From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1BF7C02182 for ; Thu, 23 Jan 2025 09:55:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7FF05280001; Thu, 23 Jan 2025 04:55:38 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7879A6B0088; Thu, 23 Jan 2025 04:55:38 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5D911280001; Thu, 23 Jan 2025 04:55:38 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 3B76A6B0085 for ; Thu, 23 Jan 2025 04:55:38 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id E390C160E52 for ; Thu, 23 Jan 2025 09:55:37 +0000 (UTC) X-FDA: 83038259514.20.5EED4D3 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf13.hostedemail.com (Postfix) with ESMTP id C4B8320006 for ; Thu, 23 Jan 2025 09:55:35 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=2MJbtIT9; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=682VtZVx; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=2MJbtIT9; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=682VtZVx; spf=pass (imf13.hostedemail.com: domain of osalvador@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=osalvador@suse.de; dmarc=pass (policy=none) header.from=suse.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1737626136; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=q+aYTZUf0dzsT1u/QgGTFJmJGAmzo6stlKHyaCuMmE4=; b=OFuBBqT3No4l4mO2xxZ0HjUzNiB/86dAlLRfF3OpOhky9g3Z1TZPRy0ef8R0Ds1trFa0CH PyPN6WC+6JglFUPGosgFHlwhuhPDuQBs14tgw54DDYng2vLKAbSKa78AIJ1+JULqpkvkbS S/CkNPLdT+4IihWnjcPexulRY/1SOqI= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=2MJbtIT9; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=682VtZVx; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=2MJbtIT9; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=682VtZVx; spf=pass (imf13.hostedemail.com: domain of osalvador@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=osalvador@suse.de; dmarc=pass (policy=none) header.from=suse.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1737626136; a=rsa-sha256; cv=none; b=zdHh9UNrO+CE5EMzRRYzFbEsS5N6LUoMK/LDnorhxOWIjhuKynsSINK4mKLpSrrPc97gQ5 822z1rhDsNAHwWnxbx3Bf/1KcuGOdIvpsKHEB3C2sYT5G8aQ6oGnEEXqlk278Fyqf0IS9t cpgzP1sDweLRAwii3pi60x35hbLHpz0= Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 1979521175; Thu, 23 Jan 2025 09:55:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1737626134; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=q+aYTZUf0dzsT1u/QgGTFJmJGAmzo6stlKHyaCuMmE4=; b=2MJbtIT9w3oyxUG3dtM1RCSDlA+k0yRnL79ESld2exG1Ve9xT7k/glPQo3JNnLwumv4TAR 4CYxQYdoGGfExY1XgnPZj2cpsjNWk8MKDxeqsIsvynDdJbB3oos+44Ai+uXLaZ4japefr7 QqiBE3I64rIZpX8AhZUWxt+VXB+GjLo= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1737626134; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=q+aYTZUf0dzsT1u/QgGTFJmJGAmzo6stlKHyaCuMmE4=; b=682VtZVx3vy2gEfmybnBdwbZXWiLj80+hUUq+5tQ6MG774F5fKoe2/Z6tZD99v1ShvDmgY 1oPBQg5czwColBCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1737626134; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=q+aYTZUf0dzsT1u/QgGTFJmJGAmzo6stlKHyaCuMmE4=; b=2MJbtIT9w3oyxUG3dtM1RCSDlA+k0yRnL79ESld2exG1Ve9xT7k/glPQo3JNnLwumv4TAR 4CYxQYdoGGfExY1XgnPZj2cpsjNWk8MKDxeqsIsvynDdJbB3oos+44Ai+uXLaZ4japefr7 QqiBE3I64rIZpX8AhZUWxt+VXB+GjLo= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1737626134; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=q+aYTZUf0dzsT1u/QgGTFJmJGAmzo6stlKHyaCuMmE4=; b=682VtZVx3vy2gEfmybnBdwbZXWiLj80+hUUq+5tQ6MG774F5fKoe2/Z6tZD99v1ShvDmgY 1oPBQg5czwColBCw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 6E1DE1351A; Thu, 23 Jan 2025 09:55:33 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id Dk60FxUSkme4YQAAD6G6ig (envelope-from ); Thu, 23 Jan 2025 09:55:33 +0000 Date: Thu, 23 Jan 