From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 88D91C25B74
	for <linux-mm@archiver.kernel.org>; Fri, 24 May 2024 17:11:21 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9BDAA6B007B; Fri, 24 May 2024 13:11:20 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 948BE6B0082; Fri, 24 May 2024 13:11:20 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 80ECA6B0083; Fri, 24 May 2024 13:11:20 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 605036B007B
	for <linux-mm@kvack.org>; Fri, 24 May 2024 13:11:20 -0400 (EDT)
Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 098CE120777
	for <linux-mm@kvack.org>; Fri, 24 May 2024 17:11:20 +0000 (UTC)
X-FDA: 82153930320.24.ACFCC16
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf27.hostedemail.com (Postfix) with ESMTP id EA8414000A
	for <linux-mm@kvack.org>; Fri, 24 May 2024 17:11:16 +0000 (UTC)
Authentication-Results: imf27.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=fscSqUUR;
	spf=pass (imf27.hostedemail.com: domain of chrisl@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=chrisl@kernel.org;
	dmarc=pass (policy=none) header.from=kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1716570677; a=rsa-sha256;
	cv=none;
	b=319yvBgskcs2dR7LBQeBRbJsHBfpW5iiNSo6VsvVR9W7TyRbeSjIUOBjMYeJ161Y/ib1En
	a05mIGWGi028sKdpJ40vCtEccDa/z4937cI+7Gv5YgV3Xl1B4jQtJd+DyPxokk0gE6xHtV
	sccXqYy41sY16UHkxcUO1VzIN2LcbMc=
ARC-Authentication-Results: i=1;
	imf27.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=fscSqUUR;
	spf=pass (imf27.hostedemail.com: domain of chrisl@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=chrisl@kernel.org;
	dmarc=pass (policy=none) header.from=kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1716570677;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=b1NzDcGZm0YegdUIufaHQhQQmmNgIvZ4pKxz3IfuBuY=;
	b=5cWSJt4MOu+oa0HQ9VUNPXcwvYq7/pSbklOLlarUUclt62jlQfD2MVy8AePMvgzrb4rLI/
	E4wXh5Tulsi6ErTN/dzajKp5EgxC2PauPPFBiChsuTNyxmaclZNBJHyoQueI4CW9nXhdHD
	hIAozNh5tHrMfMarir/wXrReyStjb3Y=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id E9EFB62F3E
	for <linux-mm@kvack.org>; Fri, 24 May 2024 17:11:15 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61890C4AF0F
	for <linux-mm@kvack.org>; Fri, 24 May 2024 17:11:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1716570675;
	bh=EW7U8OL67LgQ87FmsjPAN6G93rJjTK3RaZspc5VFz6c=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=fscSqUURwSS6+ozUaMfVD2YOYoEcX9AsoC0EpFs+WMYMw9A2U9r1jdxcK79f0d5R2
	 nKZE9IATQy1chqAMsLqLhYuqdJa9vqjMpH2i7YoN/GrAxfwxIdRChXTOX3O3kxkWLy
	 6/Z+V3RA5DrnIY9ktbFnC6dLEtIPIQ/B1iQZrPY7HDyTjLGTtqfmYS3ZYDEV5Rp8BE
	 OqVIDMqLBQJxju16ejt1Xw4ABBxcF+37r4Dco9JDdovzo40cLxvKzakcwvQ300kgxb
	 IVUtDVISpH/7iNr/npOPEaKKld+4CF2aDCp35fQrOrEnFbjD80hrdHN5KKSnA+JCvv
	 xwe+0ZUhZubEw==
Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2e538a264f7so103884921fa.0
