Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp3128499rdb; Fri, 22 Sep 2023 21:16:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFs4TRiN+DHMips1JzMVMQ4wDX3A1XZHpFawtkKzorXL0yLnGt4RZ5u8TDCltYesO5K2hw8 X-Received: by 2002:a05:6830:1da8:b0:6c0:9e24:6eab with SMTP id z8-20020a0568301da800b006c09e246eabmr1641795oti.33.1695442595195; Fri, 22 Sep 2023 21:16:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695442595; cv=none; d=google.com; s=arc-20160816; b=qqMMwVc0u9LrQbNAVQY+FOL32BQTpXRyyRBbX/bRt0YohUB+BrMmCtLNdewvxOiH6R acL7IIAbSCorxqOEQpavIWxzVZphyPFYO5+P8/rHTh9hAJ+wDmAOdZoe4IyKZmmJW9+Z 6wARIsjcQePKVF0Ljm+u86cNp/RyCVnlJV5pP86GmYzWeH3QiR7uvH6SZRvRsgv+z67p BMly3Je+naY7NNpzlKUw4XbB9pNcEYqZNQdqzV/cixqzvHM9VRrBx9gcpB9W2pN1rjXI nN7WSp4uOCN/B1nhH6OFTC92qbfn+t/aamCDyEta0SoTjLvd51O4xqraLFqe6E+GDk29 n1/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:to:subject:message-id :date:from:in-reply-to:references:mime-version:dkim-signature; bh=YWRcfEirLBnqu+2f/i0ziGPl2c2yxMbMUA4Eo0VdaLY=; fh=NUyN1MGfee1tAPvcTBSfENKJj+hrRU2UuWeW2wC572c=; b=hJYt7t5nkD2Aavh0rAn75m8ltLyjP/ldkCR0cqldE5aDLBvYRk/gfuR7U5Bm8einV7 AOWAegzxZIGUJKG3jMilw6zgtKdjGctd2Ik7PGr7IBp2hp250S7/Jy+zMH5t110monju 8RBKqNc+uQ3r+YFRSWxlHZ8+xZDRDpkd1Ldtr3Z2/1iFHdnVZG7V2D86dCNW6sIY5G8F MkpE2EPnU5VWkMG9xlZyC5NI2fEoJerLaWTQX8Orl/Fplu9mRAi105rHHJ4ZXBDsqxHi 1W/txUEi1V/LIQJ2Jbt5HCPgN3lqBPHSF4WyoEw1uWoaVykG5zUZvN1AvjE5buSmVKd7 4Dnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=LUjvefqq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id i7-20020a636d07000000b0057745b2d018si2467683pgc.390.2023.09.22.21.16.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 21:16:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=LUjvefqq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id CCCE184116D2; Fri, 22 Sep 2023 11:03:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233196AbjIVSDl (ORCPT + 99 others); Fri, 22 Sep 2023 14:03:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37516 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232277AbjIVSDk (ORCPT ); Fri, 22 Sep 2023 14:03:40 -0400 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A897999 for ; Fri, 22 Sep 2023 11:03:34 -0700 (PDT) Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1c5dfadb492so14245ad.1 for ; Fri, 22 Sep 2023 11:03:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1695405814; x=1696010614; darn=vger.kernel.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=YWRcfEirLBnqu+2f/i0ziGPl2c2yxMbMUA4Eo0VdaLY=; b=LUjvefqqMRXOWFfzpqFYkegn36sjowDrzDtRyXzfIaSsZRIopft4Scr+B4YvEnIX5Q h8jJMr7CgS9KtqATB45uKHjqBXF84yAUM1bT07ClpJ8pEPuzSClwlRcbIuXFnNenGnpA Vc2XJg5jCzvYIPkCygpuvO2K6H3pmz319nUbYuHQhLCQdoYLATNkFhRNFZ/ZdmV0gmk+ 1GfwH/pInRggjWrSYvb7kAbzBD2KLtr3BjpWH9g0I7MLNkeFH/chmyT9epd9roJdoU7Z I6CjMVIbwXwqlGqWL2lI1tfwve0haBVxL3YhpnL1kD9RoM+dAcfEVYn04t5NO3CunMvw mGHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695405814; x=1696010614; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YWRcfEirLBnqu+2f/i0ziGPl2c2yxMbMUA4Eo0VdaLY=; b=bwZ+6WY2s+QOgh1LFfX1lquoz0YDizwIhn5F0+JOOcfGm30KqCwXYjQq7v+wrB7qsA