From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8CFDEC6FD18 for ; Thu, 30 Mar 2023 00:14:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 28C2E6B0072; Wed, 29 Mar 2023 20:14:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 215536B0074; Wed, 29 Mar 2023 20:14:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 08F286B0075; Wed, 29 Mar 2023 20:14:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E96D96B0072 for ; Wed, 29 Mar 2023 20:14:37 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id B327D140201 for ; Thu, 30 Mar 2023 00:14:37 +0000 (UTC) X-FDA: 80623643394.21.5C83A97 Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by imf02.hostedemail.com (Postfix) with ESMTP id E892E8000C for ; Thu, 30 Mar 2023 00:14:35 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=RQwnmDix; spf=pass (imf02.hostedemail.com: domain of shy828301@gmail.com designates 209.85.210.176 as permitted sender) smtp.mailfrom=shy828301@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680135276; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=OqTaJc++Fy4uDfLa9Ft8mislQO1Ik1i1kHjA6mm3OCE=; b=VaLfdmcnYuaPyzf/2yc8wKC4i9uFRuAtOyyle2l2DZDx/ghYvrzsQSqXTvRcToU2XcqNh7 ko8vSNBsIfaqBpyqLXeN7nB/rs+zNefjc/fAFZyQvTqY+By4Tco8RbGvW2vpGVEX6xdAj/ a0w7T1a4Z1627XFfRdvWTE+CemUXf6U= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=RQwnmDix; spf=pass (imf02.hostedemail.com: domain of shy828301@gmail.com designates 209.85.210.176 as permitted sender) smtp.mailfrom=shy828301@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680135276; a=rsa-sha256; cv=none; b=Va5zAKFcUcaSxTRwBtIaAdDGgCKO2HxFXhmD1Wq8xLxHIZoTTerhDtyLsoPfOqC/DZ5Xef zSmxlCIybaaRJg4aX1xibKZxdM59n/yfr7n+2lf2Ahm+uPg4Kbet1gtw0cRRIKWOXLT5gy jzl6FxPAbdU7hvHaGchtbK3lwgMUW0I= Received: by mail-pf1-f176.google.com with SMTP id u20so11413983pfk.12 for ; Wed, 29 Mar 2023 17:14:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680135274; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OqTaJc++Fy4uDfLa9Ft8mislQO1Ik1i1kHjA6mm3OCE=; b=RQwnmDixUP+HPRQomoP/B6+oWwXu7KGgw5gFVbJxVr6oc17bKo+QeJS1OtPAZ/jEUZ eDCa/x0xH5hRckbJkWfj5F8gbC40EaTc5itNie86YmN+QLWeAtoUl70w+5W0MD1aUXUM aAhKl+2NcSVYvC8c/ipD9kONgK8vP6KLbET8fJU7mCuNNOZoyrOzy7celiIbuCx6BFB+ BOBuCAFY3bHdVgOnkoIbbosIzo9CW3j7UxtnB2m5lK/BxDVugo+yTZ4cislAqz/UFQBK /I3vh7D9VQ6gkLJ8iJZZ392GP1cSyz01oDa/jmGxQwkVtgq/fNWnvYAiSmMEnZMvOdDD 7MrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680135274; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OqTaJc++Fy4uDfLa9Ft8mislQO1Ik1i1kHjA6mm3OCE=; b=01BbOpjyb6Df6Yb9JdVVQoouStOIIChdSTIuVuuTx33qKSXozFgmCFWjFaOuhKunXr P5leQFDkbCi40/urrNL+K5kNjo7eB9qz4N2lQ1gp8uo+E8nCHH0bR/dxja6IPfZHe1FP 45xMIT3JY3xAcUYNeaRWUs1wR6O+TjhqLEkO3UoLYTeeoRtWKug0diPUEhimG923X10K lk76fAlf7V+0/i06KwRynrdxYinJxacFvnTArhJDxqlkrN1EyIYZdQgPYuGTwPhaIGIs