From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9751D462CF for ; Wed, 13 Nov 2024 16:09:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4B5638D000B; Wed, 13 Nov 2024 11:09:59 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 43E6D8D0001; Wed, 13 Nov 2024 11:09:59 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2920D8D000B; Wed, 13 Nov 2024 11:09:59 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 07F768D0001 for ; Wed, 13 Nov 2024 11:09:59 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 75C48AC085 for ; Wed, 13 Nov 2024 16:09:58 +0000 (UTC) X-FDA: 82781555892.03.F0BEF28 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf16.hostedemail.com (Postfix) with ESMTP id 3F3F6180002 for ; Wed, 13 Nov 2024 16:09:13 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=ckCSZQH5; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf16.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731514108; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=v5TYjr9jCoFWoSCCTgIHmbFSGdgfu2gjf/vH7LjtYV0=; b=yjP7NCmnK0rKn24cCYG4n0FqEvjYtb5E5vtauo8pOE8idOhDUg9PWC8WT9mgGi9bdzQqXB S7r0fEHgNZikR/kQHzFWJ6VeyaI9u6nzJsCIfURIeOmMXbFa7f8YaNhj1YFGQh8ivaefdW oOnrMy2d7cCGkruKa/J4qXMj8MzGkMU= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=ckCSZQH5; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf16.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731514108; a=rsa-sha256; cv=none; b=Ubrs8RwMRBrHmiN49MR6rtPU8uqXbKRMQR5wGqleS3cfEERNvTaxWV4yqb2pSJUNH+45vV 6zK07Cz7BfGUgrUHlgLuuIf0gS3TE8wotk31OiC08ijVQQ87J9pCdX5qhgL5+K4YlBB5W9 11/0sR+eglE0PFEXez0IPeBS9mA+n5Q= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1731514195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=v5TYjr9jCoFWoSCCTgIHmbFSGdgfu2gjf/vH7LjtYV0=; b=ckCSZQH5BEnoN6txcPMUFj53Bxk8nPvVJ4Qi3kvNCND0Z3tAaEv/cHIxh4NLc3bfUW7qiF zEiMo3pumH4Ld0N+ykD92K57VMsqNmcB3IrkOPTmiuDWx9mlCuVm8Yf7VLQzp9fPfaPSdr OHAvIkzpFXGpPdM0/lEFZUrthjh0uRA= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-119-1fitwtg0NnyKS2kWtAo5cA-1; Wed, 13 Nov 2024 11:09:53 -0500 X-MC-Unique: 1fitwtg0NnyKS2kWtAo5cA-1 X-Mimecast-MFC-AGG-ID: 1fitwtg0NnyKS2kWtAo5cA Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-4315a0f25afso54722135e9.3 for ; Wed, 13 Nov 2024 08:09:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731514192; x=1732118992; h=content-transfer-encoding:in-reply-to:organization:autocrypt :content-language:from:references:cc:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=v5TYjr9jCoFWoSCCTgIHmbFSGdgfu2gjf/vH7LjtYV0=; b=ACkWVniQsTfuYc4n8ImbEMxRJaW8epHlT1ZrmtYR70RVhMWPi7HVkXHwrOrodWyjXb +9bCXvFlx7+z5pDlEQ/eZHU/FaXdEOEs1SkDI2Mg5m6eHFNhfpfymruZWo+2R8LPVEMw gV/twijx9QPXmnAfDUFl7idW2Hfgj0LavsEBOnmmByG5jJFgKzNOKnE4xyo+b02Lp8Zk b+6Hw3xzeYstgpi7a3CcCs2lauuqPhPYM1MqZHfMN1w6xWDSQY8j4GqIfCxeoY/CreTp olvrKF6xqIlTMDCSK4IN44v/TbzCwIgVqwsP1cgwykCIqHmx7/dGYAzVG1y07yRu1eA+ xZag== X-Forwarded-Encrypted: i=1; AJvYcCWZpjaO856gSx0AdlhGHAdGBQCyau2Pw1SbSQ6msu+NAgYhHpGDUPDAF4xItvmnwiSETT8Qv/F4jQ==@kvack.org