From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89741C7EE30 for ; Thu, 26 Jun 2025 20:35:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E2C4C8D000F; Thu, 26 Jun 2025 16:35:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E049B8D0001; Thu, 26 Jun 2025 16:35:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CF2928D000F; Thu, 26 Jun 2025 16:35:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id B6DC78D0001 for ; Thu, 26 Jun 2025 16:35:43 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 5CF2558D05 for ; Thu, 26 Jun 2025 20:35:43 +0000 (UTC) X-FDA: 83598707766.29.B9C9DC3 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf01.hostedemail.com (Postfix) with ESMTP id 1DECE40005 for ; Thu, 26 Jun 2025 20:35:40 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="1C1/JdlJ"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=7Ves1OA5; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="1C1/JdlJ"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=7Ves1OA5; spf=pass (imf01.hostedemail.com: domain of osalvador@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=osalvador@suse.de; dmarc=pass (policy=none) header.from=suse.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750970141; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ip7Z31436t77dS85M6up0gd93ynn9vaRqbRMuIaCk1M=; b=3xodv55hhIEM6RWnrmUdLz98HVtHXCnec4DF6UIZFTDHoM1AFhFgUai+wQQVwDeac3WilQ ljUdPblF1L+xVppBMLPhB662G0BCENLW9U5sKLyIxThiSPLrrQ0aAKGw1gEWEMpLxA66EH PPHvpMXiEr9t+RF850xRVglUjBa4cl0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750970141; a=rsa-sha256; cv=none; b=5aonHv+sRwnXsCiJ/v02lxraQ23R5MEqOCNoo/4rOqC7Iii/eAX+WyYn9qB6qORzhzScZR lsPY8od2e7e09IiKitUXy5ObkBEGWCJFvL3u+hUaLCcCO9vubLXo3pzvkI+0v26mj20frj 5k6tonTvmJDvwjbngF4e2tetD/8PFr4= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="1C1/JdlJ"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=7Ves1OA5; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="1C1/JdlJ"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=7Ves1OA5; spf=pass (imf01.hostedemail.com: domain of osalvador@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=osalvador@suse.de; dmarc=pass (policy=none) header.from=suse.de Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 6B8052117C; Thu, 26 Jun 2025 20:35:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1750970139; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Ip7Z31436t77dS85M6up0gd93ynn9vaRqbRMuIaCk1M=; b=1C1/JdlJYhfUFT2kAiN0dl3hGMM0wksxFVa6ze82AJU7gmiJ4OFESnj1YwPSHKmg5SPBco Gl81SaNUH9mB/NbRLfEmJWOqz8BY2PFFCoee2oK2jfuGqOgsjIHBRVj8A0sM5MBfJv3oOO zPc0OOp3IKcIe0rCACRVrOvS9l6aizY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1750970139; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Ip7Z31436t77dS85M6up0gd93ynn9vaRqbRMuIaCk1M=; b=7Ves1OA5GcgDN1nWUvBJSCzutEzjxwNSnx6Ykt5erIxBzfiO+G8nz1u77/csHaPhbQ1Ong n5OC1ckpZlqdQkAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1750970139; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Ip7Z31436t77dS85M6up0gd93ynn9vaRqbRMuIaCk1M=; b=1C1/JdlJYhfUFT2kAiN0dl3hGMM0wksxFVa6ze82AJU7gmiJ4OFESnj1YwPSHKmg5SPBco Gl81SaNUH9mB/NbRLfEmJWOqz8BY2PFFCoee2oK2jfuGqOgsjIHBRVj8A0sM5MBfJv3oOO zPc0OOp3IKcIe0rCACRVrOvS9l6aizY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1750970139; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Ip7Z31436t77dS85M6up0gd93ynn9vaRqbRMuIaCk1M=; b=7Ves1OA5GcgDN1nWUvBJSCzutEzjxwNSnx6Ykt5erIxBzfiO+G8nz1u77/csHaPhbQ1Ong n5OC1ckpZlqdQkAQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id DE7CA138A7; Thu, 26 Jun 2025 20:35:38 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id sXqBMxqvXWhOGgAAD6G6ig (envelope-from ); Thu, 26 Jun 2025 20:35:38 +0000 Date: Thu, 26 Jun 2025 22:35:33 +0200 From: Oscar Salvador To: Vivek Kasireddy Cc: dri-devel@lists.freedesktop.org, linux-mm@kvack.org, syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com, Steve Sistare , Muchun Song , David Hildenbrand , Andrew Morton , Anshuman Khandual Subject: Re: [PATCH v2] mm/hugetlb: Don't crash when allocating a folio if there are no resv Message-ID: References: <20250626191116.1377761-1-vivek.kasireddy@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250626191116.1377761-1-vivek.kasireddy@intel.com> X-Rspamd-Action: no action X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 