Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp693230lqb; Fri, 24 May 2024 10:11:21 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX6Ljo7AAqIQNQ6MT6orEsXmxLZdqrLp2U7aEHhtXFq8i3UPSzFMPhFQwZb04SrTKqDmCnfigaMz5iM9dRqCYbm5qM4N2ZtPv39OLCdHQ== X-Google-Smtp-Source: AGHT+IECYg+jvzIerMorxDdSnofeNXB/qk0t/FAYLx3jgmc8iR+MUoROTAFPFOX7HtSd1l1f5ANe X-Received: by 2002:a05:6358:1a93:b0:183:f413:5ff9 with SMTP id e5c5f4694b2df-197e510168bmr279915855d.10.1716570681563; Fri, 24 May 2024 10:11:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716570681; cv=pass; d=google.com; s=arc-20160816; b=gnkT+6Os8CB0guaKxEQjQ3ogt+iVRiT14dguH02+G7DxK7Hf1G1b01OcC2ub4v7yTV SDBB9iujtKdUimLp4cbGn6fo3ct7d5O9tJ1hr6iqhlBUrnPDVYPOI5wZzlO7RIC1C0hl tmZKfCvpl+ba4rrVs83yqKGQZ8wSHf/gm6hFZ5skRXe6ymj9p4yH+fEmb9wFSOYU/MpF 8le8QvpwT/xJ58dD5lDNh5YmuJ6VihgRRGEALU1BT90ZtIDs6EagkFF8/IHuGjkKFgTp +KdFffisUmhs3FWp2D2tGvv+FGUyeTraIeGtkqLEEGZ/9/5DddRTKYIaAZuAgVGWhVM7 8kSQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=b1NzDcGZm0YegdUIufaHQhQQmmNgIvZ4pKxz3IfuBuY=; fh=i0Vw54ElZf9Xz7tSDovJKoSUQWDEBXDHVssw9DoUfkg=; b=nZnI9CEeKq+WU7wrsx2W4efJLMoYM+LS4v9EUhWJkcZHVcHV1dwoZQoQlQKUbtWcRo ++tzeR/ItSVoM4Yy25mjWcr2lwK9zyHEt13s+CEHn5l6L20mjg7abxCdUYZ+sNFGnISC QI4Y+DirTczT+Kxcx0glCu1Q+GXZtRt0F/PK1M3p7EnFGoRNHAwYxY4/j128qK27TXNc YGs63nO655YuWELkdIqQKpSmWdh04x/SibP8I7G+u3CzqoRVEYNMb5WcQzKPE0wZLusQ T1Hx80kL2frQRb/0BRLH2RDEFud6oR0sKQbPQv6hkQ/CA7/cKQe4eYuc99Ir8cyw+iyp Sr+g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fscSqUUR; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-188961-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188961-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id af79cd13be357-794abd142e2si209821585a.351.2024.05.24.10.11.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 10:11:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-188961-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fscSqUUR; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-188961-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188961-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2DBE41C20C87 for ; Fri, 24 May 2024 17:11:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BEA2012EBFC; Fri, 24 May 2024 17:11:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fscSqUUR" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E180B8626C for ; Fri, 24 May 2024 17:11:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716570676; cv=none; b=UtfAuIEE/P7mYa7C4fMuOsFOx/ySKaGEYzzXKAO87QCJJ53g8NYU8FqvgJvpWKYp/vf7AJab8OWyGQUMQ5HwYuTx7DJvEYXxwdRpmFKU/v+AME/J1c3nuxYNTiSuGxbBWXlUS2l5qcrwzUqEXS95OZNNX/sa9ULs4DmXAjBPbDw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716570676; c=relaxed/simple; bh=EW7U8OL67LgQ87FmsjPAN6G93rJjTK3RaZspc5VFz6c=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=pHOeiBHBxZ9iFLJS/L7KwdDGUqfY2kyg/sbxwatkZUElfOfw6t1YOZK2jlFUNBvmdU0FEGeWkzdurnsUI1vyDBSTAJzN4Vg5yqp++TD9W4Ew3mtZ9NoT2VQ/Wgb/deRpYu4TyOLce+6TlOAF/vFAV2zsyVOntVZoDrT8MrhFZ6o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fscSqUUR; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6617EC32789 for ; Fri, 24 May 2024 17:11:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716570675; bh=EW7U8OL67LgQ87FmsjPAN6G93rJjTK3RaZspc5VFz6c=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=fscSqUURwSS6+ozUaMfVD2YOYoEcX9AsoC0EpFs+WMYMw9A2U9r1jdxcK79f0d5R2 