Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp360379pxu; Thu, 15 Oct 2020 06:00:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw6rfgpGUPjHyFsp5kLqp9yluO9cG4bvInRiFW5pUdJOv9dHEqiJAdhsAmvqtakbCw5OsCd X-Received: by 2002:a17:906:f298:: with SMTP id gu24mr4290683ejb.53.1602766829787; Thu, 15 Oct 2020 06:00:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602766829; cv=none; d=google.com; s=arc-20160816; b=bkZGP+38p0Q2pDsNPJ5dgWyQCO45s4LpPR2rfehOTpjgejNUKa3pCfXQthRyb3V95u ddGtUezRnC+qiGVn9Z65qb08hT1I7umo1FmRgGHK0JeTpJsFHYYVYQ/tSW/7dUjjaYVO dLZ3/z/rJdWlxktP5lheZmLaXSLFtWKJ4y25BydZdhQS4mC9S2ZHPvqLLxNMOR9A5VRl kWMBM0eTKmfyCabEgR4IfgBIx/jHnhIeRJ8s2Ks5HBtejNORc6b6cY2/QH1gcTBU51gw 07T/759Rj+slYaqptMziv8/OkM+vJZ/ZFty3gpeYemjsGoiT+7RbORLtoRL/wGTpJ0Jj KlZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:user-agent:references:in-reply-to :subject:cc:to:from:date:content-transfer-encoding:mime-version; bh=LXpzAVMMxQwG/kRHAVrvP/9M4tvO3lkZjHP2HTHWfuk=; b=aKGDE6Gx8w4VF/DnxaLXQxWO+Y3Gd+Thkmy6YX3uZaZ6tgVMhvPeanBVnmxaRg7yp2 HcmbD4lMqYLOKThuEZf6svDPjn2PW9PN7O37+b0bYKJJbeNWHFE0054/FpHmnHtUix8a RvOnHV1aAyxLcmx7OX6G0Bcui95bEMEBpgRXpzgt8aIWDdm8H3kjYXUp8+KvF/QMPEQX OCU9LmqGOrtRMJpdGAUvyUdtTGR4PKXjPUvga7D+qyoe9SyHIHvkhn7TYi/aQ3gHiv2A Z71pKhbp4c+586uz4JF1UeLl95C59m3iSYsBUEEoLpi1J0jGKgIqWiJdm3hCFIOR+2Uu 6uUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q8si1957826ejx.457.2020.10.15.06.00.01; Thu, 15 Oct 2020 06:00:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726814AbgJOM6z (ORCPT + 99 others); Thu, 15 Oct 2020 08:58:55 -0400 Received: from mx2.suse.de ([195.135.220.15]:60014 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726121AbgJOM6z (ORCPT ); Thu, 15 Oct 2020 08:58:55 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id DD768ABD1; Thu, 15 Oct 2020 12:58:53 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 15 Oct 2020 14:58:53 +0200 From: osalvador@suse.de To: Shijie Luo Cc: akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linmiaohe@huawei.com, linfeilong@huawei.com Subject: Re: [PATCH] mm: fix potential pte_unmap_unlock pte error In-Reply-To: <20201015121534.50910-1-luoshijie1@huawei.com> References: <20201015121534.50910-1-luoshijie1@huawei.com> User-Agent: Roundcube Webmail Message-ID: X-Sender: osalvador@suse.de Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020-10-15 14:15, Shijie Luo wrote: > When flags don't have MPOL_MF_MOVE or MPOL_MF_MOVE_ALL bits, code > breaks > and passing origin pte - 1 to pte_unmap_unlock seems like not a good > idea. > > Signed-off-by: Shijie Luo > Signed-off-by: linmiaohe > --- > mm/mempolicy.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/mm/mempolicy.c b/mm/mempolicy.c > index 3fde772ef5ef..01f088630d1d 100644 > --- a/mm/mempolicy.c > +++ b/mm/mempolicy.c > @@ -571,7 +571,11 @@ static int queue_pages_pte_range(pmd_t *pmd, > unsigned long addr, > } else > break; > } > - pte_unmap_unlock(pte - 1, ptl); > + > + if (addr >= end) > + pte = pte - 1; > + > + pte_unmap_unlock(pte, ptl); But this is still wrong, isn't it? Unless I am missing something, this is "only" important under CONFIG_HIGHPTE. We have: pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl); which under CONFIG_HIGHPTE does a kmap_atomoc. Now, we either break the loop in the first pass because of !(MPOL_MF_MOVE | MPOL_MF_MOVE_ALL), or we keep incrementing pte by every pass. Either way is wrong, because the pointer kunmap_atomic gets will not be the same (since we incremented pte). Or is the loop meant to be running only once, so pte - 1 will bring us back to the original pte?