From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B547C4345F for ; Fri, 19 Apr 2024 15:17:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EEA766B0095; Fri, 19 Apr 2024 11:17:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E739E6B0096; Fri, 19 Apr 2024 11:17:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CED346B0098; Fri, 19 Apr 2024 11:17:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id AE0836B0095 for ; Fri, 19 Apr 2024 11:17:05 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 585321C0DA4 for ; Fri, 19 Apr 2024 15:17:05 +0000 (UTC) X-FDA: 82026634410.30.50BF520 Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) by imf11.hostedemail.com (Postfix) with ESMTP id 7D04F40014 for ; Fri, 19 Apr 2024 15:17:02 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=vAcbZvoc; spf=pass (imf11.hostedemail.com: domain of almasrymina@google.com designates 209.85.208.41 as permitted sender) smtp.mailfrom=almasrymina@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713539822; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=OKVsh5Q6uavCX2L8UHvFm8eJ4q1LcfOkw4OmFRzHRl0=; b=Q1rqFO6VG6TqkYt+i0D5lULd52eFTVMYLsb5Yv1SI+np/4qua44D9rzF3w5S+8iLHBr23x MpUcqEDl+xmKWw7UVJOBEsw47RAgNPMJqo3rl1wpGYaD4JwzJTbyNnQoxdwfgm/1DxPtCI 7r9Yu+kKWYXMqg9vQewai58H6HRzgqM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713539822; a=rsa-sha256; cv=none; b=P2J2bV58HsuihoInN0c2E3LvWWvxwWgmL5jwDhls5LlfrHenP12ynESJCVME5Yarl2rA8o YlfdEa2ZrL5/bwLf3QROcg/tax8C/UOxSXzmFhoERlja2crCcVsXdLMFA/kuSaExGWH/Jl J5MVkyEOQuawL2NLiLGpx5Ew7dYa8Ms= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=vAcbZvoc; spf=pass (imf11.hostedemail.com: domain of almasrymina@google.com designates 209.85.208.41 as permitted sender) smtp.mailfrom=almasrymina@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-571d6d1943fso816298a12.2 for ; Fri, 19 Apr 2024 08:17:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713539821; x=1714144621; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OKVsh5Q6uavCX2L8UHvFm8eJ4q1LcfOkw4OmFRzHRl0=; b=vAcbZvocbMZTXBpqXRVJxQkq5cLQIvVRzBye0IV+9qIIR29cs+sLO2tde6yHo6XK2b 3mu3MlJXq5g+UG3R6nTrgJUI4eNJjWRnJprGPKnVu5eT5SyMu8u9mFI04uVctJ9qMyP9 evo765D/7omn6JBfu+WP0v2xgyQQZhwmfuSJrLsHsXNsJsaNbOO4m3TKidGFZEGj4OAf wsh0s8KlBhEXyfGbW/F4z4OoFAv8c/sdv8nunS1UJsgix7fSESPePIU/ZE8H2/q9U+eW 67Ka4EK5mz8yoCcdtwpIdomyq3eofsq0ER0xK0P7lPTtZZjT/2H4lOxZQytoEQi87Pb+ MKJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713539821; x=1714144621; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OKVsh5Q6uavCX2L8UHvFm8eJ4q1LcfOkw4OmFRzHRl0=; b=dxxDMBzlVwzLFxGt/Hd6swfJ3FtDGdUacQwJNvYrCD08OQYlRGV46oumhTm1oBtb0Y zFy/SZEq4xoDIO6YDmWOp1g5zj8/GKUmJE2salKZCqQKEeOM3ggCUfcGZPiJJmr5rmsJ tkzE9EpRPYxLJc7xvW1qgSH9w98qidhC8Vc4uEWh2gdkRokTDts0fSy0ofiPQmQHn7Vc cgR+YtZgvptRgw/bQGLcQBWPZhRB4HHxGyzJeovLszLp0ydqef7F+3B9N8acZzRWpJvI Eo9kfY/FMF8s36me8xYrjvtSMgOhjcGjlUYsejimy8uxpyNsRWa4JHRWBW1M5+P9Zkuv YXHg== X-Gm-Message-State: AOJu0YwqtwoEDs2SwBk53gDTW9qExgU39jebUcmAYkhNTzZIxc+0Unyu EgFAxG1qjTBM1PmF6gS/3hPejDA/89+y5Kr77eSDJSIAdqS9/iQ97WBB3CoGIecObhoZu3m9BS3 /OhIKOhk0V69wgonLx53yXzvdnjUE7/Gh5xEN X-Google-Smtp-Source: AGHT+IGSF4R/7XyVxnbZU+tg0tRVhzLFWy1sVPooyzjHSt4OkmCfCHyvuqMsmrQd3CiTr11yPzmQ/sLnIiwlWdA353c= X-Received: by 2002:a17:906:4fc7:b0:a52:5925:2a31 with SMTP id i7-20020a1709064fc700b00a5259252a31mr1836689ejw.29.1713539820384; Fri, 19 Apr 2024 08:17:00 -0700 (PDT) MIME-Version: 1.0 References: <20240417211836.2742593-1-peterx@redhat.com> <20240417211836.2742593-3-peterx@redhat.com> In-Reply-To: <20240417211836.2742593-3-peterx@redhat.com> From: Mina Almasry Date: Fri, 19 Apr 2024 08:16:48 -0700 Message-ID: Subject: Re: [PATCH 2/3] mm/hugetlb: Fix missing hugetlb_lock for resv uncharge To: Peter Xu Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, David Hildenbrand , Andrew Morton , Muchun Song , David Rientjes , syzbot+4b8077a5fccc61c385a1@syzkaller.appspotmail.com, linux-stable Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 7D04F40014 X-Stat-Signature: ptqt6z74bet7r1qixofef8pgymmrk7fj X-Rspam-User: X-HE-Tag: 1713539822-133761 X-HE-Meta: U2FsdGVkX1+bhFkmvU2abPcUTMUaejNxKYT3AeyxOgTaqNJQZlxImo/p/TDpeDaIMpmaTLU5bBX8aYJmTWrniZxjrVEIQupbz8dXajwnclgKt2EIzBlYnyYpDU8gcMoA88SdxLeD5Vgn4RyRPO2lJb+eLrOsIfoWzdB0Mf7rmqo5tw+kE8NgLktX5pYkaKIvbumyqEuZwIydo9SOmofdDRMt50Tpbfue6Lgayij3tbszGfKfjp/5T2RnpFjpkMqEgvYzetHZtaQJNZ8eYDtGKeRqYHmC7sGoNcKPOcIRnJk2cnlmJdwPoJMiJKfNv7FO8dhqYIbYC7f7fVoBP54OxXwkhCPVk15BR7SfBt6b9GhtvzDo7Z5x+C57C6T20kpP5aubUITznfrT8tbKhvAsM2rjF1BBdEx6Nu978TKk6E1BjfQxRNCXQH0vrjTl8dhA4NFAyqynAKC/NUP/96nR0zlp9/A2RuTma55ohNpKGu5JTT2ZgXBTivolxIYrQ9dgg0Fd+y4aknshcEEhimlYwdlo9016FyWidY8mo++vtootxwvWdvQ6Xg5Ze4GdDGpToxmiaJ0YoLfvVWUxZBQ8x3/xXrlGR4AerY/hb/5+Fx4Hsp0KMl9c6jwUVw4cjV7QCB+2ZdtaVXNXu/ZPOjoB5s8dv7l4aGNDNydG82u8vV2aMRbU5oUXWYlMEMTFuc9GTWRH/VIQw0E6Pt9XUrfOmaf0y/nqQ5lcrs3m9aqMsG3mPimKDUNY9E1qhaMfHn8yWrYQ0TX34/SWfaKCzHZZn371a8B+g0HS3/fv/A9XUk9JW0lRm+JWsNkTJD7KYebX8o0iseKEydyXUM12Cbw6uWipOEOTKdh/zjJFuYC3xsFGhTDRp25hrB0lK7PIpTABSUj90Q8rwsYhQPnvaqvvsHTth8OBjKnRjLwshwOHDmzEJX2t9+7xrgh5XnQS4pe6ZnsYTelibKAkxsmUv/y KQW2a0U/ X1ImrWh7EJf66kTXQzGpLslUUbd+M+Y81o5L0qL5KLzzA+2DDLHq5fufW3V4woEyj8bo38l2aaYkIRxBhCA3SSg+JEP+RfmkU/mCF+0yRaXz3yItKBBYniQ2MrRYUYcgxlZo64tTxIjmuP5qk45zE9cMjK2OQMSMHhZso5uFF2tcT+J+Zi2n+ZKgdzi6yxDJLPvQeU0imMtovhEmibmbKLgyIQ5vgsq1CrPPkoXwXHJjutE9YxCHm9rMXCs1Fze1F10+78XDBMRlBJEp/gOOXXaoWpYRhlJRXlWALDnrIoMUIOE18cX9S1Pz/DBOz5DCuqCrsORxxEFvizhjXla7fItrmpQN8tCg8jYns+OTR4yJE7J8/8NVhopPzGWt4jcNXfRFjbX6e10kYge8iXxnjl+LKNlMVpWOplSQzOziB8eyiu5F6HvoKAzvnVv2kseU9uBcjty+5i4KAaUEENYxJt25W2xykRIezFFOZWJqYs8ExOK0/7K1Wnrq+bgHhNmOHdh2qDYvxUw0bbQNJ1yXI4PWqpw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Apr 17, 2024 at 2:18=E2=80=AFPM Peter Xu wrote: > > There is a recent report on UFFDIO_COPY over hugetlb: > > https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ > > 350: lockdep_assert_held(&hugetlb_lock); > > Should be an issue in hugetlb but triggered in an userfault context, wher= e > it goes into the unlikely path where two threads modifying the resv map > together. Mike has a fix in that path for resv uncharge but it looks lik= e > the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() > will update the cgroup pointer, so it requires to be called with the lock > held. > > Looks like a stable material, so have it copied. > > Reported-by: syzbot+4b8077a5fccc61c385a1@syzkaller.appspotmail.com > Cc: Mina Almasry > Cc: David Hildenbrand > Cc: linux-stable > Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") > Signed-off-by: Peter Xu Reviewed-by: Mina Almasry > --- > mm/hugetlb.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index 26ab9dfc7d63..3158a55ce567 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -3247,9 +3247,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_s= truct *vma, > > rsv_adjust =3D hugepage_subpool_put_pages(spool, 1); > hugetlb_acct_memory(h, -rsv_adjust); > - if (deferred_reserve) > + if (deferred_reserve) { > + spin_lock_irq(&hugetlb_lock); > hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h= ), > pages_per_huge_page(h), folio); > + spin_unlock_irq(&hugetlb_lock); > + } > } > > if (!memcg_charge_ret) > -- > 2.44.0 > --=20 Thanks, Mina