From patchwork Wed Feb 17 18:49:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mike Kravetz X-Patchwork-Id: 384831 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6091C433DB for ; Wed, 17 Feb 2021 18:50:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8ADB664E4A for ; Wed, 17 Feb 2021 18:50:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232394AbhBQSud (ORCPT ); Wed, 17 Feb 2021 13:50:33 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:43540 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231466AbhBQSuc (ORCPT ); Wed, 17 Feb 2021 13:50:32 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11HIhrQ1041668; Wed, 17 Feb 2021 18:49:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=corp-2020-01-29; bh=YrbqfKqMpmcE3gvWEAtP5ZU15hRGe56Dl1Rq+gBAZBo=; b=WPtIIOG23auuVFBpRs7TTK3mCNAHYpEjSnbax9pj+vZu2l74/tbAwnCB49kv3MD6k8pd 97XVsqDL2q2w76DxEEhqA6kCSTOUhiHemHaYEbbbTMCgGzmnSZpOdR1NQZRmo6H0SP0k GknrHn8M8VsMAEQ7wF5/x49iF9e7O16/Ycb28A3TVE8Auq+x4k8sWW42lhJMV646jNMg 7+BomDRk+1e4yj8eEgw/toWOQBipAdbxNVktGP7qBySwOVAon0H/BStZiQLNF2zqq9TN t/Oy0YraCU5OCBqk/zw/D+VyX5UB7fMSfqf5ZCdww7IKw4E3Wo4fJzPEepg+vhC0cHCj uw== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by aserp2120.oracle.com with ESMTP id 36pd9aay6y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Feb 2021 18:49:40 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11HIk7sb061146; Wed, 17 Feb 2021 18:49:39 GMT Received: from nam04-sn1-obe.outbound.protection.outlook.com (mail-sn1nam04lp2057.outbound.protection.outlook.com [104.47.44.57]) by userp3030.oracle.com with ESMTP id 36prpyg5x9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Feb 2021 18:49:39 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MXD5Me5iZDgJ7eZPrZvB8EpIpLbCBKrmDUUh3N+RYFW09YfzbLHMXk8psx/i74G01vvZ0XGzZTz+lnKHIR/MY7DFCtUO40zw4cFZtwPZZkzrG/tV7SqUXwLYnxuihMMv7RQlIsac4WtBN9buFFjxpCnbRBlFRGERa5ktqdV8eA3ONJMeD5xIXan5LA9DmzqOCMnxpOpZsAdXJ0Ac2cAU35Ll3YeuerUam5Xl4bKqLnEi2D9OPWVQe7FuBY0n1//OVoLn9pnZFdYmnPgfvAfbcyCGblvZIvf90H9JssBDw2Xm8NiP1eBu0e8tLNTpbOPMeDl4XGbIJNC1pkS5iSigOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YrbqfKqMpmcE3gvWEAtP5ZU15hRGe56Dl1Rq+gBAZBo=; b=D3C4DQTAvZ5091uk9k6dZiDuGJ7vAqbH5HzWVau2S5PFKwEhodGT6xhufp6s/DrFh4qClb/8SyhKTati5PoBky/1ObtqDykTpOZF9IrDqLz/o/wVr/2lhGhI7Gu/vIrFXMQ/Ng/rOyESuHGaOrM+hjJyV2jmrYB9RORa5jYXC3ef9nuy76K0Ov92AfNcitPqHlesnFRrdE1cX+JkIRhnc3EoGEMT4/fKbi5amGbXwXMkiuveLdz/LwZrGTsj30WaiZAHiVIdVFbeP66w7Zd/2Ns9w1lELFrPtArj3nr6W/Oa+QIIisWSJP4amEX0osCkauPdmqAmMzT4Hf+N0jTXNg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YrbqfKqMpmcE3gvWEAtP5ZU15hRGe56Dl1Rq+gBAZBo=; b=ao5gQMqyKRm+rUrgjGHfs+9kqbP5+Z/+UFoqsf+Ee+CczV2QWEsXVyQYeHQTaJXPqm/7tr/tXsofn+ajtEQiU1+UZxGdgbzqWplHyR/cz8U4D/CF9ZKfzouvmXnFb0A8B9feLNjnwc8YNlFxiIufm5pX7YXNUlUjqyjJB4GNmtY= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=oracle.com; Received: