From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61BDBC27C53 for ; Wed, 12 Jun 2024 05:12:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E6D7E6B0146; Wed, 12 Jun 2024 01:12:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E1D946B0147; Wed, 12 Jun 2024 01:12:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CBF186B0148; Wed, 12 Jun 2024 01:12:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id ADD866B0146 for ; Wed, 12 Jun 2024 01:12:05 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 34FB3140CF0 for ; Wed, 12 Jun 2024 05:12:05 +0000 (UTC) X-FDA: 82221065010.02.8A458D9 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf10.hostedemail.com (Postfix) with ESMTP id C24AFC0003 for ; Wed, 12 Jun 2024 05:12:02 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="fX25/7Y5"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=TQEukDXp; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="fX25/7Y5"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=TQEukDXp; spf=pass (imf10.hostedemail.com: domain of osalvador@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=osalvador@suse.de; dmarc=pass (policy=none) header.from=suse.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1718169123; a=rsa-sha256; cv=none; b=4XDGGbgXaefSX2B3plKlbvFLb4+K//d2/HTuZEyUnUlGs3oiq3JMeY/wprr7L5r5JvUZhM pgksgLshL3nHWhbF5vvqtx3+Z7e3R3whPwdqrPcU4wgi8Tmlun4nCLxdRFUC5WTIPkT1cB POPV7QJ/6v5Z4iaHaf+l9ipzV7x+3cQ= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="fX25/7Y5"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=TQEukDXp; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="fX25/7Y5"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=TQEukDXp; spf=pass (imf10.hostedemail.com: domain of osalvador@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=osalvador@suse.de; dmarc=pass (policy=none) header.from=suse.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1718169123; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=r3YBn/nAZuJl3pGHfMw3MJArLAqmqGFrn2hyTXR70cM=; b=cWNCgK7AZfFneTr8lbn7ABZiCZnisgCcSaSuhsltVWhoh8wQ5nAQFd6j9FUti0IuqCyNst Bc/qn8wBp68UsxhhMk6E0RCyuMm0hHysVKOImXjk68wO1ZvZ8rkjEPt+AaU6RAAY/KH00I iBdw7EJokoTSxE/G8GrJa0GmYS8I3wo= Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 1231A33EC2; Wed, 12 Jun 2024 05:12:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1718169121; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=r3YBn/nAZuJl3pGHfMw3MJArLAqmqGFrn2hyTXR70cM=; b=fX25/7Y5DzIfPRxSG5CRhJ4ACd8LIvhUipT+cSstyXQ+yiSfeFf8+WXErYQ1K35LOA8jJ4 768G5z2kFRGqZa/R6L2CayIfYFjmkrqRY3/z3AnJpqkZH3KF1zqjA9wPslf6PFB4Ww+uDt UElrJNaMjPwPFt5MfYpWT7byu3Usw4Q= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1718169121; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=r3YBn/nAZuJl3pGHfMw3MJArLAqmqGFrn2hyTXR70cM=; b=TQEukDXpbw6EYkkYBQxMR/vDy3gpQQr5imz/npGfEGpWWj4ZtF5o0EXw0TAhGRzd7A6WNT