X-Gm-Message-State: AOJu0Yw9FwZzwYT2pxu2p13yyX/boLG8XcznLR/RLX0VmKOWhkPvT0ZD CN+bkY1blWbpRRUi14Em6XvhF1Pe0u0CmpHzyllfDQj2Mzgnci6akN8WhTkg4JKv5BsR+SnjG1z T+84ud3SLKjVuZrravKIrh0zwtHWeoco7o7PI1/TUPImVyJ72 X-Received: by 2002:a05:600c:a11:b0:42c:b45d:4a7b with SMTP id 5b1f17b1804b1-432b7515b75mr187710555e9.25.1731514192359; Wed, 13 Nov 2024 08:09:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IHmgv9BDoZHnJ7VnmN/rQdC3syMQdeUzz5ANYBoLM0edTuC9X8Xg+PCYqKqkASW6QZvF+GH1Q== X-Received: by 2002:a05:600c:a11:b0:42c:b45d:4a7b with SMTP id 5b1f17b1804b1-432b7515b75mr187710245e9.25.1731514191860; Wed, 13 Nov 2024 08:09:51 -0800 (PST) Received: from ?IPV6:2003:cb:c708:1500:d584:7ad8:d3f7:5539? (p200300cbc7081500d5847ad8d3f75539.dip0.t-ipconnect.de. [2003:cb:c708:1500:d584:7ad8:d3f7:5539]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-432d552de37sm30271325e9.42.2024.11.13.08.09.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 13 Nov 2024 08:09:51 -0800 (PST) Message-ID: <5c881108-41d8-4e8c-a1ec-9c04bc68a008@redhat.com> Date: Wed, 13 Nov 2024 17:09:50 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC for stable 5.15 and 5.10] mm/memory: only copy anonymous pages during fork() To: Vlastimil Babka , linux-mm@kvack.org Cc: Peter Xu References: <20241113160103.48943-2-vbabka@suse.cz> From: David Hildenbrand Autocrypt: addr=david@redhat.com; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW AgMBAh4BAheAAhkBFiEEG9nKrXNcTDpGDfzKTd4Q9wD/g1oFAl8Ox4kFCRKpKXgACgkQTd4Q 9wD/g1oHcA//a6Tj7SBNjFNM1iNhWUo1lxAja0lpSodSnB2g4FCZ4R61SBR4l/psBL73xktp rDHrx4aSpwkRP6Epu6mLvhlfjmkRG4OynJ5HG1gfv7RJJfnUdUM1z5kdS8JBrOhMJS2c/gPf wv1TGRq2XdMPnfY2o0CxRqpcLkx4vBODvJGl2mQyJF/gPepdDfcT8/PY9BJ7FL6Hrq1gnAo4 3Iv9qV0JiT2wmZciNyYQhmA1V6dyTRiQ4YAc31zOo2IM+xisPzeSHgw3ONY/XhYvfZ9r7W1l pNQdc2G+o4Di9NPFHQQhDw3YTRR1opJaTlRDzxYxzU6ZnUUBghxt9cwUWTpfCktkMZiPSDGd KgQBjnweV2jw9UOTxjb4LXqDjmSNkjDdQUOU69jGMUXgihvo4zhYcMX8F5gWdRtMR7DzW/YE BgVcyxNkMIXoY1aYj6npHYiNQesQlqjU6azjbH70/SXKM5tNRplgW8TNprMDuntdvV9wNkFs 9TyM02V5aWxFfI42+aivc4KEw69SE9KXwC7FSf5wXzuTot97N9Phj/Z3+jx443jo2NR34XgF 89cct7wJMjOF7bBefo0fPPZQuIma0Zym71cP61OP/i11ahNye6HGKfxGCOcs5wW9kRQEk8P9 M/k2wt3mt/fCQnuP/mWutNPt95w9wSsUyATLmtNrwccz63XOwU0EVcufkQEQAOfX3n0g0fZz Bgm/S2zF/kxQKCEKP8ID+Vz8sy2GpDvveBq4H2Y34XWsT1zLJdvqPI4af4ZSMxuerWjXbVWb T6d4odQIG0fKx4F8NccDqbgHeZRNajXeeJ3R7gAzvWvQNLz4piHrO/B4tf8svmRBL0ZB5P5A 2uhdwLU3NZuK22zpNn4is87BPWF8HhY0L5fafgDMOqnf4guJVJPYNPhUFzXUbPqOKOkL8ojk CXxkOFHAbjstSK5Ca3fKquY3rdX3DNo+EL7FvAiw1mUtS+5GeYE+RMnDCsVFm/C7kY8c2d0G NWkB9pJM5+mnIoFNxy7YBcldYATVeOHoY4LyaUWNnAvFYWp08dHWfZo9WCiJMuTfgtH9tc75 7QanMVdPt6fDK8UUXIBLQ2TWr/sQKE9xtFuEmoQGlE1l6bGaDnnMLcYu+Asp3kDT0w4zYGsx 5r6XQVRH4+5N6eHZiaeYtFOujp5n+pjBaQK7wUUjDilPQ5QMzIuCL4YjVoylWiBNknvQWBXS lQCWmavOT9sttGQXdPCC5ynI+1ymZC1ORZKANLnRAb0NH/UCzcsstw2TAkFnMEbo9Zu9w7Kv AxBQXWeXhJI9XQssfrf4Gusdqx8nPEpfOqCtbbwJMATbHyqLt7/oz/5deGuwxgb65pWIzufa