From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8A67C47071 for ; Thu, 16 Nov 2023 18:00:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5040180048; Thu, 16 Nov 2023 13:00:45 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 48CBC8003F; Thu, 16 Nov 2023 13:00:45 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 32D2D80048; Thu, 16 Nov 2023 13:00:45 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 1D4A18003F for ; Thu, 16 Nov 2023 13:00:45 -0500 (EST) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id CEC19B5F9E for ; Thu, 16 Nov 2023 18:00:44 +0000 (UTC) X-FDA: 81464582808.30.73EA9A8 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf08.hostedemail.com (Postfix) with ESMTP id 5C4C6160012 for ; Thu, 16 Nov 2023 18:00:40 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=gjUN7PxW; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf08.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1700157640; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=N8jO9uVCVvhZ4+F5Z/aAV+bkiow5OoBo+Ba5OJ/kTx4=; b=N/lNNxXEJxCY0iXEJ4unBygBPma4+UcKRMtIsNmUdJ1K7niCaPAd16BezAtwbOVzl+ocl5 rOLLqNjq9sF79SkCOgiXLLyzhuNSVLxd9d0TexoYGv0qmkVcLZbv9r+qIHPSSluqTz6okR lqnHBdQfgdrOEgWc0a653YdNOn/7TlM= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=gjUN7PxW; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf08.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1700157640; a=rsa-sha256; cv=none; b=hVX9HX3UocEo54s3IlZTsYJJEfJ2x7L9LLeqV0L5vgqoBp0kzNTmCAwnB3SdHrBqhD6oen 0wBop6vt/wlDBfw9+vPkduZoUzLvg1jFp26/SsPDnCiDr55I3p53gJfgrajk6+5GkZOzpE 2ga2laami5srwYqSZBLRZoZ79tdz4Us= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700157639; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=N8jO9uVCVvhZ4+F5Z/aAV+bkiow5OoBo+Ba5OJ/kTx4=; b=gjUN7PxWhuo0dX9YPBv9mh20MY1wznDI9jjn+ZH+OMp0rOuseOJ/XegkhCv/HgRB25fGB7 MjeDgWgbVCfflGhdChHpgsXBwxc71DqZK5qIfVilIUYtyBEQJUBr7tcZBgGuZKBEhp8KTb phYHnda4rY9+Qucgf98/GmeNY/Gfl7w= Received: from mail-ua1-f71.google.com (mail-ua1-f71.google.com [209.85.222.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-380-Vf9-cOJ5OzesPYT0iOxYzQ-1; Thu, 16 Nov 2023 13:00:36 -0500 X-MC-Unique: Vf9-cOJ5OzesPYT0iOxYzQ-1 Received: by mail-ua1-f71.google.com with SMTP id a1e0cc1a2514c-7b9f985f88aso94224241.1 for ; Thu, 16 Nov 2023 10:00:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700157635; x=1700762435; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=N8jO9uVCVvhZ4+F5Z/aAV+bkiow5OoBo+Ba5OJ/kTx4=; b=s2VDiVvcdjLBZiPkj5fHllw79qThJmyr5mJh+dVlx4RMHiZCGA+znHPOicmxg/0amM oKIFLqR69Hg3wOLJJ08ZgQm5VFG58Klcu1pM42iEGwTPgJK1b1bImmArtQFHN0jJXJxG Bw/7exrPy8OmeEpxn6onjMh5PrQGmiey7GwritHHZd0NbTCCU5D1nPBDWwACSL70DnL/ jukXIghxNi4IdFLAcMkgHKA5QI53DEvADpoFOo+Z8wbTur/lb12QresJ1wDoJ2/er1E5 xLLQwZWSdkYf1PF22SG2ss2lFaebOzRNMZOyAYL4wIsokJcamd0xNoh5PKtGO1gNDNJf a69w== X-Gm-Message-State: AOJu0Yy6MSw1jWLP6wHP0FpU9VvEc8s/Ak+kpBQkXLeO9qNqkkrger6A 