From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12126C83F15 for ; Tue, 8 Jul 2025 15:40:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A8C626B009D; Tue, 8 Jul 2025 11:40:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A63CD6B009E; Tue, 8 Jul 2025 11:40:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 979AA6B009F; Tue, 8 Jul 2025 11:40:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 895196B009D for ; Tue, 8 Jul 2025 11:40:01 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 3F8651A027B for ; Tue, 8 Jul 2025 15:40:01 +0000 (UTC) X-FDA: 83641508202.07.602407D Received: from mail-qt1-f174.google.com (mail-qt1-f174.google.com [209.85.160.174]) by imf15.hostedemail.com (Postfix) with ESMTP id 64CD1A000A for ; Tue, 8 Jul 2025 15:39:59 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=F1VhcWwA; spf=pass (imf15.hostedemail.com: domain of surenb@google.com designates 209.85.160.174 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751989199; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8NLf7r1SqdhHC1Id+7p34mmn58G9MGm6E8awmU3gkNU=; b=xCvTlRPD0Bm5RqI6G4BxhqDBcp67VTEPRQtrZZ7YS81p8FmbkeBIyq01cPIPRPlf5vWpCC W3n+vs4pwC3ilYVFYDXP8vI1YGQyyor0moW11N/oUbnFmFxcPqZIwBV9Q6UjMwyt1wAIxp wHyVlFfhS6tJno8IhFmK1tSwFWe5GQ4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751989199; a=rsa-sha256; cv=none; b=cMsvxszxfc0bKcEhNbbThgX2lPuQYlx3rn3rt0ariA8/BgTGFuIuqoX/jpj7LjclMceEyu AAFGkJqEIuvwHq7xpxRLsy4LvObCcG+pp+ad8Y1Rl443LbazmgMOJdia5/d4T3RSiKoZmZ i3QjpCaSkzgLxjX3LjEn1LYthDDwM2I= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=F1VhcWwA; spf=pass (imf15.hostedemail.com: domain of surenb@google.com designates 209.85.160.174 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-qt1-f174.google.com with SMTP id d75a77b69052e-4a7f5abac0aso320431cf.0 for ; Tue, 08 Jul 2025 08:39:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1751989198; x=1752593998; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=8NLf7r1SqdhHC1Id+7p34mmn58G9MGm6E8awmU3gkNU=; b=F1VhcWwAeS33r0/FzN7yo3YQ7VqR0Q06HbY85gZ3KnoxK+hBSJ/VzFjfAtZ3lzmACn hO8HZS/6itYsK2KRjm/7uIl9DPD7w31nL1v1UjoXh9th72dsF3Bpm83zmXDLtP0u0UIo P0mir3SRVbM22kdkMKvO0O9KQdRKryB5HWooNVhIEdzQcQsfqMz99pqR5u1JOgHI5CnQ 4aM+HF/aF84crlh589YXFsiikmrO7EMex5e+KPtnKvI/hlm07KnRvi3Wd4/pP7lGtLtJ HOuevJnASl1pFGy/hjwcl/XryciI4TRDsRl/nuZjcy4XqXO5BRQ29CyWTkoMqpx2h1XU ZN7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751989198; x=1752593998; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8NLf7r1SqdhHC1Id+7p34mmn58G9MGm6E8awmU3gkNU=; b=SeruSdOLnPm8EB5B7eDUxXMjZBeBvKcz8RzCPhHHValaqM0Nf2ZssxTCwpcl/MJ4am XXtayXEbZMuxIXfmmyrD177NZd4Pw9HzoyMB8pXpQQsHDA7T8YxaBknmaFPHbavLvBIO TeifnnrhUgiSpqMoZbqVgMZeqgZQKPTECETB3mK1sMrvZ2H0Dp6PXQxcOIFCLIXNerfa /KC1MDFtnUPtVFOY4g72/H68lM308We3aMwtpGjHrCuukxGz4yiz74Ziy3c65ZdMUVQp 7iyN0jriOcMmoLxy28T2aTrEJEN+PLSFS0HSCOl7iEXU+qGhy+3V+AkaXWAocIYE3WLe