From patchwork Fri May 13 14:24:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572507 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 875A4C433FE for ; Fri, 13 May 2022 14:32:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381111AbiEMOcG (ORCPT ); Fri, 13 May 2022 10:32:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381446AbiEMObZ (ORCPT ); Fri, 13 May 2022 10:31:25 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8E1E1ACF90; Fri, 13 May 2022 07:29:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 452C2621C6; Fri, 13 May 2022 14:29:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4CE11C34100; Fri, 13 May 2022 14:29:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452149; bh=xp+u8NygbVxoi99MAWO9qUlTrei9uqsPK0jfOp9gZ8o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=I63vphraMYnpAhzPWVteJ15I1YtUzcKwW4yfa5JJIBKu+yw0lh5d9VQi9CacBuXAH rwHfSgUpUvLMb8QA/PDK031BN/oEfvFrBA2IFdj67V1IE0vRgdh182GrzGdliqLbD2 4H7yWoTnyQChnJAjbjzCIY7mYKJ6gr4gAexkDcr4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Gleb Fotengauer-Malinovskiy , "Dmitry V. Levin" , Johannes Berg Subject: [PATCH 5.17 02/12] rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition Date: Fri, 13 May 2022 16:24:02 +0200 Message-Id: <20220513142228.724371318@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Gleb Fotengauer-Malinovskiy commit a36e07dfe6ee71e209383ea9288cd8d1617e14f9 upstream. The definition of RFKILL_IOCTL_MAX_SIZE introduced by commit 54f586a91532 ("rfkill: make new event layout opt-in") is unusable since it is based on RFKILL_IOC_EXT_SIZE which has not been defined. Fix that by replacing the undefined constant with the constant which is intended to be used in this definition. Fixes: 54f586a91532 ("rfkill: make new event layout opt-in") Cc: stable@vger.kernel.org # 5.11+ Signed-off-by: Gleb Fotengauer-Malinovskiy Signed-off-by: Dmitry V. Levin Link: https://lore.kernel.org/r/20220506172454.120319-1-glebfm@altlinux.org [add commit message provided later by Dmitry] Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- include/uapi/linux/rfkill.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/uapi/linux/rfkill.h +++ b/include/uapi/linux/rfkill.h @@ -184,7 +184,7 @@ struct rfkill_event_ext { #define RFKILL_IOC_NOINPUT 1 #define RFKILL_IOCTL_NOINPUT _IO(RFKILL_IOC_MAGIC, RFKILL_IOC_NOINPUT) #define RFKILL_IOC_MAX_SIZE 2 -#define RFKILL_IOCTL_MAX_SIZE _IOW(RFKILL_IOC_MAGIC, RFKILL_IOC_EXT_SIZE, __u32) +#define RFKILL_IOCTL_MAX_SIZE _IOW(RFKILL_IOC_MAGIC, RFKILL_IOC_MAX_SIZE, __u32) /* and that's all userspace gets */ From patchwork Fri May 13 14:24:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572501 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C1D8C433EF for ; Fri, 13 May 2022 14:34:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381126AbiEMOel (ORCPT ); Fri, 13 May 2022 10:34:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381295AbiEMOe2 (ORCPT ); Fri, 13 May 2022 10:34:28 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9AB7F1B54AE; Fri, 13 May 2022 07:29:23 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id AA0C8CE3237; Fri, 13 May 2022 14:29:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D0ABC34100; Fri, 13 May 2022 14:29:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452160; bh=sDqknvl/Pn++QqE43sj1doJEwJZRrTv0llb3fsN2P1s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UsmZJ1R/fkN7DCygOhWn58h7nAEe58xb2BY3SmFlNmHrbsiK5tXVZkpwUWeK+FyzL ULKUWFxc6vVjuqH47uqFuh3IE221PO3TT5HsuzL6iWgI32vL4vKFwAfkxmHSWwRXRx olFU19pZG4zxyGGwfF5KujfHiT5hTx/mGUxgVXmI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, butt3rflyh4ck , Jan Kara Subject: [PATCH 5.17 03/12] udf: Avoid using stale lengthOfImpUse Date: Fri, 13 May 2022 16:24:03 +0200 Message-Id: <20220513142228.753578790@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jan Kara commit c1ad35dd0548ce947d97aaf92f7f2f9a202951cf upstream. udf_write_fi() uses lengthOfImpUse of the entry it is writing to. However this field has not yet been initialized so it either contains completely bogus value or value from last directory entry at that place. In either case this is wrong and can lead to filesystem corruption or kernel crashes. Reported-by: butt3rflyh4ck CC: stable@vger.kernel.org Fixes: 979a6e28dd96 ("udf: Get rid of 0-length arrays in struct fileIdentDesc") Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman --- fs/udf/namei.