8R0lZVZhT2oiIENFgxAA9XpaXbTGUjW0Ho05P1mImRYDS52qlf0ZmhaT3wrhGjeKChtf81j7+DF HoHc3QRh5kR0= X-Received: by 2002:a05:6102:829:b0:45d:980e:3ed3 with SMTP id k9-20020a056102082900b0045d980e3ed3mr9153574vsb.2.1700157634883; Thu, 16 Nov 2023 10:00:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IFjlx2i9Ecbtzr2CDgQi1gmLu8Y3djYZNYe6HZLBLTwmeOV8N9LjfNDVhKt20y4veYCOA4sOw== X-Received: by 2002:a05:6102:829:b0:45d:980e:3ed3 with SMTP id k9-20020a056102082900b0045d980e3ed3mr9153205vsb.2.1700157632968; Thu, 16 Nov 2023 10:00:32 -0800 (PST) Received: from x1n (cpe688f2e2cb7c3-cm688f2e2cb7c0.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id jy8-20020a0562142b4800b0065d0d0c752csm1529026qvb.116.2023.11.16.10.00.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 10:00:32 -0800 (PST) Date: Thu, 16 Nov 2023 13:00:30 -0500 From: Peter Xu To: David Hildenbrand Cc: Andrew Morton , syzbot , Muhammad Usama Anjum , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, wangkefeng.wang@huawei.com Subject: Re: [syzbot] [mm?] WARNING in unmap_page_range (2) Message-ID: References: <000000000000b0e576060a30ee3b@google.com> <20231115140006.cc7de06f89b1f885f4583af0@linux-foundation.org> MIME-Version: 1.0 In-Reply-To: X-Mimecast-Spam-Score: 1 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Rspamd-Queue-Id: 5C4C6160012 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: 4xkkfy9qns9eqz5qy4a6st4h9rtwrctq X-HE-Tag: 1700157640-269495 X-HE-Meta: U2FsdGVkX1+K9Kxee5X4d+oi2OP84wVxzcnhTB4WB/aOv+F8T9twli8q9aksr7MEt/nack4c7Qgmavuu0berfV1BMxFudGR15rFCY0we+XjaQxHz9c09dPdYIWDG1s6arSyF5A7H4JwRN0Z0CamuzbCW+LCE6MA9G+KR2wkcizk/Uq0Ep319b+kPvZVfyZ0oN392HwkecEY56812igOieDD6vO+5Ex8xBQ+CzUlatKt/YkPfl+SqNslsYci+z27Vcgh7YOvl0Qv4nFIQ/ZUMXnUr/1dPSxyZYvfpJJiUQx49p+FAQB6S4XcvBVuQ2scg9Y4V755l5uxmC79pQ8kbMEwOcHH8eHnHWw1OtGjQ5+OKSm+auzECXHZM2mEwsV0+8B3SC//oMIpm+qY62SPF/wgA3+d5uqq0Wlz5vxVt2If0LPxQ1Kejhr9COkgFlInVv0D2GhFt2hAZCBs2Y9fpXM/KlvfHMKgAE0AYYbGElnOSTZJw75pVCFSZkr8+DDj3xCZ7EtiAO/KSZ0NTccQe43ru2GvE0G8cSor2Wjyqnec7Run5eSMKpV7saq29EqAoWSWsBrZZQZfZJdzuh+tKo/wD5A/VolLHbRbdN64qYLiUZFAc8YlT92BALPvyXLaNup9JaKxn4lCq5x95oMdJRnZT/F+kKpKuutN9AekP/beb0lmzEHRhCc5r1cz614bZgC0cvQINw73hCFR1c8iWU26NIyK7disDvBUqpA5nIlOkjL52K39KekHLDIJKPVGCIQPqpatxtxKFR6HCtdJiWJlf2gk+qqOL90S8JM2GCNvAMemAldWw8JauzPl/hOADxOH5Kc8SkFqR4gICsH3ThzxASpXiRepOZFiH80iMe1fEZkQMVzusVKPAbKMuDYtB8WE/IUhZ2rQBIWjPeozZRYiqPiUipza7fCo+HgUdBd0R9bxH3SgN4iSJhXBeh8BHEm5ScnULGYeXE/jkD8N oZ32R4Ja