From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD953C02185 for ; Fri, 17 Jan 2025 16:54:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D06B280004; Fri, 17 Jan 2025 11:54:41 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6806A280002; Fri, 17 Jan 2025 11:54:41 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4F997280004; Fri, 17 Jan 2025 11:54:41 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 2D5CB280002 for ; Fri, 17 Jan 2025 11:54:41 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id C3F671C7E48 for ; Fri, 17 Jan 2025 16:54:40 +0000 (UTC) X-FDA: 83017542720.21.45F0F04 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf13.hostedemail.com (Postfix) with ESMTP id 6301920007 for ; Fri, 17 Jan 2025 16:54:38 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=IkuujrsG; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf13.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1737132878; a=rsa-sha256; cv=none; b=VGPcGWOGFtz3wcDFmg9IMrcCQUHRBNbKkwvMrOFMDkx4W5jwnO/dMSJHYQfji3+QlwDm/i B7BxgVTd01Kozp1hHrPNAmHoEAuYnGM6MgICGCN8FoLeKRR6VMo7O6k3d8xHpAUjoH1BDC nZeiMU6lAnK0SfkeUjWaVlnJu6lWf84= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=IkuujrsG; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf13.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1737132878; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zfWkf7jOcC7c4frzq8TYfAfSdx5PYW2q8JcVYRysSAg=; b=Ane+jLt7qxgVFyw5h4KtdlrfxwMV0Mn6mcJczumkjxhTph0HpzdRlLv8NCG5sVDYfe3gw/ pGWNFMbXN+3WMOh8NcjW9JtNfiKFO7Gg2eUhD2Cd6vppCAOYXF6ZENWWnaBrVMA5zHkhHC slKed8hRyCP+aJNLFXpeWoxmWy9rN2Y= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737132877; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=zfWkf7jOcC7c4frzq8TYfAfSdx5PYW2q8JcVYRysSAg=; b=IkuujrsGrUf/6pbSJrNl6YjYHM08aIza1GTefx5/cDQBB38WGx4IT6UqnrUyrbCIcEBWKd TsZKgwpDLzR345ddoHUzBCuzT5RkR19ufPvq6IVC1BlzNaqlI5mJEaz9+i8vUm1mqeJxIc Pf3lccUbIdfh+I10F39GgFyjPhCY5hE= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-663-Dgvue4qkMFmFPHjQiF_CWA-1; Fri, 17 Jan 2025 11:54:34 -0500 X-MC-Unique: Dgvue4qkMFmFPHjQiF_CWA-1 X-Mimecast-MFC-AGG-ID: Dgvue4qkMFmFPHjQiF_CWA Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4361b090d23so11810895e9.0 for ; Fri, 17 Jan 2025 08:54:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737132872; x=1737737672; h=content-transfer-encoding:in-reply-to:organization:autocrypt :content-language:from:references:cc:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=zfWkf7jOcC7c4frzq8TYfAfSdx5PYW2q8JcVYRysSAg=; b=MCSLG7tDZlN6grqZjEVNkw1WLV12xC0BngowBhXyrZTDGw7eCv0hvEURSb/ufQrXMF