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/fs/udf/namei.c +++ b/fs/udf/namei.c @@ -75,11 +75,11 @@ int udf_write_fi(struct inode *inode, st if (fileident) { if (adinicb || (offset + lfi < 0)) { - memcpy(udf_get_fi_ident(sfi), fileident, lfi); + memcpy(sfi->impUse + liu, fileident, lfi); } else if (offset >= 0) { memcpy(fibh->ebh->b_data + offset, fileident, lfi); } else { - memcpy(udf_get_fi_ident(sfi), fileident, -offset); + memcpy(sfi->impUse + liu, fileident, -offset); memcpy(fibh->ebh->b_data, fileident - offset, lfi + offset); } @@ -88,11 +88,11 @@ int udf_write_fi(struct inode *inode, st offset += lfi; if (adinicb || (offset + padlen < 0)) { - memset(udf_get_fi_ident(sfi) + lfi, 0x00, padlen); + memset(sfi->impUse + liu + lfi, 0x00, padlen); } else if (offset >= 0) { memset(fibh->ebh->b_data + offset, 0x00, padlen); } else { - memset(udf_get_fi_ident(sfi) + lfi, 0x00, -offset); + memset(sfi->impUse + liu + lfi, 0x00, -offset); memset(fibh->ebh->b_data, 0x00, padlen + offset); } From patchwork Fri May 13 14:24:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572912 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C487C433EF for ; Fri, 13 May 2022 14:33:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381094AbiEMOdc (ORCPT ); Fri, 13 May 2022 10:33:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381101AbiEMOcG (ORCPT ); Fri, 13 May 2022 10:32:06 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B62B91B5F85; Fri, 13 May 2022 07:29:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4761F61F99; Fri, 13 May 2022 14:29:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7FB8FC34100; Fri, 13 May 2022 14:29:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452163; bh=8Zwr3W7JIAHfeLtAAfAERk0dZRqAj/i3KN79SO7IoEg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zuiayYk/gmgXHKh3MvRTWTL63h+2IpMF9HovkeP7LpANn/PNSE4Hm8Sy6UJezeDm/ 6MDNGLsf37cOa/hvu12IRuA6e2IGZFTyD4xOofK3T5DcLvuzFWLj9yH0aW0Z6bOHjg wy96H+CLA9ua4rVrvTpxvWZ3rF2F/G1tlWtyW2WA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Muchun Song , Zi Yan , Axel Rasmussen , David Rientjes , Fam Zheng , "Kirill A. Shutemov" , Lars Persson , Mike Kravetz , Peter Xu , Xiongchun Duan , Andrew Morton , Linus Torvalds Subject: [PATCH 5.17 04/12] mm: fix missing cache flush for all tail pages of compound page Date: Fri, 13 May 2022 16:24:04 +0200 Message-Id: <20220513142228.781532891@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Muchun Song commit 2771739a7162782c0aa6424b2e3dd874e884a15d upstream. The D-cache maintenance inside move_to_new_page() only consider one page, there is still D-cache maintenance issue for tail pages of compound page (e.g. THP or HugeTLB). THP migration is only enabled on x86_64, ARM64 and powerpc, while powerpc and arm64 need to maintain the consistency between I-Cache and D-Cache, which depends on flush_dcache_page() to maintain the consistency between I-Cache and D-Cache. But there is no issues on arm64 and powerpc since they already considers the compound page cache flushing in their icache flush function. HugeTLB migration is enabled on arm, arm64, mips, parisc, powerpc, riscv, s390 and sh, while arm has handled the compound page cache flush in flush_dcache_page(), but most others do not. In theory, the issue exists on many architectures. Fix this by not using flush_dcache_folio() since it is not backportable. Link: https://lkml.kernel.org/r/20220210123058.79206-3-songmuchun@bytedance.com Fixes: 290408d4a250 ("hugetlb: hugepage migration core") Signed-off-by: Muchun Song Reviewed-by: Zi Yan Cc: Axel Rasmussen Cc: David Rientjes Cc: Fam Zheng Cc: Kirill A. Shutemov Cc: Lars Persson Cc: Mike Kravetz Cc: Peter Xu Cc: Xiongchun Duan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/migrate.