N7eop7uh+6bezi+rugUI+w6DABEBAAHCwXwEGAEIACYCGwwWIQQb2cqtc1xMOkYN/MpN3hD3 AP+DWgUCXw7HsgUJEqkpoQAKCRBN3hD3AP+DWrrpD/4qS3dyVRxDcDHIlmguXjC1Q5tZTwNB boaBTPHSy/Nksu0eY7x6HfQJ3xajVH32Ms6t1trDQmPx2iP5+7iDsb7OKAb5eOS8h+BEBDeq 3ecsQDv0fFJOA9ag5O3LLNk+3x3q7e0uo06XMaY7UHS341ozXUUI7wC7iKfoUTv03iO9El5f XpNMx/YrIMduZ2+nd9Di7o5+KIwlb2mAB9sTNHdMrXesX8eBL6T9b+MZJk+mZuPxKNVfEQMQ a5SxUEADIPQTPNvBewdeI80yeOCrN+Zzwy/Mrx9EPeu59Y5vSJOx/z6OUImD/GhX7Xvkt3kq Er5KTrJz3++B6SH9pum9PuoE/k+nntJkNMmQpR4MCBaV/J9gIOPGodDKnjdng+mXliF3Ptu6 3oxc2RCyGzTlxyMwuc2U5Q7KtUNTdDe8T0uE+9b8BLMVQDDfJjqY0VVqSUwImzTDLX9S4g/8 kC4HRcclk8hpyhY2jKGluZO0awwTIMgVEzmTyBphDg/Gx7dZU1Xf8HFuE+UZ5UDHDTnwgv7E th6RC9+WrhDNspZ9fJjKWRbveQgUFCpe1sa77LAw+XFrKmBHXp9ZVIe90RMe2tRL06BGiRZr jPrnvUsUUsjRoRNJjKKA/REq+sAnhkNPPZ/NNMjaZ5b8Tovi8C0tmxiCHaQYqj7G2rgnT0kt WNyWQQ== Organization: Red Hat In-Reply-To: <20241113160103.48943-2-vbabka@suse.cz> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: JJLXrqLZX92NA21yx6XLyH3mQzd8ui9WPiksf7TS4Tk_1731514192 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 3F3F6180002 X-Stat-Signature: 7t5jxrpptm3wak4yeoakw7z7mt1sx57f X-HE-Tag: 1731514153-48526 X-HE-Meta: U2FsdGVkX1/IU7upfgB15DxiDkirFKjde78v9QPh5I6nALh6UIKeC3x1AEywcVoUL+sRoi+QzBZKQKre1KvAKUab99hqMdTVvhHeN5uMmx4UiEcvv9dMM/HvqQ/lvVZf4RlZ+56pO9akxI3/3zVYt1JLTleTZKYPaiIcBO7FRgHrmyYM61ELd3X9cvvhjE4WmrWVo5OADldTAVUTpuF6s54BkTyZvT0no3DPArFGa9AH/6G2OrVaSflJAni0G7WzycvOz7qDP7myKT+MsSt3bzx2f4MPqzn+hQzNolH6DQhfYIoJAbtlLHuW3OK/grM1nHZV/99aFsFotVtPLsfN21r2IOaaAYwcEb3rWMzIgC9zsDxaWZJLxM5o9cDUvVLlbt8yG5gXYDl7XXUXysHBl4mOQZ0jEOxsSy3m5D0+QcnQUwQCIgsa/igA4Kswnhgzr4NFe7KdNNyUCwEj2uaT8cLTifxyY8eSnnWOLpBQ7tHNWByUCpL0lPyIr+st0tnGXbaHz2mhrZrfKhT94d24oB+Op1dEVbkEq9f1qQjg843H7Wd9SsLgp2z9nyrhktqvRXHq/BzRIXFIZMmPW/MK5LODc96zvzdMTT9iHEaYiNI6uSRDdEcl71Oy/X5B0aOjdVy0F5WWTWxOBkPZO+cnUWvVWf90iDY8p8xFpND8kIPh4JHLfkEWUYMn1crKFWDcTceuTTKUtiE/thRu12z4hEr++j51dnFGyns+VImkwY2TR2Y81vxQM9I0u6VJRrUT9i7s4/k0aIJxrGE7G1QyUaDGySqS66kU2o+08rVwgKyBxb2vsatrVLxuE5O8YdwGAKcoNydHwil33h11BKG3huzM0/IYPSwU7LHhWoJWePwrItzxqODIBCkj06KB1TBJf0GPfb3DRU8tVOrUu1bfeOVtltoxEs1qT9tviBoQksr0LLRtMHhE3ObWcu+U38+WVcaNmU6QRYBIDH01hLC Uf+18BuB SWaAQaN+Hqu8plRFQYNDp8RwErZZfMf1pj2MZY9SotseIUSNug15dxjVclYt++EXSYyr5+GNDzXpp1Qh5Y+d1h6Pl+F9WpvnInTRvGcG4xlRgfqqi3bAmyRGA62ftXabRZ53dimRqBiG04jDGw7LoYRKU1Z/LgdgEE/Cr58PrVNTQDfV9UeL9gI0+2Btzt0KtcJVo8C9vi1kUJEAOIPanA2QJ2eagSfbvg88m/7KshJUhsOH34mqUxEIy43EGRbWuBL5uBS77bZ6MsxL3HBUSyBjxobjc7hvAfgPgItRwB7+PmfszuergjfM1qEGk7TNGAmFKXGWT+LeUXDlP1u8fPezGBS66DYIAqW73pr8XiK1yvy06c2tYhAdc/C78NMSUSsyalYX39NvAc2IGLzHzJExvzmrMzE29D65O93Hhab9RngQYsBw7PLEAGQQl7t6j5cUrcEOBnldBJ9MoLvJ21Bk7zg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 13.11.24 17:01, Vlastimil Babka wrote: > When a combination of unfortunate factors occur, we might BUG in fork(): > > dup_mmap() > copy_page_range() > copy_***_range() > copy_present_pte() > copy_present_page() > page_add_new_anon_rmap() > __page_set_anon_rmap() > BUG_ON(!anon_vma); > > The factors