nKZE9IATQy1chqAMsLqLhYuqdJa9vqjMpH2i7YoN/GrAxfwxIdRChXTOX3O3kxkWLy 6/Z+V3RA5DrnIY9ktbFnC6dLEtIPIQ/B1iQZrPY7HDyTjLGTtqfmYS3ZYDEV5Rp8BE OqVIDMqLBQJxju16ejt1Xw4ABBxcF+37r4Dco9JDdovzo40cLxvKzakcwvQ300kgxb IVUtDVISpH/7iNr/npOPEaKKld+4CF2aDCp35fQrOrEnFbjD80hrdHN5KKSnA+JCvv xwe+0ZUhZubEw== Received: by mail-lj1-f171.google.com with SMTP id 38308e7fff4ca-2e538a264f7so103884931fa.0 for ; Fri, 24 May 2024 10:11:15 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCXTS5bBnQLNdUlC+bJGC1JqBc4iNyThkS9Cx8gdLD1A4cBc4gzkvw5F2jnysP95wxJ747VLHnK+0HyhetAduuhq6+SgycSg6rcGT6rN X-Gm-Message-State: AOJu0Ywtu18wBUPA1UHwJoWIJQtkPEhm24kprKp7Zq6JaQtgo7RWdW6O H0cb61826vWGlP/zrz5Lu8wimHAaBZkWnkJnabxyH88ehGnSQFLLKb7xIXRcXr5TKSY2c8oPSMb OvkWLtDNK3s9OBe817dbO+R3QeA== X-Received: by 2002:a2e:9dd3:0:b0:2e6:b00f:da92 with SMTP id 38308e7fff4ca-2e95b1dc418mr17731461fa.24.1716570673945; Fri, 24 May 2024 10:11:13 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240524005444.135417-1-21cnbao@gmail.com> In-Reply-To: <20240524005444.135417-1-21cnbao@gmail.com> From: Chris Li Date: Fri, 24 May 2024 10:10:58 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] mm: arm64: Fix the out-of-bounds issue in contpte_clear_young_dirty_ptes To: Barry Song <21cnbao@gmail.com> Cc: akpm@linux-foundation.org, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Barry Song , Lance Yang , Ryan Roberts , David Hildenbrand , Jeff Xie , Kefeng Wang , Michal Hocko , Minchan Kim , Muchun Song , Peter Xu , Yang Shi , Yin Fengwei , "Zach O'Keefe" , Catalin Marinas , Will Deacon Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Good catch. Acked-by: Chris Li Chris On Thu, May 23, 2024 at 5:55=E2=80=AFPM Barry Song <21cnbao@gmail.com> wrot= e: > > From: Barry Song > > We are passing a huge nr to __clear_young_dirty_ptes() right > now. While we should pass the number of pages, we are actually > passing CONT_PTE_SIZE. This is causing lots of crashes of > MADV_FREE, panic oops could vary everytime. > > Fixes: 89e86854fb0a ("mm/arm64: override clear_young_dirty_ptes() batch h= elper") > Cc: Lance Yang > Cc: Barry Song <21cnbao@gmail.com> > Cc: Ryan Roberts > Cc: David Hildenbrand > Cc: Jeff Xie > Cc: Kefeng Wang > Cc: Michal Hocko > Cc: Minchan Kim > Cc: Muchun Song > Cc: Peter Xu > Cc: Yang Shi > Cc: Yin Fengwei > Cc: Zach O'Keefe > Cc: Catalin Marinas > Cc: Will Deacon > Signed-off-by: Barry Song > --- > arch/arm64/mm/contpte.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/mm/contpte.c b/arch/arm64/mm/contpte.c > index 9f9486de0004..a3edced29ac1 100644 > --- a/arch/arm64/mm/contpte.c > +++ b/arch/arm64/mm/contpte.c > @@ -376,7 +376,7 @@ void contpte_clear_young_dirty_ptes(struct vm_area_st= ruct *vma, > * clearing access/dirty for the whole block. > */ > unsigned long start =3D addr; > - unsigned long end =3D start + nr; > + unsigned long end =3D start + nr * PAGE_SIZE; > > if (pte_cont(__ptep_get(ptep + nr - 1))) > end =3D ALIGN(end, CONT_PTE_SIZE); > @@ -386,7 +386,7 @@ void contpte_clear_young_dirty_ptes(struct vm_area_st= ruct *vma, > ptep =3D contpte_align_down(ptep); > } > > - __clear_young_dirty_ptes(vma, start, ptep, end - start, flags); > + __clear_young_dirty_ptes(vma, start, ptep, (end - start) / PAGE_S= IZE, flags); > } > EXPORT_SYMBOL_GPL(contpte_clear_young_dirty_ptes); > > -- > 2.34.1 > >