lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250924100207.28332-1-lance.yang@linux.dev>
Date: Wed, 24 Sep 2025 18:02:07 +0800
From: Lance Yang <lance.yang@...ux.dev>
To: akpm@...ux-foundation.org
Cc: david@...hat.com,
	lorenzo.stoakes@...cle.com,
	Liam.Howlett@...cle.com,
	baohua@...nel.org,
	baolin.wang@...ux.alibaba.com,
	dev.jain@....com,
	hughd@...gle.com,
	ioworker0@...il.com,
	kirill@...temov.name,
	linux-kernel@...r.kernel.org,
	linux-mm@...ck.org,
	mpenttil@...hat.com,
	npache@...hat.com,
	ryan.roberts@....com,
	ziy@...dia.com,
	richard.weiyang@...il.com,
	Lance Yang <lance.yang@...ux.dev>
Subject: [PATCH mm-new 1/1] mm/khugepaged: abort collapse scan on non-swap entries

From: Lance Yang <lance.yang@...ux.dev>

The existing check in hpage_collapse_scan_pmd() is specific to uffd-wp
markers. Other special markers (e.g., GUARD, POISONED) would not be caught
early, leading to failures deeper in the swap-in logic.

hpage_collapse_scan_pmd()
 `- collapse_huge_page()
     `- __collapse_huge_page_swapin() -> fails!

As David suggested[1], this patch skips any such non-swap entries early.
If a special marker is found, the scan is aborted immediately with the
SCAN_PTE_NON_PRESENT result, as Lorenzo suggested[2], avoiding wasted
work.

[1] https://lore.kernel.org/linux-mm/7840f68e-7580-42cb-a7c8-1ba64fd6df69@redhat.com
[2] https://lore.kernel.org/linux-mm/7df49fe7-c6b7-426a-8680-dcd55219c8bd@lucifer.local

Suggested-by: David Hildenbrand <david@...hat.com>
Suggested-by: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
Signed-off-by: Lance Yang <lance.yang@...ux.dev>
---
 mm/khugepaged.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 7ab2d1a42df3..e9778e7734b5 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1285,16 +1285,19 @@ static int hpage_collapse_scan_pmd(struct mm_struct *mm,
 	     _pte++, addr += PAGE_SIZE) {
 		pte_t pteval = ptep_get(_pte);
 		if (is_swap_pte(pteval)) {
+			swp_entry_t swp = pte_to_swp_entry(pteval);
 			++unmapped;
 			if (!cc->is_khugepaged ||
 			    unmapped <= khugepaged_max_ptes_swap) {
 				/*
-				 * Always be strict with uffd-wp
-				 * enabled swap entries.  Please see
-				 * comment below for pte_uffd_wp().
+				 * Always be strict with PTE markers, which are
+				 * special non-swap entries (e.g., for UFFD_WP,
+				 * POISONED, GUARD). We cannot collapse over
+				 * them, so just abort the scan here.
 				 */
-				if (pte_swp_uffd_wp_any(pteval)) {
-					result = SCAN_PTE_UFFD_WP;
+				if (is_pte_marker_entry(swp) &&
+				    pte_marker_get(swp)) {
+					result = SCAN_PTE_NON_PRESENT;
 					goto out_unmap;
 				}
 				continue;
-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