From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30D22C25B74 for ; Fri, 24 May 2024 03:54:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 875A76B007B; Thu, 23 May 2024 23:54:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8260E6B00A1; Thu, 23 May 2024 23:54:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6ED026B00A2; Thu, 23 May 2024 23:54:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 50B1A6B007B for ; Thu, 23 May 2024 23:54:17 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A953D1A080F for ; Fri, 24 May 2024 03:54:16 +0000 (UTC) X-FDA: 82151921712.30.1D01E6B Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) by imf25.hostedemail.com (Postfix) with ESMTP id CCC46A0008 for ; Fri, 24 May 2024 03:54:14 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=LgBNx6VR; spf=pass (imf25.hostedemail.com: domain of ioworker0@gmail.com designates 209.85.208.54 as permitted sender) smtp.mailfrom=ioworker0@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1716522854; a=rsa-sha256; cv=none; b=yCAQhBoDmFAyQsieGNsOuiul24b7q2rk5cSBWvHk5PiBgMaI3jYT+6bXzTclSatNXvaHAh X0f9+LTP1kyqngw2VpsDzScZbl5HAFS9cXb0fTnGQh5wtaWbFgX3gZoqM5F30E8oS87D6c jpG0K4q0+9KcR9zt9UZTn5RlDNz6UnM= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=LgBNx6VR; spf=pass (imf25.hostedemail.com: domain of ioworker0@gmail.com designates 209.85.208.54 as permitted sender) smtp.mailfrom=ioworker0@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1716522854; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dWW3AQa8TPc9MawrkKffK2j0szmcKvitO1soT+4auc0=; b=pvFYltfrJvcB37Bwa85lbDMQUUOD1j0jVW0tnNBmSoniEEeCfHvetiXJ7Tp2sMaG6tnsYD OfiuA/bxYMObNtzjMGnTBwCLbObgnVWRS7rPu+ynrqVI001+v5BWLr4vYGX8sFjJ1WoMmE FwVbyIrBcjHWFF4MrF3m5Fac7abf/Nw= Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-5785eab8d5dso27348a12.3 for ; Thu, 23 May 2024 20:54:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716522853; x=1717127653; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=dWW3AQa8TPc9MawrkKffK2j0szmcKvitO1soT+4auc0=; b=LgBNx6VRkB5+uCHJJ64yzDCuL+fuJgIM8MQMnLq/IpWz5GiaHT9e9+nEECEt1FciJ7 aCizCvg/6Myx3p5GsO1yfKsKugkdeMSV3sjMAgUJfl7ZJBfKQJ5Se3RT1/DotMEDwJf2 kYoWROYNbr1S3U18sFe9hCbCneAWBTCZH/hGW1MJ792v4wRVJik5JUL5TakRa7Oanyer PVxqvkBeJvy1MNTWg1DMCjX2g5VB/GKmCOwudXb7qmr1y0d4r+X0cInUL+rCZgPB87wl xDaDEEnQLGBCRQFt3AKihWI7j/4ddgNKle+C7eIFrajrGf2/hZ8HgcV099kwlK8A612K YANg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716522853; x=1717127653; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dWW3AQa8TPc9MawrkKffK2j0szmcKvitO1soT+4auc0=; b=xG0X6i7epYjrHQTgrIJkjZBmz1bFd2u11/FpU0eQ9MxmvUxaT2CIhMrIbfj1CWuYcc