From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BE46E77198 for ; Tue, 7 Jan 2025 09:36:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E7B646B00B0; Tue, 7 Jan 2025 04:36:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E028E6B00B4; Tue, 7 Jan 2025 04:36:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C07D66B00B7; Tue, 7 Jan 2025 04:36:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 9FE7F6B00B0 for ; Tue, 7 Jan 2025 04:36:21 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 583AAAF384 for ; Tue, 7 Jan 2025 09:36:21 +0000 (UTC) X-FDA: 82980150162.06.DAE3DBF Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf10.hostedemail.com (Postfix) with ESMTP id BF211C0006 for ; Tue, 7 Jan 2025 09:36:18 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=XjIDmIFL; spf=pass (imf10.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736242579; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bL8xSwMLLY4FAIMaR+jKRm7FZog83L+gUEqzG3D+E2w=; b=VCzq/r7y5nTcFJmmlTWQRFcswjdfSIpREvlcb6k1Wrnfxmu0ZUiP7S/gASqt5CsWf+ix13 xelFB+6aFru1F72BqaQ40wrimzDyo1bZyV8rqUfsE0nC6JrNXdjX5qRzqmaV1nJDeINyzI P/Zt6cj07IMLF6gnMIatRrqIHM2F8Gg= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=XjIDmIFL; spf=pass (imf10.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736242579; a=rsa-sha256; cv=none; b=rUYDd/thWqdmmBbR/g1pBzlpuf+6CkROo7eN3hzE0wfD3GtKrufVsVr/rNgIQVdiqoQEBe aCZnWOk25WiTqp1KmcZt2xBk5TnYRNQOSKWY+2BKjfj5dkQaOsMGpmLrQsBLkv/IPwNgBV 7QoJJxzv4gjwmBESZ01O81wFaMPGVJI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736242578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=bL8xSwMLLY4FAIMaR+jKRm7FZog83L+gUEqzG3D+E2w=; b=XjIDmIFLCuUak91UxkTJAL0PGnqJVSDk27rP9GBgSmnPXTwyVY7p/5TNkHAhziW8AI9JjC jY6BqIQUb8mVOF9CKg7Ng1CHKdk/UpMF+B38sTxCxL8afJOu9T+PiuRs7C9T6NU7IvcrZ8 ebHD/s6YNKNATzb/MtiZGZ7qYTvQxsQ= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-279-CPQIvZwIMSiBNiuG-wbDMw-1; Tue, 07 Jan 2025 04:36:16 -0500 X-MC-Unique: CPQIvZwIMSiBNiuG-wbDMw-1 X-Mimecast-MFC-AGG-ID: CPQIvZwIMSiBNiuG-wbDMw Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-38a35a65575so7194807f8f.1 for ; Tue, 07 Jan 2025 01:36:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736242575; x=1736847375; h=content-transfer-encoding:in-reply-to:organization:autocrypt :content-language:from:references:cc:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=bL8xSwMLLY4FAIMaR+jKRm7FZog83L+gUEqzG3D+E2w=; b=IT7Bmp55IdJQNhRlNJ4V2aiGR3UZYCqvH2JgNXTyktt10cYnZfFErijREnRLY4G9w6 XPkOkvP2Yz6tXMhrBevsT7MBseY/76jq3CEs/LcEKb1h0nepprEG4GDDD5d4/ZYckRp2 IWbU8zkmnSy7oN/Xuc1tb6B2uydu9AxgKr9jmYxtudQCg+vLKTz5Jhf4HjUzAvlKCSht sL4HGnvcosacz/9784EawTIG0zICfSLyeHtDH21wGA4KOYaD2dANErTue4xMmEDRAZ0Z