O+fHW97trSNwniNPSW/KA//173Vcg5u9Q5tSUnBW5oWTdHx8F+RmjBOI96weuZKI/NWe polQ== X-Gm-Message-State: AAQBX9c9GWDT9rU73nx5clWnzxD5xrKk+bJaAKg3R1Auc+D57Izp6ox+ FF/I3t+H+/gJREH38ss6XE92cax5Z9D8RPXTOcg= X-Google-Smtp-Source: AKy350Zq2BBdKRE15QvmxRG+ExUHY5peBCSxcGVhTnap9IqgKRDor+A2f1W6nwzESs937NDCtQfvcBlrM34mtaECKnY= X-Received: by 2002:a05:6a00:b93:b0:62b:e52e:1bb with SMTP id g19-20020a056a000b9300b0062be52e01bbmr9897401pfj.0.1680135274513; Wed, 29 Mar 2023 17:14:34 -0700 (PDT) MIME-Version: 1.0 References: <20230329145330.23191-1-ivan.orlov0322@gmail.com> <20230329145304.66add47ba9b9fafb71b1e13d@linux-foundation.org> In-Reply-To: <20230329145304.66add47ba9b9fafb71b1e13d@linux-foundation.org> From: Yang Shi Date: Wed, 29 Mar 2023 17:14:23 -0700 Message-ID: Subject: Re: [PATCH] mm: khugepaged: Fix kernel BUG in hpage_collapse_scan_file To: Andrew Morton , "Zach O'Keefe" Cc: Ivan Orlov , linux-mm@kvack.org, linux-kernel@vger.kernel.org, himadrispandya@gmail.com, skhan@linuxfoundation.org, linux-kernel-mentees@lists.linuxfoundation.org, syzbot+9578faa5475acb35fa50@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam03 X-Stat-Signature: 35uikon4y3hiehd8ca8kmdggcy4sru3k X-Rspamd-Queue-Id: E892E8000C X-HE-Tag: 1680135275-107957 X-HE-Meta: U2FsdGVkX1+PZOS6ItEDb+DqLisAX3KtTu9lUgGmzafQgD0HEufpZB4IfpTZ+yMEuxg3dgPZkcmIF4AC4RR2XTEfKBZs8DRYiFfx9nFEM1FioYy4vAO7fvW5Cur2laVMy6Bt3YZJCjYYkCUgwkxlgcEQoIiF0wvMX1bGSouDbajdMsvqWx8CUGqw3qnkph8JPbnQRhZYM1evT6YeF6UkAmGJ7QcGPkEzARtIn6Cqn0H0bhz3X+YWaTa+ZU2TmFGh+3oTX9DrqKW3ttHh5A9IWYmUKHuurhP/RxF3JmpvTUfR2CXfXS6WtI7U6T98ygI0LbW+7WJuI2RIJ/UovybP/Vfs1gwBR89/onDvxjwm8aA/NQL5TlXIQOBTVxGNMKvGosiRk+LFnmzwL1psiTGvxKy7J/xtgE2ICHPBOgEDDGoKkdFREMEYsV8YSJ7b26KGpXJMldgFOKwmNteEj9w6Ozlgcpq44LEAdKpmQ8SUHnibiEdf+L0+3So7KdtwynVwFSJbMmrFS9ONsZ+QrxNQ/xhzRzgA+iMC2657x6rYDy9WNylv1O3/sdVF/NcmKHk/YYApYNXwG+R/XMvwMB04Dx1CFZvX8H28CYvYiwF8r4J39XUmt6ZYA+M5LrO+FEqXNI3jNiBYp0bKPidgO9oKwTkgJvNbHAwRCboi9HGB8axd1zlQ5Bx/HDY4LPPdQUWUsqfumU777Uv9IJB+4EZeT7zkyASNFEl//KU95BV8AOrr4u3v1zt8geHS+dDAvGkCHg1PFJ/qxju2JLDw8K0lWb1xna1Pp9xWPga3S0BH/T9g8g7EqZUDvncNyLOFlqA6ErI9X2rk+URQ7LZSB5L/jjeNKCf88Nu7SY0GdcoeaqhtQGOT6Lzl3wgKfYmaY915P0LF8IjB0Wf5LuCLcLhLDMOomAMllymfPFnEwaTZsjRrmNkQxm+PRjExuzXJCQyj/4FaLzX92nkZpIM1bXy nVG0fpZk LrJfjfgQrwDMIqEnhiae28IIh1uG82wrrHhA4MusPr96r4363UD9TLHB12uHYCi72yTnvzEwqSYuoWtRCoDucRLQkiCgCq8b4FlORTwhmttyMTGdHnG5qWDvthifM/RXIoe6l+6nkQOs3VJR93nw3wTO6iWvgxYBHRrQ5JPfaJ7OuQ/j1/i8OD5oWiQ3D/lAME0vrkf/LJ1baDB7D6RUo/8vPEYPjXH/Lq5n73984o/V8CRUenq4/a/di2qdUwu+Yt+ukNh4zy9fX3iFmZrzOEHMV/IcqWz5mqvaawocpzgj3h2MgMtTPIjP96qjHCsz+n7YJz506v1vWbUi8dnqD62VbCJerGv7Ic8QMcm12xx9zd9zWCBYqn5M+hQJkdluF7TGORGdXzmHFTk+Qk6GlTELxMy4na+/nu8SCbr+glaGFhMhXC3HOmvBkI5+SI1HsSdqjYd1JCK4mNvXgBx0LvL/EOqr6qxpxE5JzmvYIu29pmoKqJsVEkuRqOlAeJuT0eYPdM9r5a60Ic5mfqmZ9zwHOkY4VEobn9arKSCXDrcexsRuWYfNB1S5gLstSImQqWc98UYoEYD6uHSL04L6cjs+2VZ7oAMQ/KvVha/XPGoeKm33g+CJzwptx9ePVxOm5kaHlAPWHetZ5SBof3QhRaRrBmU9aT2Ocjd+PXgfRF2nnZaWh2dcUQuw8NXk2dEhMecfn93ZUh/+iO/E= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Mar 