From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=KvBV=G7=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-10.2 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2A1C4C433DB
	for <linux-mm@archiver.kernel.org>; Thu, 28 Jan 2021 01:54:57 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 8C97F64DBD
	for <linux-mm@archiver.kernel.org>; Thu, 28 Jan 2021 01:54:55 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8C97F64DBD
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 8A8A06B0006; Wed, 27 Jan 2021 20:54:54 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 858156B006C; Wed, 27 Jan 2021 20:54:54 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 76E646B006E; Wed, 27 Jan 2021 20:54:54 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0097.hostedemail.com [216.40.44.97])
	by kanga.kvack.org (Postfix) with ESMTP id 604CC6B0006
	for <linux-mm@kvack.org>; Wed, 27 Jan 2021 20:54:54 -0500 (EST)
Received: from smtpin26.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 1ECE51EE6
	for <linux-mm@kvack.org>; Thu, 28 Jan 2021 01:54:54 +0000 (UTC)
X-FDA: 77753515308.26.part12_07060222759b
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin26.hostedemail.com (Postfix) with ESMTP id 0102B1804B640
	for <linux-mm@kvack.org>; Thu, 28 Jan 2021 01:54:53 +0000 (UTC)
X-HE-Tag: part12_07060222759b
X-Filterd-Recvd-Size: 2705
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190])
	by imf42.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 28 Jan 2021 01:54:53 +0000 (UTC)
Received: from DGGEMS410-HUB.china.huawei.com (unknown [172.30.72.58])
	by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4DR3Qc2hXHzlBX4;
	Thu, 28 Jan 2021 09:53:12 +0800 (CST)
Received: from [10.174.179.117] (10.174.179.117) by
 DGGEMS410-HUB.china.huawei.com (10.3.19.210) with Microsoft SMTP Server id
 14.3.498.0; Thu, 28 Jan 2021 09:54:41 +0800
Subject: Re: [PATCH] mm/rmap: Fix potential pte_unmap on an not mapped pte
To: Andrew Morton <akpm@linux-foundation.org>
CC: <mike.kravetz@oracle.com>, <shakeelb@google.com>, <hannes@cmpxchg.org>,
	<vbabka@suse.cz>, <walken@google.com>, <linux-mm@kvack.org>,
	<linux-kernel@vger.kernel.org>
References: <20210127093349.39081-1-linmiaohe@huawei.com>
 <20210127160921.989f01c83d6703148f6bc316@linux-foundation.org>
From: Miaohe Lin <linmiaohe@huawei.com>
Message-ID: <3f924e26-57f3-863e-435f-115dbdf01ffc@huawei.com>
Date: Thu, 28 Jan 2021 09:54:40 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <20210127160921.989f01c83d6703148f6bc316@linux-foundation.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.174.179.117]
X-CFilter-Loop: Reflected
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hi:
On 2021/1/28 8:09, Andrew Morton wrote:
> On Wed, 27 Jan 2021 04:33:49 -0500 Miaohe Lin <linmiaohe@huawei.com> wrote:
> 
>> For PMD-mapped page (usually THP), pvmw->pte is NULL. For PTE-mapped THP,
>> pvmw->pte is mapped. But for HugeTLB pages, pvmw->pte is not mapped and set
>> to the relevant page table entry. So in page_vma_mapped_walk_done(), we may
>> do pte_unmap() for HugeTLB pte which is not mapped. Fix this by checking
>> pvmw->page against PageHuge before trying to do pte_unmap().
>>
> 
> What are the runtime consequences of this?  Is there a workload which
> is known to trigger it?
> 

Not yet. This should not be backported. My bad. Sorry about it.

> IOW, how do we justify a -stable backport of this fix?
> >>
>> --- a/include/linux/rmap.h
>> +++ b/include/linux/rmap.h
>> @@ -213,7 +213,8 @@ struct page_vma_mapped_walk {
>>  
>>  static inline void page_vma_mapped_walk_done(struct page_vma_mapped_walk *pvmw)
>>  {
>> -	if (pvmw->pte)
>> +	/* HugeTLB pte is set to the relevant page table entry without pte_mapped. */
>> +	if (pvmw->pte && !PageHuge(pvmw->page))
>>  		pte_unmap(pvmw->pte);
>>  	if (pvmw->ptl)
>>  		spin_unlock(pvmw->ptl);
>> -- 
>> 2.19.1
> .
>