hH/g== X-Forwarded-Encrypted: i=1; AJvYcCXdxioT5NGUs5aeDp25S6ydPYOqtqVU7yru1xnMjlgKOaCbKbOdB91baVO0g/RSrDnrHJxmolU+Aw==@kvack.org X-Gm-Message-State: AOJu0YzeDwjjxY+ACgntesdLpvR1PQGoOzJ4oALehlj6ucDP/0E+fjCO OIvUAWHyuKtpVCH7W9fCRkwFVmYgYnSCwlwhQbQy3Gkaz/CVtbRIuc/8UZvO/MScoVOAUbDw28I xiVvA48pnTuRvpat4nKUXRSSZ9RwbDxT28XnVidoe X-Gm-Gg: ASbGnctKFt0zO6QOWfzvFQfv58aZ/Yn0SZy4OzVCum4wMpM7amfA9kRtsV62ZOUTtJk epintt5n3cy1ozfY52vppqSTAsRM28jJ8Z2uJ9iha+Pz/w5CBex76pJv/+u1+fc83rZcYaljlpg kWjAupRkph4HF57uR6tdVRvWpwTZ0JNA2benKBklFlBrOMPoYmBOUFX/NpKKteCY74aOh2mhk/C Q== X-Google-Smtp-Source: AGHT+IHG8Emt+gyL8UvFNaFyi+O07zeBWkW+UVHfL/feE1C+ZTRqBaq0OQuwKFyF0Kg/LheKjk2b3XFv0JAoeL/sHwo= X-Received: by 2002:a05:622a:8345:b0:4a9:c8bb:459 with SMTP id d75a77b69052e-4a9d48ee47fmr2280891cf.29.1751989198055; Tue, 08 Jul 2025 08:39:58 -0700 (PDT) MIME-Version: 1.0 References: <20250630031958.1225651-1-sashal@kernel.org> <20250630175746.e52af129fd2d88deecc25169@linux-foundation.org> In-Reply-To: From: Suren Baghdasaryan Date: Tue, 8 Jul 2025 08:39:47 -0700 X-Gm-Features: Ac12FXxgax9QRUHgWfWnI6-7Cpsi0Gj1hqhyNry_hrJmcV9KjYxfNpCr2VuvWkY Message-ID: Subject: Re: [PATCH] mm/userfaultfd: fix missing PTE unmap for non-migration entries To: Sasha Levin Cc: David Hildenbrand , Andrew Morton , peterx@redhat.com, aarcange@redhat.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 64CD1A000A X-Stat-Signature: hms3ofh15hpr6c3k7mo484r6916edyes X-HE-Tag: 1751989199-267118 X-HE-Meta: U2FsdGVkX1/9RgMZD9K3koEYqObELfcY+uQyCT6H/ugGEDslTx1qGefVMBlSr6kKG8yMS0I6ufn3sxUANPZKwRhJA9ecEqhSaL0aJIiDB1Jzjx/dq1Va+46XonwZRucVPAQYRFk/CcFzTgdoDH15gAUHMXc17WeckXOoTxE2VUzbGBzH4iSzdBSeM92/XDgJyx0iFRVhWG8Doz85Y0JjBfi8tz96jpZE2tkrrQrcDXzWuhSqKVw9QNPxCJl2Ntn2MjjcLDfm1Cf9dy+gKbw4mKumxH7qH+0Bo4gD36fiHYRAT6bUJL9FBr3zoY4doV95vGVFHnrARoMKFLRwOS+6aYMCDtGEevpH9m64dQ4x5R2jFGhHNQv0O4cj+2OpsxQW65TOtnb8IQeno+OSPM7uCt5g+1aoBQ8HCtSAy7EC2B708o4Qqjymc7zp2ml7c8kXoGvw4XtMPa6np4UXDLIIEq/qFopQwpCT9X0R+L+f8zGxXhl069HvCq9RJSYv+GOmAUneWx+hFLwVP92zyOctZ5nUNajPP9S31Wqkhb8+wZTW1QujJlvYQuDpSCORwASKXSiaQPgu85CNT1tLiNhNf4PgvC6Et78BfzyVpZ2uwJ+AHIV0pGTRbMAsMVq4ebGAP9iq1HPkt50HETyooU0xC/KKwiSo5jSehqnunHbTS/Nk5uoaSopG852BplR9emE1OAbbItsdzEdcelmcYEmxVMcZKzMmSzwZcJD8mGNByyzrJkDf2qWVGDLNo09n2DLlhn915Pbdib77xHQ9kndsn2fo3oefrtzwvjWQ6XHtpavksiLXDgpB/L9NefE/gJXMomLHm/Rdt/3F9aXEZ3fCNPEA++FiSjy9mUpb9Zr3ploJhKPyT80iDV+3RYH9kh3b7qa0MILBhDmDz8VRspckY2YyE7KgG5AZThQOVVy2tUsNgMOSR9PGU6kMMWP3TzHqQ+MHQ9gURJOVAZWePYs 55RMVhNM fTNU7qm7JE9UGgvmQIA7FXdEZ5SVTpXThc58K7DyY5W0Tkmvu+9KgZCS+L3carkyTivTOACLrNAWe1ijoBblrwZjhUXegqly8LICWa9h7INkew5q//OBjXvaaqL6fL0vpwZ2bM4bmRX3rXaz97hP0HGEIVgWyRvDoCve2t+ncVumJ8DQAEUgbdms/MCoRkx8r8do8W2XgyXYyFdbPVHffnISqoalgvaQQSA79rvOkxEWemf5QTRSAcZTNa/ayc2go3aArixxZI7UhabkonYuxaijg8w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jul 8, 2025 at 8:33=E2=80=AFAM Sasha Levin wrot= e: > > On Tue, Jul 08, 2025 at 05:10:44PM +0200, David Hildenbrand wrote: > >On 01.07.25 02:57, Andrew Morton wrote: > >>On Sun, 29 Jun 2025 23:19:58 -0400 Sasha Levin wrot= e: > >> > >>>When handling non-swap entries in move_pages_pte(), the error handling > >>>for entries that are NOT migration entries fails to unmap the page tab= le > >>>entries before jumping to the error handling label. > >>> > >>>This results in a kmap/kunmap imbalance which on CONFIG_HIGHPTE system= s > >>>triggers a WARNING in kunmap_local_indexed() because the kmap stack is > >>>corrupted. > >>> > >>>Example call trace on ARM32 (CONFIG_HIGHPTE enabled): > >>> WARNING: CPU: 1 PID: 633 at mm/highmem.c:622 kunmap_local_indexed+0= x178/0x17c > >>> Call trace: > >>> kunmap_local_indexed from move_pages+0x964/0x19f4 > >>> move_pages from userfaultfd_ioctl+0x129c/0x2144 > >>> userfaultfd_ioctl from sys_ioctl+0x558/0xd24 > >>> > >>>The issue was introduced with the UFFDIO_MOVE feature but became more > >>>frequent with the addition of guard pages (commit 7c53dfbdb024 ("mm: a= dd > >>>PTE_MARKER_GUARD PTE marker")) which made the non-migration entry code > >>>path more commonly executed during userfaultfd operations. > >>> > >>>Fix this by ensuring PTEs are properly unmapped in all non-swap entry > >>>paths before jumping to the error handling label, not just for migrati= on > >>>entries. > >> > >>I don't get it. > >> > >>>--- a/mm/userfaultfd.c > >>>+++ b/mm/userfaultfd.c > >>>@@ -1384,14 +1384,15 @@ static int move_pages_pte(struct mm_struct *mm= , pmd_t *dst_pmd, pmd_t *src_pmd, > >>> entry =3D pte_to_swp_entry(orig_src_pte); > >>> if (non_swap_entry(entry)) { > >>>+ pte_unmap(src_pte); > >>>+ pte_unmap(dst_pte); > >>>+ src_pte =3D dst_pte =3D NULL; > >>> if (is_migration_entry(entry)) { > >>>- pte_unmap(src_pte); > >>>- pte_unmap(dst_pte); > >>>- src_pte =3D dst_pte =3D NULL; > >>> migration_entry_wait(mm, src_pmd, src_add= r); > >>> err =3D -EAGAIN; > >>>- } else > >>>+ } else { > >>> err =3D -EFAULT; > >>>+ } > >>> goto out; > >> > >>where we have > >> > >>out: > >> ... > >> if (dst_pte) > >> pte_unmap(dst_pte); > >> if (src_pte) > >> pte_unmap(src_pte); > > > >AI slop? > > Nah, this one is sadly all me :( > > I was trying to resolve some of the issues found with linus-next on > LKFT, and misunderstood the code. Funny enough, I thought that the > change above "fixed" it by making the warnings go away, but clearly is > the wrong thing to do so I went back to the drawing table... > > If you're curious, here's the issue: https://qa-reports.linaro.org/lkft/s= ashal-linus-next/build/v6.13-rc7-43418-g558c6dd4d863/testrun/29030370/suite= /log-parser-test/test/exception-warning-cpu-pid-at-mmhighmem-kunmap_local_i= ndexed/details/ Any way to symbolize that Call trace? I can't find build artefacts to extract vmlinux image... > > -- > Thanks, > Sasha