From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 28423C5AD49
	for <linux-mm@archiver.kernel.org>; Fri,  6 Jun 2025 14:00:01 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9A7F36B007B; Fri,  6 Jun 2025 10:00:00 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 958796B0088; Fri,  6 Jun 2025 10:00:00 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 849FE6B0089; Fri,  6 Jun 2025 10:00:00 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 64E956B007B
	for <linux-mm@kvack.org>; Fri,  6 Jun 2025 10:00:00 -0400 (EDT)
Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id D10581A20DF
	for <linux-mm@kvack.org>; Fri,  6 Jun 2025 13:59:59 +0000 (UTC)
X-FDA: 83525134518.17.F5F17C2
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
	by imf05.hostedemail.com (Postfix) with ESMTP id A505A100007
	for <linux-mm@kvack.org>; Fri,  6 Jun 2025 13:59:57 +0000 (UTC)
Authentication-Results: imf05.hostedemail.com;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=RPniiSvw;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=IO0LzPk6;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=ajwWj5wR;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=KqtLDMWm;
	spf=pass (imf05.hostedemail.com: domain of pfalcato@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=pfalcato@suse.de;
	dmarc=pass (policy=none) header.from=suse.de
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1749218398;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=jo8YNOz40hlh2OYeYB2Ua7DhuadBgtsPAMk95xtqrbI=;
	b=sWEEiJXMDM7iBBQrJZf1vNVK/IHCApN95yFmd9Bu3SaWRbjoaubdfz1lgOctLOCa6VL7pv
	RU22DVqlERsXGN5d0oquzvyDfPOUh/MjnbsKTbnaYcltW8vzwUlSRhkCopwjluKmkLikQN
	rJ601x1xMZMQQrjwuHrqwXc9vwFFp8I=
ARC-Authentication-Results: i=1;
	imf05.hostedemail.com;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=RPniiSvw;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=IO0LzPk6;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=ajwWj5wR;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=KqtLDMWm;
	spf=pass (imf05.hostedemail.com: domain of pfalcato@suse.de designates 195.135.223.130 as permitted sender) smtp.mailfrom=pfalcato@suse.de;
	dmarc=pass (policy=none) header.from=suse.de
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749218398; a=rsa-sha256;
	cv=none;
	b=HIaMG3BrT2J7DXtEpA+IYefSqhHVe4/qsiRYZF0VuqA2M7oVreZpvUM4OEyvMaoly2W2Ny
	s+lCw8LmXNw2FSyT5HesfKi+jRIJ9JN+7vY9dKevUJeQ+JfQ+L1kDy5MbVFJ7iAAIjQbTM
	4mdhF3svayzlrDpM8aKZReiAWnxJW7s=
Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id E95EF336A1;
	Fri,  6 Jun 2025 13:59:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1749218396; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=jo8YNOz40hlh2OYeYB2Ua7DhuadBgtsPAMk95xtqrbI=;
	b=RPniiSvwXsID+Kbr15bqnDABhowfSWAmYHazHxAay+Ig59ZcJ4Ol0muvB3zF3B0q4dzK2W
	5dBxCevc4D5TpUSDXDmGGg6rhcTTealpexHkcWNhCIGVn7BdxziDhQSqKb2Um4+lcB0SaN
	skKWYYCMSS0Hs0zdxG9bZ08Aw77FpNc=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1749218396;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=jo8YNOz40hlh2OYeYB2Ua7DhuadBgtsPAMk95xtqrbI=;
	b=IO0LzPk6DUAw2KgzeoxbMuKoYLWH1p/YOUuvkGtgvJ1HEZGxasBo8Br8cFqEMTdWnq5Wzk
	XGWXE+aAEbavq4Dw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1749218395; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=jo8YNOz40hlh2OYeYB2Ua7DhuadBgtsPAMk95xtqrbI=;
	b=ajwWj5wRLrZSPt9Tyis80l3hrZfZ19XhM4xWUUVBDNnOZukzEknGdMclxtYuvkYd8b+ICe
	FcvJbxpM1wpVmS7vEOuuvl3S7yhGNMdOtGs+cu77Rb5HZOm+yGA2LZ03Pj6CBlQGQCx9wA
	Db1/dLYd0bnUFTQOQZyp2LKe72DMd0A=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1749218395;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=jo8YNOz40hlh2OYeYB2Ua7DhuadBgtsPAMk95xtqrbI=;
	b=KqtLDMWmvtBL0jNGOYzzHMH4Qgyv/xouKGyRY4n7eyt0f/kYnIFcz5dtTJ9xHqwHfHcX3D
	ewaGjhP9UVhIlGBg==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 723811336F;
	Fri,  6 Jun 2025 13:59:55 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id k8PUGFv0Qmg6CwAAD6G6ig
	(envelope-from <pfalcato@suse.de>); Fri, 06 Jun 2025 13:59:55 +0000
Date: Fri, 6 Jun 2025 14:59:53 +0100
From: Pedro Falcato <pfalcato@suse.de>
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>, 
	"Liam R . Howlett" <Liam.Howlett@oracle.com>, Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>, 