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/mm/migrate.c +++ b/mm/migrate.c @@ -916,9 +916,12 @@ static int move_to_new_page(struct page if (!PageMappingFlags(page)) page->mapping = NULL; - if (likely(!is_zone_device_page(newpage))) - flush_dcache_page(newpage); + if (likely(!is_zone_device_page(newpage))) { + int i, nr = compound_nr(newpage); + for (i = 0; i < nr; i++) + flush_dcache_page(newpage + i); + } } out: return rc; From patchwork Fri May 13 14:24:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572503 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED7AFC433EF for ; Fri, 13 May 2022 14:33:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357070AbiEMOdn (ORCPT ); Fri, 13 May 2022 10:33:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46722 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381075AbiEMOcV (ORCPT ); Fri, 13 May 2022 10:32:21 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5F0260BA0; Fri, 13 May 2022 07:29:29 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 15404B8306B; Fri, 13 May 2022 14:29:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 21746C34100; Fri, 13 May 2022 14:29:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452166; bh=HQhKaRCDq+h5tAHDd71ttutJcE+5Ti3dz9qEBK/Yf0w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uiDWg/A7bCslGsFjrm71AHDbX7Eu/i5UfkZ9FTteprq2YwSUfMDwXgn1pfF21g9O3 wPliLTvjkdYEFSTohpLU3vD0/Rqo9JOlPGeV+YaEh6TdVjvQ98MoF0rLf23I/WalbN 8bLkvN7+wIKTR6FqADNVh1zDgooxHuXiU24TOPCo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Muchun Song , Mike Kravetz , Axel Rasmussen , David Rientjes , Fam Zheng , "Kirill A. Shutemov" , Lars Persson , Peter Xu , Xiongchun Duan , Zi Yan , Andrew Morton , Linus Torvalds Subject: [PATCH 5.17 05/12] mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() Date: Fri, 13 May 2022 16:24:05 +0200 Message-Id: <20220513142228.810770493@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Muchun Song commit e763243cc6cb1fcc720ec58cfd6e7c35ae90a479 upstream. userfaultfd calls copy_huge_page_from_user() which does not do any cache flushing for the target page. Then the target page will be mapped to the user space with a different address (user address), which might have an alias issue with the kernel address used to copy the data from the user to. Fix this issue by flushing dcache in copy_huge_page_from_user(). Link: https://lkml.kernel.org/r/20220210123058.79206-4-songmuchun@bytedance.com Fixes: fa4d75c1de13 ("userfaultfd: hugetlbfs: add copy_huge_page_from_user for hugetlb userfaultfd support") Signed-off-by: Muchun Song Reviewed-by: Mike Kravetz Cc: Axel Rasmussen Cc: David Rientjes Cc: Fam Zheng Cc: Kirill A. Shutemov Cc: Lars Persson Cc: Peter Xu Cc: Xiongchun Duan Cc: Zi Yan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/memory.c +++ b/mm/memory.c @@ -5475,6 +5475,8 @@ long copy_huge_page_from_user(struct pag if (rc) break; + flush_dcache_page(subpage); + cond_resched(); } return ret_val; From patchwork Fri May 13 14:24:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572911 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E5BBC433F5 for ; Fri, 13 May 2022 14:33:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345728AbiEMOdl (ORCPT ); Fri, 13 May 2022 10:33:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381197AbiEMOdP (ORCPT ); Fri, 13 May 2022 10:33:15 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1766A1BDDA6; Fri, 13 May 2022 07:29:33 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 77E7ECE2DCA; Fri, 13 May 2022 14:29:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C9F7C34100; Fri, 13 May 2022 14:29:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452169; bh=FZPKT8Vaud+Ka1B8TAAY9womsdW5sCwshQJQL7hUJDE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hyWbC9l+hTWzWumOF4ZYUV+E7UP60sfJmlf3kqL3o9r+PURSqDLwHCMm1VQejiNcc ajOrAqHreEZsDKvX1+kL2FdvSsD3RheVumDVSmuzhfXB0TvNa//4jsQ0gzhdY06UUj oFlSNz8jKXoIrZDsFMmQY5dZdS26QM+wsMFQMxEA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Muchun Song , Mike Kravetz , Axel Rasmussen , David Rientjes , Fam Zheng , "Kirill A. Shutemov" , Lars