NkXA1pwM0BWgjUSuBBzC7MElhVNz3OrcJKkLv21MYdiv+0pvUwA08XeJhfmgpQNjJpt0 Ed8g== X-Forwarded-Encrypted: i=1; AJvYcCXyBlVSaSPUbwYH04wG+rNuu3+Dk/4wmAcK/FEHT5kT2tEhgFQFEYhTub9S29TqF47NefMirWx6GQ==@kvack.org X-Gm-Message-State: AOJu0Yzpno3wBcmoy5/9Yu4IRtgk1lYV9lYAZszXkYgDQhiBcNtkZt42 AZ3d8AurBGkz6Omt3wcGaXuXPfqvxTrZOusNLbPbtllUnXHLiKaMN4Aa98ij0KJwkxF4gLnDoe4 3Pm/qEEe7WdySjToQ5XKHWSSeg4gEi3wPkZTs2ZPEYVmjuSbj X-Gm-Gg: ASbGnctM2H9wEhP7oTVT6MyIBGtyVIhYBGMaKEA4aQIzsXZEQ0+JWaOh8upv4Ea6xUR J64xV1sGk15AhvkMWsP2wQOqIlaJuCKvybCC9uGk8Kb6v01/Mz72Dwbzx+NOBE8WsII+PpAruev 2LuKn2eHPTa6n+1nEboZrsz9oZAp6UQ29eiOIHz2gub2rHfXDBH1uFKhoKCxaf3h3zbNsCeugg3 eRMoWPPT6Zj48bliOzOpFfXLh6foY/8NpepRzeVsN1jFieZXU+V3KJAO/GbfeZor+LvZjasJLHq zFrn6LEJF2ovId4Kpnr8fQGoh3PUq5xapJkmgFtmPla3YR8sArPbwZwzuiwGVO/ft1qomgvrtFv bKwJUV9og X-Received: by 2002:a05:6000:704:b0:382:4b2a:4683 with SMTP id ffacd0b85a97d-38a221e1ec8mr48404492f8f.2.1736242575511; Tue, 07 Jan 2025 01:36:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IF0YwaMEAznv9/mERpgwa6aR+3lVkQPoxdlIOI5zZ+PC768Y0rbC1mRcZixfOmJOnkBYfdXtg== X-Received: by 2002:a05:6000:704:b0:382:4b2a:4683 with SMTP id ffacd0b85a97d-38a221e1ec8mr48404471f8f.2.1736242575067; Tue, 07 Jan 2025 01:36:15 -0800 (PST) Received: from ?IPV6:2003:cb:c719:1700:56dc:6a88:b509:d3f3? (p200300cbc719170056dc6a88b509d3f3.dip0.t-ipconnect.de. [2003:cb:c719:1700:56dc:6a88:b509:d3f3]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4366128a3c9sm593774445e9.40.2025.01.07.01.36.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 07 Jan 2025 01:36:13 -0800 (PST) Message-ID: <9e086d79-9948-411a-bd5b-6bf929691969@redhat.com> Date: Tue, 7 Jan 2025 10:36:12 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] mm/memfd: reserve hugetlb folios before allocation To: Vivek Kasireddy , linux-mm@kvack.org Cc: syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com, Steve Sistare , Muchun Song , Andrew Morton References: <20250107072517.2089633-1-vivek.kasireddy@intel.com> From: David Hildenbrand Autocrypt: addr=david@redhat.com; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW AgMBAh4BAheAAhkBFiEEG9nKrXNcTDpGDfzKTd4Q9wD/g1oFAl8Ox4kFCRKpKXgACgkQTd4Q 9wD/g1oHcA//a6Tj7SBNjFNM1iNhWUo1lxAja0lpSodSnB2g4FCZ4R61SBR4l/psBL73xktp rDHrx4aSpwkRP6Epu6mLvhlfjmkRG4OynJ5HG1gfv7RJJfnUdUM1z5kdS8JBrOhMJS2c/gPf wv1TGRq2XdMPnfY2o0CxRqpcLkx4vBODvJGl2mQyJF/gPepdDfcT8/PY9BJ7FL6Hrq1gnAo4 3Iv9qV0JiT2wmZciNyYQhmA1V6dyTRiQ4YAc31zOo2IM+xisPzeSHgw3ONY/XhYvfZ9r7W1l pNQdc2G+o4Di9NPFHQQhDw3YTRR1opJaTlRDzxYxzU6ZnUUBghxt9cwUWTpfCktkMZiPSDGd KgQBjnweV2jw9UOTxjb4LXqDjmSNkjDdQUOU69jGMUXgihvo4zhYcMX8F5gWdRtMR7DzW/YE BgVcyxNkMIXoY1aYj6npHYiNQesQlqjU6azjbH70/SXKM5tNRplgW8TNprMDuntdvV9wNkFs 