From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10669C02182 for ; Fri, 24 Jan 2025 02:12:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9AFF96B00A2; Thu, 23 Jan 2025 21:12:29 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 960346B00A3; Thu, 23 Jan 2025 21:12:29 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 84ECC6B00A4; Thu, 23 Jan 2025 21:12:29 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 683736B00A2 for ; Thu, 23 Jan 2025 21:12:29 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id E1B89160A46 for ; Fri, 24 Jan 2025 02:12:28 +0000 (UTC) X-FDA: 83040721176.08.B3CD96B Received: from szxga07-in.huawei.com (szxga07-in.huawei.com [45.249.212.35]) by imf22.hostedemail.com (Postfix) with ESMTP id 740C6C0011 for ; Fri, 24 Jan 2025 02:12:25 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=none; spf=pass (imf22.hostedemail.com: domain of liushixin2@huawei.com designates 45.249.212.35 as permitted sender) smtp.mailfrom=liushixin2@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1737684746; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v0qIsGjpa8j196MkaLYgA9kckBoXLfJwZeYHXCWlbIc=; b=Po/E4nJdo1jXIw4WNjiHbYqTKpGGIgNwNoA2XVH1/pDRzjBdrtwOBQ9A5QTFmPHUk5bNhh HY/p5ZwcE3zj/D9GOV1ygPT84lk/5xVpftMfEOjfaMS29G2CUT9p0DNi9Up+85tDX/vy9r CGc8DqbbtwYXKOB0++tELSK3PEMyX1A= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=none; spf=pass (imf22.hostedemail.com: domain of liushixin2@huawei.com designates 45.249.212.35 as permitted sender) smtp.mailfrom=liushixin2@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1737684746; a=rsa-sha256; cv=none; b=IrMo4riK49sihjNtRZH5OX4GxcrRA8j7aKMgDrL5crLARuN6PUD1BDB24OZA9KYnWT/EHO zXyw4gpOm+dMy5vwgx1KikwjwUwW5Mfr3YEM/0A/jVYFJzD2L08TBO60HU1zJmG9yeQ12D lKtWQbDWjXEvDQYHgsKXpr6SyOGr1AI= Received: from mail.maildlp.com (unknown [172.19.88.163]) by szxga07-in.huawei.com (SkyGuard) with ESMTP id 4YfLpM59Knz1V5V8; Fri, 24 Jan 2025 10:08:59 +0800 (CST) Received: from kwepemg200013.china.huawei.com (unknown [7.202.181.64]) by mail.maildlp.com (Postfix) with ESMTPS id 998C5180216; Fri, 24 Jan 2025 10:12:21 +0800 (CST) Received: from [10.174.179.24] (10.174.179.24) by kwepemg200013.china.huawei.com (7.202.181.64) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Fri, 24 Jan 2025 10:12:20 +0800 Subject: Re: [PATCH] mm: page_isolation: avoid call folio_hstate() without hugetlb_lock To: Oscar Salvador References: <20250122061151.578768-1-liushixin2@huawei.com> CC: Andrew Morton , Kefeng Wang , Muchun Song , David Hildenbrand , Zi Yan , Johannes Weiner , "Kirill A . Shutemov" , Nanyong Sun , , From: Liu Shixin Message-ID: Date: Fri, 24 Jan 2025 10:12:19 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.179.24] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To kwepemg200013.china.huawei.com (7.202.181.64) X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 740C6C0011 X-Stat-Signature: 6wcxmya8u6q89x3j3eom5mocb5z3d4nn X-Rspam-User: X-HE-Tag: 1737684745-879842 X-HE-Meta: U2FsdGVkX1/XA6NtxY0ldxyxDA/DNoD8B8zNQ/hAhGTmcoxUey5V9QyYfIHu7fIVEIf1XP6brGLfwbykn5b5FTnMS1YCCSfZLe+kPqqMLDFs9avU++5qO9HaL340MYq69GvrYvDtfYHFhveEfPJcDeSQVc/bIeE5fiJB8kFJdQcqQmEQ8f19+tptId/IKQcz+ucUlZgX5exJmQNtkqEzqrivpSPP85Pr7OpoicEaippKZQ0uDa+We7ildWidYMLyHc5y5gj93R2vahrtO5vJojkXpkoBw9NI2oSKhAmkZQPCjnYjJy1k1C4YD9urapeON7im11IFD3se2G8W+RB8AzWbmbXibRV5vikV4lFr7iyd4BPkddd1Rw4gbaT/SolgKDgWtiTvxX9tuI4jymxcZuSyX9BBpWHFZ7QAk+tBjTQpfqUPKMxoVzr5itput557dkG9ccjdv7Uk0ad9SpmZ1rXIZkXlJDHhz+fx0lsZHNQPcD9jRW9qsZPQf7KGU1ovTfbyvbCJ6rzfiU+F4pXKyZIj8l3y4eGUdcLV8U8Vz9xs2mxZzPuIFaJiPmrHZRCI0GyaAKGXxsLzOGo1EkW5sxqCtfy4ZnyfZwgx7nRpwEbEVery6S5fe5UEQ62G8FO3SYwTGk42XknKcN6g78jVBMHfIZYO6sBfCPKhNFrDhBqhsTTmxZoBLUkDlUmu9Yo/TwWhDAKVxvRVjFbaaqlKEpe5fV8ApJtZ2xOZKD2LLnfzAG7hR2GH6nbz1wDrhq7/QqzdSKSqO4YxFohDlHrXQPaDEppFh/TgIiu2p7d/WElSpZzvPEhfIGDASMKFk5yUT59/UcoK0zp7/COPJOCNNQZLBWG2utGHc1v+rOfjz2zHjgKTwOgd8NJWkW3NAl8wDvFJtZ1gY3bXfhg+8rwRHU9T0mQuP5VQ7FPUEdx0XqLHvDG9f2G8n6AC1aZB51Eau+/N1mP4NsN0iPII9FS L6t1Yh5f 3g9CuzmfQNiLlOEE79Zt9XugBALUZixU7Zh8BGI0Cmw2aNa3w+/9Rx2nQmOKcB7PG1vkhp5kGMUNhZ+t572C2Dz6s/L727AhpPk9CT2i2dGVrS9rL3RiFuVLNMkGsBiuGf8FgE/tcUslmAsSnwmdfdyYv4q+LF4jvumo0BJgo/NMbP+gb3QAMSmG8DAb3M04lLyxl X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2025/1/23 17:55, Oscar Salvador wrote: > On Wed, Jan 22, 2025 at 02:11:51PM +0800, Liu Shixin wrote: >> I found a NULL pointer dereference as followed: >> >> BUG: kernel NULL pointer dereference, address: 0000000000000028 >> #PF: supervisor read access in kernel mode >> #PF: error_code(0x0000) - not-present page >> PGD 0 P4D 0 >> Oops: Oops: 0000 [#1] SMP PTI >> CPU: 5 UID: 0 PID: 5964 Comm: sh Kdump: loaded Not tainted 6.13.0-dirty #20 >> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1. >> RIP: 0010:has_unmovable_pages+0x184/0x360 >> ... >> Call Trace: >> >> set_migratetype_isolate+0xd1/0x180 >> start_isolate_page_range+0xd2/0x170 >> alloc_contig_range_noprof+0x101/0x660 >> alloc_contig_pages_noprof+0x238/0x290 >> alloc_gigantic_folio.isra.0+0xb6/0x1f0 >> only_alloc_fresh_hugetlb_folio.isra.0+0xf/0x60 >> alloc_pool_huge_folio+0x80/0xf0 >> set_max_huge_pages+0x211/0x490 >> __nr_hugepages_store_common+0x5f/0xe0 >> nr_hugepages_store+0x77/0x80 >> kernfs_fop_write_iter+0x118/0x200 >> vfs_write+0x23c/0x3f0 >> ksys_write+0x62/0xe0 >> do_syscall_64+0x5b/0x170 >> entry_SYSCALL_64_after_hwframe+0x76/0x7e >> >> As has_unmovable_pages() call folio_hstate() without hugetlb_lock, there >> is a race to free the HugeTLB page between PageHuge() and folio_hstate(). >> There is no need to add hugetlb_lock here as the HugeTLB page can be freed >> in lot of places. So it's enough to unfold folio_hstate() and add a check >> to avoid NULL pointer dereference for hugepage_migration_supported(). >> >> Fixes: 464c7ffbcb16 ("mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported.") >> Signed-off-by: Liu Shixin > I wonder whether we should place a comment in hugepage_migration_supported stating > that the hstate _must_ be valid, as we do not perform any sanity check further > down the road. Most of the functions in hugetlb.h imply that hstate is valid, and in fact it does. So maybe it's enough to comment just in the special caller. > > Reviewed-by: Oscar Salvador Thanks for the review. > >