SPieWIRq2LtRWLjdaSJspxwq1ZKlvpvnoz1Njmb5ovw5+BFmMNoMAovWs6+bzUtw6kzP LJ1l8WUSQa/017XNZGQ0WvoALajw2ME5SvJsw2R0kvfgOtOuJolGPSSTEcxNdwLkhEIU DjLHg4bNF/f+Pq/ttaLVCMvFHHBfzhZ+nVbbSZapHK/ZsRzd8FI41nYgj0xvc18x9M5l mYtHNaYy1LL605GBY8bF60phB8gVrTq4TaXtT8Z+FCZqVGoAMxQB0MaEiTyyBEfKcTd+ 5X6w== X-Forwarded-Encrypted: i=1; AJvYcCWi0cd03AsR7I3+v003/EPzzCE72sBBwjh4SFW7jziZc7MgwYThk1Gf5VXIP+MQi1jq0iizJBXzuQ==@kvack.org X-Gm-Message-State: AOJu0YzqdUdU6x6x7WhoKtM99Ha46A03y7rPvKPQPSiqXvxOdYwtqE+1 YYwUSkW9WxIoHL8gwuebYijmCxfBSnH1kLaSAr3JIDLTyfvHFLRB4nHq3w6xFD5t17sia6UDIUn 4sohGV2SLJJr5MsCXfljefQHx6Fe35jSeG3rYm242eyLah+pi X-Gm-Gg: ASbGncsODU5SBW+1UZNGCf7i04RBG2WexCeT0VrxlzefIr/EBi16SHuvtetvVkzIl1H o/2Lqq5dEsjdszRRtu/oXvfVmaCMA//5YlVLokM4Tf6IL65bZdvvF0tkR2oMn2zp7V8EM5aAZDV auZlT5fRtI//hFMXx/YyBCK0CNJeOVikLKaBRFQ2s6zXGi6YEw+Dw4Im1omG+ndLZ7fueAV7Utn 4aITnoTMApacmICCxjBmhGDfRG0Cd9R8rVCXI9U5j+BA7SUoiB64e8= X-Received: by 2002:a05:6000:1a8d:b0:385:f062:c2df with SMTP id ffacd0b85a97d-38bf566e6bdmr3418351f8f.11.1737132872482; Fri, 17 Jan 2025 08:54:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IEg0R28RcG9stznVMWx+t2/tR2M8SYvFLBFVP0r4Z9nONoGED1bYXW9AWTUZf5tixAjGwa1WQ== X-Received: by 2002:a05:6000:1a8d:b0:385:f062:c2df with SMTP id ffacd0b85a97d-38bf566e6bdmr3418326f8f.11.1737132872094; Fri, 17 Jan 2025 08:54:32 -0800 (PST) Received: from [10.10.13.81] ([45.156.240.116]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38bf3221c30sm2993875f8f.32.2025.01.17.08.54.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 17 Jan 2025 08:54:30 -0800 (PST) Message-ID: <6bdab899-3307-4a78-9352-b565ffae5ba8@redhat.com> Date: Fri, 17 Jan 2025 17:54:29 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 1/2] mm/memfd: reserve hugetlb folios before allocation To: Vivek Kasireddy , dri-devel@lists.freedesktop.org, linux-mm@kvack.org Cc: syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com, Steve Sistare , Muchun Song , Andrew Morton References: <20250114080927.2616684-1-vivek.kasireddy@intel.com> <20250114080927.2616684-2-vivek.kasireddy@intel.com> From: David Hildenbrand Autocrypt: addr=david@redhat.com; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW AgMBAh4BAheAAhkBFiEEG9nKrXNcTDpGDfzKTd4Q9wD/g1oFAl8Ox4kFCRKpKXgACgkQTd4Q 9wD/g1oHcA//a6Tj7SBNjFNM1iNhWUo1lxAja0lpSodSnB2g4FCZ4R61SBR4l/psBL73xktp rDHrx4aSpwkRP6Epu6mLvhlfjmkRG4OynJ5HG1gfv7RJJfnUdUM1z5kdS8JBrOhMJS2c/gPf wv1TGRq2XdMPnfY2o0CxRqpcLkx4vBODvJGl2mQyJF/gPepdDfcT8/PY9BJ7FL6Hrq1gnAo4 