dMEgSzvEI9fMCa0n/5Mk6BF0VEbE0+DKKBF82UdyTVoS9w97BXm+qTE/RvvWtLFz+vUaVtx27FL2girGTRZsXjgp6d0q+O0XAx4xEMi0FW4TCxDZWZNh/QV5Yy0OKbYZ2Jw/I1mLtO9gEYcPqmLUyTgaTzEWtwCK5zfN4uRCsHaDb6786vuz7LT1KT5gjBjvduATU9P1XsIlk7zvMNlzjaJaGZgdQWI5A2ykqWtHlrAWqHwz1HBXL2JixGeG1iEZYP1pACPP3Lg9SIzYYyyA6v2VAlE/+MhpVsPUwMna+e17qIcNlR1nOBURjC3Yu7alBUAFN1tZB3/y8GPtVWwfaPx4t39rWn79inZmx0Sx5l6scUlP+AwyccWUaeeNgLosHERYogBZ0zb4RJPp4o0gAKK68ItfjrF1hYuP064A9jHzFfHWHj6b8vqafq9vWMUbeP2+qjZvVFJZsvu+X6+cmESAbM0vuf49zJxnRCEBaV9xNQ8090YJ6G9EBVZmF+9jdTJbKROnd6CEKf5pySCt5CNHSEEeK+frdHxkJ48KM9730ZqADnZxsHuhuoFiPjLpqpa02T8JjEc82jQmiXKHGiwJqxXl8NK/JH/9i5MvRyTIftO1Hs3UN1L0HqbJLHdJZwL7hP8vfURCe+gnJTO9AATwz6PQ6bzmPHlsy4sWswaTU5YUpMtHVogDC0wAU8dq/D0Xo3YXOjPiI8JmqTBzO5RuWMAvgjTTMeEgWQhcB289FSqyi/d/ELsrWzz9o4IGvAvY3Z9zbWdlNxKdKV61OQE2BvM3d1UmLbM7VkQvQ5fJqBKNC0/3Y+dFZNlESCBnfl0MitCdI/GYLCeYWJ3A04FkKn/2KXw2rll6G0jen3Dj1BjhX2kVqKMzV0wXi2gqKCDiUOQ7kTRu2Y6zPOK/bs6sy6ERxQf0Zs0bIkys+OL3dOu25KZyutYcO22xtLW4h+hDGvUVoo9iT5aGy7SC8qlJj6WON cmkDo3X5 TDc2vopvwvZ6Xu9GFigslzZ/3xitu5u3JxmWKeHXyKQc7C9gy6/IOHN1jtzA26wpxZkG1uB0ZST6hjjT/LYfYguwaszWFR7sf0pQk7NMcPnn1fKR4AQP/JZdPPzIvEELC0iEByXGWBAe2ZfPNnlFoqJogVqAcOjsW6g2SUe45D4JBmzL8XBnV6j9jZt9qmcL1oRd1mUP4Os= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Nov 16, 2023 at 10:19:13AM +0100, David Hildenbrand wrote: > On 15.11.23 23:00, Andrew Morton wrote: > > On Wed, 15 Nov 2023 05:32:19 -0800 syzbot wrote: > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: ac347a0655db Merge tag 'arm64-fixes' of git://git.kernel.o.. > > > git tree: upstream > > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=15ff3057680000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=287570229f5c0a7c > > > dashboard link: https://syzkaller.appspot.com/bug?extid=7ca4b2719dc742b8d0a4 > > > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=162a25ff680000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13d62338e80000 > > > > > > Downloadable assets: > > > disk image: https://storage.googleapis.com/syzbot-assets/00e30e1a5133/disk-ac347a06.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/07c43bc37935/vmlinux-ac347a06.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/c6690c715398/bzImage-ac347a06.xz > > > > > > The issue was bisected to: > > > > > > commit 12f6b01a0bcbeeab8cc9305673314adb3adf80f7 > > > Author: Muhammad Usama Anjum > > > Date: Mon Aug 21 14:15:15 2023 +0000 > > > > > > fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag > > > > Thanks. The bisection is surprising, but the mentioned patch does > > mess with pagemap. > > > > How about we add this? > > > > From: Andrew Morton > > Subject: mm/memory.c:zap_pte_range() print bad swap entry > > Date: Wed Nov 15 01:54:18 PM PST 2023 > > > > We have a report of this WARN() triggering. Let's print the offending > > swp_entry_t to help diagnosis. > > > > Link: https://lkml.kernel.org/r/000000000000b0e576060a30ee3b@google.com > > Cc: Muhammad Usama Anjum > > Signed-off-by: Andrew Morton > > --- > > > > mm/memory.c | 1 + > > 1 file changed, 1 insertion(+) > > > > --- a/mm/memory.c~a > > +++ a/mm/memory.c > > @@ -1521,6 +1521,7 @@ static unsigned long zap_pte_range(struc > > continue; > > } else { > > /* We should have covered all the swap entry types */ > > + pr_alert("unrecognized swap entry 