CAIzVzWVfLtY3YAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1718169121; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=r3YBn/nAZuJl3pGHfMw3MJArLAqmqGFrn2hyTXR70cM=; b=fX25/7Y5DzIfPRxSG5CRhJ4ACd8LIvhUipT+cSstyXQ+yiSfeFf8+WXErYQ1K35LOA8jJ4 768G5z2kFRGqZa/R6L2CayIfYFjmkrqRY3/z3AnJpqkZH3KF1zqjA9wPslf6PFB4Ww+uDt UElrJNaMjPwPFt5MfYpWT7byu3Usw4Q= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1718169121; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=r3YBn/nAZuJl3pGHfMw3MJArLAqmqGFrn2hyTXR70cM=; b=TQEukDXpbw6EYkkYBQxMR/vDy3gpQQr5imz/npGfEGpWWj4ZtF5o0EXw0TAhGRzd7A6WNT CAIzVzWVfLtY3YAQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id A0217137DF; Wed, 12 Jun 2024 05:12:00 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id +EV7JCAuaWY2KAAAD6G6ig (envelope-from ); Wed, 12 Jun 2024 05:12:00 +0000 Date: Wed, 12 Jun 2024 07:11:59 +0200 From: Oscar Salvador To: Andrew Morton Cc: syzbot , linux-kernel@vger.kernel.org, linux-mm@kvack.org, muchun.song@linux.dev, syzkaller-bugs@googlegroups.com, Vivek Kasireddy Subject: Re: [syzbot] [mm?] general protection fault in dequeue_hugetlb_folio_nodemask (2) Message-ID: References: <0000000000004f12bb061a9acf07@google.com> <20240611103005.ae4170608bd15d63adee2492@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Stat-Signature: kmi4ndt1djetu1kbwe8j4sjdot93h4kt X-Rspamd-Queue-Id: C24AFC0003 X-Rspamd-Server: rspam04 X-Rspam-User: X-HE-Tag: 1718169122-817458 X-HE-Meta: U2FsdGVkX1+SPr+AocaLkpRdfyucEj1qa37SJOlnDUJdeiho31L2jMYJd2DFtRrY5ek3QDE/v7oImCvtg3SeDNh13by5iCh5yaYFGkHfmEZdg/E63JjDhR+vO15G2MTQwV3YilZaBuOxNpRLVb5onq3v68t5sBcDfHd061hVzylRT6dpFtH3WK1oXVBNDV1LMLoXgG142WZErA5J8fDOOL5h1lqYpsW4CmDLFOpiG5UT98oq2UQ+Tny0f3IreRuvTCWE2DC0j5Dd/O9z3gGFiTNKeWh2RmP8lBkjbq5oriM9k0BchSgEnovm5lGMyPT3DOJO3c3ZXUyxw4/x+8+AM6gvyzF49Ib9H8VVQe23jHTe19DyZc7OZnCvTwttm8yCszVvDaRL3gUAKmUhZUQBlvWWcs+QZiJL8ep5ec9Wo7XghYuDiGyB1BQ6lbgDh1DTMmS/IIvyYyYxBH1rbZ8j0SaxHXVmIo71DmTgP3RR5bFwBY7K9InVnAWaTRFAXeRrpCbazJ2GSD6fgMkcAj93y64RsUdzDBNzMlaxdnOdd2PZy2yu7WgiDelfJuU6FsuKzmbfsneGAyicdNAuue7M6Xjj+gUdZjlIKu86Uk1fKRlhIQo+hUUcmOGWYRRLT7LfWp0f1a34PxFThm7xTPhejFT7MupuwbiWQlnLLQyk0/cxBGRtU37fH3L1cJMCTGNXI92cosyLPD22SsiW/LE1/YKlIhdjHENQokYCr1bc9soBD3+Szr4tfylryEb5IL4Ihl/XtbPAbiM8nTT/nctLPW0DhvzpdddZ4egMRRc0WBrfFCjGQN2gKAN+Ll1/0TlMg34rksLvItTnwQT2vgrM4SxdZVgACVY06thhEh9yrntSI+IvhF2Q/yPN6a+EwIzbPY+ne1XUhsCwr55bQxM1HwylozeT1h5E2Sk4VY5DRYPNWRr23xoR/lXKgz3nv/Ufdg/rTVlphfeHzx40vB2 crXcKrcG YW8DapCIALc37gkycTEK5JeHvxySqdjFmZ4bDRsUSo4eV5oaKBc5tfC4PviWQckGYejrQyeipDFtPhDXtobpRj1hHsAoVjU7dFy9TZYGkRqTfRL3HwrMexqGzYN73cvKN/8Re7owDbhkSkhPaiLp2JzwfN8xZAA/tm8N7t+lM5EsQ89HerfWUHPR9vrDwvzzQLJVrBeMTKbcE75rR1pDl9nPGQ5ENnjr9G81yK97tdEzu0AH7lmYGsoXSwS9fl1RY+bkaekJgGnfILrOAA9KmGApZdEdC20GvIQNV7nB8jfd6yzdJWBTYs4XjumkPLXuHGMC1kUcU7AHRYm8nQptBdLtw4V2ySNLZFJhnlG/8JXEzZ9sbyDy4GaMGLx6kTpCbuQzqngg/yi66QG3DEQG4fmeg1Nnj5A2tb1pHA444xk8SRY7N3y+DLJXgB43rlnfztRfL