lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221003070725.513231234@linuxfoundation.org>
Date:   Mon,  3 Oct 2022 09:10:38 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, Alistair Popple <apopple@...dia.com>,
        Peter Xu <peterx@...hat.com>,
        "Huang, Ying" <ying.huang@...el.com>,
        David Hildenbrand <david@...hat.com>,
        Alex Sierra <alex.sierra@....com>,
        Ben Skeggs <bskeggs@...hat.com>,
        Felix Kuehling <Felix.Kuehling@....com>,
        huang ying <huang.ying.caritas@...il.com>,
        Jason Gunthorpe <jgg@...dia.com>,
        John Hubbard <jhubbard@...dia.com>,
        Karol Herbst <kherbst@...hat.com>,
        Logan Gunthorpe <logang@...tatee.com>,
        Lyude Paul <lyude@...hat.com>,
        Matthew Wilcox <willy@...radead.org>,
        Nadav Amit <nadav.amit@...il.com>,
        Paul Mackerras <paulus@...abs.org>,
        Ralph Campbell <rcampbell@...dia.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Subject: [PATCH 5.19 042/101] mm/migrate_device.c: copy pte dirty bit to page

From: Alistair Popple <apopple@...dia.com>

commit fd35ca3d12cc9922d7d9a35f934e72132dbc4853 upstream.

migrate_vma_setup() has a fast path in migrate_vma_collect_pmd() that
installs migration entries directly if it can lock the migrating page.
When removing a dirty pte the dirty bit is supposed to be carried over to
the underlying page to prevent it being lost.

Currently migrate_vma_*() can only be used for private anonymous mappings.
That means loss of the dirty bit usually doesn't result in data loss
because these pages are typically not file-backed.  However pages may be
backed by swap storage which can result in data loss if an attempt is made
to migrate a dirty page that doesn't yet have the PageDirty flag set.

In this case migration will fail due to unexpected references but the
dirty pte bit will be lost.  If the page is subsequently reclaimed data
won't be written back to swap storage as it is considered uptodate,
resulting in data loss if the page is subsequently accessed.

Prevent this by copying the dirty bit to the page when removing the pte to
match what try_to_migrate_one() does.

Link: https://lkml.kernel.org/r/dd48e4882ce859c295c1a77612f66d198b0403f9.1662078528.git-series.apopple@nvidia.com
Fixes: 8c3328f1f36a ("mm/migrate: migrate_vma() unmap page from vma while collecting pages")
Signed-off-by: Alistair Popple <apopple@...dia.com>
Acked-by: Peter Xu <peterx@...hat.com>
Reviewed-by: "Huang, Ying" <ying.huang@...el.com>
Reported-by: "Huang, Ying" <ying.huang@...el.com>
Acked-by: David Hildenbrand <david@...hat.com>
Cc: Alex Sierra <alex.sierra@....com>
Cc: Ben Skeggs <bskeggs@...hat.com>
Cc: Felix Kuehling <Felix.Kuehling@....com>
Cc: huang ying <huang.ying.caritas@...il.com>
Cc: Jason Gunthorpe <jgg@...dia.com>
Cc: John Hubbard <jhubbard@...dia.com>
Cc: Karol Herbst <kherbst@...hat.com>
Cc: Logan Gunthorpe <logang@...tatee.com>
Cc: Lyude Paul <lyude@...hat.com>
Cc: Matthew Wilcox <willy@...radead.org>
Cc: Nadav Amit <nadav.amit@...il.com>
Cc: Paul Mackerras <paulus@...abs.org>
Cc: Ralph Campbell <rcampbell@...dia.com>
Cc: <stable@...r.kernel.org>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
 mm/migrate_device.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

--- a/mm/migrate_device.c
+++ b/mm/migrate_device.c
@@ -7,6 +7,7 @@
 #include <linux/export.h>
 #include <linux/memremap.h>
 #include <linux/migrate.h>
+#include <linux/mm.h>
 #include <linux/mm_inline.h>
 #include <linux/mmu_notifier.h>
 #include <linux/oom.h>
@@ -190,7 +191,7 @@ again:
 			flush_cache_page(vma, addr, pte_pfn(*ptep));
 			anon_exclusive = PageAnon(page) && PageAnonExclusive(page);
 			if (anon_exclusive) {
-				ptep_clear_flush(vma, addr, ptep);
+				pte = ptep_clear_flush(vma, addr, ptep);
 
 				if (page_try_share_anon_rmap(page)) {
 					set_pte_at(mm, addr, ptep, pte);
@@ -200,11 +201,15 @@ again:
 					goto next;
 				}
 			} else {
-				ptep_get_and_clear(mm, addr, ptep);
+				pte = ptep_get_and_clear(mm, addr, ptep);
 			}
 
 			migrate->cpages++;
 
+			/* Set the dirty flag on the folio now the pte is gone. */
+			if (pte_dirty(pte))
+				folio_mark_dirty(page_folio(page));
+
 			/* Setup special migration page table entry */
 			if (mpfn & MIGRATE_PFN_WRITE)
 				entry = make_writable_migration_entry(


Powered by blists - more mailing lists