lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4B989B13-EB96-4EA3-B3E4-18763941ABF3@nvidia.com>
Date: Tue, 01 Apr 2025 11:20:48 -0400
From: Zi Yan <ziy@...dia.com>
To: "Vishal Moola (Oracle)" <vishal.moola@...il.com>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
 akpm@...ux-foundation.org, muchun.song@...ux.dev,
 Miaohe Lin <linmiaohe@...wei.com>, Oscar Salvador <osalvador@...e.de>
Subject: Re: [PATCH] mm/compaction: Fix bug in hugetlb handling pathway

On 31 Mar 2025, at 22:10, Vishal Moola (Oracle) wrote:

> The compaction code doesn't take references on pages until we're certain
> we should attempt to handle it.
>
> In the hugetlb case, isolate_or_dissolve_huge_page() may return -EBUSY
> without taking a reference to the folio associated with our pfn. If our
> folio's refcount drops to 0, compound_nr() becomes unpredictable, making
> low_pfn and nr_scanned unreliable.
> The user-visible effect is minimal - this should rarely happen (if ever).
>
> Fix this by storing the folio statistics earlier on the stack (just like
> the THP and Buddy cases).
>
> Also revert commit 66fe1cf7f581 ("mm: compaction: use helper compound_nr
> in isolate_migratepages_block")
> to make backporting easier.
>
> Fixes: 369fa227c219 ("mm: make alloc_contig_range handle free hugetlb pages")
> Cc: Miaohe Lin <linmiaohe@...wei.com>
> Cc: Oscar Salvador <osalvador@...e.de>
> Signed-off-by: Vishal Moola (Oracle) <vishal.moola@...il.com>
> ---
>  mm/compaction.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>

<snip>

> @@ -1011,8 +1011,8 @@ isolate_migratepages_block(struct compact_control *cc, unsigned long low_pfn,
>  				 /* Do not report -EBUSY down the chain */
>  				if (ret == -EBUSY)
>  					ret = 0;
> -				low_pfn += compound_nr(page) - 1;
> -				nr_scanned += compound_nr(page) - 1;
> +				low_pfn += (1UL << order) - 1;
> +				nr_scanned += (1UL << order) - 1;
>  				goto isolate_fail;
>  			}
>

Right after this, there is “low_pfn += folio_nr_pages(folio) - 1” for
isolated hugetlb. I wonder if that can use order as well. Maybe not,
since the order is obtained without taking a reference, but folio_nr_pages()
is called with a reference. They might be different.

Anyway, Reviewed-by: Zi Yan <ziy@...dia.com>


Best Regards,
Yan, Zi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