From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20857C83038 for ; Tue, 1 Jul 2025 17:55:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 577F86B00AC; Tue, 1 Jul 2025 13:55:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5008D6B00AD; Tue, 1 Jul 2025 13:55:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3EF496B00B0; Tue, 1 Jul 2025 13:55:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 299336B00AC for ; Tue, 1 Jul 2025 13:55:28 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 832D112421D for ; Tue, 1 Jul 2025 17:55:27 +0000 (UTC) X-FDA: 83616447894.29.DA0AFB2 Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) by imf19.hostedemail.com (Postfix) with ESMTP id 4FDEA1A0009 for ; Tue, 1 Jul 2025 17:55:25 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; spf=pass (imf19.hostedemail.com: domain of cb@df7cb.de designates 80.241.56.172 as permitted sender) smtp.mailfrom=cb@df7cb.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751392526; a=rsa-sha256; cv=none; b=C3+jy3Gj+Vu+JNc8PPpiHRU/HVW8ZH1He7jyUKa9rg3fhH+8Wqk1GwdDoh0cE/OMCdET5D ZlBpTs+HCpW5Hc8DYblO8fGZn3bdqN67i4tHMLFlnCLYBUXn9U0GZPXMYATb7d2HGPPkWI GlVMZFV1Io2dy3cDDR5GBd9EjE1YoKU= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf19.hostedemail.com: domain of cb@df7cb.de designates 80.241.56.172 as permitted sender) smtp.mailfrom=cb@df7cb.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751392525; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iZDs5vumlxZQv1/JRrWYi1a7Kx8qOKYKJFBttEtZBDs=; b=xY2kIbpW1At/f3VhkKzT5yJRt89+Y/TB0sGhJKejKQcS+SwgTa5E/l9FHsqEBsEM3eNcan 7O7jcvmv/mm9w0+2ors6nZm69eL54akDhKjQldxryznRxeg0oVXFKskHI/Znh1uL8uvXHl dhPgOJnzaZ6qnoe7csfDnQCoXyD2P3I= Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4bWrKP0FPbz9t27; Tue, 1 Jul 2025 19:55:21 +0200 (CEST) Date: Tue, 1 Jul 2025 19:55:17 +0200 From: Christoph Berg To: Zi Yan Cc: David Hildenbrand , Andrew Morton , Matthew Brost , Joshua Hahn , Rakie Kim , Byungchul Park , Gregory Price , Ying Huang , Alistair Popple , "open list:MEMORY MANAGEMENT - MEMORY POLICY AND MIGRATION" , open list Subject: Re: [PATCH v3] mm/migrate: Fix do_pages_stat in 32-bit mode Message-ID: References: <25EB3C6C-4D6D-4946-BF0B-9B322E7DC16D@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <25EB3C6C-4D6D-4946-BF0B-9B322E7DC16D@nvidia.com> X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 4FDEA1A0009 X-Stat-Signature: a3nza57o3br7oxibb1adhsgkwph5387c X-HE-Tag: 1751392525-714010 X-HE-Meta: U2FsdGVkX181jFJK983t3OQbC+FiTUzDv7TParIJPPuiVkj452ho4TTvRg2t74LU21r3P4TDL8g7RV/7957Hdc0aHQB1cNvxaD5sjiKPF/weHmR9lIbBWF1XODwy+K4mb2jbV/rPwAeAF1LI0sT9VCB0casHqVILSiZXAw25pWbkWrofMwSi0F+xJYbSdy92t/C+IXD2cJ0gUfsOE07NDdYyLVUmSeDoi2ICbNqOL0RneyurmyAnaaAh7QLrvxyVxlAJAJKEpg/lrsMMmmIdToLQ6Mk9l8EnYnZsUyOZllq+3PNmisTjdDoWGhMQHKgipKhunNl1roTQdJ3BIOYG5zA8J5yBvg/E0NnHmuy23eZLDj+US1gRQqnADxM6gPKqJFXMyVrvOsCnG+4jsHrDPAkUXjdYqN1xztCb9CbDk/JlhNLHWJXLczXo191tdo3NvRdNCT0ZNLYb6ur+G7lKsOMi5Nea1U3jdNJjB1B0gdYFlHuuAYOJP8AsUeJYxzOd8k2dPo+Fqug6s9MAAggfCe4Q7y1xEa2ajgkdTXPEwTFew4XEUtw9B9CUaVDmLwFdFydZM5VomeCWBo8+sp2diXnbFqc/4mQXmvV7XcuSwaHx0JsstibRzNiYiXKiCBXFcSrvE88XDPa01iJPxxKe4ckFH6nzLrMJ9LhvkCuNS0hrzziQwQS5tj5nlObNI4CsHeW3Or8x2c0egU1713GMmyMzmxMW2yYIfUaLz3yjPSQ2SLnhkA7YhZyqjW0n0LbiYpj4zGS75jX7DOS0PqWw4BhRo5SbSM0ddTjvmKFoSpF8vbSQUI1juiXyBsu544MnmnZOy+WPGFae+qXmyIH5k1J6DBjAFzSANum9JzrtKQLQY5UNZDGAMDTBL6ydX7JsVGrn1AXXYxvCAuEh4Go4bTPQxfIOHEZNxV2fKc0JElxafkSOwJ+8QJ+ltlMEETR85/6TAuV7cDh3X9IftSi NFHv3hEk