Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp3023157pxb; Tue, 12 Jan 2021 04:35:31 -0800 (PST) X-Google-Smtp-Source: ABdhPJxwuAYrBDZhXecHTruozdkDf/LAX9I9sf2EZey7xKIOflMFiERBd7J0Qn9H0zDVf0NW0hGo X-Received: by 2002:a50:9b58:: with SMTP id a24mr3171971edj.22.1610454931069; Tue, 12 Jan 2021 04:35:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610454931; cv=none; d=google.com; s=arc-20160816; b=F+4WvFmTVLElbpI4TVKiQPMZg+zNSzCmunOIu80G2VMlCh23zHJw+SEDiNxlmKQNSs FkPlip/OWEbpVbZs9I4VGShJfAYJZNDYKw5b6om1K9dL3FVm4Iup3KDxuChUTMnUZH4G oINH38XG5sNEjO9rPfaGNMqYK1wDHS43f0J0w5hy2cIY7Lw8XjZ6MxjF8dxWhSZvVEER 1+A6Ra/Mx5AC62DLuET0GmFYe8wICH4gdPsaYUXacATlvsVJUrJkOEgt8jEw4fbu2lVO 3nYEAYixMWS6jCCS19PdZbNac2YpUkj/LapeMoWipSYJsvUGB2IhL/vN9gkGBJppFJ1v S7iA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=NVsMZEyYCG1l81PxV4qmGo+HtJ6CwOPv30Ra6jKWVXY=; b=Y4hYs2MOtj0HGaKJ41IQXdFbzq5dj2gqQ6swkyrCEX69X+i2ZcXOdTbPgn+ywryIXi aD+K3ZCLm1hFgVVUw+J5v7t3KhPKoNEbJYonmY4q2WsXXiB6juM+MFo5p8dPGJ3hpDn6 EucIA5fgxhHfGVpFWaIht54oIySBqCisaVwfr2r96SJW6Yv+Eg0huGIHieaWsWddaI+Z PVtHOW8sZz8oVg5iB//OoZmDpqEBrMMuJVg4GdegmpQciHf/WY0x2vsyrImDd4MVKADH 5CpLVFvicovhxIfUx7YgvXWFMAe9iez1nUFHNEO6Nw1kOit8C/59VcTrKTCqG4A/g9ZH JOHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t5si1054248ejy.497.2021.01.12.04.35.07; Tue, 12 Jan 2021 04:35:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731376AbhALJye (ORCPT + 99 others); Tue, 12 Jan 2021 04:54:34 -0500 Received: from mx2.suse.de ([195.135.220.15]:33960 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730628AbhALJye (ORCPT ); Tue, 12 Jan 2021 04:54:34 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 840D8AF58; Tue, 12 Jan 2021 09:53:52 +0000 (UTC) Date: Tue, 12 Jan 2021 10:53:50 +0100 From: Oscar Salvador To: Dan Williams Cc: linux-mm@kvack.org, Andrew Morton , Naoya Horiguchi , David Hildenbrand , Michal Hocko , stable@vger.kernel.org, vishal.l.verma@intel.com, linux-nvdimm@lists.01.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 4/5] mm: Fix page reference leak in soft_offline_page() Message-ID: <20210112095345.GA12534@linux> References: <161044407603.1482714.16630477578392768273.stgit@dwillia2-desk3.amr.corp.intel.com> <161044409809.1482714.11965583624142790079.stgit@dwillia2-desk3.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <161044409809.1482714.11965583624142790079.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 12, 2021 at 01:34:58AM -0800, Dan Williams wrote: > The conversion to move pfn_to_online_page() internal to > soft_offline_page() missed that the get_user_pages() reference needs to > be dropped when pfn_to_online_page() fails. I would be more specific here wrt. get_user_pages (madvise). soft_offline_page gets called from more places besides madvise_*. > When soft_offline_page() is handed a pfn_valid() && > !pfn_to_online_page() pfn the kernel hangs at dax-device shutdown due to > a leaked reference. > > Fixes: feec24a6139d ("mm, soft-offline: convert parameter to pfn") > Cc: Andrew Morton > Cc: Naoya Horiguchi > Cc: David Hildenbrand > Cc: Michal Hocko > Cc: Oscar Salvador > Cc: > Signed-off-by: Dan Williams LGTM, thanks for catching this: Reviewed-by: Oscar Salvador A nit below. > --- > mm/memory-failure.c | 20 ++++++++++++++++---- > 1 file changed, 16 insertions(+), 4 deletions(-) > > diff --git a/mm/memory-failure.c b/mm/memory-failure.c > index 5a38e9eade94..78b173c7190c 100644 > --- a/mm/memory-failure.c > +++ b/mm/memory-failure.c > @@ -1885,6 +1885,12 @@ static int soft_offline_free_page(struct page *page) > return rc; > } > > +static void put_ref_page(struct page *page) > +{ > + if (page) > + put_page(page); > +} I am not sure this warrants a function. I would probably go with "if (ref_page).." in the two corresponding places, but not feeling strong here. > + > /** > * soft_offline_page - Soft offline a page. > * @pfn: pfn to soft-offline > @@ -1910,20 +1916,26 @@ static int soft_offline_free_page(struct page *page) > int soft_offline_page(unsigned long pfn, int flags) > { > int ret; > - struct page *page; > bool try_again = true; > + struct page *page, *ref_page = NULL; > + > + WARN_ON_ONCE(!pfn_valid(pfn) && (flags & MF_COUNT_INCREASED)); Did you see any scenario where this could happen? I understand that you are adding this because we will leak a reference in case pfn is not valid anymore. -- Oscar Salvador SUSE L3