are: > > - source vma is VM_MIXEDMAP otherwise copy_page_range() would bail out > when !src_vma->anon_vma > - I think this was due to gpfs, but can happen in-tree as well > - is_cow_mapping() is true because VM_MAYWRITE (even though the vma > was a read-only mapping of a .so file) > - MMF_HAS_PINNED is true, thus some actual pinning has happened > - page_maybe_dma_pinned() is true as a false positive, because mapcount > and thus refcount is >1024 > > That makes us reach page_needs_cow_for_dma() in copy_present_page() and > evaluate it as true and attempt to CoW a file page and hit the BUG_ON() > because we never had a reason to instantiate anon_vma for the source > vma. > > AFAICS this was fixed inadvertedly in 5.19 by commit fb3d824d1a46 > ("mm/rmap: split page_dup_rmap() into page_dup_file_rmap() and > page_try_dup_anon_rmap()") or another commit in that series. What caught > my attention is this part of the changelog: > > We really only care about pins on anonymous pages, because they are prone > to getting replaced in the COW handler once mapped R/O. For !anon pages > in cow-mappings (!VM_SHARED && VM_MAYWRITE) we shouldn't really care about > that, at least not that I could come up with an example. > > And as part of that commit, an PageAnon() test is added in > copy_present_pte(). > > But the code is already refactored a lot, so this is an attempt at a > minimal fix for LTS kernels by placing the PageAnon() check to > copy_present_page(). > > Fixes: 70e806e4e645 ("mm: Do early cow for pinned pages during fork() for ptes") > Cc: Peter Xu > Cc: David Hildenbrand > Signed-off-by: Vlastimil Babka > --- > Hi, we've seen this in our 5.14 based kernel and it involved the out of > tree gpfs module, but I believe the same thing can happen in LTS's 5.10 > and 5.15 without out of tree modules as well. So I'd like your opinion > on this fix before I propose it to stable as a non-standard > version-specific fix (I don't think we'd want to backport fb3d824d1a46 > with prerequisities). Thanks. I recall seeing+discussing this exact patch already a couple years ago :D Ah, here is the 5.15 version https://lkml.kernel.org/r/20221028075244.3112566-1-songyuanzheng@huawei.com And the 5.10 version https://lore.kernel.org/lkml/20221024094911.3054769-1-songyuanzheng@huawei.com/ ... I could have sworn they got applied. ... and in linux-5.10.y I see commit 935a8b6202101d7f58fe9cd11287f9cec0d8dd32 Author: Yuanzheng Song Date: Fri Oct 28 03:07:05 2022 +0000 mm/memory: add non-anonymous page check in the copy_present_page() The vma->anon_vma of the child process may be NULL because the entire vma does not contain anonymous pages. In this case, a BUG will occur when the copy_present_page() passes a copy of a non-anonymous page of that vma to the page_add_new_anon_rmap() to set up new anonymous rmap. Maybe you missed that the PageAnon() check is simply a couple of lines further down in there? -- Cheers, David / dhildenb