3Iv9qV0JiT2wmZciNyYQhmA1V6dyTRiQ4YAc31zOo2IM+xisPzeSHgw3ONY/XhYvfZ9r7W1l pNQdc2G+o4Di9NPFHQQhDw3YTRR1opJaTlRDzxYxzU6ZnUUBghxt9cwUWTpfCktkMZiPSDGd KgQBjnweV2jw9UOTxjb4LXqDjmSNkjDdQUOU69jGMUXgihvo4zhYcMX8F5gWdRtMR7DzW/YE BgVcyxNkMIXoY1aYj6npHYiNQesQlqjU6azjbH70/SXKM5tNRplgW8TNprMDuntdvV9wNkFs 9TyM02V5aWxFfI42+aivc4KEw69SE9KXwC7FSf5wXzuTot97N9Phj/Z3+jx443jo2NR34XgF 89cct7wJMjOF7bBefo0fPPZQuIma0Zym71cP61OP/i11ahNye6HGKfxGCOcs5wW9kRQEk8P9 M/k2wt3mt/fCQnuP/mWutNPt95w9wSsUyATLmtNrwccz63XOwU0EVcufkQEQAOfX3n0g0fZz Bgm/S2zF/kxQKCEKP8ID+Vz8sy2GpDvveBq4H2Y34XWsT1zLJdvqPI4af4ZSMxuerWjXbVWb T6d4odQIG0fKx4F8NccDqbgHeZRNajXeeJ3R7gAzvWvQNLz4piHrO/B4tf8svmRBL0ZB5P5A 2uhdwLU3NZuK22zpNn4is87BPWF8HhY0L5fafgDMOqnf4guJVJPYNPhUFzXUbPqOKOkL8ojk CXxkOFHAbjstSK5Ca3fKquY3rdX3DNo+EL7FvAiw1mUtS+5GeYE+RMnDCsVFm/C7kY8c2d0G NWkB9pJM5+mnIoFNxy7YBcldYATVeOHoY4LyaUWNnAvFYWp08dHWfZo9WCiJMuTfgtH9tc75 7QanMVdPt6fDK8UUXIBLQ2TWr/sQKE9xtFuEmoQGlE1l6bGaDnnMLcYu+Asp3kDT0w4zYGsx 5r6XQVRH4+5N6eHZiaeYtFOujp5n+pjBaQK7wUUjDilPQ5QMzIuCL4YjVoylWiBNknvQWBXS lQCWmavOT9sttGQXdPCC5ynI+1ymZC1ORZKANLnRAb0NH/UCzcsstw2TAkFnMEbo9Zu9w7Kv AxBQXWeXhJI9XQssfrf4Gusdqx8nPEpfOqCtbbwJMATbHyqLt7/oz/5deGuwxgb65pWIzufa N7eop7uh+6bezi+rugUI+w6DABEBAAHCwXwEGAEIACYCGwwWIQQb2cqtc1xMOkYN/MpN3hD3 AP+DWgUCXw7HsgUJEqkpoQAKCRBN3hD3AP+DWrrpD/4qS3dyVRxDcDHIlmguXjC1Q5tZTwNB boaBTPHSy/Nksu0eY7x6HfQJ3xajVH32Ms6t1trDQmPx2iP5+7iDsb7OKAb5eOS8h+BEBDeq 3ecsQDv0fFJOA9ag5O3LLNk+3x3q7e0uo06XMaY7UHS341ozXUUI7wC7iKfoUTv03iO9El5f XpNMx/YrIMduZ2+nd9Di7o5+KIwlb2mAB9sTNHdMrXesX8eBL6T9b+MZJk+mZuPxKNVfEQMQ a5SxUEADIPQTPNvBewdeI80yeOCrN+Zzwy/Mrx9EPeu59Y5vSJOx/z6OUImD/GhX7Xvkt3kq Er5KTrJz3++B6SH9pum9PuoE/k+nntJkNMmQpR4MCBaV/J9gIOPGodDKnjdng+mXliF3Ptu6 3oxc2RCyGzTlxyMwuc2U5Q7KtUNTdDe8T0uE+9b8BLMVQDDfJjqY0VVqSUwImzTDLX9S4g/8 kC4HRcclk8hpyhY2jKGluZO0awwTIMgVEzmTyBphDg/Gx7dZU1Xf8HFuE+UZ5UDHDTnwgv7E th6RC9+WrhDNspZ9fJjKWRbveQgUFCpe1sa77LAw+XFrKmBHXp9ZVIe90RMe2tRL06BGiRZr jPrnvUsUUsjRoRNJjKKA/REq+sAnhkNPPZ/NNMjaZ5b8Tovi8C0tmxiCHaQYqj7G2rgnT0kt WNyWQQ== Organization: Red Hat In-Reply-To: <20250114080927.2616684-2-vivek.kasireddy@intel.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: gQSu_WAtoqJF2hoKMhxGhVYowJeuzGk6UnA_unrDQ0k_1737132872 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 6301920007 X-Stat-Signature: ope7nc1j1zdfgqryaocuwfojc93jxqi7 X-Rspam-User: X-HE-Tag: 1737132878-501337 X-HE-Meta: U2FsdGVkX19w62kejcT7MiJc+NN7Fw4Hg8Oo+dxn/2Rf+RF4+ZKShgTb4RB+Z5jTsDAxwRRa1QsPoivzVK3Z9adaczcc+94DnUWekVpknqaEx4Bqpk+zoJcz8L2ow0dB9hcYGMOloOlX4HElZHCFEzIY5UG2gJEoAKJdcYwAkgTzRG1JD+vyYMsa4dIpKO30ITqxqfySmQwFHSwK25vePjDCEI8wHxSgFWv7rafdzljnz6k8FFRyiUfGb05meEPqC3d3dJmfH9Id5kKYuXbmsfn6DmMVZigF5X/ByiQy7QaOmoDFCghbe1VqP7JtWli3yE0slCOW1KNml8iNkfER5bmqtu/CZ1/DCWO7QyVJ26AB8s536mvtyIpie1LMbnHo/5s2u6ZUCb18Z72G2hR0X0Vjlz16eV0LeJcnT4Xo+BpE+H2zqe4WLnhRRje1RyQvzm8Tmhy5EpuNcJZzhP4SNmBcgXo/AIeVphnYhZkXx2UA8bmfsqO7UDQjX8+aDMsBvMEPZpnljdR+UeCyWSpFFpNybLtPFMqrMicD1tkAMKoCugGyTtNemYT9MQkfozWQ4dM2DfWwtQ3hetd/Ry8s6+ZUBy2j5FnmQ/E2vByw/pCxFGPmP66p1iZCVx70UYRZblXmOM/FlkpYoKM90HVt9MbfOJI3SMyOQxEEv1/1XBurVZmsQFPaLSn92nbegNX0LmQJjFfs8lGijU3B7yuBP/siuH7RKw12K57T5B7SEd93s7Ji9sUCyOecIzAfcGNZTdLiMkbqf7EjQmBNNp0gRe491V3Dfo5iJIO1SzQPkG1ygdTPLWDc1sxf73z+8h3mnjLRzzIEa7ryIDVBFjDBqqYyvi13pgG9HTojyab/9l3f+3yJgoGXQzN1sNACiIOCYg2Smz3UTYpwwFxD7eIvvWFR0I1JZM+ijQJ185dRk4zLD2kHZpeHBQgrBz3R4/InTKhV03ReqVzYHph8Yjj 21Xq8Yue QnnI6Q6FnbExcq1a2UmKKjm+uQN+PZ9UEK+76QvV/yMLfGXmjXv0iMxyNWSwHWP0dLJztZHX7Rrji/poL9QAEmVWNxCxG0TSR2YCypNUMJI7ZRhVOf2RG1YDnRGBMpcfzAJhntuWEJF9BlmJj6NrhQtC0xU6CQ8K2pH5lGWZg52v6w9brI6qK7jjEYKAKe4RiHxY4MHkJNf/GG1QZD0nRKQeV9J6AFNSTKpIk8EfycIuvylKDYG6DxXxyTkivPvDasBiLme19mS6j6NnlJeGoUo0wKYmNT8YXFgIK8sdm74xJjUCwHjovEpBncNxc1XKO+3049RV+tHBVqXAnpQYcprIZYM9Luo7RdiGHv+8/KvHCu5q2HXRaP2wWd0VtObNARSCkQ6fj7IuQ/OLMGZvM7lczmHtuqh1KI9jlJbOwAI5SkAhzrsZF1E5w3vCJXf5RgjWTRHNeEaL2mZijlCAzZg/xT2T7PkRKEkZlJvuJeZzMPR+cZiGHB2Ub4peqKf6B0ZnrdZIdN9qSBhTQOUx8xyRvYB1uLG1HHqARNkTdj5oj1lhgZ1sthPYnM5Q7u0PC/nDNshHJghM1BH4cxjGG6RFtPFrjV5W9qx88GNsvRxJMQEI6rwOr1VzvU1IyiMfUttcgGlopEkgJACcXM/UcqNmpQ5uMIQD+993mplx3fQv0JAAhz/W8Yfb5tm6OU8+OejB3 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 14.01.25 09:08, Vivek Kasireddy wrote: > There are cases when we try to pin a folio but discover that it has > not been faulted-in. So, we try to allocate it in memfd_alloc_folio() > but there is a chance that we might encounter a crash/failure > (VM_BUG_ON(!h->resv_huge_pages)) if there are no active reservations > at that instant. This issue was reported by syzbot: > > kernel BUG at mm/hugetlb.c:2403! > Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI > CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted > 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS > 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 > RIP: 0010:alloc_hugetlb_folio_reserve+0xbc/0xc0 mm/hugetlb.c:2403 > Code: 1f eb 05 e8 56 18 a0 ff 48 c7 c7 40 56 61 8e e8 ba 21 cc 09 4c 89 > f0 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 35 18 a0 ff 90 <0f> 0b 66 > 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f > RSP: 0018:ffffc9000d3d77f8 EFLAGS: 