9TyM02V5aWxFfI42+aivc4KEw69SE9KXwC7FSf5wXzuTot97N9Phj/Z3+jx443jo2NR34XgF 89cct7wJMjOF7bBefo0fPPZQuIma0Zym71cP61OP/i11ahNye6HGKfxGCOcs5wW9kRQEk8P9 M/k2wt3mt/fCQnuP/mWutNPt95w9wSsUyATLmtNrwccz63XOwU0EVcufkQEQAOfX3n0g0fZz Bgm/S2zF/kxQKCEKP8ID+Vz8sy2GpDvveBq4H2Y34XWsT1zLJdvqPI4af4ZSMxuerWjXbVWb T6d4odQIG0fKx4F8NccDqbgHeZRNajXeeJ3R7gAzvWvQNLz4piHrO/B4tf8svmRBL0ZB5P5A 2uhdwLU3NZuK22zpNn4is87BPWF8HhY0L5fafgDMOqnf4guJVJPYNPhUFzXUbPqOKOkL8ojk CXxkOFHAbjstSK5Ca3fKquY3rdX3DNo+EL7FvAiw1mUtS+5GeYE+RMnDCsVFm/C7kY8c2d0G NWkB9pJM5+mnIoFNxy7YBcldYATVeOHoY4LyaUWNnAvFYWp08dHWfZo9WCiJMuTfgtH9tc75 7QanMVdPt6fDK8UUXIBLQ2TWr/sQKE9xtFuEmoQGlE1l6bGaDnnMLcYu+Asp3kDT0w4zYGsx 5r6XQVRH4+5N6eHZiaeYtFOujp5n+pjBaQK7wUUjDilPQ5QMzIuCL4YjVoylWiBNknvQWBXS lQCWmavOT9sttGQXdPCC5ynI+1ymZC1ORZKANLnRAb0NH/UCzcsstw2TAkFnMEbo9Zu9w7Kv AxBQXWeXhJI9XQssfrf4Gusdqx8nPEpfOqCtbbwJMATbHyqLt7/oz/5deGuwxgb65pWIzufa N7eop7uh+6bezi+rugUI+w6DABEBAAHCwXwEGAEIACYCGwwWIQQb2cqtc1xMOkYN/MpN3hD3 AP+DWgUCXw7HsgUJEqkpoQAKCRBN3hD3AP+DWrrpD/4qS3dyVRxDcDHIlmguXjC1Q5tZTwNB boaBTPHSy/Nksu0eY7x6HfQJ3xajVH32Ms6t1trDQmPx2iP5+7iDsb7OKAb5eOS8h+BEBDeq 3ecsQDv0fFJOA9ag5O3LLNk+3x3q7e0uo06XMaY7UHS341ozXUUI7wC7iKfoUTv03iO9El5f XpNMx/YrIMduZ2+nd9Di7o5+KIwlb2mAB9sTNHdMrXesX8eBL6T9b+MZJk+mZuPxKNVfEQMQ a5SxUEADIPQTPNvBewdeI80yeOCrN+Zzwy/Mrx9EPeu59Y5vSJOx/z6OUImD/GhX7Xvkt3kq Er5KTrJz3++B6SH9pum9PuoE/k+nntJkNMmQpR4MCBaV/J9gIOPGodDKnjdng+mXliF3Ptu6 3oxc2RCyGzTlxyMwuc2U5Q7KtUNTdDe8T0uE+9b8BLMVQDDfJjqY0VVqSUwImzTDLX9S4g/8 kC4HRcclk8hpyhY2jKGluZO0awwTIMgVEzmTyBphDg/Gx7dZU1Xf8HFuE+UZ5UDHDTnwgv7E th6RC9+WrhDNspZ9fJjKWRbveQgUFCpe1sa77LAw+XFrKmBHXp9ZVIe90RMe2tRL06BGiRZr jPrnvUsUUsjRoRNJjKKA/REq+sAnhkNPPZ/NNMjaZ5b8Tovi8C0tmxiCHaQYqj7G2rgnT0kt WNyWQQ== Organization: Red Hat In-Reply-To: <20250107072517.2089633-1-vivek.kasireddy@intel.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: ZOXVtnsz8xzbWDwl9TI8navOLkBbthBjlKecenELNzU_1736242575 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: BF211C0006 X-Rspamd-Server: rspam12 X-Stat-Signature: 6syqhms6y3rccgq96mriyk5xfkoq3mi1 X-Rspam-User: X-HE-Tag: 1736242578-973079 X-HE-Meta: U2FsdGVkX19oKf3M7ZX6ucd6sBnLnRaYgXYwdrdPMPtfqDFqoTHNCrvwKKRMzxDOuasYRVt5W5SfPcwKQFA0vjxWb62P19/NCapzNlzJgv1eM4q/15yRZ1XkbRP5q2c+O346eXn+lGvOE50kt5sALYlNLvY5RYt7AgQ4JnQe+k0UmbjqaukN5I8LifJJzmugzmtByLqikRa7eWDhJ5/Ol2hJl+BtSApy0en9eAyjEHaRSli7d0yg2Mj0t0X55owtYXNXtfj6AEBMYSw3li/8l7+9tReKVdnp1bs+8jwdbXqp3G5cmlkBvEmmPPkYclAbr5pCfamzYsRehKu/3fK6texKrnO2tb3z1GcgLyV1ipjhRbwVuRdpmXZbSnuKaxu7cILdMGawXERD4svkwGKeJMJKRx9qoRB2LPRWAanlKzNep0vkuVlS30uN/1x2hhlL+h4Cd7+lownaNeUB+rLXQE5UfsXmXHpXQEWSVLxcsvIE4t7GEuirZm09Y2KB95AXzLt+8ADimg+slKHMx0NEoY8Szu1k/6oce7Qhy6JopBKEuH5QPWX6khfiReFwqB06zxalx7BKG4E5UBVvv4poN0c16PGfvcU4nriLWTEGVzjlxGbbAjKSQxDfeM0KbDdOzZ37Dq6ZsgYtJzQbsETcMSyA8VzDHpS4w/vf5VIdl1zNpq7dbKZcFHbsXGaWQvumpPXEKGC/WbJzjzDG0JBcdr7AyFQ6bDRZOz+MzSnRLxUIXXngyFoWccL1/QW8Y7a3cMuV+infgczsifdGwO2+K2N2ryT/q8qnhL8xj7+dOFaTEqct7KVvPIv68XPlTQmShKmxh3DbucdzGrYcLF2NVFXEQxMnBW3yqguuDkuar/bdfTnT2H/2Yev++ZoMW+EAT6GgE22xN5b6L20MZ+InLMkmdia2PgqVpExfmk0uPJRhXJmyHMCrZeP1kUabEP3MJUrkmW1O33AMliDSAdA