Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp4164731rdh;
        Fri, 29 Sep 2023 13:13:55 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHnZLK8TP2y00tbgjy69prUHwxkarWanzYhSTtD3OrS7bdsnpN/g8Y8CIdTh8W/jFhy+p1K
X-Received: by 2002:a17:90a:7bc4:b0:277:61d7:78be with SMTP id d4-20020a17090a7bc400b0027761d778bemr8103493pjl.14.1696018435158;
        Fri, 29 Sep 2023 13:13:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696018435; cv=none;
        d=google.com; s=arc-20160816;
        b=opdlBCBx5I4AXWfRmI4B9gZElaR1bV8RFTsNsUdd7NL4wNFJOixV3ZF32jlGKvB3GA
         8V2bLqOZ4Qvpj0Xkg6TBQHIAJWeGJcuc9y66Z3KJjANCnW0qEVhBJeqem3BeVrTYuBzF
         jvFsY11dX9WU8rYuhSWU14FMDQ5a/rjckyOx1cIyTAlabYk0FrU3jP7oBD1Tpte0ULK1
         gKKzyiCTl8/B34t/K8J0diN/88grAuml8D0adWpJM82V0cko8ICzrp1MMamglYL2v8HM
         iqHfI5u26ARLB9Y8/MhLdEkLr8bQpYN5tuoqkO0WwWTxdNXNkIVKwH036KY2soac2HDk
         oOqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature:dkim-signature;
        bh=SMsbfT1iiLhFJ5psMInzAT4e3IKJNDrYEthOLA4QNSg=;
        fh=iG2hBtJAsCZ/YCIMkoxBuzq8rJKw2UghXEOvTsOiZuY=;
        b=JOavGziUcsq4U6uzmFrBWPoxHYWkUcd893t2Cqpi/+mTwhd2qliD6Qv0zgZ0NYQnzX
         LqN04ApnNxcIydJSmJr6OwbKpCKUB/qh9SsGD0RFD0alYyopHfyTj2ekXcK1qzdtCW9K
         1G/pbY1mwQU5Qvt8tPRezyqZyhusfy1rDBy1BXbOrgtefd/R0rdax0f6U/ggeU0iCdCG
         msx1QKxgjF0RD1D2saGyBSZGynYZwZASWxGTizw6NSZmIxUE2AuoOyr8PDS3RBz+nqPO
         6qqvcta1rUZ5r1hkQo8dEU8QMcVXAp5BgLEaN3Kb7Q2t1kE3dTcLyEbVTrQMj5JD2hZM
         0lPg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=iZMe9PNq;
       dkim=neutral (no key) header.i=@suse.cz header.b=ZD4JJm3t;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5])
        by mx.google.com with ESMTPS id k22-20020a6568d6000000b005649f560ebesi21038393pgt.525.2023.09.29.13.13.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 29 Sep 2023 13:13:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=iZMe9PNq;
       dkim=neutral (no key) header.i=@suse.cz header.b=ZD4JJm3t;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by groat.vger.email (Postfix) with ESMTP id D6B8E80BA7CE;
	Fri, 29 Sep 2023 02:52:34 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232875AbjI2JwY (ORCPT <rfc822;yangyccccc@gmail.com> + 99 others);
        Fri, 29 Sep 2023 05:52:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59702 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232746AbjI2JwW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 29 Sep 2023 05:52:22 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A5F8195;
        Fri, 29 Sep 2023 02:52:20 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 3768D1F390;
        Fri, 29 Sep 2023 09:52:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
        t=1695981139; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=SMsbfT1iiLhFJ5psMInzAT4e3IKJNDrYEthOLA4QNSg=;
        b=iZMe9PNqSNqDN3zSXu4MrqLTDaM7SqOWPzC08rCOaeEPRJgrQdkF23t78ewCO/+mcq55ks
        tVSiWGfdhD+76CYgKzCmsoI7dZZjaV5U3KW3AIvcrWeBQPn1oBNE+nFoczytB2tNV7z1Jx
        gdQ3kEabRbYS/Atu10H9/zvZzy9j670=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
        s=susede2_ed25519; t=1695981139;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=SMsbfT1iiLhFJ5psMInzAT4e3IKJNDrYEthOLA4QNSg=;
        b=ZD4JJm3tY1+IR60rXfQV2pYyXFKLAo6biPwYRbaYhWylrlC8pJ1G6Xwam5mhpxEcQEC6o5
        A0gOv02lW1BL0ABA==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 1471D1390A;
        Fri, 29 Sep 2023 09:52:19 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id XLluBFOeFmVYFgAAMHmgww
        (envelope-from <vbabka@suse.cz>); Fri, 29 Sep 2023 09:52:19 +0000
Message-ID: <1c8488e1-1776-f21e-bafd-3892f0894392@suse.cz>
Date:   Fri, 29 Sep 2023 11:52:18 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.15.1
Subject: Re: [PATCH 1/3] mmap: Fix vma_iterator in error path of vma_merge()
Content-Language: en-US
To:     "Liam R. Howlett" <Liam.Howlett@oracle.com>,
        Andrew Morton <akpm@linux-foundation.org>
Cc:     maple-tree@lists.infradead.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org, Jann Horn <jannh@google.com>,
        Lorenzo Stoakes <lstoakes@gmail.com>,
        Suren Baghdasaryan <surenb@google.com>,
        Matthew Wilcox <willy@infradead.org>, stable@vger.kernel.org
References: <20230927160746.1928098-1-Liam.Howlett@oracle.com>
 <20230927160746.1928098-2-Liam.Howlett@oracle.com>
From:   Vlastimil Babka <vbabka@suse.cz>
In-Reply-To: <20230927160746.1928098-2-Liam.Howlett@oracle.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-4.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 29 Sep 2023 02:52:35 -0700 (PDT)