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm/vma: reset VMA iterator on commit_merge() OOM failure
Message-ID: <my6v4d5ytsivvw4yloyutafscahbctetvpkqok42flusbgklx4@ixm6kcgihkbv>
References: <20250606125032.164249-1-lorenzo.stoakes@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20250606125032.164249-1-lorenzo.stoakes@oracle.com>
X-Rspamd-Queue-Id: A505A100007
X-Stat-Signature: coxqm79e1xw7oa6nfgsusnazi1sb6qan
X-Rspam-User: 
X-Rspamd-Server: rspam07
X-HE-Tag: 1749218397-459665
X-HE-Meta: U2FsdGVkX1/gKDjdvRzlrz5moJ4GtYNWKmGFaNo5QFSQO5+mggcmVH8Fa95+ZsaiAIiTQGsC4PKgXf8+nPixJpbf/TFIH61LKGRWwlQWFk923z3tGEglDDX7vTt/CZ+hmd+3VuQzbp3yfXyaXxHdCGY6VvpZB6/aVfEQ1KwNCHVmMB89WXry6bL9u6Tub/47n1UPuH2H5RCV9YgFVu3S8USwgaLBkKiW++prpqwm/8nqYRWalvZBUzCrg3Jxn/TX1H3E8nlSN4V4rf6BdAv2fycQcI+gShx6pP/RfY4m+rxcaESy2k0yRMiEvoQ7Kp34+73loz6SuYHbAY/0BhXam+r3loJh64neRDcmh33KQzIbq1pJ1BdEvqlIIXTv126SEtdxSPzPU9GNlkkQ3KxEvgjk8UDtAfCNlp0tPWu+V3Fl+G5qlWF9ytm87tdZ7+Qk5AkW5me9LMikSckmlyiMBgNJFddLt961VfxErxjcHRQxKRHh0Dez3EvkDH/O2HpEqwlaYj9TjIPodPtl4HXgV2bZimr6wyUYZjxReYGSqVYIGlLufEyC1bCbif4eQ9uNjSTcCcidgoUWLu/ngEk412OVvx2n6WyIONmOxhkZLgPxOD6aAxeRTt6RZ1kZsZSBgwTUNeWApEjQug+ulla/4SX+eVqBt7R9Vr/OBcMcXkXh92VCdht0MTukLNM1dUWGUapcqJCGeS5UrGDG1IPxXdpZcp//vw+Sgd1ohG84aiD0ykzSD/1e3+Jm8qch6NyL+yjmR1OyS9WW6P3XNVt8MRjiIHyoGPRRUnlsVDco+1ouTDYxPv4ShGtbIuC5fvbI+KpLoLcqBTW3w2M+1GNsJgYa8RdVjcJSy1tI9zoO373EcmkpUyIt2xHjDwscYyMV2V6u/u6Mkce78U6eVHCZ5QJNGZ9czM8Q4zkTqB/qjiTB3ygOwbj9DOFghA4FQxef5cCyYZTIi5N8BgEM6xW
 J20BR33m
 /rZLWD1nBfN7Y4Qeef2tFfY9vlhGx0tOnXFI2YBnSzLDcWma1upcbywQ+ncKNGCHQWJuwEQTk9WRPa+A4kpm66yTfZCXsiGaQT373HXVSnBl0UXaLhLnR4soLbmTmMSd3YzyODwsF8q+SpiyLZt6kXqm2Ro5QroSxQ67bAEZ4BQ7pEihqRVzi84Zdln70gO3nGERy6TZjBIW4/3o6ZKn30yFeFW4ygMbyJObpaMvlkaqM7uO1jjYmZZF5jFgj5VmvwxBk/nKblVkTC6GyVowKFOBXRLSwpP7cvg9uuZeS1ZNdaPoUa/nT6lH84JSPszZvA7J2Nr01bJ+IkIur/Duu7+SU3QTOUobezVgpipq70XfgODABs07VsFTJiSRFhe/UJrRxNwlDdDLybsExR1xQGudLMN6NkbVKbcGGOKqaVfZjfqsLqSrj+voIQZHkdrKt+sovLIfPlbThMsvoxE0AI59W+x0GQi5fjBC/
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Fri, Jun 06, 2025 at 01:50:32PM +0100, Lorenzo Stoakes wrote:
> While an OOM failure in commit_merge() isn't really feasible due to the
> allocation which might fail (a maple tree pre-allocation) being 'too small
> to fail', we do need to handle this case correctly regardless.
> 
> In vma_merge_existing_range(), we can theoretically encounter failures
> which result in an OOM error in two ways - firstly dup_anon_vma() might
> fail with an OOM error, and secondly commit_merge() failing, ultimately, to
> pre-allocate a maple tree node.
> 
> The abort logic for dup_anon_vma() resets the VMA iterator to the initial
> range, ensuring that any logic looping on this iterator will correctly
> proceed to the next VMA.
> 
> However the commit_merge() abort logic does not do the same thing. This
> resulted in a syzbot report occurring because mlockall() iterates through
> VMAs, is tolerant of errors, but ended up with an incorrect previous VMA
> being specified due to incorrect iterator state.
> 
> While making this change, it became apparent we are duplicating logic - the
> logic introduced in commit 41e6ddcaa0f1 ("mm/vma: add give_up_on_oom option
> on modify/merge, use in uffd release") duplicates the vmg->give_up_on_oom
> check in both abort branches.
> 
> Additionally, we observe that we can perform the anon_dup check safely on
> dup_anon_vma() failure, as this will not be modified should this call fail.
> 
> Finally, we need to reset the iterator in both cases, so now we can simply
> use the exact same code to abort for both.
> 
> We remove the VM_WARN_ON(err != -ENOMEM) as it would be silly for this to
> be otherwise and it allows us to implement the abort check more neatly.
> 
> Reported-by: syzbot+d16409ea9ecc16ed261a@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/linux-mm/6842cc67.a00a0220.29ac89.003b.GAE@google.com/
> Fixes: 47b16d0462a4 ("mm: abort vma_modify() on merge out of memory failure")
> Cc: stable@vger.kernel.org
> Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>

Reviewed-by: Pedro Falcato <pfalcato@suse.de>

> ---
>  mm/vma.c | 22 ++++------------------
>  1 file changed, 4 insertions(+), 18 deletions(-)

Neat cleanup, thanks!

-- 
Pedro