TdwYXDB8 tB70b6xYXNwA+chjUkCTbX5lwKpqP6SGYyQ43DPDNZMWr/TQJsSicmGe6ft8DajoapPBGEAjxrHhyz5yp/2uQNhGsPWNy7ZVbqHbMrIo8yREeC5x2vTiYbUSEgmf6tC29Nrd8P24Ub+FWuFalccSmYjymuhD1hNnnnK+EqszEiS3qVZEVojcBL7T3iHeA91B4VyzvIyG2dRs8unk30ZouM0q5WX7dLUAhVYasMmFnNOcpj6s7hhFe5vTorKjYUTwH8LxhcLJZ8YF3kbwyFQ5QcXHA7j0PQDJdu4lj0bZqWybBq9rTdbHEYaRP//0HLsCcnIHfPW9NH0IRV45YnHqLzIqComkb8gDmCCY84xgoaTlk8LKuYV95kZx53zyEB24ztygy/ny3Nq8zZVG1jJzljyyyJF9mXCjFty+JeCeowMFu6GmAnYNoGy8v1vBZOrHqc3YG602J4FCYWU+bbZd2A603OeS29Yj2ZVpndHm7w5AzmgCJW+0o3pOC0XwE8Y2vXD3QQN8UC6bMfueLWqfymUr4LCjb0bcmh2otya7YwVQalDNqqTlejxd7wzW0kcnejnqFZLfpQx6zfjUqVHZPNN0zkOh4ggGm92EsKcwlm4Nv6LydH6ERogoHlUC9+KWNU6O7N6AoyNXperb1BE5h2VRWeTlWgbx3jfwU2d2L2uP1rK0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 07.01.25 08:25, Vivek Kasireddy wrote: > There are cases when we try to pin a folio but discover that it has > not been faulted-in. So, we try to allocate it in memfd_alloc_folio() > but there is a chance that we might encounter a crash/failure > (VM_BUG_ON(!h->resv_huge_pages)) if there are no active reservations > at that instant. This issue was reported by syzbot: > > kernel BUG at mm/hugetlb.c:2403! > Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI > CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted > 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS > 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 > RIP: 0010:alloc_hugetlb_folio_reserve+0xbc/0xc0 mm/hugetlb.c:2403 > Code: 1f eb 05 e8 56 18 a0 ff 48 c7 c7 40 56 61 8e e8 ba 21 cc 09 4c 89 > f0 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 35 18 a0 ff 90 <0f> 0b 66 > 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f > RSP: 0018:ffffc9000d3d77f8 EFLAGS: 00010087 > RAX: ffffffff81ff6beb RBX: 0000000000000000 RCX: 0000000000100000 > RDX: ffffc9000e51a000 RSI: 00000000000003ec RDI: 00000000000003ed > RBP: 1ffffffff34810d9 R08: ffffffff81ff6ba3 R09: 1ffffd4000093005 > R10: dffffc0000000000 R11: fffff94000093006 R12: dffffc0000000000 > R13: dffffc0000000000 R14: ffffea0000498000 R15: ffffffff9a4086c8 > FS: 00007f77ac12e6c0(0000) GS:ffff88801fc00000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f77ab54b170 CR3: 0000000040b70000 CR4: 0000000000352ef0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > > memfd_alloc_folio+0x1bd/0x370 