29, 2023 at 2:53=E2=80=AFPM Andrew Morton wrote: > > On Wed, 29 Mar 2023 18:53:30 +0400 Ivan Orlov = wrote: > > > Syzkaller reported the following issue: > > > > ... > > > > The 'xas_store' call during page cache scanning can potentially > > translate 'xas' into the error state (with the reproducer provided > > by the syzkaller the error code is -ENOMEM). However, there are no > > further checks after the 'xas_store', and the next call of 'xas_next' > > at the start of the scanning cycle doesn't increase the xa_index, > > and the issue occurs. > > > > This patch will add the xarray state error checking after the > > 'xas_store' and the corresponding result error code. > > > > Tested via syzbot. > > > > Reported-by: syzbot+9578faa5475acb35fa50@syzkaller.appspotmail.com > > Link: https://syzkaller.appspot.com/bug?id=3D7d6bb3760e026ece7524500fe4= 4fb024a0e959fc > > Signed-off-by: Ivan Orlov > > --- > > mm/khugepaged.c | 10 ++++++++++ > > 1 file changed, 10 insertions(+) > > > > diff --git a/mm/khugepaged.c b/mm/khugepaged.c > > index 92e6f56a932d..4d9850d9ea7f 100644 > > --- a/mm/khugepaged.c > > +++ b/mm/khugepaged.c > > @@ -55,6 +55,7 @@ enum scan_result { > > SCAN_CGROUP_CHARGE_FAIL, > > SCAN_TRUNCATED, > > SCAN_PAGE_HAS_PRIVATE, > > + SCAN_STORE_FAILED, > > }; > > > > #define CREATE_TRACE_POINTS > > @@ -1840,6 +1841,15 @@ static int collapse_file(struct mm_struct *mm, u= nsigned long addr, > > goto xa_locked; > > } > > xas_store(&xas, hpage); > > + if (xas_error(&xas)) { > > + /* revert shmem_charge performed > > + * in the previous condition > > + */ > > + mapping->nrpages--; > > + shmem_uncharge(mapping->host, 1); > > + result =3D SCAN_STORE_FAILED; > > + goto xa_locked; > > + } > > nr_none++; > > continue; > > } > > Needs this, I assume. > > --- a/include/trace/events/huge_memory.h~mm-khugepaged-fix-kernel-bug-in-= hpage_collapse_scan_file-fix > +++ a/include/trace/events/huge_memory.h > @@ -36,7 +36,8 @@ > EM( SCAN_ALLOC_HUGE_PAGE_FAIL, "alloc_huge_page_failed") \ > EM( SCAN_CGROUP_CHARGE_FAIL, "ccgroup_charge_failed") \ > EM( SCAN_TRUNCATED, "truncated") \ > - EMe(SCAN_PAGE_HAS_PRIVATE, "page_has_private") \ > + EM( SCAN_PAGE_HAS_PRIVATE, "page_has_private") \ > + EMe(SCAN_STORE_FAILED, "store_failed") I'm a little bit reluctant to make the error code list longer, can we just return SCAN_FAIL? IIUC this issue should happen very rarely, maybe not worth a new error code. Basically the rollback approach makes sense to me. IIRC Zach was looking into the same problem, loop him in. He may share some thoughts. > > #undef EM > #undef EMe > _ > >