00010087 > RAX: ffffffff81ff6beb RBX: 0000000000000000 RCX: 0000000000100000 > RDX: ffffc9000e51a000 RSI: 00000000000003ec RDI: 00000000000003ed > RBP: 1ffffffff34810d9 R08: ffffffff81ff6ba3 R09: 1ffffd4000093005 > R10: dffffc0000000000 R11: fffff94000093006 R12: dffffc0000000000 > R13: dffffc0000000000 R14: ffffea0000498000 R15: ffffffff9a4086c8 > FS: 00007f77ac12e6c0(0000) GS:ffff88801fc00000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f77ab54b170 CR3: 0000000040b70000 CR4: 0000000000352ef0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > > memfd_alloc_folio+0x1bd/0x370 mm/memfd.c:88 > memfd_pin_folios+0xf10/0x1570 mm/gup.c:3750 > udmabuf_pin_folios drivers/dma-buf/udmabuf.c:346 [inline] > udmabuf_create+0x70e/0x10c0 drivers/dma-buf/udmabuf.c:443 > udmabuf_ioctl_create drivers/dma-buf/udmabuf.c:495 [inline] > udmabuf_ioctl+0x301/0x4e0 drivers/dma-buf/udmabuf.c:526 > vfs_ioctl fs/ioctl.c:51 [inline] > __do_sys_ioctl fs/ioctl.c:906 [inline] > __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > Therefore, to avoid this situation and fix this issue, we just need > to make a reservation (by calling hugetlb_reserve_pages()) before > we try to allocate the folio. This will ensure that we are properly > doing region/subpool accounting associated with our allocation. > > While at it, move subpool_inode() into hugetlb header and also > replace the VM_BUG_ON() with WARN_ON_ONCE() as there is no need to > crash the system in this scenario and instead we could just warn > and fail the allocation. > > Fixes: 26a8ea80929c ("mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak") > Reported-by: syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com > Signed-off-by: Vivek Kasireddy > Cc: Steve Sistare > Cc: Muchun Song > Cc: David Hildenbrand > Cc: Andrew Morton > --- > include/linux/hugetlb.h | 5 +++++ > mm/hugetlb.c | 14 ++++++-------- > mm/memfd.c | 14 +++++++++++--- > 3 files changed, 22 insertions(+), 11 deletions(-) > > diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h > index ae4fe8615bb6..38c580548564 100644 > --- a/include/linux/hugetlb.h > +++ b/include/linux/hugetlb.h > @@ -712,6 +712,11 @@ extern unsigned int default_hstate_idx; > > #define default_hstate (hstates[default_hstate_idx]) > > +static inline struct hugepage_subpool *subpool_inode(struct inode *inode) > +{ > + return HUGETLBFS_SB(inode->i_sb)->spool; > +} > + > static inline struct hugepage_subpool *hugetlb_folio_subpool(struct folio *folio) > { > return