From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B46DCC433EF for ; Mon, 20 Jun 2022 11:57:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 32EAE6B0071; Mon, 20 Jun 2022 07:57:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2DDAC6B0073; Mon, 20 Jun 2022 07:57:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1CC448E0001; Mon, 20 Jun 2022 07:57:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 0F1636B0071 for ; Mon, 20 Jun 2022 07:57:15 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id D5F9D34447 for ; Mon, 20 Jun 2022 11:57:14 +0000 (UTC) X-FDA: 79598463588.08.C9D491C Received: from out30-133.freemail.mail.aliyun.com (out30-133.freemail.mail.aliyun.com [115.124.30.133]) by imf21.hostedemail.com (Postfix) with ESMTP id DBD271C00B3 for ; Mon, 20 Jun 2022 11:57:11 +0000 (UTC) X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R661e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046049;MF=xianting.tian@linux.alibaba.com;NM=1;PH=DS;RN=11;SR=0;TI=SMTPD_---0VGxF5NM_1655726226; Received: from B-LB6YLVDL-0141.local(mailfrom:xianting.tian@linux.alibaba.com fp:SMTPD_---0VGxF5NM_1655726226) by smtp.aliyun-inc.com; Mon, 20 Jun 2022 19:57:07 +0800 Subject: Re: [PATCH 5.15] mm: validate buddy page before using To: Greg KH Cc: akpm@linux-foundation.org, ziy@nvidia.com, stable@vger.kernel.org, guoren@kernel.org, huanyi.xj@alibaba-inc.com, guohanjun@huawei.com, zjb194813@alibaba-inc.com, tianhu.hh@alibaba-inc.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org References: <20220616161746.3565225-1-xianting.tian@linux.alibaba.com> <20220616161746.3565225-6-xianting.tian@linux.alibaba.com> <35bd7396-f5aa-e154-9495-0a36fc6f6a33@linux.alibaba.com> From: Xianting Tian Message-ID: <8b16a502-5ad5-1efb-0d84-ed0a8ae63c0e@linux.alibaba.com> Date: Mon, 20 Jun 2022 19:57:05 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------3007FBCF890F0D986AFCDDA2" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655726232; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fFIrTRAnSFy5Gin8YXIQByUH5HtHontLNrvUAgh1MZs=; b=rjbFj2CXNBm1jM3W3IfNmTAkfTu+crEiERM5edI2KkMXpIo//zWjiFmYdjwe401eswGFin MXbgVbj/dONR8u1EUznVgT5fskuFzm3RH402lbzLy/RpN0/YvTr6oSRqlHYhBQqEDH+/Q4 5gHt+yex1MWOYZYmtpPRmwVW4Yddv0o= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655726232; a=rsa-sha256; cv=none; b=u9Q/YfFvuLyiigFixLRVnBWU6iycxHngkHRwF5/SnhXrFOAdTYAGm49rxS0ArhR2bVIdri wkAizZEUnDCO6ULfR4nqcRhBI7qT6Qp7YsxmnUC+iTb5nP9gDK19s8DV5eqlExaOQ4+Opw IQn1Bw9o7SS0TNa2tMrdYhn7nnmyih4= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=none; spf=pass (imf21.hostedemail.com: domain of xianting.tian@linux.alibaba.com designates 115.124.30.133 as permitted sender) smtp.mailfrom=xianting.tian@linux.alibaba.com; dmarc=pass (policy=none) header.from=alibaba.com X-Stat-Signature: m17cqotajau76gwkhog1xdee9mnwe89p Authentication-Results: imf21.hostedemail.com; dkim=none; spf=pass (imf21.hostedemail.com: domain of xianting.tian@linux.alibaba.com designates 115.124.30.133 as permitted sender) smtp.mailfrom=xianting.tian@linux.alibaba.com; dmarc=pass (policy=none) header.from=alibaba.com X-Rspamd-Queue-Id: DBD271C00B3 X-Rspamd-Server: rspam02 X-Rspam-User: X-HE-Tag: 1655726231-835834 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This is a multi-part message in MIME format. --------------3007FBCF890F0D986AFCDDA2 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit 在 2022/6/20 下午7:42, Greg KH 写道: > On Mon, Jun 20, 2022 at 06:54:44PM +0800, Xianting Tian wrote: >> 在 2022/6/20 下午6:17, Greg KH 写道: >>> On Fri, Jun 17, 2022 at 12:17:45AM +0800, Xianting Tian wrote: >>>> Commit 787af64d05cd ("mm: page_alloc: validate buddy before check its migratetype.") >>>> fixes a bug in 1dd214b8f21c and there is a similar bug in d9dddbf55667 that >>>> can be fixed in a similar way too. >>>> >>>> In unset_migratetype_isolate(), we also need the fix, so move page_is_buddy() >>>> from mm/page_alloc.c to mm/internal.h >>>> >>>> In addition, for RISC-V arch the first 2MB RAM could be reserved for opensbi, >>>> so it would have pfn_base=512 and mem_map began with 512th PFN when >>>> CONFIG_FLATMEM=y. >>>> But __find_buddy_pfn algorithm thinks the start pfn 0, it could get 0 pfn or >>>> less than the pfn_base value. We need page_is_buddy() to verify the buddy to >>>> prevent accessing an invalid buddy. >>>> >>>> Fixes: d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks") >>>> Cc: stable@vger.kernel.org >>>> Reported-by: zjb194813@alibaba-inc.com >>>> Reported-by: tianhu.hh@alibaba-inc.com >>>> Signed-off-by: Xianting Tian >>>> --- >>>> mm/internal.h | 34 ++++++++++++++++++++++++++++++++++ >>>> mm/page_alloc.c | 37 +++---------------------------------- >>>> mm/page_isolation.c | 3 ++- >>>> 3 files changed, 39 insertions(+), 35 deletions(-) >>> What is the commit id of this in Linus's tree? >> It is also this one, >> >> commit 787af64d05cd528aac9ad16752d11bb1c6061bb9 >> Author: Zi Yan >> Date:   Wed Mar 30 15:45:43 2022 -0700 >> >>     mm: page_alloc: validate buddy before check its migratetype. >> >>     Whenever a buddy page is found, page_is_buddy() should be called to >>     check its validity.  Add the missing check during pageblock merge check. >> >>     Fixes: 1dd214b8f21c ("mm: page_alloc: avoid merging non-fallbackable >> pageblocks with others") >>     Link: >> https://lore.kernel.org/all/20220330154208.71aca532@gandalf.local.home/ >>     Reported-and-tested-by: Steven Rostedt >>     Signed-off-by: Zi Yan >>     Signed-off-by: Linus Torvalds > This commit looks nothing like what you posted here. > > Why the vast difference with no explaination as to why these are so > different from the other backports you provided here? Also why is the > subject lines changed? Yes, the changes of 5.15 are not same with others branches, because we need additional fix for 5.15, You can check it in the thread: https://lore.kernel.org/linux-mm/435B45C3-E6A5-43B2-A5A2-318C748691FC@nvidia.com/ Right. But pfn_valid_within() was removed since 5.15. So your fix is required for kernels between 5.15 and 5.17 (inclusive). > Something went really wrong here, I'm going to drop all of these from > the stable queues and wait for a full series of all new backports, with > the correct upstream commit id added, and the original signed-off-by > lines preserved. > > thanks, > > greg k-h --------------3007FBCF890F0D986AFCDDA2 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit


在 2022/6/20 下午7:42, Greg KH 写道:
On Mon, Jun 20, 2022 at 06:54:44PM +0800, Xianting Tian wrote:

在 2022/6/20 下午6:17, Greg KH 写道:

On Fri, Jun 17, 2022 at 12:17:45AM +0800, Xianting Tian wrote:

Commit 787af64d05cd ("mm: page_alloc: validate buddy before check its migratetype.")
fixes a bug in 1dd214b8f21c and there is a similar bug in d9dddbf55667 that
can be fixed in a similar way too.

In unset_migratetype_isolate(), we also need the fix, so move page_is_buddy()
from mm/page_alloc.c to mm/internal.h

In addition, for RISC-V arch the first 2MB RAM could be reserved for opensbi,
so it would have pfn_base=512 and mem_map began with 512th PFN when
CONFIG_FLATMEM=y.
But __find_buddy_pfn algorithm thinks the start pfn 0, it could get 0 pfn or
less than the pfn_base value. We need page_is_buddy() to verify the buddy to
prevent accessing an invalid buddy.

Fixes: d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks")
Cc: stable@vger.kernel.org
Reported-by: zjb194813@alibaba-inc.com
Reported-by: tianhu.hh@alibaba-inc.com
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
---
  mm/internal.h       | 34 ++++++++++++++++++++++++++++++++++
  mm/page_alloc.c     | 37 +++----------------------------------
  mm/page_isolation.c |  3 ++-
  3 files changed, 39 insertions(+), 35 deletions(-)

What is the commit id of this in Linus's tree?

It is also this one,

commit 787af64d05cd528aac9ad16752d11bb1c6061bb9
Author: Zi Yan <ziy@nvidia.com>
Date:   Wed Mar 30 15:45:43 2022 -0700

    mm: page_alloc: validate buddy before check its migratetype.

    Whenever a buddy page is found, page_is_buddy() should be called to
    check its validity.  Add the missing check during pageblock merge check.

    Fixes: 1dd214b8f21c ("mm: page_alloc: avoid merging non-fallbackable
pageblocks with others")
    Link:
https://lore.kernel.org/all/20220330154208.71aca532@gandalf.local.home/
    Reported-and-tested-by: Steven Rostedt <rostedt@goodmis.org>
    Signed-off-by: Zi Yan <ziy@nvidia.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

This commit looks nothing like what you posted here.

Why the vast difference with no explaination as to why these are so
different from the other backports you provided here?  Also why is the
subject lines changed?

Yes, the changes of 5.15 are not same with others branches, because we need additional fix for 5.15,

You can check it in the thread:

https://lore.kernel.org/linux-mm/435B45C3-E6A5-43B2-A5A2-318C748691FC@nvidia.com/

Right. But pfn_valid_within() was removed since 5.15. So your fix is
required for kernels between 5.15 and 5.17 (inclusive).
Something went really wrong here, I'm going to drop all of these from
the stable queues and wait for a full series of all new backports, with
the correct upstream commit id added, and the original signed-off-by
lines preserved.

thanks,

greg k-h
--------------3007FBCF890F0D986AFCDDA2--