from BY5PR10MB4196.namprd10.prod.outlook.com (2603:10b6:a03:20d::23) by BYAPR10MB3589.namprd10.prod.outlook.com (2603:10b6:a03:129::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.30; Wed, 17 Feb 2021 18:49:37 +0000 Received: from BY5PR10MB4196.namprd10.prod.outlook.com ([fe80::e035:c568:ac66:da00]) by BY5PR10MB4196.namprd10.prod.outlook.com ([fe80::e035:c568:ac66:da00%4]) with mapi id 15.20.3846.041; Wed, 17 Feb 2021 18:49:37 +0000 From: Mike Kravetz To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Zi Yan , Davidlohr Bueso , "Kirill A . Shutemov" , Andrea Arcangeli , Matthew Wilcox , Oscar Salvador , Joao Martins , Andrew Morton , Mike Kravetz , stable@vger.kernel.org Subject: [PATCH 1/2] hugetlb: fix update_and_free_page contig page struct assumption Date: Wed, 17 Feb 2021 10:49:25 -0800 Message-Id: <20210217184926.33567-1-mike.kravetz@oracle.com> X-Mailer: git-send-email 2.29.2 X-Originating-IP: [50.38.35.18] X-ClientProxiedBy: MW2PR16CA0050.namprd16.prod.outlook.com (2603:10b6:907:1::27) To BY5PR10MB4196.namprd10.prod.outlook.com (2603:10b6:a03:20d::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from monkey.oracle.com (50.38.35.18) by MW2PR16CA0050.namprd16.prod.outlook.com (2603:10b6:907:1::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.27 via Frontend Transport; Wed, 17 Feb 2021 18:49:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 08a07dc0-f47f-4370-149d-08d8d374c65b X-MS-TrafficTypeDiagnostic: BYAPR10MB3589: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1824; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XqIiUK9AiB4tRhs3QNOjIP122WlBy5VzRZEqPaVIkBqhsVKcBR395j05TQDzF6VWBqus1UHCJm2+PBS7FwLKVOINqQ49ylEvRZuO+nQ/evTDnreGQu3xJX1KhGvzJaubI49e0GXAtUYlfyxymo3IkO7O2o2xkKLc/zRfaGjSY2/LdPlSq/NgDyPGXQoD517Vcr5tFCUQKtxQ2So+AXTLExchd0g1+mwvJVGmD5nY7WnQ4sLLDdAGspDqeHH8YTYqOIaojvSYP1iLKgma6EfVxFVVaDfe6Z6iCs0Zn8/lprAkY1QtMtWAV991lZ1JB9ehkh1urYpfvVzo0e3B7ih1depkxmjKCyLIfM0Cx971gHwfxy/dRxEaO/j5uLUZWzUjygj2gQiVOENgSeEYH78qVpHBp7v/i5vbZrLVXq7LpaVV89vfnJfvDG+0Jq/HbbXOxn2+b7dPsjt0EyjvQSNHihiOZLXV3wquN7O/Pa4xJXlNoA7PQeHinQaJ9qi2NZ8O6MRll2+IP/eCi+QvBgbyBh10jQcnqcRORm9NpqXeDm53EmmWWYFWmn+Q5LjslowC+d6IBy4qJB7sTKXj5TGB/1q5hq3XvMi0dfAgciHGptg= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR10MB4196.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(366004)(136003)(39860400002)(396003)(376002)(1076003)(4326008)(83380400001)(36756003)(6486002)(186003)(6666004)(2906002)(26005)(316002)(5660300002)(966005)(2616005)(54906003)(16526019)(7416002)(66946007)(15650500001)(66556008)(478600001)(52116002)(7696005)(8936002)(956004)(8676002)(44832011)(86362001)(66476007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?vLYGkvZ4wNte/eqz2Rr9BTO5wzc?= =?utf-8?q?Pr5Nj5R5LFpyKTR6CqJ6le4323zHrm1OJWgAWvWgVJ0YbC3lAn8QKrvT?