2025 10:55:16 +0100 From: Oscar Salvador To: Liu Shixin Cc: Andrew Morton , Kefeng Wang , Muchun Song , David Hildenbrand , Zi Yan , Johannes Weiner , "Kirill A . Shutemov" , Nanyong Sun , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm: page_isolation: avoid call folio_hstate() without hugetlb_lock Message-ID: References: <20250122061151.578768-1-liushixin2@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250122061151.578768-1-liushixin2@huawei.com> X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: C4B8320006 X-Stat-Signature: 63xfduw9kkbsiy4cbx5ek8nc79nu55go X-HE-Tag: 1737626135-423078 X-HE-Meta: U2FsdGVkX19CrJ/fiJ8kf3k2od9FLrUkJiZ+Cs6yBzKNuSC0yvOLCq0xX9eZUOhTctKGTOtqL/qGwPe0m5brHjo47LP/DyFcbaYACqa4ZCkXb4haF852YwDs2ZHbDpiYMFMKyxVkxmr2wxncw534GZ4E7HLi1N301YC0nAVvk7W5+FksnDChg1/MPv67lTDnvCbMLgFHO7UOvEIy+8xRv51vvupP79rdpsAqtuiIgFAUi24H9AdVB5knE2jE1M/ptcOC4GIw7spDYGoSXjL6xXhoOaor5c06isaKBO57MIDsJxiV1twqOuaRXlqwL6DE2oq4LYbzxKKkZSvSiVdoc44tbyUOiFIGnIn84Ay90BUxBlAarHvfelYGj4PeDhi2xJWQBOwDgTtlVw/4ak3F5v28cOseXqgQQacjP3x8upgllBzek5qoJTRiuFjsPtt7IKVgWKNzaoTWLBywpOrobjuQHmYchq9porM+bxfwN19J+86NUdPlk4eo25f8lcYAnhUx46YhvSswormdVTmEzzt4/tMDLFMB42ZpmVSUKnfAE1+0evBN7R14Ll82hIcUMz2vS+uFwUcSV12GLcJGd9HwV6vMXYi8ag261mKsx29eYCy2wLrV/8ZuOXCyskl76lOWCVTsMSyJT96S5I3sdrT638rcYH9w5VoBhm37ypsfo5pxVBvFzmJrXkWhc7ECRsb7k0CCHmlwsN+y+UITfDoKE9ytj8xui170IOtO6MFpohlSv0xZknEK/OHN5+lqsQST03NN/9PlH+u01hdTx6Pf0zB6MpKiVN3qi3JpohtvYpAhF8ijmMb0XqjJ+LcYNbwkQg3MOxEUjRlFt05fzlJPxEEOiTOToRFiZr82FWyoxTP5nOZWU2mZNGDbDvXWWzUxjnK0wCvdsB8SjW93iQQ8cxwGFB5C5Xe71NDXSOLvx17Qn3SkWIXdE6t6Z4Sy8VnFzXHEGLOjfYFBPK3 CaZ0DQpv lhXyCzifd09AJMttFWP8qKB7lccvF4jxAq8C1CxXP7lbdVH40W0lt6d0B1aRIzbmRjwBOF7Km/RXZjlvRHFgNqOZeINX/VNXA6MyRcKCcXhTHP+xHayUayVatVUd2NM43OYEFkq7nSiMIxu1Ik81gt/uGS2TU0XJdNfi/MDRC59RCSAX6GpJJIlD73fyi6bG5hlhxCZjimmzCfVu1fza3UC6BoJg0rzJcp8UtsF3eT+Ju2XqDLGSa/uMUTzwfX8M/Pw6Dr4wsnULLPlb2aqSwTZqzqr6/IJ17hjE6FEU39rgD3DKCi1BjIhCw8cfof29mDs9mMg2POwUDTEk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jan 22, 2025 at 02:11:51PM +0800, Liu Shixin wrote: > I found a NULL pointer dereference as followed: > > BUG: kernel NULL pointer dereference, address: 0000000000000028 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: Oops: 0000 [#1] SMP PTI > CPU: 5 UID: 0 PID: 5964 Comm: sh Kdump: loaded Not tainted 6.13.0-dirty #20 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1. > RIP: 0010:has_unmovable_pages+0x184/0x360 > ... > Call Trace: > > set_migratetype_isolate+0xd1/0x180 > start_isolate_page_range+0xd2/0x170 > alloc_contig_range_noprof+0x101/0x660 > alloc_contig_pages_noprof+0x238/0x290 > alloc_gigantic_folio.isra.0+0xb6/0x1f0 > only_alloc_fresh_hugetlb_folio.isra.0+0xf/0x60 > alloc_pool_huge_folio+0x80/0xf0 > set_max_huge_pages+0x211/0x490 > __nr_hugepages_store_common+0x5f/0xe0 > nr_hugepages_store+0x77/0x80 > kernfs_fop_write_iter+0x118/0x200 > vfs_write+0x23c/0x3f0 > ksys_write+0x62/0xe0 > do_syscall_64+0x5b/0x170 > entry_SYSCALL_64_after_hwframe+0x76/0x7e > > As has_unmovable_pages() call folio_hstate() without hugetlb_lock, there > is a race to free the HugeTLB page between PageHuge() and folio_hstate(). > There is no need to add hugetlb_lock here as the HugeTLB page can be freed > in lot of places. So it's enough to unfold folio_hstate() and add a check > to avoid NULL pointer dereference for hugepage_migration_supported(). > > Fixes: 464c7ffbcb16 ("mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported.") > Signed-off-by: Liu Shixin I wonder whether we should place a comment in hugepage_migration_supported stating that the hstate _must_ be valid, as we do not perform any sanity check further down the road. Reviewed-by: Oscar Salvador -- Oscar Salvador SUSE Labs