| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250630144212.156938-3-osalvador@suse.de>
Date: Mon, 30 Jun 2025 16:42:09 +0200
From: Oscar Salvador <osalvador@...e.de>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: David Hildenbrand <david@...hat.com>,
Muchun Song <muchun.song@...ux.dev>,
Peter Xu <peterx@...hat.com>,
Gavin Guo <gavinguo@...lia.com>,
linux-mm@...ck.org,
linux-kernel@...r.kernel.org,
Oscar Salvador <osalvador@...e.de>
Subject: [PATCH v4 2/5] mm,hugetlb: sort out folio locking in the faulting path
Recent conversations showed that there was a misunderstanding about why we
were locking the folio prior to call in hugetlb_wp(). In fact, as soon as
we have the folio mapped into the pagetables, we no longer need to hold it
locked, because we know that no concurrent truncation could have happened.
There is only one case where the folio needs to be locked, and that is
when we are handling an anonymous folio, because hugetlb_wp() will check
whether it can re-use it exclusively for the process that is faulting it
in.
So, pass the folio locked to hugetlb_wp() when that is the case.
Link: https://lkml.kernel.org/r/20250627102904.107202-3-osalvador@suse.de
Signed-off-by: Oscar Salvador <osalvador@...e.de>
Suggested-by: David Hildenbrand <david@...hat.com>
Cc: Gavin Guo <gavinguo@...lia.com>
Cc: Muchun Song <muchun.song@...ux.dev>
Cc: Peter Xu <peterx@...hat.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
---
mm/hugetlb.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 14274a02dd14..31d39e2a0879 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -6434,6 +6434,7 @@ static vm_fault_t hugetlb_no_page(struct address_space *mapping,
pte_t new_pte;
bool new_folio, new_pagecache_folio = false;
u32 hash = hugetlb_fault_mutex_hash(mapping, vmf->pgoff);
+ bool folio_locked = true;
/*
* Currently, we are forced to kill the process in the event the
@@ -6599,6 +6600,14 @@ static vm_fault_t hugetlb_no_page(struct address_space *mapping,
hugetlb_count_add(pages_per_huge_page(h), mm);
if ((vmf->flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
+ /*
+ * No need to keep file folios locked. See comment in
+ * hugetlb_fault().
+ */
+ if (!anon_rmap) {
+ folio_locked = false;
+ folio_unlock(folio);
+ }
/* Optimization, do the COW without a second fault */
ret = hugetlb_wp(vmf);
}
@@ -6613,7 +6622,8 @@ static vm_fault_t hugetlb_no_page(struct address_space *mapping,
if (new_folio)
folio_set_hugetlb_migratable(folio);
- folio_unlock(folio);
+ if (folio_locked)
+ folio_unlock(folio);
out:
hugetlb_vma_unlock_read(vma);
@@ -6801,15 +6811,20 @@ vm_fault_t hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (flags & (FAULT_FLAG_WRITE|FAULT_FLAG_UNSHARE)) {
if (!huge_pte_write(vmf.orig_pte)) {
- /* hugetlb_wp() requires page locks of pte_page(vmf.orig_pte) */
+ /*
+ * Anonymous folios need to be lock since hugetlb_wp()
+ * checks whether we can re-use the folio exclusively
+ * for us in case we are the only user of it.
+ */
folio = page_folio(pte_page(vmf.orig_pte));
- if (!folio_trylock(folio)) {
+ if (folio_test_anon(folio) && !folio_trylock(folio)) {
need_wait_lock = true;
goto out_ptl;
}
folio_get(folio);
ret = hugetlb_wp(&vmf);
- folio_unlock(folio);
+ if (folio_test_anon(folio))
+ folio_unlock(folio);
folio_put(folio);
goto out_ptl;
} else if (likely(flags & FAULT_FLAG_WRITE)) {
--
2.50.0
Powered by blists - more mailing lists