From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0800EC8303C for ; Tue, 8 Jul 2025 15:33:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A0A466B009B; Tue, 8 Jul 2025 11:33:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 993C86B009C; Tue, 8 Jul 2025 11:33:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 883796B009D; Tue, 8 Jul 2025 11:33:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 72DCD6B009B for ; Tue, 8 Jul 2025 11:33:28 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 2EBF2C0687 for ; Tue, 8 Jul 2025 15:33:28 +0000 (UTC) X-FDA: 83641491696.23.348EA40 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf16.hostedemail.com (Postfix) with ESMTP id 7A4E0180010 for ; Tue, 8 Jul 2025 15:33:26 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZihqUqDZ; spf=pass (imf16.hostedemail.com: domain of sashal@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=sashal@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751988806; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1XLFcDJ4oW8DgwBd5Tqu1cbACVXPZ6zW5FIskMyjDE4=; b=2YVwda78D5mPx7CIdSOoID+urBXecorJuHEs+Qc1uh+BBn0q/R/avFqwF8Yt2bo7z8ER1d gxoviCfoxKlYwlZdMIB6QYlYZDif/keFStiIIna8FBY3IfDR9ptsgLIuJsOgrgT1vP6Qiv vOFjbyVaKiRn7BWTx66kVYDswiU1X5s= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZihqUqDZ; spf=pass (imf16.hostedemail.com: domain of sashal@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=sashal@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751988806; a=rsa-sha256; cv=none; b=gD2F7S+IGL8B77h48YaaYNA0rrf80DdhpPFKeOqoECm9nKJxQ1FncLgGOaQgH+oZxpRY+W hK28rUUlbe5CxIW+TMTcoxsncjUpU9wRXCMoEyBjVBllqrcZjKFjK0Rw7LtV2A1o+2bfBi 6hU9H5EIU4guPY2I/7uKku2Y8whAC4s= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id AAA9AA53E69; Tue, 8 Jul 2025 15:33:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28FCDC4CEED; Tue, 8 Jul 2025 15:33:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1751988805; bh=gwGumTC/MUdoi0zvgWSQcU5vXJTTpO8IuLWj2o/iaKI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ZihqUqDZ21/bJmp92jGOEjOW9+ObwGzlwxGM6p1YOobHpqpKcvkOP5THwVG0wQhAx +oKkB50gUJrcou5+jvBHnG70R/ViVqTBEgR3KUxc/JFnlVoe7nX/tXChchlHBfemqO lRBp6Kmil3nStFCkazz3aJHbbCw8u/3YgPR1/buSwOu9BIDODJ6Si1Pya6mBBATvsN G7TY6q1yRwHlx5DnXiVDHp3RMSji8oSaouoOWf9iI4CpWLOAlzIfTq22iqQ6Miil2R V6wem4Sea1hduI98t2brAI2hGIOeCzAdgAKKZKtoAYdNquppWOVsZfe+Z4XE3VfuLj QVFpYaQUYDb2w== Date: Tue, 8 Jul 2025 11:33:20 -0400 From: Sasha Levin To: David Hildenbrand Cc: Andrew Morton , peterx@redhat.com, aarcange@redhat.com, surenb@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] mm/userfaultfd: fix missing PTE unmap for non-migration entries Message-ID: References: <20250630031958.1225651-1-sashal@kernel.org> <20250630175746.e52af129fd2d88deecc25169@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 7A4E0180010 X-Rspam-User: X-Stat-Signature: bo96czzzokeip1gz1jcdnwhb8fax17dh X-HE-Tag: 1751988806-861846 X-HE-Meta: U2FsdGVkX1/XQaof3CS+ulgYbenYzeWFuv2kQIkRjcOMVB6PqfJkKe87tlb6n21mBpMFLdk+0jtSl7MvnO97cidLy4RIPcuQahPq4Dy6mctnacCbJKOC/doPsC3tEzRlF9Hdkqkb7kuWGuIT8rAOVGlS/6RR3LxCoDy+V/J7Om1qaueyT0LlVSoYxp6g2evB2QdcgpIjVhfcKd3KS9Env+pMGggQisKOiv7P10W/dQUmDxIWCPwBXdPCMEW8bxx/ezUAoBNAs6Om9GWZRZBq8rzTHR3zCkS1akfRzGIR5P8NhzgfWsK8rVA6XvrUR9SKPEEi0CR3zZ1bAacwZTLE31DLVSE7A8a/E+OsT8hxS8conHqEmqV7PQN/RfzH9PpNXh7azrUHuxeJbppBcQCpI965ByqPEiLRP4AjKJDBMAZl2wDgbzDzRMz56TqQI4ua86Ww4CBN/hbGCVDMgYQo82cB+/XVGZijKwwWk1mG4XxLNRRDUlHASPqegmVVEVapVzdc+C7MNlqd5m7TB5raD5J51usqeopYlsk9hv0BXgk+AMMTQ/GRLyDoUCsaTA7G0u8lP9+xl3RqJUDp7Q2OiOt4uw6+a4fVnq9zJq5ityW9iKcoRUjJoTPZBPF8ujhqp7+dyiKP4jfFSMZtIV/l0DlMpGt22rHf9zEBrDlt7S99v4q3vCqsVbggt7xElHlg9I+YPosBK0OPaemrc2uUQJo001NPJtpxnd4OKpfUpYxsla3pU/TdAXmXOotWuJu5pEmWH8R08LhHDNKKIY7kR+t8UKj7fEAVVoNwpJYcJw72DoW9/x+wSZXQWUcacVYoUsUl3ZYv5ipPIZTi4eCqVuzlEZqjNtT564o/gjxMEb8Ix8m2knlmoRSKldo1aVHBgePwB9qrz3G4Tm0nK/uh8pwtMjyF/WSswYzuv+p650gr3VAGlj3f/xXLRfDettpR6h8YQkTRCzX2F90bFJ8 6Lm0ukQa xYFyNxe+urm5DOjxQZalMW4tT9KmfwfJpMXLzj4Rdd/p4TQYGgCycjFeIStmf2NSB5IHndv/YTLM/Mv4rtI3Vp/MuSST8/4wWfVZwYTTSWL64QqNFR0j3/jRJQlp3KGzJBdDZLfhUL7PCMRvITFCHiuGusigqfzykH3fWb9vTHI3+qbn9C+NezZQ1PBqI/3VhfPXpMpvuZeQ6X0lo0RN4m7C4JSKBRYB4vakljTSU+h4IYfrVe3yC77/uAKjwXRBpb48+J5f1p3Gnqf8DpBKk64uCa2vwpnyJZ/YOlsfYTSCRwwlwTTkH3XrmtyF1jxaeLo68Nv+6dkO3eTA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jul 08, 2025 at 05:10:44PM +0200, David Hildenbrand wrote: >On 01.07.25 02:57, Andrew Morton wrote: >>On Sun, 29 Jun 2025 23:19:58 -0400 Sasha Levin wrote: >> >>>When handling non-swap entries in move_pages_pte(), the error handling >>>for entries that are NOT migration entries fails to unmap the page table >>>entries before jumping to the error handling label. >>> >>>This results in a kmap/kunmap imbalance which on CONFIG_HIGHPTE systems >>>triggers a WARNING in kunmap_local_indexed() because the kmap stack is >>>corrupted. >>> >>>Example call trace on ARM32 (CONFIG_HIGHPTE enabled): >>> WARNING: CPU: 1 PID: 633 at mm/highmem.c:622 kunmap_local_indexed+0x178/0x17c >>> Call trace: >>> kunmap_local_indexed from move_pages+0x964/0x19f4 >>> move_pages from userfaultfd_ioctl+0x129c/0x2144 >>> userfaultfd_ioctl from sys_ioctl+0x558/0xd24 >>> >>>The issue was introduced with the UFFDIO_MOVE feature but became more >>>frequent with the addition of guard pages (commit 7c53dfbdb024 ("mm: add >>>PTE_MARKER_GUARD PTE marker")) which made the non-migration entry code >>>path more commonly executed during userfaultfd operations. >>> >>>Fix this by ensuring PTEs are properly unmapped in all non-swap entry >>>paths before jumping to the error handling label, not just for migration >>>entries. >> >>I don't get it. >> >>>--- a/mm/userfaultfd.c >>>+++ b/mm/userfaultfd.c >>>@@ -1384,14 +1384,15 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, >>> entry = pte_to_swp_entry(orig_src_pte); >>> if (non_swap_entry(entry)) { >>>+ pte_unmap(src_pte); >>>+ pte_unmap(dst_pte); >>>+ src_pte = dst_pte = NULL; >>> if (is_migration_entry(entry)) { >>>- pte_unmap(src_pte); >>>- pte_unmap(dst_pte); >>>- src_pte = dst_pte = NULL; >>> migration_entry_wait(mm, src_pmd, src_addr); >>> err = -EAGAIN; >>>- } else >>>+ } else { >>> err = -EFAULT; >>>+ } >>> goto out; >> >>where we have >> >>out: >> ... >> if (dst_pte) >> pte_unmap(dst_pte); >> if (src_pte) >> pte_unmap(src_pte); > >AI slop? Nah, this one is sadly all me :( I was trying to resolve some of the issues found with linus-next on LKFT, and misunderstood the code. Funny enough, I thought that the change above "fixed" it by making the warnings go away, but clearly is the wrong thing to do so I went back to the drawing table... If you're curious, here's the issue: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-43418-g558c6dd4d863/testrun/29030370/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmhighmem-kunmap_local_indexed/details/ -- Thanks, Sasha