| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <900d0314-8e9a-4779-a058-9bb3cc8840b8@linux.dev>
Date: Mon, 29 Sep 2025 18:29:33 +0800
From: Lance Yang <lance.yang@...ux.dev>
To: David Hildenbrand <david@...hat.com>
Cc: ziy@...dia.com, baolin.wang@...ux.alibaba.com, baohua@...nel.org,
ryan.roberts@....com, dev.jain@....com, npache@...hat.com, riel@...riel.com,
Liam.Howlett@...cle.com, vbabka@...e.cz, harry.yoo@...cle.com,
jannh@...gle.com, matthew.brost@...el.com, joshua.hahnjy@...il.com,
rakie.kim@...com, byungchul@...com, gourry@...rry.net,
ying.huang@...ux.alibaba.com, apopple@...dia.com, usamaarif642@...il.com,
yuzhao@...gle.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org,
ioworker0@...il.com, stable@...r.kernel.org, akpm@...ux-foundation.org,
lorenzo.stoakes@...cle.com
Subject: Re: [PATCH 1/1] mm/rmap: fix soft-dirty bit loss when remapping
zero-filled mTHP subpage to shared zeropage
On 2025/9/29 15:25, David Hildenbrand wrote:
> On 28.09.25 06:48, Lance Yang wrote:
>> From: Lance Yang <lance.yang@...ux.dev>
>>
>> When splitting an mTHP and replacing a zero-filled subpage with the
>> shared
>> zeropage, try_to_map_unused_to_zeropage() currently drops the soft-dirty
>> bit.
>>
>> For userspace tools like CRIU, which rely on the soft-dirty mechanism for
>> incremental snapshots, losing this bit means modified pages are missed,
>> leading to inconsistent memory state after restore.
>>
>> Preserve the soft-dirty bit from the old PTE when creating the zeropage
>> mapping to ensure modified pages are correctly tracked.
>>
>> Cc: <stable@...r.kernel.org>
>> Fixes: b1f202060afe ("mm: remap unused subpages to shared zeropage
>> when splitting isolated thp")
>> Signed-off-by: Lance Yang <lance.yang@...ux.dev>
>> ---
>> mm/migrate.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/mm/migrate.c b/mm/migrate.c
>> index ce83c2c3c287..bf364ba07a3f 100644
>> --- a/mm/migrate.c
>> +++ b/mm/migrate.c
>> @@ -322,6 +322,10 @@ static bool try_to_map_unused_to_zeropage(struct
>> page_vma_mapped_walk *pvmw,
>> newpte = pte_mkspecial(pfn_pte(my_zero_pfn(pvmw->address),
>> pvmw->vma->vm_page_prot));
>> +
>> + if (pte_swp_soft_dirty(ptep_get(pvmw->pte)))
>> + newpte = pte_mksoft_dirty(newpte);
>> +
>> set_pte_at(pvmw->vma->vm_mm, pvmw->address, pvmw->pte, newpte);
>> dec_mm_counter(pvmw->vma->vm_mm, mm_counter(folio));
>
> It's interesting that there isn't a single occurrence of the stof-dirty
> flag in khugepaged code. I guess it all works because we do the
>
> _pmd = maybe_pmd_mkwrite(pmd_mkdirty(_pmd), vma);
>
> and the pmd_mkdirty() will imply marking it soft-dirty.
>
> Now to the problem at hand: I don't think this is particularly
> problematic in the common case: if the page is zero, it likely was never
> written to (that's what the unerused shrinker is targeted at), so the
> soft-dirty setting on the PMD is actually just an over-indication for
> this page.
Cool. Thanks for the insight! Good to know that ;)
>
> For example, when we just install the shared zeropage directly in
> do_anonymous_page(), we obviously also don't set it dirty/soft-dirty.
>
> Now, one could argue that if the content was changed from non-zero to
> zero, it ould actually be soft-dirty.
Exactly. A false negative could be a problem for the userspace tools, IMO.
>
> Long-story short: I don't think this matters much in practice, but it's
> an easy fix.
>
> As said by dev, please avoid double ptep_get() if possible.
Sure, will do. I'll refactor it in the next version.
>
> Acked-by: David Hildenbrand <david@...hat.com>
Thanks!
>
>
> @Lance, can you double-check that the uffd-wp bit is handled correctly?
> I strongly assume we lose that as well here.
Certainly, I'll check the uffd-wp bit as well and get back to you soon.
Cheers,
Lance
Powered by blists - more mailing lists