= =?utf-8?q?adbcPKv/X2K2L5m9PVKdxgwXq251aOmslpE0PV1tRy7SKVg+ePptTSS/?= =?utf-8?q?3ZjiqQlMBMmE5FJQ2aQYUjLHzLnaBJFr863PmBGKZyCoy5+I7+RHQXx/?= =?utf-8?q?nAcjPq+3l8S2fSlnNT6/nXxY7P3wevsMj2HhYLjcKgj0cdMSgHn0EdGC?= =?utf-8?q?tMXRnzOLsqVKvc/qgAVGwndS+U7z0YimzWWwyqQyFabRMk/cp4pOkppW?= =?utf-8?q?5MV9euCNULeHN2MSRDo8QQjIru3m5U7OZbCgay09o52NK0DpJ3wkTHVU?= =?utf-8?q?3+iikwtowegzrAzU+56BPlM1o+QTh00zdgnteO8u8iZawSHaLuAyiaNw?= =?utf-8?q?hV25P1fFawfTYPrl4n77KI6oJJ3Tdw3Tm/u7xh8MMeb5uIs8qRsvLRd/?= =?utf-8?q?4696eT9EutiMoGdmGBe0L4gicuDrgsrLX6Vlsw4srF1W9nI+LbZpLpxJ?= =?utf-8?q?CudRZvCKCSbGOxp1sWELCMiDhKUDMzSRLSDj9WCHdN4Pb7BHQIQ9WOLA?= =?utf-8?q?oC+DXYFwrmRCsiGy98XhibRKIdtNLGIuMJcD+MP5yG5QPvRoDVwRR8mv?= =?utf-8?q?IaUxWp/ZRVjZudZjfhhmqY9g6Zui2GdB755fv5KmWHCAPwgoaR7yILnl?= =?utf-8?q?6Z+t1aUjRywCe1wKCFc3RreL0O+rq447v7D8PcVPVeBJ0U6rOFocQkVo?= =?utf-8?q?4wez7POtYci1tTsEopk/FgeAdnzjVIboQdmQTPQG5E7DyhxDEODMWQDt?= =?utf-8?q?5wGMF0uwZgfc6xBWiK6Yof08BXBomci9NDIm2289rnsf12+Ugx9rNOmW?= =?utf-8?q?X8uj9f0LhLQM5gIuubiQOFFhqk104h8Of4usjDHXeJkM4vzOM837SJWv?= =?utf-8?q?NI8ZZ2SGvL0Dy2ShhsjUgRyT5qdhznb3QfSLvo0JGann4E3/HUw/aire?= =?utf-8?q?EI0Jl2iioAynO4C7m4ZyRFoObt6MOKNzfFlqtHCQOxZ0gUQHwu0TTlpm?= =?utf-8?q?Exq11uGapeIGDcFyjJLwYeXXHJpiNKTTfNnoj8/AbvPh9LGuKQ/C0qw/?= =?utf-8?q?0Beyi6wD50xHq1DR+5ghW6mStY66rcPU7aix8S8CD2I9gIA8w+WPDlmL?= =?utf-8?q?IxvKk5EGbHsWRtcH9goIE/VW9j6y3cbiZfdnBSqIKnjI5IANd0ngZ/MY?= =?utf-8?q?2H/oRIsj93ALj4bmeFP23+bj2V7Nj6C5Gz3faOmv24DLW73/FLZWoJHH?= =?utf-8?q?Pzp/ne07z08eaTFBb9GQpjk/vqtEEplUXtwbJv8SKac8KNHqxhqNQzyP?= =?utf-8?q?H+IdUqXfsAhCYGlZZUy7FCxIpznOj?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 08a07dc0-f47f-4370-149d-08d8d374c65b X-MS-Exchange-CrossTenant-AuthSource: BY5PR10MB4196.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Feb 2021 18:49:37.3277 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lrp7fCGvrEBvXH0d162YCN58kGFcC1ODWOX9iyCiumsEX/R+t24tLqDYdCQkMVJE67gRMk6SbzQ1qspLY2Y24w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR10MB3589 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9898 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 mlxlogscore=999 phishscore=0 adultscore=0 mlxscore=0 suspectscore=0 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102170135 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9898 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1011 impostorscore=0 mlxscore=0 phishscore=0 mlxlogscore=999 spamscore=0 bulkscore=0 priorityscore=1501 malwarescore=0 suspectscore=0 adultscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102170135 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org page structs are not guaranteed to be contiguous for gigantic pages. The routine update_and_free_page can encounter a gigantic page, yet it assumes page structs are