3GnNhca/rWdPynu+xv4RxaK1IL0O2X3VBXaRv9EV3zSJvOUCwF2/T+VkLi07mOw156o7+HoFzQ6GOt8D577aWVos1fRB2DAzslpQZvOU4xd7TbXVi5aiXbe/GSWCo5WOpLzKUGiNmnP0uGjkJB72DMIq/hgQzCFmNTSwg26zi+MXrKWGVdJ4z2O69j7Te/jTjuy3tGhe2Kuj8pVothz3RMtqrqf5kLvZbr3BgI7n0eMCG6FWkS9CmEK0dypgPMsepsSJKpo2O8V6+oG5NgT0/LSda3aoV6mEFEVYTLFC79eyWhrkVvS/np8ADps42Drsn/jDcyCgq175n5YCtLJOa9qXZUmihCooTW6U8/gGCzUm7r1uL5JRuSWt3c/ybndmSIH/Bl1G34CQg+dXayA2eOlJQ+quGUbOP6jfRD93qIsmhZVRO2ljt68esYTF8YvVbXlQ2pS2W7LUP5hwLSvkUT4nQJwabmgQPUsj0g2ZsPaoVUUIOn+CqS4DlfXXPuCu4b38fhq3bJNkOn6k0AxuXdqwWNYWkDM7b8Kq8ca6Su7C6GizlznQshH/2KO1IQ7kw2wRYnAblmiNK5eJiyhhQ4Y0swtjdmeRaYZ4l8oz WVAuve0J AYIudRCOmoy8X6jSvYhuMQj4WbP2ZAZjn7FCU7jGSVLEJWCPq//spEaihGkDcS263JOjdiAmMMon3qzcizAhghOnGQOWOElXSDwQQntfv5qNt73Nada5QckFIL7vmtlVpqZVvT34RwuARVCNQPSvKmI5GdTKNd3n1Bl6rgOgsN2c4bLRM8/IT1tZRJz+FM2pwrJa4TEA5PrqWgYUNAu0n8H1Hg+N1fYrbKYbR+W4l/xjwEEhl0SnBSYqifNhhsn0px5hKM/i0xRhb79NmGhVEaoutYeeq4JT2PnZU/13DvkArRO8NvEFMewhH98qQbzNN4w16poJzFmsQI++6COiu9vLFjvRbrsZfGs5AOO53P+l6EScXEuL/1SwxjA//F6FP13V13qiOot/7ZBfWQYIu2cI01RCS/9Nhzd/ljEdS5mHlZLfpDZV0NzeXrJBSo5z88LQASc71H9yGSxl5jFlF1PUl02dHWAa3GhuN2/ZJss0Wy45FSwlHRmtlp2WihmdaVCxPpyxV2VJaNgu7VoJ3AXpBitRq1gYm+L4bnglCtBbY8DQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 30.06.25 03:13, Lance Yang wrote: > From: Lance Yang > > As pointed out by David[1], the batched unmap logic in try_to_unmap_one() > may read past the end of a PTE table when a large folio's PTE mappings > are not fully contained within a single page table. > > While this scenario might be rare, an issue triggerable from userspace must > be fixed regardless of its likelihood. This patch fixes the out-of-bounds > access by refactoring the logic into a new helper, folio_unmap_pte_batch(). > > The new helper correctly calculates the safe batch size by capping the scan > at both the VMA and PMD boundaries. To simplify the code, it also supports > partial batching (i.e., any number of pages from 1 up to the calculated > safe maximum), as there is no strong reason to special-case for fully > mapped folios. > > [1] https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redhat.com > > Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") > Cc: > Acked-by: Barry Song > Suggested-by: David Hildenbrand Realized this now: This should probably be a "Reported-by:" with the "Closes:" and and a link to my mail. -- Cheers, David / dhildenb