        for <linux-mm@kvack.org>; Fri, 24 May 2024 10:11:15 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCWXQJdNIRbXmZ8koNCVn0JsGKPsSO3hIV3NQ9m7ugNQRmg50vifEo5i7vNey9RKvQ0tC0WgvQbWea4fV0to1m5Hpt4=
X-Gm-Message-State: AOJu0Yzt/haMXrLnmu4z5fUaCuKfmr/SzAW9a8wBDZ2CI1VBm9gUNZNU
	8l0+82W5Pic7HtbJCnSeR+q9l5QkPwZuo5s/9wQebtvtjBQ0Jgx6Vebd50ZUmiprPBdt0oHS3g4
	wrK901MESL7WVydxWsQkKDFae4Q==
X-Google-Smtp-Source: AGHT+IGYyiWg0Q4ErVkLcKoC+PxC65Q/kLjUaeqp7KA48Ru2qUXyOJp8WWGLvr3hVy9IMjwk5svE/i2ae4NHMGmA+Zc=
X-Received: by 2002:a2e:9dd3:0:b0:2e6:b00f:da92 with SMTP id
 38308e7fff4ca-2e95b1dc418mr17731461fa.24.1716570673945; Fri, 24 May 2024
 10:11:13 -0700 (PDT)
MIME-Version: 1.0
References: <20240524005444.135417-1-21cnbao@gmail.com>
In-Reply-To: <20240524005444.135417-1-21cnbao@gmail.com>
From: Chris Li <chrisl@kernel.org>
Date: Fri, 24 May 2024 10:10:58 -0700
X-Gmail-Original-Message-ID: <CANeU7QmtMh31A=qswRfD08R2mGdMFVja39=vq3WjOzysa3f=Vw@mail.gmail.com>
Message-ID: <CANeU7QmtMh31A=qswRfD08R2mGdMFVja39=vq3WjOzysa3f=Vw@mail.gmail.com>
Subject: Re: [PATCH] mm: arm64: Fix the out-of-bounds issue in contpte_clear_young_dirty_ptes
To: Barry Song <21cnbao@gmail.com>
Cc: akpm@linux-foundation.org, linux-mm@kvack.org, 
	linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, 
	Barry Song <v-songbaohua@oppo.com>, Lance Yang <ioworker0@gmail.com>, 
	Ryan Roberts <ryan.roberts@arm.com>, David Hildenbrand <david@redhat.com>, Jeff Xie <xiehuan09@gmail.com>, 
	Kefeng Wang <wangkefeng.wang@huawei.com>, Michal Hocko <mhocko@suse.com>, 
	Minchan Kim <minchan@kernel.org>, Muchun Song <songmuchun@bytedance.com>, 
	Peter Xu <peterx@redhat.com>, Yang Shi <shy828301@gmail.com>, 
	Yin Fengwei <fengwei.yin@intel.com>, "Zach O'Keefe" <zokeefe@google.com>, 
	Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: EA8414000A
X-Stat-Signature: n9wytq7eztjkxnx3bwb7hrz1h577548q
X-HE-Tag: 1716570676-71062
X-HE-Meta: U2FsdGVkX1+8siKMAXw4h4U6tIL+89ro8coIGyXlcnxbDTK7yKyDS5smE2POBzD4hBQhN5hsvwg2RGEzSDSIFAuErf8TL3lnwDIa2U4xVSVAttOkpD1pX385BujULV0QzXwkSVcbAYIJq20eW8QhEy1P4gUYs8y9BOLYOU3TbLHuif3mt3JD2By0WCWdBbJQ1HkiDUkG3WeWAfbjb6EHN0JaREu7u6A985A5CVIn1/fFvDMgoatj2Mv4avqG0ncvdAzbyRZJmyHNTVz4tf0KLNkinKTmH/rlZg4X3kmm1QZ4K0JVBNIjtAZVUystVuqlUn8qyIK6BUIJh2ewOkmGsfA3T6QUhUK72YOkV+cKPF9Kdo/AvxWg9CdlSasrNAn3y2fLQFqzbadkcgAY9eyZgxUHVcH3RRfu2+ml9aIu90cSItR/xUQQxhQBiiz7N/vSbVRohZigjwZmkP54/bKEtzB7zHTRqQCa7eosoHwQYFiY+2qiKuAeyThS0+Ty4Of0dS5WZIqpUP5qp3JYxFGf0rx1TZenBbTb8hWaCsfcKyap81Fmy43UmnVBJg1KlDF1PAo8QmssnuRNbxVoxTrRSNt22Xr81jqcPKu027Q7I960NiKKDf6Ys8f0LRXIa3WI84a6LRWlSR2zoLzJUXqb7vjUdp8dIrmsLyCZZ9W0TCw/KwqGAW7pOh9aQ3DuUhRjPL5VgrKLMAvHILAOFup8QaDjqupLi0X6haZnh1PkhDESOFfhxwuWmUkBZzfUh2aNeLPkmtbiZqru4JCE4dNXGbUoI9D74KDFTvyvO3mqHctBHPswl3WqQahM0EVWgO9mQRAF/kWJvsXhvCu9s76wCBXzhdr1QNMs5c02RfKCTff/A0I+pmb3PF+vj8KIVW+0V0H/5lEuVL+Uh/k/44tjcZYPh9kWnHIYoy+UdM4J+ixsSz0UKbKnHTVh/H+uwfyGTOAbovqZyhIPUaYML+5
 Q3N+zx9R