contiguous when setting page flags in subpages. If update_and_free_page encounters non-contiguous page structs, we can see “BUG: Bad page state in process …” errors. Non-contiguous page structs are generally not an issue. However, they can exist with a specific kernel configuration and hotplug operations. For example: Configure the kernel with CONFIG_SPARSEMEM and !CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where the gigantic page will be allocated. Zi Yan outlined steps to reproduce here [1]. [1] https://lore.kernel.org/linux-mm/16F7C58B-4D79-41C5-9B64-A1A1628F4AF2@nvidia.com/ Fixes: 944d9fec8d7a ("hugetlb: add support for gigantic page allocation at runtime") Signed-off-by: Zi Yan Signed-off-by: Mike Kravetz Cc: --- mm/hugetlb.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 4bdb58ab14cb..94e9fa803294 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1312,14 +1312,16 @@ static inline void destroy_compound_gigantic_page(struct page *page, static void update_and_free_page(struct hstate *h, struct page *page) { int i; + struct page *subpage = page; if (hstate_is_gigantic(h) && !gigantic_page_runtime_supported()) return; h->nr_huge_pages--; h->nr_huge_pages_node[page_to_nid(page)]--; - for (i = 0; i < pages_per_huge_page(h); i++) { - page[i].flags &= ~(1 << PG_locked | 1 << PG_error | + for (i = 0; i < pages_per_huge_page(h); + i++, subpage = mem_map_next(subpage, page, i)) { + subpage->flags &= ~(1 << PG_locked | 1 << PG_error | 1 << PG_referenced | 1 << PG_dirty | 1 << PG_active | 1 << PG_private | 1 << PG_writeback); From patchwork Wed Feb 17 18:49:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mike Kravetz X-Patchwork-Id: 384331 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20F9BC433E6 for ; Wed, 17 Feb 2021 18:50:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D95BB64E76 for ; Wed, 17 Feb 2021 18:50:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231466AbhBQSuj (ORCPT ); Wed, 17 Feb 2021 13:50:39 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:43580 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232565AbhBQSuh (ORCPT ); Wed, 17 Feb 2021 13:50:37 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11HIhdkS030434; Wed, 17 Feb 2021 18:49:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : content-type : mime-version; s=corp-2020-01-29; bh=l3BG6/SVEWI7yKMIu2dZjARVCsDlzZwVhTKqA99H6yw=; b=GVfmwWHSKd6x4uaPafIUUsn7MqmCpCYVJbgbOu5Q1pHNH+zfKA+hVLGV2vT+7QYq89Xz 5+09IWzEwMUAym+XqCpt8k2JojHXRyL52bAaHAtdh8IZe5BXYpoV/ifJMCgz0xcWEw3U Zc5C/YKlD43wIrNLYIBDRpfTpS9JHcbAL8bvCGnMtWxbLC23lN29z8wiRok1aavn2ceR 3FYWA/yrZPV99Kpo1AxgLsTTh9q3zQMcSeiwQQSVvb5rJ8+YozxHXeIgXU1uPOa/LnjK vJLc5p1BPvvpTord62AHstxUk69YVZSHZ0vkzJnznCdnD2N/MN5ucFkM8L/iPKkQAYqz vA== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by