Persson , Peter Xu , Xiongchun Duan , Zi Yan , Andrew Morton , Linus Torvalds Subject: [PATCH 5.17 06/12] mm: hugetlb: fix missing cache flush in hugetlb_mcopy_atomic_pte() Date: Fri, 13 May 2022 16:24:06 +0200 Message-Id: <20220513142228.841619815@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Muchun Song commit 348923665a0e50ad9fc0b3bb8127d3cb976691cc upstream. folio_copy() will copy the data from one page to the target page, then the target page will be mapped to the user space address, which might have an alias issue with the kernel address used to copy the data from the page to. There are 2 ways to fix this issue. 1) insert flush_dcache_page() after folio_copy(). 2) replace folio_copy() with copy_user_huge_page() which already considers the cache maintenance. We chose 2) way to fix the issue since architectures can optimize this situation. It is also make backports easier. Link: https://lkml.kernel.org/r/20220210123058.79206-5-songmuchun@bytedance.com Fixes: 8cc5fcbb5be8 ("mm, hugetlb: fix racy resv_huge_pages underflow on UFFDIO_COPY") Signed-off-by: Muchun Song Reviewed-by: Mike Kravetz Cc: Axel Rasmussen Cc: David Rientjes Cc: Fam Zheng Cc: Kirill A. Shutemov Cc: Lars Persson Cc: Peter Xu Cc: Xiongchun Duan Cc: Zi Yan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/hugetlb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5820,7 +5820,8 @@ int hugetlb_mcopy_atomic_pte(struct mm_s *pagep = NULL; goto out; } - folio_copy(page_folio(page), page_folio(*pagep)); + copy_user_huge_page(page, *pagep, dst_addr, dst_vma, + pages_per_huge_page(h)); put_page(*pagep); *pagep = NULL; } From patchwork Fri May 13 14:24:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572504 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29D28C433FE for ; Fri, 13 May 2022 14:33:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349632AbiEMOdj (ORCPT ); Fri, 13 May 2022 10:33:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381030AbiEMOdY (ORCPT ); Fri, 13 May 2022 10:33:24 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7AB745E748; Fri, 13 May 2022 07:29:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 041F062159; Fri, 13 May 2022 14:29:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 407DFC34100; Fri, 13 May 2022 14:29:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452173; bh=ovDcXZKFP6/Q28vqbQAc3j9wHd64tfumZlesJ/Lzcus=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NhS70CLOuphqKfjiJqEfalIZ50r0UnMmgT0YwPG7FVFEeqTA9XRQwVslj8bKcA0bo 1n8lGR0u5jQ+EVaY6g5ciRHSOddfiDS7/PrQGaHA1DewxmU7hEctCtb4JTSPZSZyZJ F66FFqGIJegkv2nO7c8qazWjrS37OhnzEr/Lttak= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Muchun Song , Mike Kravetz , Axel Rasmussen , David Rientjes , Fam Zheng , "Kirill A. Shutemov" , Lars Persson , Peter Xu , Xiongchun Duan , Zi Yan , Andrew Morton , Linus Torvalds Subject: [PATCH 5.17 07/12] mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() Date: Fri, 13 May 2022 16:24:07 +0200 Message-Id: <20220513142228.870480590@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Muchun Song commit 19b482c29b6f3805f1d8e93015847b89e2f7f3b1 upstream. userfaultfd calls shmem_mfill_atomic_pte() which does not do any cache flushing for the target page. Then the target page will be mapped to the user space with a different address (user address), which might have an alias issue with the kernel address used to copy the data from the user to. Insert flush_dcache_page() in non-zero-page case. And replace clear_highpage() with clear_user_highpage() which already considers the cache maintenance. Link: https://lkml.kernel.org/r/20220210123058.79206-6-songmuchun@bytedance.com Fixes: 8d1039634206 ("userfaultfd: shmem: add shmem_mfill_zeropage_pte for userfaultfd support") Fixes: 4c27fe4c4c84 ("userfaultfd: shmem: add shmem_mcopy_atomic_pte for userfaultfd support") Signed-off-by: Muchun Song Reviewed-by: Mike Kravetz Cc: Axel Rasmussen Cc: David Rientjes Cc: Fam Zheng Cc: Kirill A. Shutemov Cc: Lars Persson Cc: Peter Xu Cc: Xiongchun Duan Cc: Zi Yan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/shmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2357,8 +2357,10 @@ int shmem_mfill_atomic_pte(struct mm_str /* don't free the page */ goto out_unacct_blocks; } + + flush_dcache_page(page); } else { /* ZEROPAGE */ - clear_highpage(page); + clear_user_highpage(page, dst_addr); } } else { page = *pagep; From patchwork Fri May 13 14:24:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572502 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96F23C433F5 for ; Fri, 13 May 2022 14:34:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381106AbiEMOeM (ORCPT ); Fri, 13 May 2022 10:34:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381231AbiEMOdb (ORCPT ); Fri, 13 May 2022 10:33:31 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83FE75EDFB; Fri, 13 May 2022 07:29:37 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DE43461F99; Fri, 13 May 2022 14:29:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C204EC34100; Fri, 13 May 2022 14:29:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452176; bh=ELokOJbsx2StuWUuxNncvbfR64k3rC8zgZYl0ymOv98=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c4GFkr4DjdB8H0Ov7FOOFUU3EiwCS9JnGOcGJ0YR52bW+2HZ+U8O1EbQC9rYFwehP pXGPIps/XNuepeHNFgFsj+uJcgYQ0iUYnq+xTTfQInw0CDaV/tpgkda/rB5SulSmcq KpXiPEf0F+wi/KqMYrQPn/NBHcBlAtoDUHTJXQ8c= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Muchun Song , Axel Rasmussen , David Rientjes , Fam Zheng , "Kirill A. Shutemov" , Lars Persson , Mike Kravetz , Peter Xu , Xiongchun Duan , Zi Yan , Andrew Morton , Linus Torvalds Subject: [PATCH 5.17 08/12] mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() Date: Fri, 13 May 2022 16:24:08 +0200 Message-Id: <20220513142228.900593596@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Muchun Song commit 7c25a0b89a487878b0691e6524fb5a8827322194 upstream. userfaultfd calls mcopy_atomic_pte() and __mcopy_atomic() which do not do any cache flushing for the target page. Then the target page will be mapped to the user space with a different address (user address), which might have an alias issue with the kernel address used to copy the data from the user to. Fix this by insert flush_dcache_page() after copy_from_user() succeeds. Link: https://lkml.kernel.org/r/20220210123058.79206-7-songmuchun@bytedance.com Fixes: b6ebaedb4cb1 ("userfaultfd: avoid mmap_sem read recursion in mcopy_atomic") Fixes: c1a4de99fada ("userfaultfd: mcopy_atomic|mfill_zeropage: UFFDIO_COPY|UFFDIO_ZEROPAGE preparation") Signed-off-by: Muchun Song Cc: Axel Rasmussen Cc: David Rientjes Cc: Fam Zheng Cc: Kirill A. Shutemov Cc: Lars Persson Cc: Mike Kravetz Cc: Peter Xu Cc: Xiongchun Duan Cc: Zi Yan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/userfaultfd.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -153,6 +153,8 @@ static int mcopy_atomic_pte(struct mm_st /* don't free the page */ goto out; } + + flush_dcache_page(page); } else { page = *pagep; *pagep = NULL; @@ -628,6 +630,7 @@ retry: err = -EFAULT; goto out; } + flush_dcache_page(page); goto retry; } else BUG_ON(page); From patchwork Fri May 13 14:24:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572910 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99DC0C433FE for ; Fri, 13 May 2022 14:33:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381058AbiEMOds (ORCPT ); Fri, 13 May 2022 10:33:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381055AbiEMOda (ORCPT ); Fri, 13 May 2022 10:33:30 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 63C1760B88; Fri, 13 May 2022 07:29:40 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EB00D621C6; Fri, 13 May 2022 14:29:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 05F92C34100; Fri, 13 May 2022 14:29:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452179; bh=8X+WJYGX4evt7FwMn+Tpb8JS2iA8r3USKECBfnlZTls=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zxBJD5RAxT/5t346gFWOXRx9UoLu5eBO89B7LKtourwxKuo3aKy/xKTqIPowM7IDX I6t6/GPGtE28NPA2w1V0fAjla02AIZFfLNMaciYh2zd3QcLuLWT8xatOGZuW4NwFXb ehhkpDnq1IbZHY82hAzM/qay/7KtbhV0u3QfTWYU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Naoya Horiguchi , Youquan