FHT8evOwfEBprzGEvkeBAquJzNdYr2KLXAOum3FkNx7IFlY8AjJcb52jfeEevFF9xccI tVV75umJswdERH9qL4D5dMNUbgHkBZeXfBNJa1g9if2LBc7jeUc+aYAn/8bmY1kI8PiP hF2c/An2Fsu4KGCE14DT4y/ddB3fu5KnwGE9Vs5EGysQoiA0o/fMlEnw69TGeNCX/lz5 47UYY1ioYgVF5iD9q9VZTNFXZfidQzgCjSWSCm3XRBho30GclbIXZ35nu4SymOPkcR1l CvIQ== X-Forwarded-Encrypted: i=1; AJvYcCUiwJAay/hDnJtcs380wa53b9M8cPugFbeMVyF8OYy1shVD3zu4Gm8vxDqHmORcDYppFq5fvmmlgGqi0IfMrtYy8gc= X-Gm-Message-State: AOJu0YziqJvXgl/iAAOffdmGGt2oIHjCCIb3WHrURkH94YAXrSZ1dzck SFRHxsNQG/rfdhU7K9cT+TcgagDMG/h6Cx5b6ZCun/aG0eKvLVbRl806GUo2t3iUl2jxwEOVApB zEbCE4D3H0w9vhiKQ2Ltgajca+Vk= X-Google-Smtp-Source: AGHT+IGm8NBKfc/0PfmmWPj5Rz0Bs+ulDT4bDs5xol5Uuy0q/JDIXHIkkcYMZ0MH/xgLyuJy0C3yELiKVk9Ie4Hc154= X-Received: by 2002:a50:9557:0:b0:56e:7751:ae4e with SMTP id 4fb4d7f45d1cf-57851a5c3bdmr544568a12.33.1716522853140; Thu, 23 May 2024 20:54:13 -0700 (PDT) MIME-Version: 1.0 References: <20240524005444.135417-1-21cnbao@gmail.com> In-Reply-To: <20240524005444.135417-1-21cnbao@gmail.com> From: Lance Yang Date: Fri, 24 May 2024 11:54:01 +0800 Message-ID: Subject: Re: [PATCH] mm: arm64: Fix the out-of-bounds issue in contpte_clear_young_dirty_ptes To: Barry Song <21cnbao@gmail.com> Cc: akpm@linux-foundation.org, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Barry Song , Ryan Roberts , David Hildenbrand , Jeff Xie , Kefeng Wang , Michal Hocko , Minchan Kim , Muchun Song , Peter Xu , Yang Shi , Yin Fengwei , "Zach O'Keefe" , Catalin Marinas , Will Deacon Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: CCC46A0008 X-Stat-Signature: xmundrhe613odt4nfph8q4dspueaxz67 X-HE-Tag: 1716522854-709655 X-HE-Meta: U2FsdGVkX1/zBurf0Ktp5EcJ5cWBuufpOPbnQoX6wjZ8q7yt6FSH9PoyrsWruoUdPdReAcvgpilqBqRb//ZxE3OEZ4Sj8LLWTWURDOqNGcjf69BBh25bOHftEpvryWsEeFNz6JE3w+/OI0GZHRJWCMyajc0YpHYK9RZ2eEjmnUuRkyD5R+FpVhk6rqhKVRYJ1a6+MDAe6ChJCxaaT5Eo4mzaDncHqVSok4AdisoHTBQTh9ZyIQoQfcsqlmxhRN2SRUXtMlYZlUkH6YXVoxq1O7BVWOz5dio9OcFoaOnFdtcdHl8ekzyOAsIDxQNrh+3SanHKejNvI2soF8XcX707v0MRioP31yKj3m6xuJWCEXKZBvMZF/4FUffCfdVe3dLbDBWf8hNYcSiU9fiBmYI+P/Qs2NLpD91jv5I7rtp7aMQPfMTHSjevP4iL0hVG6yaBi3pXtSUNwA1EMvCS2KpwhNtqUn2CfN6fcVYP6qv1xuIbjZzj/gbqeQtshxvqn5U2/DIkmoaUUSh74bHmMNyMLLVhreiH2oGDu6ixPThcQgsqlUtjZQAgUHkoRK9tFV4RGQmNc7ljrpjMU9IguBZF7av8sAi8yQHCwSv5+W7GG5py2AgFOODKw+bKyftwhBM0/oKw/YmthJMfhSFah2D9tSm0Q3wahulFxxeYR3oYTRODQK/yxSb8Y9GuP2jy4dDzzn2vgOl9u9mPgNnAfvNCX3M61/ho8ZuES6xwoj1J49cAu0vmkJ9ah0qsymJS0Suq71Fe5gXzLkl1YTg3nSxqOXWG+OiVltW3o8smvCd4xQ5ggNOvLvOGpDMXVvy5qOjpOsstX59W30WfEZ0lbNDlEP0bQpLQdwxVsZq721K55gMGuv9zU/KqH9HKoq4nF5NMaRbPVp3YUy0wYcul+94SUYhRcIdsGuAKWAw3e0cdemMJLq7SaNu+aBXF3z/e4Zwzry/qiwFBkMQE1WkTWsb 5WbFmAJR