aserp2120.oracle.com with ESMTP id 36pd9aay77-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Feb 2021 18:49:44 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 11HIkCpU142816; Wed, 17 Feb 2021 18:49:44 GMT Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2172.outbound.protection.outlook.com [104.47.56.172]) by aserp3020.oracle.com with ESMTP id 36prp0jyyn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Feb 2021 18:49:44 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lyf2d9khDjVabht6nZnHYy3Oq9Bglg2k1Q8bgcVdzXdb9tYQ889HkJOBuIotYnCdhSP+1oNYzOw+HehbDQdnDIeIVklaooqqS/+iNVeVIKJ5oXt5HxXMXYFaymRH0VZokxG/AM3cwfUWoEyujH5j8Rv5m6rDIhoVXD7mCwDSdiDzmiZkCuLh620PB9B/e2bswr6Ej9Lcruvc7Y6jMgYuGD4VwSnrQJ07Z90g/AVu5LLzm6A1vmoY+CCZSfA/ee3PRu6g4f0a8hr35acvbVoBNv5j+LY5cQS/xKngd3zjgO3I0N6hxgfxpcnTRr7Rf21wf4kAQHoUamq3q/FaGLqnbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l3BG6/SVEWI7yKMIu2dZjARVCsDlzZwVhTKqA99H6yw=; b=hoqlye6XUbprc9N2gyn9zTbCjuOIqaWQ2JyDtDWP6iSuolwalQTA9Cen1YyyWDkp5wYiMl/KV1Mbzs5MLW/I9wnHSt2s+GTKx02aW9tJ7pcnEyDagLJWipUQZVWh52i0nbYtLkogXOCWHpvkj5AjxeRQ9w6dGLzjbgAAVFX/WTe2ocFNYfWng0YYjEHTKiesfXUa23webwOIgvpk5xNX0XPT7Pbgjzce0lxctqb2vpX02wQ7OLC3hLn2y6RYp5akShZbvaTT/D2nQe7830H4ly1kGwg/X1HzHlt6zs9Mvx7/gyeGuiZB2Jl0Rq4LdTmJBMEIDfRU37wZlby9Xj8yCg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l3BG6/SVEWI7yKMIu2dZjARVCsDlzZwVhTKqA99H6yw=; b=uhiiwMyDXXpcxqyo31JoCkzrdNYVryf6tNk8czU7IFIlQ01MNNtCr0IT8e5860WO3JRCXgEmdoxMJ5nDTaDLQ0cujZ+CrqzQGHQnE0uS3RjfmFRc3yMz5ixmR6AaaWs2qUujm7tb/n61Hwmcxatkugha1ZeCNcapwJ1cj0w8wS8= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=oracle.com; Received: from BY5PR10MB4196.namprd10.prod.outlook.com (2603:10b6:a03:20d::23) by SJ0PR10MB4445.namprd10.prod.outlook.com (2603:10b6:a03:2ae::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.27; Wed, 17 Feb 2021 18:49:42 +0000 Received: from BY5PR10MB4196.namprd10.prod.outlook.com ([fe80::e035:c568:ac66:da00]) by BY5PR10MB4196.namprd10.prod.outlook.com ([fe80::e035:c568:ac66:da00%4]) with mapi id 15.20.3846.041; Wed, 17 Feb 2021 18:49:42 +0000 From: Mike Kravetz To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Zi Yan , Davidlohr Bueso , "Kirill A . Shutemov" , Andrea Arcangeli , Matthew Wilcox , Oscar Salvador , Joao Martins , Andrew Morton , Mike Kravetz , stable@vger.kernel.org Subject: [PATCH 2/2] hugetlb: fix copy_huge_page_from_user contig page struct assumption Date: Wed, 17 Feb 2021 10:49:26 -0800 Message-Id: <20210217184926.33567-2-mike.kravetz@oracle.