Song , Tony Luck , Andrew Morton , Linus Torvalds Subject: [PATCH 5.17 09/12] mm/hwpoison: fix error page recovered but reported "not recovered" Date: Fri, 13 May 2022 16:24:09 +0200 Message-Id: <20220513142228.928817865@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Naoya Horiguchi commit 046545a661af2beec21de7b90ca0e35f05088a81 upstream. When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. If the CMCI wins that race, the page is marked poisoned when uc_decode_notifier() calls memory_failure() and the machine check processing code finds the page already poisoned. It calls kill_accessing_process() to make sure a SIGBUS is sent. But returns the wrong error code. Console log looks like this: mce: Uncorrected hardware memory error in user-access at 3710b3400 Memory failure: 0x3710b3: recovery action for dirty LRU page: Recovered Memory failure: 0x3710b3: already hardware poisoned Memory failure: 0x3710b3: Sending SIGBUS to einj_mem_uc:361438 due to hardware memory corruption mce: Memory error not recovered kill_accessing_process() is supposed to return -EHWPOISON to notify that SIGBUS is already set to the process and kill_me_maybe() doesn't have to send it again. But current code simply fails to do this, so fix it to make sure to work as intended. This change avoids the noise message "Memory error not recovered" and skips duplicate SIGBUSs. [tony.luck@intel.com: reword some parts of commit message] Link: https://lkml.kernel.org/r/20220113231117.1021405-1-naoya.horiguchi@linux.dev Fixes: a3f5d80ea401 ("mm,hwpoison: send SIGBUS with error virutal address") Signed-off-by: Naoya Horiguchi Reported-by: Youquan Song Cc: Tony Luck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/memory-failure.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -707,8 +707,10 @@ static int kill_accessing_process(struct (void *)&priv); if (ret == 1 && priv.tk.addr) kill_proc(&priv.tk, pfn, flags); + else + ret = 0; mmap_read_unlock(p->mm); - return ret ? -EFAULT : -EHWPOISON; + return ret > 0 ? -EHWPOISON : -EFAULT; } static const char *action_name[] = { From patchwork Fri May 13 14:24:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572909 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AE5CC433F5 for ; Fri, 13 May 2022 14:34:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381026AbiEMOes (ORCPT ); Fri, 13 May 2022 10:34:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381269AbiEMOdi (ORCPT ); Fri, 13 May 2022 10:33:38 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84E111C06F4; Fri, 13 May 2022 07:29:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 09231B8306A; Fri, 13 May 2022 14:29:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4B6F8C34100; Fri, 13 May 2022 14:29:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452182; bh=sv08YaLt1F//JntcxmPzAyGIXxf4lL/FDqMK4jlfWwk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lY4+W1hCUCqLxrn+nnZ5He9HkiHevATz0JGSJNh9SMGEkaMbng7KTgqpY0exLZ3tD jHqEmz7ZgVcw6CL4Mpg5KCRfi5ZOe2Ugdd8ywnZl2k9xwQ6xpYo7lbpTtE4mhhQXGQ jJEiw/cmP3S68Pdwb55ntK0SChPX3a3R89EB3Tow= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Miaohe Lin , Andrew Morton , Hugh Dickins , Herbert van den Bergh , Chris Mason , Linus Torvalds Subject: [PATCH 5.17 10/12] mm/mlock: fix potential imbalanced rlimit ucounts adjustment Date: Fri, 13 May 2022 16:24:10 +0200 Message-Id: <20220513142228.956764796@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Miaohe Lin commit 5c2a956c3eea173b2bc89f632507c0eeaebf6c4a upstream. user_shm_lock forgets to set allowed to 0 when get_ucounts fails. So the later user_shm_unlock might do the extra dec_rlimit_ucounts. Fix this by resetting allowed to 0. Link: https://lkml.kernel.org/r/20220310132417.41189-1-linmiaohe@huawei.com Fixes: d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of ucounts") Signed-off-by: Miaohe Lin Reviewed-by: Andrew Morton Acked-by: Hugh Dickins Cc: Herbert van den Bergh Cc: Chris Mason Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/mlock.