O4MjgW8MvDMWUbWfByEbL3CBELiAMlaWyy11Xyxawy+/kWisW0lhkFgrflbjlBWFdaPF76ICs5HJQmYo8qFLpIshQh0usXzF6EwEw9QHRFBzxstjZqhrjQJIx1aUNvDTybA67nkHSjVUbqCulTyJihCRjk/e+M1O0L4L9dH9tEPY5wtuzIj6WVauiv4xcKz6kmMepPtuYiAM6zpoP9tN80y83VWpC2RaIteDtRKyU1vc/5yswklNK82mz83ovRMSMiPaAe9J2XBQJUES0lk4pv1xi/0Yz0bEEMmJDSZzzmRxQUGM0lIcmU0Z+4sHZ1P+32NALa0KZehrl9Y+RDPEzpXdSlqk1y51G4pn2BEiINLNECyvsU4fX1i6vbjbn4sXxpQyseWRGIbppfAg6nr6iCJpByT0hs9J434R+dw8jwVTRysUbkj5LzVh/0A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Re: Zi Yan > Fixes should be: > > Fixes: 5b1b561ba73c ("mm: simplify compat_sys_move_pages") > > Closes could be a link to the bug report. Updated, thanks. > > This seems to work, but honestly I am wondering, if copy_from_user > > needs a special 32-bit case, doesn't copy_to_user need special casing > > as well? Scratch that, it works because an int[] is copied back, and that's always the same size. So I think the patch is good to go. Christoph >From 426c93d558572248273cf386ca784626ae431413 Mon Sep 17 00:00:00 2001 From: Christoph Berg Date: Tue, 24 Jun 2025 16:44:27 +0200 Subject: [PATCH v3] mm/migrate: Fix do_pages_stat in 32-bit mode For arrays with more than 16 entries, the old code would incorrectly advance the pages pointer by 16 words instead of 16 compat_uptr_t. Fix by doing the pointer arithmetic inside get_compat_pages_array where pages32 is already a correctly-typed pointer. Discovered while working on PostgreSQL 18's new NUMA introspection code. Signed-off-by: Christoph Berg Suggested-by: David Hildenbrand Fixes: 5b1b561ba73c ("mm: simplify compat_sys_move_pages") Reported-by: Bertrand Drouvot Reported-by: Tomas Vondra Closes: https://www.postgresql.org/message-id/flat/6342f601-77de-4ee0-8c2a-3deb50ceac5b%40vondra.me#86402e3d80c031788f5f55b42c459471 --- mm/migrate.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/mm/migrate.c b/mm/migrate.c index 8cf0f9c9599d..2c88f3b33833 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2399,6 +2399,7 @@ static void do_pages_stat_array(struct mm_struct *mm, unsigned long nr_pages, static int get_compat_pages_array(const void __user *chunk_pages[], const void __user * __user *pages, + unsigned long chunk_offset, unsigned long chunk_nr) { compat_uptr_t __user *pages32 = (compat_uptr_t __user *)pages; @@ -2406,7 +2407,7 @@ static int get_compat_pages_array(const void __user *chunk_pages[], int i; for (i = 0; i < chunk_nr; i++) { - if (get_user(p, pages32 + i)) + if (get_user(p, pages32 + chunk_offset + i)) return -EFAULT; chunk_pages[i] = compat_ptr(p); } @@ -2425,27 +2426,28 @@ static int do_pages_stat(struct mm_struct *mm, unsigned long nr_pages, #define DO_PAGES_STAT_CHUNK_NR 16UL const void __user *chunk_pages[DO_PAGES_STAT_CHUNK_NR]; int chunk_status[DO_PAGES_STAT_CHUNK_NR]; + unsigned long chunk_offset = 0; while (nr_pages) { unsigned long chunk_nr = min(nr_pages, DO_PAGES_STAT_CHUNK_NR); if (in_compat_syscall()) { if (get_compat_pages_array(chunk_pages, pages, - chunk_nr)) + chunk_offset, chunk_nr)) break; } else { - if (copy_from_user(chunk_pages, pages, + if (copy_from_user(chunk_pages, pages + chunk_offset, chunk_nr * sizeof(*chunk_pages))) break; } do_pages_stat_array(mm, chunk_nr, chunk_pages, chunk_status); - if (copy_to_user(status, chunk_status, chunk_nr * sizeof(*status))) + if (copy_to_user(status + chunk_offset, chunk_status, + chunk_nr * sizeof(*status))) break; - pages += chunk_nr; - status += chunk_nr; + chunk_offset += chunk_nr; nr_pages -= chunk_nr; } return nr_pages ? -EFAULT : 0; -- 2.47.2