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210217184926.33567-1-mike.kravetz@oracle.com> References: <20210217184926.33567-1-mike.kravetz@oracle.com> X-Originating-IP: [50.38.35.18] X-ClientProxiedBy: MW2PR16CA0050.namprd16.prod.outlook.com (2603:10b6:907:1::27) To BY5PR10MB4196.namprd10.prod.outlook.com (2603:10b6:a03:20d::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from monkey.oracle.com (50.38.35.18) by MW2PR16CA0050.namprd16.prod.outlook.com (2603:10b6:907:1::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.27 via Frontend Transport; Wed, 17 Feb 2021 18:49:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d749afb2-f0fc-425c-b9cb-08d8d374c961 X-MS-TrafficTypeDiagnostic: SJ0PR10MB4445: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HMXE3NWKBLZflrnbWL7SqJknDwIiD02HyMjIBqNMcj8JYjVjD7HEX6D9reqptIn51XP9qGftQHh6o/qG5XINGUu5uvebdV5yNqKqGKETatVWVoZxbxdoiH7n4r0JDbCMW4+udg0NTO6xax3lZJXIl9QvKSXV91bqKoLR9wUdZ9wyzXsjVLhRk3/qS0KqfFqzEWCbbaRqElrfveZFSp+orUuSNLTDeJwbqoDKYDpJevvrGT7VHkJci777L2UDvuW5ITWMWkVOqQWCCBXQz0tjWTK048HGACyomgnJ4SAce5vOgVSSGUbui4ZzxEPApx468ORot4I1AJdapx7iERD0MZ2cZXK85iu2uFv5dereDcDzHS9IxVY61/uhDGUSnkPLG/7tvFk3gPpkAwvFR9nS+wJRZ9TdsZQNG6DrBlE3ViKQxjI4+M1+a9pECjovSlU2Oe1xusRq9Pgo9vYudYYLUcvkKMZFP8BL656hoTMHn5CZcY74mYM1HDtTmThnxSCzi0JLhiDNsWyYgfiP3/e3xR/mjFTOIxpWnNnxc6GHyM4EuH8qMSK3y/j7pMy8q/IZ X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR10MB4196.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(136003)(396003)(346002)(366004)(376002)(4326008)(86362001)(16526019)(2616005)(44832011)(186003)(956004)(66476007)(66556008)(66946007)(83380400001)(36756003)(6486002)(2906002)(6666004)(316002)(54906003)(478600001)(7696005)(52116002)(8676002)(5660300002)(7416002)(26005)(8936002)(1076003)(14583001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: Y/pqZUmThPbtedpjBogKpx1x2yf/5Xvc8lsnXleAngf5AiGnGhJ+L7pRlB6Epvfnxmm5XQnoDKcXOYJJt1JcTh9pgpqEmKSl+dOjbxGNZu1PaahyqlHvxYtS+vOxVo+qTjwK54o/lRR7Hfiz7gTzx/Y/uexLz6gjPqeM6XqNNnJnn3wDRVRVtoAL9Tg5NoJnWeef9AwSbYiPY6cz7nThwwbJ8Bxy6cOq35U9esPJpPXuMzri6AAjBqYFWHv9fHik3btNxLMZ+mCmSD5aAdEt7cPB2qy/TkUYgVoQPKKuIF/NvSfJiRD/vzI+rdbAq1Yb/eCHHiGtPOT6SvdtgpCVK4fmU8i0Fog78wITtwdb4HuGWJwnVsKCtnPnrr4WmN6cJmWKeNjCHAgo9LYC/hpBNpmbgIGtzVosFALiUXlcpg/0cJ5zOJyhXfnKP9Sewv16I4Ackbt+7/tk8ktRYhvVkshW/isyufIQl8+nMLIyoFEw+YJCUFpdWj/CF3LEkbhYb4XVlmr3BGK2eAY7lGGfr8puvOqYt5WzHoyHXRedvPzvsHykeI8RNhRV6tNIbCpJOuOBH70hS2f++Mz5m7jZulJmRE4DgEHOEafTjpRFmAMNBfCQaPuhdMh/SF9PDBM3obg7b9osdbS1SiqyEJFWV3M1X6+/L1SbyDs7sQKLCDfNZnSkjUaCW16NhcnLc+WHHPB+2RayM8Fd6z2mhyTtXjrFKJNpz8aNBYy7i2MkI88DdstCQHP/WRgnkYNlYusR1D1QkPP6sTQNZ71X8rEs054Z8t0p24PycsCb+F6sdIft6PwZLLaYVhSo8tpuZxQ5cHO+ApSNhQMykJYycXD1QzplbMJvuY1WtQYKrHeC9mpY32KUDlRFHVTkdFBCJKWzK2gsWJINWUbzi1ND6NIUa2EKi4S6M/nCnCl/uTpslNtwOx4437xr700x0CTXc3Si2yQxqXBazhuSIHo9QOvo+BmlAj+rNgny+LBP2j3W+iSXvdDV0lDq2sorzoRBxAm7BDFg7JrPQiYtwkB+7PycYYg6oN+3PYrUksCxwBq4BYQPpho9VTG18t7BKjFQmP52VIwZqZHRCApY1PfCsbfziq9daE8XH/LGruEPWVnA++ir1lPWoTUOgiGHzWDzOcmUt5FpkoUFp/qxRdRg4O6B4yGhyk8swRF/G8x+aVT/LXtvSd1lssvXz7E0AiIGsAZ16spuZP/42pEz1YqIBdL4MrcoGXGFif1HJb2mbnFUSMJpDmArghFTSwgoUFXznLpj+CtyDBe5vgjEyR015O8oDJJpL469DhkIFdCMXv8qS57kAr5emfIZRf7adytuxIVh X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: d749afb2-f0fc-425c-b9cb-08d8d374c961 X-MS-Exchange-CrossTenant-AuthSource: BY5PR10MB4196.