0x%lx\n", entry.val); > > WARN_ON_ONCE(1); > > } > > pte_clear_not_present_full(mm, addr, pte, tlb->fullmm); > > _ > > > > I'm curious if > > 1) make_uffd_wp_pte() won't end up overwriting existing pte markers, for > example, if PTE_MARKER_POISONED is set. [unrelated to this bug] It should be fine, as: static void make_uffd_wp_pte(struct vm_area_struct *vma, unsigned long addr, pte_t *pte) { pte_t ptent = ptep_get(pte); #ifndef CONFIG_USERFAULTFD_ if (pte_present(ptent)) { pte_t old_pte; old_pte = ptep_modify_prot_start(vma, addr, pte); ptent = pte_mkuffd_wp(ptent); ptep_modify_prot_commit(vma, addr, pte, old_pte, ptent); } else if (is_swap_pte(ptent)) { ptent = pte_swp_mkuffd_wp(ptent); set_pte_at(vma->vm_mm, addr, pte, ptent); } else { <----------------- this must be pte_none() already set_pte_at(vma->vm_mm, addr, pte, make_pte_marker(PTE_MARKER_UFFD_WP)); } } > > 2) We get the error on arm64, which does *not* support uffd-wp. Do we > maybe end up calling make_uffd_wp_pte() and place a pte marker, even > though we don't have CONFIG_PTE_MARKER_UFFD_WP? > > > static inline bool pte_marker_entry_uffd_wp(swp_entry_t entry) > { > #ifdef CONFIG_PTE_MARKER_UFFD_WP > return is_pte_marker_entry(entry) && > (pte_marker_get(entry) & PTE_MARKER_UFFD_WP); > #else > return false; > #endif > } > > Will always return false without CONFIG_PTE_MARKER_UFFD_WP. > > But make_uffd_wp_pte() might just happily place an entry. Hm. > > > The following might fix the problem: > > diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c > index 51e0ec658457..ae1cf19918d3 100644 > --- a/fs/proc/task_mmu.c > +++ b/fs/proc/task_mmu.c > @@ -1830,8 +1830,10 @@ static void make_uffd_wp_pte(struct vm_area_struct > *vma, > ptent = pte_swp_mkuffd_wp(ptent); > set_pte_at(vma->vm_mm, addr, pte, ptent); > } else { > +#ifdef CONFIG_PTE_MARKER_UFFD_WP > set_pte_at(vma->vm_mm, addr, pte, > make_pte_marker(PTE_MARKER_UFFD_WP)); > +#endif > } > } I'd like to double check with Muhammad (as I didn't actually follow his work in the latest versions.. quite a lot changed), but I _think_ fundamentally we missed something important in the fast path, and I think it applies even to archs that support uffd.. diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index e91085d79926..3b81baabd22a 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -2171,7 +2171,8 @@ static int pagemap_scan_pmd_entry(pmd_t *pmd, unsigned long start, return 0; } - if (!p->vec_out) { + if (!p->vec_out && + (p->arg.flags & PM_SCAN_WP_MATCHING)) /* Fast path for performing exclusive WP */ for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { if (pte_uffd_wp(ptep_get(pte))) There's yet another report in fs list that triggers other issues: https://lore.kernel.org/all/000000000000773fa7060a31e2cc@google.com/ I'll think over that and I plan to prepare a small patchset to fix all I saw. Thanks, -- Peter Xu