folio->_hugetlb_subpool; > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index c498874a7170..ef948f56b864 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -251,11 +251,6 @@ static long hugepage_subpool_put_pages(struct hugepage_subpool *spool, > return ret; > } > > -static inline struct hugepage_subpool *subpool_inode(struct inode *inode) > -{ > - return HUGETLBFS_SB(inode->i_sb)->spool; > -} > - > static inline struct hugepage_subpool *subpool_vma(struct vm_area_struct *vma) > { > return subpool_inode(file_inode(vma->vm_file)); > @@ -2397,12 +2392,15 @@ struct folio *alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, > struct folio *folio; > > spin_lock_irq(&hugetlb_lock); > + if (WARN_ON_ONCE(!h->resv_huge_pages)) { > + spin_unlock_irq(&hugetlb_lock); > + return NULL; > + } > + > folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, preferred_nid, > nmask); > - if (folio) { > - VM_BUG_ON(!h->resv_huge_pages); > + if (folio) > h->resv_huge_pages--; > - } > > spin_unlock_irq(&hugetlb_lock); > return folio; > diff --git a/mm/memfd.c b/mm/memfd.c > index 35a370d75c9a..0d128c44fb78 100644 > --- a/mm/memfd.c > +++ b/mm/memfd.c > @@ -70,7 +70,7 @@ struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) > #ifdef CONFIG_HUGETLB_PAGE > struct folio *folio; > gfp_t gfp_mask; > - int err; > + int err = -ENOMEM; > > if (is_file_hugepages(memfd)) { > /* > @@ -79,12 +79,16 @@ struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) > * alloc from. Also, the folio will be pinned for an indefinite > * amount of time, so it is not expected to be migrated away. > */ > + struct inode *inode = file_inode(memfd); > struct hstate *h = hstate_file(memfd); > > gfp_mask = htlb_alloc_mask(h); > gfp_mask &= ~(__GFP_HIGHMEM | __GFP_MOVABLE); > idx >>= huge_page_order(h); > > + if (!hugetlb_reserve_pages(inode, idx, idx + 1, NULL, 0)) > + return ERR_PTR(err); > + > folio = alloc_hugetlb_folio_reserve(h, > numa_node_id(), > NULL, > @@ -95,12 +99,16 @@ struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) > idx); > if (err) { > folio_put(folio); > - return ERR_PTR(err); > + goto err; > } > + > + hugetlb_set_folio_subpool(folio, subpool_inode(inode)); > folio_unlock(folio); > return folio; > } > - return ERR_PTR(-ENOMEM); > +err: > + hugetlb_unreserve_pages(inode, idx, idx + 1, 0); Hmmm, shouldn't we maybe only un-reserve if we were responsible for the reservation above? If it's already reserved before this call, we should probably leave it as is? Or maybe we never want to un-reserve at all here? -- Cheers, David / dhildenb