1DECE40005 X-Stat-Signature: cg88da1qh7hh4uhqmjxmi64kxxe9u1g6 X-Rspam-User: X-HE-Tag: 1750970140-620295 X-HE-Meta: U2FsdGVkX18//OYOPco5SbsGBoprUrnBp/byOQImTof/BmNnhavm4r8XVvgfJe8QYABryEiGHKnXNZw0tF/Jzp7i9M9WtI3Fg9aKMal6njNPgcwIKZK5+w0WFZiu3RRRnJ3u5IE19TZ9W/VIhgg94fYyqbYGvxrGc2mTzGvt8OyCOq0J6CKXNT7u6qAclRSpnX5jPmTsiIKwnE/4AkubX3SJdjh52TCSo5UHI2gSyDPf9Gky++Efx5uj5qQrM6mfsZxC43kw/oM3B0iZJxEN6QI8dDHcqTxHVP9HcLZFwjLJigtAVRpAAUSNleZoMy9exlb7zblU35Lv+HYhTtLh8uCJUW4Ppjo+Hdc0wxe2etq+DEZY8Ve7AHpRMFEcTsJHnuEycMOOmQomn649EnI5pb2JgJZ4liJXimAdyXwcGP/Km6hWL/USKhcDAxYKh2Pg0xegJNAcb2Ko7uDrIzUmtjn1qaXrIuoXf8DZ8/pIO9cl+6aPnMHM0J3jtY4ce9ompS8UocjfRxJT8cApeaT39VQQ6G+UFN33dsENtLFuiycqW8rUVZOWyYQXfubnbVVoL9iMqL38S7hR0aPErlxxcTJwz+b5nEIB02X9/phgP9FK7W5mFN1xsD5IXF+11fK3SzZnclcUk2D0+ZGbqxXZ5dq3pdYtj9H3s2auXlmHomLuxUPQCQnP2fr6AhbW0OMhh4J3MoTnH87pBW354yERx5jiUiJ28BZTBIeuxnLh9VNqGN0GzmaH+GPKGeFef5f9d/cUDVMxXIl577Kgv/2r0G/UugCTRscJ87O+jcdJYV6C02a/5yu0tFBrDAykBLnp9q1bpP6vcKWYR5bO1FVJMbp60Btw1k3vtj0HV0ETv5skNqNGXMARy/B4DnA5xFQa6CxH+vkHxRUjKyY3SUFwkH3r84womthIwT6Ucv7QgVa2Z5EaXNLui3ztYUcNz7eNum2kFVQvtF7ERPOqz5x KojRMjtq Yse1EaA/LYIVSwLzyHNLGVCqPGSpdTP74iMQJJy4TgdO1PV1wWVRE1gzXVYhhGE1/UVx9VpJSpt8skba9JPmJIVfCz76xjfz31dbt9l+jL+0QWyyCjxbDgV2u+2FSyh8poEycRsKZFspt1FcLfKEJPQh4zA/PhBY17lM8kNlQEw9+zaNWLLJ68tKFZ9JdL1stGUh+l6q8nBgmiPKhGHp914pkCqNZvDwVTK4OQg9HkJ2KBvEfQsP4WKjd9SD/uPzywp0sheLTBBo3oxRa5sb3LJeXIP/veYZ/jvdRWBsFuL2Tq0rBG+lPXUMuvSk9J42EvsxkfIqE0ucwtC3SmB0jXJhznHYYuHifX1/0jbklafIVIiZQxiCVwzHE7/jReTIXGeobWBg4nvRBEHwBZTm9ztatCke9vN1060xUpJzE2wRUvXZog0NwVI+NkCCGXnmh2kp3JyuMxhBIjwKjpvyobhIOaOFlK6H8bZWddISr/XkPddtkOkFQFCYE/jckaagf+pny4Ml1J/lqyG/hVluUwG5FaSJULGkoVjiG5mJXEYB0FiigO8u4YJgHDr+MUMkAERXSnilKbmmMCCcHD5jFWKyY0s8Sggrcxz6CtIUd79ZpDa8/kbyDrobNkAnDil1bcorv3LFip8zvCl4w0qPjiqywqA2ds4+btkp4RYtE2OkxRDi1MzCS1IlKFks05nwoH2Eq1FzPrRUJ3FLespAWnIPA+xPFCdCZ9vL6zFYv/jB9lt2a225gjV9cMY90tpVwhUVQmiyqhSsAsGQTOkH7SrLFLG/knXqDz9GF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Jun 26, 2025 at 12:11:16PM -0700, Vivek Kasireddy wrote: > There are cases when we try to pin a folio but discover that it has > not been faulted-in. So, we try to allocate it in memfd_alloc_folio() > but there is a chance that we might encounter a fatal crash/failure > (VM_BUG_ON(!h->resv_huge_pages) in alloc_hugetlb_folio_reserve()) if > there are no active reservations at that instant. This issue was > reported by syzbot: > ... > 3) is the most common use-case where first a memfd is allocated > followed by mmap(), user writes/updates and then the relevant folios > are pinned (memfd_pin_folios()). The BUG this patch is fixing occurs > in 2) because we try to pin the folios before hugetlbfs_file_mmap() > is called. So, in this situation we try to allocate the folios > before pinning them but since we did not make any reservations, > resv_huge_pages would be 0, leading to this issue. Well, if we did not make any reservations, resv_huge_pages will be 0 for sure, right? As I see it, this piece of code is steril, because you have to entrust making those reservations to someone else for this to work. (Like you do in the other patch). But this fixes a bug, so.. > Fixes: 26a8ea80929c ("mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak") > Reported-by: syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=a504cb5bae4fe117ba94 > Closes: https://lore.kernel.org/all/677928b5.050a0220.3b53b0.004d.GAE@google.com/T/ > Cc: Steve Sistare > Cc: Muchun Song > Cc: David Hildenbrand > Cc: Andrew Morton > Cc: Anshuman Khandual > Cc: Oscar Salvador > Signed-off-by: Vivek Kasireddy Acked-by: Oscar Salvador > --- > mm/hugetlb.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index 8746ed2fec13..a181c55f268b 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -2340,12 +2340,15 @@ struct folio *alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, > struct folio *folio; > > spin_lock_irq(&hugetlb_lock); > + if (!h->resv_huge_pages) { > + spin_unlock_irq(&hugetlb_lock); > + return NULL; > + } > + > folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, preferred_nid, > nmask); > - if (folio) { > - VM_BUG_ON(!h->resv_huge_pages); > + if (folio) > h->resv_huge_pages--; > - } > > spin_unlock_irq(&hugetlb_lock); > return folio; > -- > 2.49.0 > -- Oscar Salvador SUSE Labs