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/mlock.c +++ b/mm/mlock.c @@ -838,6 +838,7 @@ int user_shm_lock(size_t size, struct uc } if (!get_ucounts(ucounts)) { dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked); + allowed = 0; goto out; } allowed = 1; From patchwork Fri May 13 14:24:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572913 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2A65C433EF for ; Fri, 13 May 2022 14:32:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349969AbiEMOcu (ORCPT ); Fri, 13 May 2022 10:32:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46732 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352782AbiEMOba (ORCPT ); Fri, 13 May 2022 10:31:30 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32CDD1B0929; Fri, 13 May 2022 07:29:14 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C134C62153; Fri, 13 May 2022 14:29:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 315ACC34100; Fri, 13 May 2022 14:29:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452153; bh=NZYCTgSa5rYe0Xq/7j2xCZxXEpq7IUeSinHuJIj0uEs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Dsz2l+mnPpCPswwuRVeRJrtCkaZOHlsEkFRbvohiLMI3sZDORKc1SDaZK6DL2v5jS pN1+wD7O2MO9zCPVPyTU5PUe4ry6O8ZPC5Jm8MbJj2UGoQ1RH26cLR01kkx02kB0SF MQxnPmJ2bjkKk4+kpG8tsNpP6V92R247ogamWaeE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Huang, Ying" , Baolin Wang , Dave Hansen , Zi Yan , Oscar Salvador , Yang Shi , zhongjiang-ali , Xunlei Pang , Mel Gorman , Andrew Morton , Linus Torvalds Subject: [PATCH 5.17 11/12] mm,migrate: fix establishing demotion target Date: Fri, 13 May 2022 16:24:11 +0200 Message-Id: <20220513142228.985137985@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Huang Ying commit fc89213a636c3735eb3386f10a34c082271b4192 upstream. In commit ac16ec835314 ("mm: migrate: support multiple target nodes demotion"), after the first demotion target node is found, we will continue to check the next candidate obtained via find_next_best_node(). This is to find all demotion target nodes with same NUMA distance. But one side effect of find_next_best_node() is that the candidate node returned will be set in "used" parameter, even if the candidate node isn't passed in the following NUMA distance checking, the candidate node will not be used as demotion target node for the following nodes. For example, for system as follows, node distances: node 0 1 2 3 0: 10 21 17 28 1: 21 10 28 17 2: 17 28 10 28 3: 28 17 28 10 when we establish demotion target node for node 0, in the first round node 2 is added to the demotion target node set. Then in the second round, node 3 is checked and failed because distance(0, 3) > distance(0, 2). But node 3 is set in "used" nodemask too. When we establish demotion target node for node 1, there is no available node. This is wrong, node 3 should be set as the demotion target of node 1. To fix this, if the candidate node is failed to pass the distance checking, it will be cleared in "used" nodemask. So that it can be used for the following node. The bug can be reproduced and fixed with this patch on a 2 socket server machine with DRAM and PMEM. Link: https://lkml.kernel.org/r/20220128055940.1792614-1-ying.huang@intel.com Fixes: ac16ec835314 ("mm: migrate: support multiple target nodes demotion") Signed-off-by: "Huang, Ying" Reviewed-by: Baolin Wang Cc: Baolin Wang Cc: Dave Hansen Cc: Zi Yan Cc: Oscar Salvador Cc: Yang Shi Cc: zhongjiang-ali Cc: Xunlei Pang Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/migrate.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/mm/migrate.c +++ b/mm/migrate.c @@ -3085,18 +3085,21 @@ static int establish_migrate_target(int if (best_distance != -1) { val = node_distance(node, migration_target); if (val > best_distance) - return NUMA_NO_NODE; + goto out_clear; } index = nd->nr; if (WARN_ONCE(index >= DEMOTION_TARGET_NODES, "Exceeds maximum demotion target nodes\n")) - return NUMA_NO_NODE; + goto out_clear; nd->nodes[index] = migration_target; nd->nr++; return migration_target; +out_clear: + node_clear(migration_target, *used); + return NUMA_NO_NODE; } /* From patchwork Fri May 13 14:24:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 