Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <f8177a33-f341-d285-ff9a-24fdd3936f9a@suse.cz>
Date:   Fri, 14 Jul 2023 16:44:41 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.13.0
Subject: Re: [PATCH stable v6.1] mm/mmap: Fix extra maple tree write
Content-Language: en-US
To:     "Liam R. Howlett" <Liam.Howlett@Oracle.com>,
        Greg KH <gregkh@linuxfoundation.org>,
        linux-kernel@vger.kernel.org,
        Andrew Morton <akpm@linux-foundation.org>,
        John Hsu <John.Hsu@mediatek.com>, stable@vger.kernel.org,
        linux-mm@kvack.org
References: <20230706185135.2235532-1-Liam.Howlett@oracle.com>
 <2023070748-confiding-abnormal-b7e3@gregkh>
 <20230707164507.mfekysya2jyupghp@revolver>
 <20230712005442.r5ehzbkcxu73whvb@revolver>
From:   Vlastimil Babka <vbabka@suse.cz>
In-Reply-To: <20230712005442.r5ehzbkcxu73whvb@revolver>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: bulk

On 7/12/23 02:54, Liam R. Howlett wrote:
> * Liam R. Howlett <Liam.Howlett@Oracle.com> [230707 12:45]:
>> * Greg KH <gregkh@linuxfoundation.org> [230707 11:55]:
>> > On Thu, Jul 06, 2023 at 02:51:35PM -0400, Liam R. Howlett wrote:
>> > > commit 0503ea8f5ba73eb3ab13a81c1eefbaf51405385a upstream.
>> > > 
>> > > This was inadvertently fixed during the removal of __vma_adjust().
>> > > 
>> > > When __vma_adjust() is adjusting next with a negative value (pushing
>> > > vma->vm_end lower), there would be two writes to the maple tree.  The
>> > > first write is unnecessary and uses all allocated nodes in the maple
>> > > state.  The second write is necessary but will need to allocate nodes
>> > > since the first write has used the allocated nodes.  This may be a
>> > > problem as it may not be safe to allocate at this time, such as a low
>> > > memory situation.  Fix the issue by avoiding the first write and only
>> > > write the adjusted "next" VMA.
>> > 
>> > Are you sure this is the same git id?  The one you reference above is
>> > _VERY_ different from your 2 line change below.
>> > 
>> > And the changelog text is not the same.
>> 
>> Yes, but I am not sure I've indicated what happened correctly.

"commit 0503ea8f5ba73eb3ab13a81c1eefbaf51405385a upstream." is indeed not
the best indication. For stable it would mean you're backporting said
commit, which is not the case.

>> The bug exists in the older __vma_adjust() function, but I removed
>> __vma_adjust() and inadvertently fixed the bug.  So the bug doesn't
>> exist upstream *because* of that commit:
>> 
>> 0503ea8f5ba7 ("mm/mmap: remove __vma_adjust()")
>> 
>> My comment after the commit id indicates what happened, but the
>> documentation wasn't clear to me on how to specify what happened.

I think it's because the process discourages stable-specific fixes. However
this is the case where such approach is much simpler than  backporting
several series with non-trivial vma_merge() cleanups and subsequent
follow-up fixes...

So I agree with the exceptional stable-specific fix. Can you pinpoint a
Fixes: tag? Some of the commits introducing the maple tree?

Vlastimil

>> Does this answer your question?
> 
> Friendly ping on this one?
> 
> Thanks,
> Liam
>