From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 39D73C77B7C
	for <linux-mm@archiver.kernel.org>; Thu, 27 Apr 2023 14:15:59 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 85C1B900002; Thu, 27 Apr 2023 10:15:58 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 80C4C6B0072; Thu, 27 Apr 2023 10:15:58 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6D45E900002; Thu, 27 Apr 2023 10:15:58 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 5DA026B0071
	for <linux-mm@kvack.org>; Thu, 27 Apr 2023 10:15:58 -0400 (EDT)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 14A8D140267
	for <linux-mm@kvack.org>; Thu, 27 Apr 2023 14:15:58 +0000 (UTC)
X-FDA: 80727369996.25.4C2A1DD
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
	by imf07.hostedemail.com (Postfix) with ESMTP id CBA7E4002B
	for <linux-mm@kvack.org>; Thu, 27 Apr 2023 14:15:55 +0000 (UTC)
Authentication-Results: imf07.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=lUVjqm3Y;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=NqcuF5KJ;
	spf=pass (imf07.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1682604956;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=Il+yD+2lfaLcjR30nIENVgJ22FZJ2MalcSOfRbNauAQ=;
	b=OvWNDDlVRiJtphhoJ4FPHdMTpGrQbSVPQDFWzEe9mcs/PgdTUU9NOvelebdm1YeEPzPHt0
	ds+IcFV/3BUv7vN1/TKI5qrMql+ArdsxHswXOh2UgBWQEvmjbqqU7R6c5kfzdsAdDP2WFu
	AwcSf2tEf0tMQzQzaFkf0FpYPLhdreQ=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682604956; a=rsa-sha256;
	cv=none;
	b=yG8Mi+HSK7ctVZ35+I2NHCfAr19IgH9dDgGb2iVUAwZ20Bmk21wE4GwFRozBHWqR/COZIU
	otY6Z1kLVH3e0sVdnxz3oCvI9XO4A2SWWn/ln2+OmrvrRhB5Z+A2atiUhGygTb88vT3D37
	zgzSugnTfDDW60yewBc4hGa0bW2XCHw=
ARC-Authentication-Results: i=1;
	imf07.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=lUVjqm3Y;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=NqcuF5KJ;
	spf=pass (imf07.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz;
	dmarc=none
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id 866531FE3F;
	Thu, 27 Apr 2023 14:15:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
	t=1682604954; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Il+yD+2lfaLcjR30nIENVgJ22FZJ2MalcSOfRbNauAQ=;
	b=lUVjqm3Yguq+EVReYw6PKR5y5UazXbk4fNyWxP/8DO1B81BNhuJnCykepn7ZRjNjmnKe00
	S3+pJDrzmH9//ugqGmT/j5kY8jnNF2nn4W/7SyEZaFr4zTmOPmIa+Bd8ABIVOriR3NPaSU
	F/3t6lZyZjfX3meojUl5UQ2muc/jb54=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1682604954;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Il+yD+2lfaLcjR30nIENVgJ22FZJ2MalcSOfRbNauAQ=;
	b=NqcuF5KJZVx5kpXGiXxv5BAd7l20u/IWqEXqhHAM7SMK8f41dygb3hYuElQqbTgH4rfN1t
	6jnfB6yxorXmgYDA==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 58ADB13910;
	Thu, 27 Apr 2023 14:15:54 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
	by imap2.suse-dmz.suse.de with ESMTPSA
	id 7YEUFZqDSmR+EwAAMHmgww
	(envelope-from <vbabka@suse.cz>); Thu, 27 Apr 2023 14:15:54 +0000
Message-ID: <d193613d-150d-bdaa-da7a-62bc088fae5e@suse.cz>
Date: Thu, 27 Apr 2023 16:15:53 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.0
Subject: Re: [PATCH for v6.3 regression] mm/mremap: fix vm_pgoff in
 vma_merge() case 3
Content-Language: en-US
To: Andrew Morton <akpm@linux-foundation.org>,
 Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Liam R. Howlett" <Liam.Howlett@oracle.com>, lstoakes@gmail.com,
 regressions@lists.linux.dev, linux-mm@kvack.org, patches@lists.linux.dev,
 linux-kernel@vger.kernel.org, Jiri Slaby <jirislaby@kernel.org>,
 Fabian Vogt <fvogt@suse.com>, stable@vger.kernel.org
References: <20230427140959.27655-1-vbabka@suse.cz>
From: Vlastimil Babka <vbabka@suse.cz>
In-Reply-To: <20230427140959.27655-1-vbabka@suse.cz>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Rspam-User: 
X-Rspamd-Queue-Id: CBA7E4002B
X-Rspamd-Server: rspam09
X-Stat-Signature: fzihffww3emb5czbtgtzoxrea7mjjxh1
X-HE-Tag: 1682604955-978563
X-HE-Meta: U2FsdGVkX1+dd6U2fQpHmv/YQ3YxK3NOmfYQ/Th4twXy0quN2FhOButwtbVevzvGyPs6dkQJ/tNi/QW22bHuIOilUmo1xGfvHUk/f3XttQYl4LLMxZxKS7iOxfm39Fi1zQ5Od40d8OGONfORVxH/+61M3m7LCeZ7ULuOii4HrryfvjQ/GxG3XAKmttcUPR/dh1HjbKwhYbZH9adOysIJ6I31HGWNJtCM6ecDjocILT/Jfh8c5bjq4q0hG0K6UbWUEe8AESQAhVIagq4qpaw7QAV62EgJh7tJKTC1xvlRz7ocfrCncrdXK3EoGXnsFbf5vMw9BX6I4JEItzQtxLQTfB3OcflOsl1p98ygkj9WRjnJR/44LDQ+zFARV7vcieBCUKlJGntg7UR7OMSuCfod/GadyeIQ/K5CQUpa03oHZ+F58AvD+fi5VYcFWYMIuo0Z7DKRGQKoNbyYcj0EGa3nW51Xt7C0hXxa87Eauz/vtY4MhedcNR7XtgBoJxeCBguCJi5Dy64Ss7PHD3jpxNZFSifGdT7C6TDW8paWfssrWgWpLxwCivZ5hcq+FnjUwUP37J74BdmrHqAEQOL79bw6C37vRCsFnGWJusHBauR8celCiOGxsKoM8bHvM3aGkBSM1CD7vHJ4IUOVxeL9/fxvQBwklg6ODGSvDBVeAoy2F4XuwXfsIe0SQ+virSOne/AULk6oLPd2xJGTOq72s62U8ExUWoRQdUuaoOLjLubb+ypqRvFjz7/5mfYTwUtzBBptJLpWASGc+VO4t86V/akbqvCBv1aJGKKDe8587WikQyOGwHP0bMJSsA6PPovqQ2Z54+nACESH8RvtragtOYTx3FVOa1G5J+3GTmazsDan7Hsdh6LOTN1acMKT5w0wpRw/q1Bhb6rzD8HuVyTgZnpA0v3upVLTRbtpGLtjrcv5qvcMvqXuBw5r5nQD4Yhg+wstE7ct45KSFV3xIr3bwr5
 5YKXI5tk
 BAlXVwx6KWVkvzFZ+NdcX8qYf8X5pjMQavhNjxwIWILMlIBrNscOfQyvTvrQSv47UcaYrUcGDsXuRE78QP7swZed6EYNcOXUUZUFrdsN0eRbfpesMTfLoj8g9E/g4eJuN/2tgAH6sxjQS82d2dwO7RniFIMx8622+Kaog7dvPMJ48R2698jZXEObaJAa4LfvuCNM21PDHuQdTqZ/oE2wDD6o2vKvDGAtBNQqeyFU0aTNShoUZhSe3LvQt1FesdeKBuhld4iFDdfruHumqu4ld+HMmxzbhXC+UvqxJR7ayjr/BKOJtqH6C21uQs0r3Kdg9rTaH6KLQTYL1l5J9gih466okQmunxSNMfcmFqro8UnY38sM=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 4/27/23 16:09, Vlastimil Babka wrote:
> |later. Alternatively it could be added to mm/mm-stable and upcoming 6.4
> pull request, but then the stable backport would need adjustment. It's up to
> Linus and Andrew. |