c74QeVjI0iEk1NPgtrB3P0fcGZ2zmZ4085LV8S2L1SDUTfUNeAgfpVM0C+jRFPvUy4DvbM+gppU7lGzefNSIuRzF3oq3qe2ytUj4CgqUbiXdV6CP6nFGvtU+Wd09j/irEwPWe6iBwdC6UtMZV9Xyz7yxn9nk6XZ7AsxMS2Aseg1cGFq22f059Hkfak35uIr44wrQT5vKMC15O+SU2/Rno8I5X9vNAAnk+L9/lmLM2k6U6id3pWFW6mysXDAPwzn5tN3B18i8AV2fMU0zsJJ+Juh7RZbEy71EolYJdoatF9DS8lANFMGl3N2KsN0jvDLqJCXrX0wZNiAzkqQojOhE4nto2ZxgcNcStOHmzjoh10nphoGNYE39U/4z9CpXVMtxO5lSZmShuKy9+rp+l/NY4j5d7k4WzzSbLttlC3tBwC1t2UpRq8ocmdAN1JM8vFXOkzMnQzv09j0nQ82fIoawgDh72tSvaecUF9vtQmRKfI6PVVajYRROr7saY9EzlmfF7ihnmMSIuot2qgQsA9dFZXLtW9NXqLnXDnv21baVF3wNx08ZAtKFnhABp6dSbkK43wbIJxoOBizcOne4KeASAM/aCxb7qhHn2wBzWkma7rEqCY4mdikjpJIKr0eLgjFaimTnZe7kG88HqYb3Ze6cV8Sro+8bIcyh85XOh95ZtBy4VwGjC0PxbZWyO7McfM5qtF5z7u25lhU7iGRABs38yyZlMHm4935C75KnZPq25fUfHubxYcsmfMCwlCO/UoPf0MpMuuAU/C5mxUkyTFNJAW2dUEtdSzkt3LsrAUY/7+K+UMFk/Ue6xysiLjQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Thanks a lot for reaching out, Barry! On Fri, May 24, 2024 at 8:55=E2=80=AFAM Barry Song <21cnbao@gmail.com> wrot= e: > > From: Barry Song > > We are passing a huge nr to __clear_young_dirty_ptes() right > now. While we should pass the number of pages, we are actually Yes. It's my mistake - sorry :( > passing CONT_PTE_SIZE. This is causing lots of crashes of > MADV_FREE, panic oops could vary everytime. > > Fixes: 89e86854fb0a ("mm/arm64: override clear_young_dirty_ptes() batch h= elper") > Cc: Lance Yang > Cc: Barry Song <21cnbao@gmail.com> > Cc: Ryan Roberts > Cc: David Hildenbrand > Cc: Jeff Xie > Cc: Kefeng Wang > Cc: Michal Hocko > Cc: Minchan Kim > Cc: Muchun Song > Cc: Peter Xu > Cc: Yang Shi > Cc: Yin Fengwei > Cc: Zach O'Keefe > Cc: Catalin Marinas > Cc: Will Deacon LGTM. Acked-by: Lance Yang > Signed-off-by: Barry Song > --- > arch/arm64/mm/contpte.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/mm/contpte.c b/arch/arm64/mm/contpte.c > index 9f9486de0004..a3edced29ac1 100644 > --- a/arch/arm64/mm/contpte.c > +++ b/arch/arm64/mm/contpte.c > @@ -376,7 +376,7 @@ void contpte_clear_young_dirty_ptes(struct vm_area_st= ruct *vma, > * clearing access/dirty for the whole block. > */ > unsigned long start =3D addr; > - unsigned long end =3D start + nr; > + unsigned long end =3D start + nr * PAGE_SIZE; > > if (pte_cont(__ptep_get(ptep + nr - 1))) > end =3D ALIGN(end, CONT_PTE_SIZE); > @@ -386,7 +386,7 @@ void contpte_clear_young_dirty_ptes(struct vm_area_st= ruct *vma, > ptep =3D contpte_align_down(ptep); > } > > - __clear_young_dirty_ptes(vma, start, ptep, end - start, flags); > + __clear_young_dirty_ptes(vma, start, ptep, (end - start) / PAGE_S= IZE, flags); > } > EXPORT_SYMBOL_GPL(contpte_clear_young_dirty_ptes); > > -- > 2.34.1 >