From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 926F6C71136 for ; Tue, 17 Jun 2025 14:27:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7A0AF6B009B; Tue, 17 Jun 2025 10:27:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6DBC86B009D; Tue, 17 Jun 2025 10:27:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 554086B009C; Tue, 17 Jun 2025 10:27:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 39FA96B009A for ; Tue, 17 Jun 2025 10:27:44 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 112E01A036B for ; Tue, 17 Jun 2025 14:27:44 +0000 (UTC) X-FDA: 83565121248.26.17D411E Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf16.hostedemail.com (Postfix) with ESMTP id 5114C18000B for ; Tue, 17 Jun 2025 14:27:42 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=RhdYBQto; spf=pass (imf16.hostedemail.com: domain of luizcap@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=luizcap@redhat.com; dmarc=pass (policy=quarantine) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750170462; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8FvEh9KPwU2FPVYiAUQ819UI09czGQfx0V/ZDJLQtEw=; b=2rLQe99YkS6O6CNnKbOfISXMeHa4/pSQVgolB/ZZF24IMImOD8YqWkpBpq6WOkJJamtg9Q bnXXG29DiC2gXK1j1idBdCjR5Na9h/6RSBn+ENjoj9EqAldPGP9gMjnqHURDCfAXv1NX/I CgiO0k0/bgVcPkQX+nh99bqVatVqZBg= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=RhdYBQto; spf=pass (imf16.hostedemail.com: domain of luizcap@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=luizcap@redhat.com; dmarc=pass (policy=quarantine) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750170462; a=rsa-sha256; cv=none; b=l9HyFd6EpHQ6oSm70sYWUGbrOnXy0gH1wjO9q5FduXD+Em54cHdrhPj53Hk+x5v/BVuLvr gXR7JfopSSU4K7GsYVQLrdR+H6KHGGX42LxjNnO37lkG27+e0X04lj8Icy76OFPpK/1Iwv +SwpIxFp6R4qJpXDV9l8oowoEyw7CRE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1750170461; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8FvEh9KPwU2FPVYiAUQ819UI09czGQfx0V/ZDJLQtEw=; b=RhdYBQtoOPYf/Xda6QU6ckiXTHNJaHXOLFwrzLR8mN5/noabH6f1XDLNys2kYWXiU2pBlK k+nduA0at3J/TOcuJ+fDBVa1I0atLTbcpGLeFPIeSdP59Q0DyBoCs+54/C02szXfTgvCh/ eZTCRdwhZA3FmIIjCODjn0TXHLzZdNY= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-501-s-a2m7MRNAqc8lFm2AZQyw-1; Tue, 17 Jun 2025 10:27:38 -0400 X-MC-Unique: s-a2m7MRNAqc8lFm2AZQyw-1 X-Mimecast-MFC-AGG-ID: s-a2m7MRNAqc8lFm2AZQyw_1750170457 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A7AC21800284; Tue, 17 Jun 2025 14:27:36 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.22.80.174]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 4BB2219560B2; Tue, 17 Jun 2025 14:27:35 +0000 (UTC) From: Luiz Capitulino To: david@redhat.com, willy@infradead.org Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lcapitulino@gmail.com, shivankg@amd.com Subject: [RFC 3/3] fs: stable_page_flags(): use snapshot_page() Date: Tue, 17 Jun 2025 10:27:10 -0400 Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Rspamd-Queue-Id: 5114C18000B X-Stat-Signature: zkm97opp6xyyq189o7uoqhz5abqmmm5k X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1750170462-193860 X-HE-Meta: U2FsdGVkX18uetIWXgJifZ1QRBgVoY8lCM34gzWPG/rhvTCEoD6kbYGGcf4Y5Ny9pO7jldz5CYds5PZhB2+tmlEr4xC9dKo4VND7Sak5o3lwSrJyWVyIbyWJZyXPZ9MqRb6OvPB4NmNSIv6fJGeAaiCCxzJ2ffXMaLTj/YJd8oqHhqwDnR4ei4XzAupQw1MuB/xc7JzfIksapC//rMO9ZJjObFGN0+bw7PZPypDEWGmhdxcW/8tHcGnpDzdmkkWnI8X3OAYR5ZbCRoRiMGj2Nvz/q3hOt3zjWEH/lvzc+/++ykiEC1JJNxIau08njiqbuGCM/dXyZskxQQ2u8Sz6DmeqE9+Xjeqery+bTDP/BJNP6VYSB/rvI3chj4xC//JzeNjunBYPAKBVTuB/SjBnMetV5pq5WDX9aIYjkvzYM7cJYN6mW1Gz2e9XmA7GUZXSZNa+bRYur6+QzW09ICQuWCcyroIrR28fZR6jC5Saw/MSGeO7eJGfyro4xeSL8AV/Jd7GxRjKSt2nyuMbVid54dGgypKn4qyDkeTCQprlYCRs9KiPQUSOEiRnNF3O4nDEiqRPwsfzI5tsZESKyfdA3cBnwcRzZL12L07/W5vEIQRArYH3eCpOOj5t3OhDH1SrYQeNJ6TXhYPBJn7G3j+udpB2E9la3bbbW06M2Pypw2PH38DAIT0lOyjBLXnSqm1BuS/bHnjuBkHwvBLw6l8Ncrr28mj9OQTxFwGLPwvEChHsywo/GfO8+Q34Y95xYIKyDK2uyzY/JXZbXaNB6tugiuavqrMVVDO0NdTUy5Ffyu0beeP0sxd6cANn0NUCLAOLfTzmgJ7GuZU1lDzCizG/pFUC629y5e/VPXRcQAZU7PRIc0b0Z6Ks0mon6JPME+kBhZUryDcHEqlllpn4BzViu+XbyYbzLtvzTZQ6nFI5tDVX7NY3iHBczrXzfAZ1DV6HTekMglcbFAcHWjBiGiL