This version applies on mm/mm-stable. Paragraph about case 8 is removed
as that case sets vma_pgoff explicitly itself.

----8<----
>From dea6d87bdad1fbb21f987dba96c55195fb88e7b4 Mon Sep 17 00:00:00 2001
From: Vlastimil Babka <vbabka@suse.cz>
Date: Thu, 27 Apr 2023 15:28:41 +0200
Subject: [PATCH] mm/mremap: fix vm_pgoff in vma_merge() case 3

After upgrading build guests to v6.3, rpm started segfaulting for
specific packages, which was bisected to commit 0503ea8f5ba7 ("mm/mmap:
remove __vma_adjust()"). rpm is doing many mremap() operations with file
mappings of its db. The problem is that in vma_merge() case 3 (we merge
with the next vma, expanding it downwards) vm_pgoff is not adjusted as
it should when vm_start changes. As a result the rpm process most likely
sees data from the wrong offset of the file. Fix the vm_pgoff
calculation.

Reported-and-bisected-by: Jiri Slaby <jirislaby@kernel.org>
Reported-and-tested-by: Fabian Vogt <fvogt@suse.com>
Link: https://bugzilla.suse.com/show_bug.cgi?id=1210903
Fixes: 0503ea8f5ba7 ("mm/mmap: remove __vma_adjust()")
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
---
 mm/mmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/mmap.c b/mm/mmap.c
index 536bbb8fa0ae..5522130ae606 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1008,7 +1008,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
 			vma = next;			/* case 3 */
 			vma_start = addr;
 			vma_end = next->vm_end;
-			vma_pgoff = next->vm_pgoff;
+			vma_pgoff = next->vm_pgoff - pglen;
 			if (curr) {			/* case 8 */
 				vma_pgoff = curr->vm_pgoff;
 				remove = curr;
-- 
2.40.0