X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jun 11, 2024 at 07:52:06PM +0200, Oscar Salvador wrote: > On Tue, Jun 11, 2024 at 07:46:33PM +0200, Oscar Salvador wrote: > > On Tue, Jun 11, 2024 at 10:30:05AM -0700, Andrew Morton wrote: > > > On Tue, 11 Jun 2024 03:34:25 -0700 syzbot wrote: > > > > > > > Hello, > > > > > > > > syzbot found the following issue on: > > > > > > Thanks. > > > > > > > Call Trace: > > > > > > > > alloc_hugetlb_folio_nodemask+0xae/0x3f0 mm/hugetlb.c:2603 > > > > memfd_alloc_folio+0x15e/0x390 mm/memfd.c:75 > > > > memfd_pin_folios+0x1066/0x1720 mm/gup.c:3864 > > > > udmabuf_create+0x658/0x11c0 drivers/dma-buf/udmabuf.c:353 > > > > udmabuf_ioctl_create drivers/dma-buf/udmabuf.c:420 [inline] > > > > udmabuf_ioctl+0x304/0x4f0 drivers/dma-buf/udmabuf.c:451 > > > > vfs_ioctl fs/ioctl.c:51 [inline] > > > > __do_sys_ioctl fs/ioctl.c:907 [inline] > > > > __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 > > > > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > > > > do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 > > > > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > > > > > I think we can pretty confidently point at the series "mm/gup: > > > Introduce memfd_pin_folios() for pinning memfd folios". I'll drop the > > > v14 series. > > > > jfyi: I am trying to reproduce this locally. > > Actually, should not memfd_alloc_folio() pass htlb_alloc_mask() instead > of GFP_USER to alloc_hugetlb_folio_nodemask? Or at least do > GFP_HIGHUSER. Ok, I spot the issue. memfd_alloc_folio() was calling alloc_hugetlb_folio_nodemask with preferred_nid being NUMA_NO_NODE, but that is bad as dequeue_hugetlb_folio_nodemask will do: zonelist = node_zonelist(nid, gfp_mask) which will try to get node_zonelists from nid, but since nid is -1, heh. The below patch fixes the issue for me, but I think that the right place to fix this up would be alloc_hugetlb_folio_nodemask(), so we can place the numa_node_id() if preferred_nid = NUMA_NO_NODE in there as a safety net. This way we catch this before exploding in case the user was not careful enough. I will cook up a patch shortly. Another thing is why memfd_alloc_folio uses GFP_USER instead of GFP_HIGHUSER, but that maybe because I see that memfd_pin_folios() is used by some DMA driver which might not have access to HIGH_MEMORY. diff --git a/mm/memfd.c b/mm/memfd.c index 8035c6325e3c..2692f0298adc 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -68,12 +68,13 @@ static void memfd_tag_pins(struct xa_state *xas) struct folio *memfd_alloc_folio(struct file *memfd, pgoff_t idx) { #ifdef CONFIG_HUGETLB_PAGE + int nid = numa_node_id(); struct folio *folio; int err; if (is_file_hugepages(memfd)) { folio = alloc_hugetlb_folio_nodemask(hstate_file(memfd), - NUMA_NO_NODE, + nid, NULL, GFP_USER, false); > > > -- > Oscar Salvador > SUSE Labs > -- Oscar Salvador SUSE Labs