From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5D6BECAAD2
	for <linux-mm@archiver.kernel.org>; Mon, 29 Aug 2022 08:14:06 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 73840940008; Mon, 29 Aug 2022 04:14:06 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6C129940007; Mon, 29 Aug 2022 04:14:06 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 56301940008; Mon, 29 Aug 2022 04:14:06 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 3FE61940007
	for <linux-mm@kvack.org>; Mon, 29 Aug 2022 04:14:06 -0400 (EDT)
Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 08C8F1A04B3
	for <linux-mm@kvack.org>; Mon, 29 Aug 2022 08:14:06 +0000 (UTC)
X-FDA: 79851917292.21.6A0E4FE
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
	by imf28.hostedemail.com (Postfix) with ESMTP id 7BC7AC0011
	for <linux-mm@kvack.org>; Mon, 29 Aug 2022 08:14:05 +0000 (UTC)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id 85A59B80D63;
	Mon, 29 Aug 2022 08:14:03 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1128C433C1;
	Mon, 29 Aug 2022 08:14:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1661760842;
	bh=YTySXLUW0r8T5ka2X3JesPLIYBGBWpbu34uaAUBqL3I=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=gsaKAICYviLDNLjnlk6drKvJhFVdTkvpRNblGH+9qt+30dv+mVgEpN7sG/xDWPlav
	 6XjTsoasLcarlpik8rP04xa0Es7Wz7LAEaSiu8PTQ5Hsa4JC0FY+IKtc8L+pv1lTRO
	 fta4NRE/GB5KNRSp5ACFsfK/7/o3uzDWML4Y3xkY=
Date: Mon, 29 Aug 2022 10:13:59 +0200
From: Greg KH <gregkh@linuxfoundation.org>
To: David Hildenbrand <david@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Peter Feiner <pfeiner@google.com>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	Cyrill Gorcunov <gorcunov@openvz.org>,
	Pavel Emelyanov <xemul@parallels.com>,
	Jamie Liu <jamieliu@google.com>, Hugh Dickins <hughd@google.com>,
	Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
	Bjorn Helgaas <bhelgaas@google.com>,
	Muchun Song <songmuchun@bytedance.com>,
	Peter Xu <peterx@redhat.com>, stable@vger.kernel.org
Subject: Re: [PATCH 4.9-stable -- 5.19-stable] mm/hugetlb: fix hugetlb not
 supporting softdirty tracking
Message-ID: <Ywx1R+FhHTNIKdoo@kroah.com>
References: <1661424546448@kroah.com>
 <20220825143258.36151-1-david@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220825143258.36151-1-david@redhat.com>
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1661760845; a=rsa-sha256;
	cv=none;
	b=07on1VvHwZPg4NggkwfvK1xApfC1rlgTEhosiP5VBBmoLevU+PgAybQw5vhQP8SdM7aVrJ
	MsmcgWILSEDEUigAPmebpZN/tfEg2ATSXI+b5pUYeAA4qiTt4JRaqmQTwalR8cy+rknJHL
	urtIxZjSDzk3DsAytNUe1wqmp9sx1gg=
ARC-Authentication-Results: i=1;
	imf28.hostedemail.com;
	dkim=pass header.d=linuxfoundation.org header.s=korg header.b=gsaKAICY;
	dmarc=pass (policy=none) header.from=linuxfoundation.org;
	spf=pass (imf28.hostedemail.com: domain of gregkh@linuxfoundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1661760845;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=fI6B6dTT4NT2pMAZu98SgcXp8Bq0q4F3YPi9zxHkpm0=;
	b=GCt/L2fj5UbWzohri8gPsiWrHuMoU4RgYynRozmzVaefC38YRuwnTVWao2lfijIgY9FSZm
	ZTy+9kGKjk/SvfTZnsDT5DCdgtEgod8emUovdL0nIRu5FAX5BR+NLPhu2POHMNdV87cqEd
	lI8nqKMo98oOPqMrng+BxvViT0ssN9o=
Authentication-Results: imf28.hostedemail.com;
	dkim=pass header.d=linuxfoundation.org header.s=korg header.b=gsaKAICY;
	dmarc=pass (policy=none) header.from=linuxfoundation.org;
	spf=pass (imf28.hostedemail.com: domain of gregkh@linuxfoundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
X-Rspam-User: 
X-Rspamd-Server: rspam09
X-Rspamd-Queue-Id: 7BC7AC0011
X-Stat-Signature: 8qmfdaoyfbr9qy1z68pf65tk3oo5epn7
X-HE-Tag: 1661760845-352453
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, Aug 25, 2022 at 04:32:58PM +0200, David Hildenbrand wrote:
> commit f96f7a40874d7c746680c0b9f57cef2262ae551f upstream.