Pva392tFolV2wN6voOqTK/t83hAtsX5DvGm+bQKkAuifEg17ZJy8woE4LkeUxEvFEDi3 wK/NtBqnZxj3P+0eftkVZPdaazD6gWZPs97Ggi1y6mwvGM2HGHkcQkfXq0zSe0jPNPJK KoG+2Z2MyOD5b9JngsvROgo2QXzHOVaKJm0MAGobh3dWyoOBymEV4UkFp5yWLhGCXaOM +jF97jw7QfkKWZW+ZCv0ZfY89b370PJWoIw1L0M8zzYuWl1bBaaS4mxv7qCHmew+qOD0 f1mw== X-Gm-Message-State: AOJu0YwXlVuz6ixeVzKOofz74Zph68MJb/rNjPvd5SXaVma1Z7/8FvMY LQUXRy+8AAMKln9a8ragjnZcugw5qcqsGGiQnhDWFA== X-Received: by 2002:a17:902:da8e:b0:1c3:39f8:3e72 with SMTP id j14-20020a170902da8e00b001c339f83e72mr25102plx.22.1695405813820; Fri, 22 Sep 2023 11:03:33 -0700 (PDT) MIME-Version: 1.0 References: <20230816161758.avedpxvqpwngzmut@revolver> <20230816191851.wo2xhthmfq7uzoc3@revolver> <20230922161919.6ct5c7tj35r4ex7m@revolver> <20230922175232.gneuhwhzs4moql5u@revolver> In-Reply-To: <20230922175232.gneuhwhzs4moql5u@revolver> From: Jann Horn Date: Fri, 22 Sep 2023 20:02:57 +0200 Message-ID: Subject: Re: maple tree change made it possible for VMA iteration to see same VMA twice due to late vma_merge() failure To: "Liam R. Howlett" , Jann Horn , Andrew Morton , kernel list , Linux-MM , Lorenzo Stoakes , Vlastimil Babka Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 22 Sep 2023 11:03:46 -0700 (PDT) On Fri, Sep 22, 2023 at 7:52=E2=80=AFPM Liam R. Howlett wrote: > > ... > > > > Looking at this, I think it's best to make a label and undo the > > vma_prev() with a vma_next() - at least for now. > > > > I'm also reading this for the error path on dup_anon_vma() failure, and > > it appears to also have an issue which I'd like to point out here befor= e > > I send the fix for the first issue. > > > > ----------- > > vma_start_write(next); > > remove =3D next; /* case 1 */ > > vma_end =3D next->vm_end; > > err =3D dup_anon_vma(prev, next); > > if (curr) { /* case 6 */ > > vma_start_write(curr); > > remove =3D curr; > > remove2 =3D next; > > if (!next->anon_vma) > > err =3D dup_anon_vma(prev, curr); > > ----------- > > > > Since dup_anon_vma() can fail, I think here in case 6 we could overwrit= e > > the failure. > > > > That is, we will fail to clone the anon vma and mask the failure if we > > are running case 6 with an anon in next. Once the first dup_anon_vma() > > returns error, the next call to clone curr vma may return 0 if there is > > no anon vma (this, I think _must_ be the case). Then we are in a > > situation where we will be removing next and expanding prev over curr > > and next, but have not dup'ed the anon vma from next. > > > > I think I am incorrect in the error being overwritten because we won't > call dup_anon_vma(prev, curr) if the source of the previous call (next) > has an anon vma. Hm, yeah. It looks pretty dodgy and I guess it could use a comment, but as you said, it seems to actually not be a problem... We could do "err |=3D dup_anon_vma(...)" there for clarity instead, as long as the only thing we care about is whether we have a nonzero error...