JbKIZkft GCGHOt2AzBsa0VzA+Yun2b/ITO2dy0UjwYonK7Zw4BuMrJcZw2WU6WEXeCuneS+wtoS3AsZwKPC6CNtiEPmWHjQThPBMFHkiglFdXz3/e/NXCRjEM869gOzkx6LJSy1P7JnPDslAjxGaPMrfEE3LTcRzJpdupkXRNnL1FonS2NzCwNDQY4cBAitFF6SPQeBEd3Kz0V8Y+FTnnM2HCNlgnkvFJUXGvB22ZUC7l1HjVUq6ZOOUDbdKnVEMV8f6Yj1T0R8u2flr4a4168MXhNQfLEBQFBSr/5FfXFmF8SrABwwMarLtl2PkZIQM/9lUS0J2X7ngnldpu5icEIfLZL+/fPOJK0ZDGtXSPgwX1EQ9mqpKr8to/C9NwEyr2b9QWSicUSucc X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: A race condition is possible in stable_page_flags() where user-space is reading /proc/kpageflags concurrently to a folio split. This may lead to oopses or BUG_ON()s being triggered. To fix this, this commit uses snapshot_page() in stable_page_flags() so that stable_page_flags() works with a stable page and folio snapshots instead. Note that stable_page_flags() makes use of some functions that require the original page or folio pointer to work properly (eg. is_free_budy_page() and folio_test_idle()). Since those functions can't be used on the page snapshot, we replace their usage with flags that were set by snapshot_page() for this purpose. Signed-off-by: Luiz Capitulino --- fs/proc/page.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/fs/proc/page.c b/fs/proc/page.c index 936f8bbe5a6f..a2ee95f727f0 100644 --- a/fs/proc/page.c +++ b/fs/proc/page.c @@ -147,6 +147,7 @@ static inline u64 kpf_copy_bit(u64 kflags, int ubit, int kbit) u64 stable_page_flags(const struct page *page) { const struct folio *folio; + struct page_snapshot ps; unsigned long k; unsigned long mapping; bool is_anon; @@ -158,7 +159,9 @@ u64 stable_page_flags(const struct page *page) */ if (!page) return 1 << KPF_NOPAGE; - folio = page_folio(page); + + snapshot_page(&ps, page); + folio = &ps.folio_snapshot; k = folio->flags; mapping = (unsigned long)folio->mapping; @@ -167,7 +170,7 @@ u64 stable_page_flags(const struct page *page) /* * pseudo flags for the well known (anonymous) memory mapped pages */ - if (page_mapped(page)) + if (folio_mapped(folio)) u |= 1 << KPF_MMAP; if (is_anon) { u |= 1 << KPF_ANON; @@ -179,7 +182,7 @@ u64 stable_page_flags(const struct page *page) * compound pages: export both head/tail info * they together define a compound page's start/end pos and order */ - if (page == &folio->page) + if (ps.idx == 0) u |= kpf_copy_bit(k, KPF_COMPOUND_HEAD, PG_head); else u |= 1 << KPF_COMPOUND_TAIL; @@ -189,10 +192,10 @@ u64 stable_page_flags(const struct page *page) folio_test_large_rmappable(folio)) { /* Note: we indicate any THPs here, not just PMD-sized ones */ u |= 1 << KPF_THP; - } else if (is_huge_zero_folio(folio)) { + } else if (ps.flags & PAGE_SNAPSHOT_PG_HUGE_ZERO) { u |= 1 << KPF_ZERO_PAGE; u |= 1 << KPF_THP; - } else if (is_zero_folio(folio)) { + } else if (is_zero_pfn(ps.pfn)) { u |= 1 << KPF_ZERO_PAGE; } @@ -200,14 +203,14 @@ u64 stable_page_flags(const struct page *page) * Caveats on high order pages: PG_buddy and PG_slab will only be set * on the head page. */ - if (PageBuddy(page)) + if (PageBuddy(&ps.page_snapshot)) u |= 1 << KPF_BUDDY; - else if (page_count(page) == 0 && is_free_buddy_page(page)) + else if (ps.flags & PAGE_SNAPSHOT_PG_FREE) u |= 1 << KPF_BUDDY; - if (PageOffline(page)) + if (folio_test_offline(folio)) u |= 1 << KPF_OFFLINE; - if (PageTable(page)) + if (folio_test_pgtable(folio)) u |= 1 << KPF_PGTABLE; if (folio_test_slab(folio)) u |= 1 << KPF_SLAB; @@ -215,7 +218,7 @@ u64 stable_page_flags(const struct page *page) #if defined(CONFIG_PAGE_IDLE_FLAG) && defined(CONFIG_64BIT) u |= kpf_copy_bit(k, KPF_IDLE, PG_idle); #else - if (folio_test_idle(folio)) + if (ps.flags & PAGE_SNAPSHOT_PG_IDLE) u |= 1 << KPF_IDLE; #endif @@ -241,7 +244,7 @@ u64 stable_page_flags(const struct page *page) if (u & (1 << KPF_HUGE)) u |= kpf_copy_bit(k, KPF_HWPOISON, PG_hwpoison); else - u |= kpf_copy_bit(page->flags, KPF_HWPOISON, PG_hwpoison); + u |= kpf_copy_bit(ps.page_snapshot.flags, KPF_HWPOISON, PG_hwpoison); #endif u |= kpf_copy_bit(k, KPF_RESERVED, PG_reserved); -- 2.49.0