On 9/27/23 18:07, Liam R. Howlett wrote:
> When merging of the previous VMA fails after the vma iterator has been
> moved to the previous entry, the vma iterator must be advanced to ensure
> the caller takes the correct action on the next vma iterator event.  Fix
> this by adding a vma_next() call to the error path.
> 
> Users may experience higher CPU usage, most likely in very low memory
> situations.

Maybe we could say explicitly that before this fix, vma_merge will be called
twice on the same vma, which to the best of our knowledge does not cause
anything worse than some wasted cycles because vma == prev, but it's fragile?

> Link: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejtiHpgJAbdQ@mail.gmail.com/
> Closes: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejtiHpgJAbdQ@mail.gmail.com/
> Fixes: 18b098af2890 ("vma_merge: set vma iterator to correct position.")
> Cc: stable@vger.kernel.org
> Cc: Jann Horn <jannh@google.com>
> Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
> ---
>  mm/mmap.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/mm/mmap.c b/mm/mmap.c
> index b56a7f0c9f85..b5bc4ca9bdc4 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -968,14 +968,14 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
>  				vma_pgoff = curr->vm_pgoff;
>  				vma_start_write(curr);
>  				remove = curr;
> -				err = dup_anon_vma(next, curr);
> +				err = dup_anon_vma(next, curr, &anon_dup);
>  			}
>  		}
>  	}
>  
>  	/* Error in anon_vma clone. */
>  	if (err)
> -		return NULL;
> +		goto anon_vma_fail;
>  
>  	if (vma_start < vma->vm_start || vma_end > vma->vm_end)
>  		vma_expanded = true;

The vma_iter_config() actions done in this part are something we don't need
to undo?

> @@ -988,7 +988,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
>  	}
>  
>  	if (vma_iter_prealloc(vmi, vma))
> -		return NULL;
> +		goto prealloc_fail;



>  	init_multi_vma_prep(&vp, vma, adjust, remove, remove2);
>  	VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma &&
> @@ -1016,6 +1016,12 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
>  	vma_complete(&vp, vmi, mm);
>  	khugepaged_enter_vma(res, vm_flags);
>  	return res;
> +
> +prealloc_fail:
> +anon_vma_fail:
> +	if (merge_prev)
> +		vma_next(vmi);
> +	return NULL;
>  }
>  
>  /*