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Feb 2021 18:49:42.2869 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: umMJHgeMxFHZ3aEFb2hWtorm0ksZB4bCz5/w7zdYoEVsCO78+KVU8mJ3ACL6ht0P/jLUNrCDSwFrhi88DgEHZQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR10MB4445 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9898 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 spamscore=0 malwarescore=0 mlxscore=0 adultscore=12 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102170135 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9898 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1015 impostorscore=0 mlxscore=0 phishscore=0 mlxlogscore=999 spamscore=0 bulkscore=0 priorityscore=1501 malwarescore=0 suspectscore=0 adultscore=4 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102170135 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org page structs are not guaranteed to be contiguous for gigantic pages. The routine copy_huge_page_from_user can encounter gigantic pages, yet it assumes page structs are contiguous when copying pages from user space. Since page structs for the target gigantic page are not contiguous, the data copied from user space could overwrite other pages not associated with the gigantic page and cause data corruption. Non-contiguous page structs are generally not an issue. However, they can exist with a specific kernel configuration and hotplug operations. For example: Configure the kernel with CONFIG_SPARSEMEM and !CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where the gigantic page will be allocated. Fixes: 8fb5debc5fcd ("userfaultfd: hugetlbfs: add hugetlb_mcopy_atomic_pte for userfaultfd support") Signed-off-by: Mike Kravetz Cc: --- mm/memory.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index feff48e1465a..241bec4199b5 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5173,17 +5173,19 @@ long copy_huge_page_from_user(struct page *dst_page, void *page_kaddr; unsigned long i, rc = 0; unsigned long ret_val = pages_per_huge_page * PAGE_SIZE; + struct page *subpage = dst_page; - for (i = 0; i < pages_per_huge_page; i++) { + for (i = 0; i < pages_per_huge_page; + i++, subpage = mem_map_next(subpage, dst_page, i)) { if (allow_pagefault) - page_kaddr = kmap(dst_page + i); + page_kaddr = kmap(subpage); else - page_kaddr = kmap_atomic(dst_page + i); + page_kaddr = kmap_atomic(subpage); rc = copy_from_user(page_kaddr, (const void __user *)(src + i * PAGE_SIZE), PAGE_SIZE); if (allow_pagefault) - kunmap(dst_page + i); + kunmap(subpage); else kunmap_atomic(page_kaddr);