Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp595858pxu; Thu, 15 Oct 2020 11:27:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxlo/mM4Hd6Cwwaypkkjt1pe757/jNJY7dapfxpo3gC5fbnKYXg6k++IeSIz5U1uV03W6jU X-Received: by 2002:a17:906:5052:: with SMTP id e18mr5635712ejk.530.1602786464727; Thu, 15 Oct 2020 11:27:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602786464; cv=none; d=google.com; s=arc-20160816; b=xmV3e572z6e8jD+xlkXpAzGYr2bBwkKFW4ZvnQykx1ZM27Fq/63KNy6mIj7EntjaeQ /1qlHnCahaX0CiWrdBhMZGoqbmZBnUgOYqdi1vxalonwSKtAVTB+DHiaLHPRvxwlEhaG Gyg2zf4iorah0ll8Wf5uULxXQ3ow5Iv0dxKy2fWs70RBxyPx6SJd7DWx83UOZxKGLzt8 ujTVRylOiLDU3/G70LonDP4c1v7DHpfE/U2g+XoVsgKEH9WAUnN1vKu6T82iX4qUL9pn o5c/Rl535NwVyY/fS0D6U3MrGEdEvXoJstHnjEXvY2s5U/zzU6rm7IYII113mdvakNSy Zt1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=sRNfDMUQVuVEQKxwfI8sSTET0sicKpsMmxF7AxrQAl0=; b=rXRaKoPIy+WdOlql502fSXf5u96yWXB+2AO6cicposvPkCdWGpdVZd2voZ/yHnRSAS IAg4L82exjuBI9Z6jccdy50sIJ+8bhSZ41243laV814bDVuEJq14nwcUxfBmvaVj5vtm mYIfqSbHojBZ6elAFC/gfyeleY62EfyubjVPMEtaVvKTfTVoBZ+oWqeyWPijbdT2LKJy z0Xfr+BjbY/N5t9uZj4xRLsCofIYalkaMQEDrsWl8RVUapgowVLf88/HrY9eC8EYcz1i ez4DQ/NyQLqsJmAnMKXqvy5v4gerbX7xSJyAkBla10Knr5k88MmAaG+5w+2zWoJXBpUV LRuQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p16si2744125ejw.561.2020.10.15.11.27.18; Thu, 15 Oct 2020 11:27:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729478AbgJONTQ (ORCPT + 99 others); Thu, 15 Oct 2020 09:19:16 -0400 Received: from szxga05-in.huawei.com ([45.249.212.191]:15220 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728418AbgJONTP (ORCPT ); Thu, 15 Oct 2020 09:19:15 -0400 Received: from DGGEMS407-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id E6C65124808B93566D67; Thu, 15 Oct 2020 21:19:13 +0800 (CST) Received: from [10.174.177.6] (10.174.177.6) by DGGEMS407-HUB.china.huawei.com (10.3.19.207) with Microsoft SMTP Server id 14.3.487.0; Thu, 15 Oct 2020 21:19:06 +0800 Subject: Re: [PATCH] mm: fix potential pte_unmap_unlock pte error To: CC: , , , , References: <20201015121534.50910-1-luoshijie1@huawei.com> From: Shijie Luo Message-ID: <5cfdd51c-c539-5d30-6388-168dfd83f6b5@huawei.com> Date: Thu, 15 Oct 2020 21:19:06 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Originating-IP: [10.174.177.6] X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/10/15 20:58, osalvador@suse.de wrote: > On 2020-10-15 14:15, Shijie Luo wrote: >> When flags don't have MPOL_MF_MOVE or MPOL_MF_MOVE_ALL bits, code breaks >>  and passing origin pte - 1 to pte_unmap_unlock seems like not a good >> idea. >> >> Signed-off-by: Shijie Luo >> Signed-off-by: linmiaohe >> --- >>  mm/mempolicy.c | 6 +++++- >>  1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/mm/mempolicy.c b/mm/mempolicy.c >> index 3fde772ef5ef..01f088630d1d 100644 >> --- a/mm/mempolicy.c >> +++ b/mm/mempolicy.c >> @@ -571,7 +571,11 @@ static int queue_pages_pte_range(pmd_t *pmd, >> unsigned long addr, >>          } else >>              break; >>      } >> -    pte_unmap_unlock(pte - 1, ptl); >> + >> +    if (addr >= end) >> +        pte = pte - 1; >> + >> +    pte_unmap_unlock(pte, ptl); > > But this is still wrong, isn't it? > Unless I am missing something, this is "only" important under > CONFIG_HIGHPTE. > > We have: > > pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl); > > which under CONFIG_HIGHPTE does a kmap_atomoc. > > Now, we either break the loop in the first pass because of > !(MPOL_MF_MOVE | MPOL_MF_MOVE_ALL), > or we keep incrementing pte by every pass. > Either way is wrong, because the pointer kunmap_atomic gets will not > be the same (since we incremented pte). > > Or is the loop meant to be running only once, so pte - 1 will bring us > back to the original pte? > > . Thanks for your reply, if we break the loop in the first pass, the pte pointer will not be incremented, pte - 1 equals original pte - 1,  because we only increase pte pointer when not break the loop.