> 
> Patch series "mm/hugetlb: fix write-fault handling for shared mappings", v2.
> 
> I observed that hugetlb does not support/expect write-faults in shared
> mappings that would have to map the R/O-mapped page writable -- and I
> found two case where we could currently get such faults and would
> erroneously map an anon page into a shared mapping.
> 
> Reproducers part of the patches.
> 
> I propose to backport both fixes to stable trees.  The first fix needs a
> small adjustment.
> 
> This patch (of 2):
> 
> Staring at hugetlb_wp(), one might wonder where all the logic for shared
> mappings is when stumbling over a write-protected page in a shared
> mapping.  In fact, there is none, and so far we thought we could get away
> with that because e.g., mprotect() should always do the right thing and
> map all pages directly writable.
> 
> Looks like we were wrong:
> 
> --------------------------------------------------------------------------
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <string.h>
>  #include <fcntl.h>
>  #include <unistd.h>
>  #include <errno.h>
>  #include <sys/mman.h>
> 
>  #define HUGETLB_SIZE (2 * 1024 * 1024u)
> 
>  static void clear_softdirty(void)
>  {
>          int fd = open("/proc/self/clear_refs", O_WRONLY);
>          const char *ctrl = "4";
>          int ret;
> 
>          if (fd < 0) {
>                  fprintf(stderr, "open(clear_refs) failed\n");
>                  exit(1);
>          }
>          ret = write(fd, ctrl, strlen(ctrl));
>          if (ret != strlen(ctrl)) {
>                  fprintf(stderr, "write(clear_refs) failed\n");
>                  exit(1);
>          }
>          close(fd);
>  }
> 
>  int main(int argc, char **argv)
>  {
>          char *map;
>          int fd;
> 
>          fd = open("/dev/hugepages/tmp", O_RDWR | O_CREAT);
>          if (!fd) {
>                  fprintf(stderr, "open() failed\n");
>                  return -errno;
>          }
>          if (ftruncate(fd, HUGETLB_SIZE)) {
>                  fprintf(stderr, "ftruncate() failed\n");
>                  return -errno;
>          }
> 
>          map = mmap(NULL, HUGETLB_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
>          if (map == MAP_FAILED) {
>                  fprintf(stderr, "mmap() failed\n");
>                  return -errno;
>          }
> 
>          *map = 0;
> 
>          if (mprotect(map, HUGETLB_SIZE, PROT_READ)) {
>                  fprintf(stderr, "mmprotect() failed\n");
>                  return -errno;
>          }
> 
>          clear_softdirty();
> 
>          if (mprotect(map, HUGETLB_SIZE, PROT_READ|PROT_WRITE)) {
>                  fprintf(stderr, "mmprotect() failed\n");
>                  return -errno;
>          }
> 
>          *map = 0;
> 
>          return 0;
>  }
> --------------------------------------------------------------------------
> 
> Above test fails with SIGBUS when there is only a single free hugetlb page.
>  # echo 1 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
>  # ./test
>  Bus error (core dumped)
> 
> And worse, with sufficient free hugetlb pages it will map an anonymous page
> into a shared mapping, for example, messing up accounting during unmap
> and breaking MAP_SHARED semantics:
>  # echo 2 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
>  # ./test
>  # cat /proc/meminfo | grep HugePages_
>  HugePages_Total:       2
>  HugePages_Free:        1
>  HugePages_Rsvd:    18446744073709551615
>  HugePages_Surp:        0
> 
> Reason in this particular case is that vma_wants_writenotify() will
> return "true", removing VM_SHARED in vma_set_page_prot() to map pages
> write-protected. Let's teach vma_wants_writenotify() that hugetlb does not
> support softdirty tracking.
> 
> Link: https://lkml.kernel.org/r/20220811103435.188481-1-david@redhat.com
> Link: https://lkml.kernel.org/r/20220811103435.188481-2-david@redhat.com
> Fixes: 64e455079e1b ("mm: softdirty: enable write notifications on VMAs after VM_SOFTDIRTY cleared")
> Signed-off-by: David Hildenbrand <david@redhat.com>
> Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
> Cc: Peter Feiner <pfeiner@google.com>
> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> Cc: Cyrill Gorcunov <gorcunov@openvz.org>
> Cc: Pavel Emelyanov <xemul@parallels.com>
> Cc: Jamie Liu <jamieliu@google.com>
> Cc: Hugh Dickins <hughd@google.com>
> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
> Cc: Bjorn Helgaas <bhelgaas@google.com>
> Cc: Muchun Song <songmuchun@bytedance.com>
> Cc: Peter Xu <peterx@redhat.com>
> Cc: <stable@vger.kernel.org>	[3.18+]
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  mm/mmap.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)

Now queued up, thanks.

greg k-h