572505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E692C433FE for ; Fri, 13 May 2022 14:33:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347266AbiEMOd2 (ORCPT ); Fri, 13 May 2022 10:33:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381067AbiEMOby (ORCPT ); Fri, 13 May 2022 10:31:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 088AC1B1743; Fri, 13 May 2022 07:29:16 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7C14561F99; Fri, 13 May 2022 14:29:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5D082C34100; Fri, 13 May 2022 14:29:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1652452155; bh=jrRvUIKYf1n5UNwFP4Jhq6pBwQ4NWVjBYb4qxpwM3tw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=m4jz05N0BCvh+qCzm7BKXDINf3z0FtfnD9C0D8yzX/N9QvyXeySzozj9bhaBB62zA a+njbZTSih15RQA4AMRa2Oj7YFzXBqifAqhymeFaUNEvarvNaC4BnVfSqJlVq9J8IL oz49s2RrRTqBFvft3No8bgPnvqeVVRMwK33+7dBw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Peter Xu , John Hubbard , Claudio Imbrenda , Alex Williamson , Christoph Hellwig , Jan Kara , Andrea Arcangeli , "Kirill A. Shutemov" , Jason Gunthorpe , David Hildenbrand , Lukas Bulwahn , "Matthew Wilcox (Oracle)" , Jason Gunthorpe , Andrew Morton , Linus Torvalds Subject: [PATCH 5.17 12/12] mm: fix invalid page pointer returned with FOLL_PIN gups Date: Fri, 13 May 2022 16:24:12 +0200 Message-Id: <20220513142229.014517006@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220513142228.651822943@linuxfoundation.org> References: <20220513142228.651822943@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Peter Xu commit 7196040e19ad634293acd3eff7083149d7669031 upstream. Patch series "mm/gup: some cleanups", v5. This patch (of 5): Alex reported invalid page pointer returned with pin_user_pages_remote() from vfio after upstream commit 4b6c33b32296 ("vfio/type1: Prepare for batched pinning with struct vfio_batch"). It turns out that it's not the fault of the vfio commit; however after vfio switches to a full page buffer to store the page pointers it starts to expose the problem easier. The problem is for VM_PFNMAP vmas we should normally fail with an -EFAULT then vfio will carry on to handle the MMIO regions. However when the bug triggered, follow_page_mask() returned -EEXIST for such a page, which will jump over the current page, leaving that entry in **pages untouched. However the caller is not aware of it, hence the caller will reference the page as usual even if the pointer data can be anything. We had that -EEXIST logic since commit 1027e4436b6a ("mm: make GUP handle pfn mapping unless FOLL_GET is requested") which seems very reasonable. It could be that when we reworked GUP with FOLL_PIN we could have overlooked that special path in commit 3faa52c03f44 ("mm/gup: track FOLL_PIN pages"), even if that commit rightfully touched up follow_devmap_pud() on checking FOLL_PIN when it needs to return an -EEXIST. Attaching the Fixes to the FOLL_PIN rework commit, as it happened later than 1027e4436b6a. [jhubbard@nvidia.com: added some tags, removed a reference to an out of tree module.] Link: https://lkml.kernel.org/r/20220207062213.235127-1-jhubbard@nvidia.com Link: https://lkml.kernel.org/r/20220204020010.68930-1-jhubbard@nvidia.com Link: https://lkml.kernel.org/r/20220204020010.68930-2-jhubbard@nvidia.com Fixes: 3faa52c03f44 ("mm/gup: track FOLL_PIN pages") Signed-off-by: Peter Xu Signed-off-by: John Hubbard Reviewed-by: Claudio Imbrenda Reported-by: Alex Williamson Debugged-by: Alex Williamson Tested-by: Alex Williamson Reviewed-by: Christoph Hellwig Reviewed-by: Jan Kara Cc: Andrea Arcangeli Cc: Kirill A. Shutemov Cc: Jason Gunthorpe Cc: David Hildenbrand Cc: Lukas Bulwahn Cc: Matthew Wilcox (Oracle) Cc: Jason Gunthorpe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/gup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/gup.c +++ b/mm/gup.c @@ -465,7 +465,7 @@ static int follow_pfn_pte(struct vm_area pte_t *pte, unsigned int flags) { /* No page to get reference */ - if (flags & FOLL_GET) + if (flags & (FOLL_GET | FOLL_PIN)) return -EFAULT; if (flags & FOLL_TOUCH) {