 PnmJ1bQIihzq2c6M2h7KwDD2l67UcTlH6xhyryuWABPeZNzn9gULVAaeS7/wYoaiFVsc7Ri2hpgAF3O3pKZDi/ce3JS0v1SPcuZUfNgoXrM4lqrx0Ji67yGwliTvroqHHAxPcPbHeQ/YsjEW8qrKMokA1Y+ZBUHyAhKWUQGkI7a3diFSgJX2tBmEJlgnvnLX9E9CRK4cRyCxEWFMDjG1SVFwHgEW56Ozr9zznFUKoMeTgta/8Ahc1V0QkNLg+HhC1jepW7481EsF/7ivmyN4bPYcHKFylD8OxUv6zQ2+NvpILDhG8hdnEufjrF1PN45QWxShFqI8VztEAxx96VXOXTdFFc+OfgphTr2wycGQdBOkdHXQ99Nqvk9GIOegn8Tf6mI3UWx5McSKm4ofMzK63avjF1v79+l7NV2nVCxvA8Smc5zpzkSAXr/ug8gq/S+hHqg1aD4SnDznqaW5N7wtgmgexmjz0/8mzZGQ2a6qbZpGfGd2VjV1BeK8JviYNVmjPW7yrG5vj7MGhI0WgvBHuEa18vt5NTUDcSiHvfwhZ8elXd/yaIwaKAZhskK8pwvazdzqg3NT8HNwqhMOxC4hpENnTY3JJoZbDI5k0tviFRJhP9QzrtSIVAmDlca7J5NkdnlqTjtd40hbJ24JhIAituEx2lqu8oQ97CafanpC54vPpdlA=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Good catch.

Acked-by: Chris Li <chrisl@kernel.org>

Chris


On Thu, May 23, 2024 at 5:55=E2=80=AFPM Barry Song <21cnbao@gmail.com> wrot=
e:
>
> From: Barry Song <v-songbaohua@oppo.com>
>
> We are passing a huge nr to __clear_young_dirty_ptes() right
> now. While we should pass the number of pages, we are actually
> passing CONT_PTE_SIZE. This is causing lots of crashes of
> MADV_FREE, panic oops could vary everytime.
>
> Fixes: 89e86854fb0a ("mm/arm64: override clear_young_dirty_ptes() batch h=
elper")
> Cc: Lance Yang <ioworker0@gmail.com>
> Cc: Barry Song <21cnbao@gmail.com>
> Cc: Ryan Roberts <ryan.roberts@arm.com>
> Cc: David Hildenbrand <david@redhat.com>
> Cc: Jeff Xie <xiehuan09@gmail.com>
> Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
> Cc: Michal Hocko <mhocko@suse.com>
> Cc: Minchan Kim <minchan@kernel.org>
> Cc: Muchun Song <songmuchun@bytedance.com>
> Cc: Peter Xu <peterx@redhat.com>
> Cc: Yang Shi <shy828301@gmail.com>
> Cc: Yin Fengwei <fengwei.yin@intel.com>
> Cc: Zach O'Keefe <zokeefe@google.com>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Will Deacon <will@kernel.org>
> Signed-off-by: Barry Song <v-songbaohua@oppo.com>
> ---
>  arch/arm64/mm/contpte.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/mm/contpte.c b/arch/arm64/mm/contpte.c
> index 9f9486de0004..a3edced29ac1 100644
> --- a/arch/arm64/mm/contpte.c
> +++ b/arch/arm64/mm/contpte.c
> @@ -376,7 +376,7 @@ void contpte_clear_young_dirty_ptes(struct vm_area_st=
ruct *vma,
>          * clearing access/dirty for the whole block.
>          */
>         unsigned long start =3D addr;
> -       unsigned long end =3D start + nr;
> +       unsigned long end =3D start + nr * PAGE_SIZE;
>
>         if (pte_cont(__ptep_get(ptep + nr - 1)))
>                 end =3D ALIGN(end, CONT_PTE_SIZE);
> @@ -386,7 +386,7 @@ void contpte_clear_young_dirty_ptes(struct vm_area_st=
ruct *vma,
>                 ptep =3D contpte_align_down(ptep);
>         }
>
> -       __clear_young_dirty_ptes(vma, start, ptep, end - start, flags);
> +       __clear_young_dirty_ptes(vma, start, ptep, (end - start) / PAGE_S=
IZE, flags);
>  }
>  EXPORT_SYMBOL_GPL(contpte_clear_young_dirty_ptes);
>
> --
> 2.34.1
>
>