mm/memfd.c:88 > memfd_pin_folios+0xf10/0x1570 mm/gup.c:3750 > udmabuf_pin_folios drivers/dma-buf/udmabuf.c:346 [inline] > udmabuf_create+0x70e/0x10c0 drivers/dma-buf/udmabuf.c:443 > udmabuf_ioctl_create drivers/dma-buf/udmabuf.c:495 [inline] > udmabuf_ioctl+0x301/0x4e0 drivers/dma-buf/udmabuf.c:526 > vfs_ioctl fs/ioctl.c:51 [inline] > __do_sys_ioctl fs/ioctl.c:906 [inline] > __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > Therefore, to avoid this situation and fix this issue, we just need > to make a reservation before we try to allocate the folio. While at > it, also remove the VM_BUG_ON() as there is no need to crash the > system in this scenario and instead we could just fail the allocation. > > Fixes: 26a8ea80929c ("mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak") > Reported-by: syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com > Signed-off-by: Vivek Kasireddy > Cc: Steve Sistare > Cc: Muchun Song > Cc: David Hildenbrand > Cc: Andrew Morton > --- > mm/hugetlb.c | 9 ++++++--- > mm/memfd.c | 5 +++++ > 2 files changed, 11 insertions(+), 3 deletions(-) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index c498874a7170..e46c461210a4 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -2397,12 +2397,15 @@ struct folio *alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, > struct folio *folio; > > spin_lock_irq(&hugetlb_lock); > + if (!h->resv_huge_pages) { Should this be a "if (WARN_ON_ONCE(!h->resv_huge_pages)) {", because the "_reserve" in the function indicates that this is indeed something that must never happen? > + spin_unlock_irq(&hugetlb_lock); > + return NULL; > + } > + > folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, preferred_nid, > nmask); > - if (folio) { > - VM_BUG_ON(!h->resv_huge_pages); > + if (folio) > h->resv_huge_pages--; > - } > > spin_unlock_irq(&hugetlb_lock); > return folio; > diff --git a/mm/memfd.c b/mm/memfd.c > index 35a370d75c9a..a3012c444285 100644 > --- a/mm/memfd.c > +++ b/mm/memfd.c > @@ -85,6 +85,10 @@ struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) > gfp_mask &= ~(__GFP_HIGHMEM | __GFP_MOVABLE); > idx >>= huge_page_order(h); > > + if (!hugetlb_reserve_pages(file_inode(memfd), > + idx, idx + 1, NULL, 0)) > + return ERR_PTR(-ENOMEM); > + > folio = alloc_hugetlb_folio_reserve(h, > numa_node_id(), > NULL, > @@ -100,6 +104,7 @@ struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) > folio_unlock(folio); > return folio; > } > + hugetlb_unreserve_pages(file_inode(memfd), idx, idx + 1, 1); > return ERR_PTR(-ENOMEM); Staring at hugetlb_reserve_pages() I assume this will also work as expected if already reserved. -- Cheers, David / dhildenb