| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0bfdbccd-9d4a-409f-ae43-b44bb7347d70@linux.dev>
Date: Tue, 14 Oct 2025 22:26:20 +0800
From: Lance Yang <lance.yang@...ux.dev>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
Cc: akpm@...ux-foundation.org, david@...hat.com, Liam.Howlett@...cle.com,
baohua@...nel.org, baolin.wang@...ux.alibaba.com, dev.jain@....com,
hughd@...gle.com, ioworker0@...il.com, kirill@...temov.name,
linux-kernel@...r.kernel.org, linux-mm@...ck.org, mpenttil@...hat.com,
npache@...hat.com, ryan.roberts@....com, ziy@...dia.com,
richard.weiyang@...il.com
Subject: Re: [PATCH mm-new v3 1/1] mm/khugepaged: abort collapse scan on
non-swap entries
On 2025/10/14 19:08, Lorenzo Stoakes wrote:
> On Wed, Oct 08, 2025 at 11:26:57AM +0800, Lance Yang wrote:
>> diff --git a/mm/khugepaged.c b/mm/khugepaged.c
>> index abe54f0043c7..bec3e268dc76 100644
>> --- a/mm/khugepaged.c
>> +++ b/mm/khugepaged.c
>> @@ -1020,6 +1020,11 @@ static int __collapse_huge_page_swapin(struct mm_struct *mm,
>> if (!is_swap_pte(vmf.orig_pte))
>> continue;
>>
>> + if (non_swap_entry(pte_to_swp_entry(vmf.orig_pte))) {
>> + result = SCAN_PTE_NON_PRESENT;
>> + goto out;
>> + }
>
> OK seems in line with what we were discussing before...
Yep. That's the idea :)
>
>> +
>> vmf.pte = pte;
>> vmf.ptl = ptl;
>> ret = do_swap_page(&vmf);
>> @@ -1281,7 +1286,23 @@ static int hpage_collapse_scan_pmd(struct mm_struct *mm,
>> for (addr = start_addr, _pte = pte; _pte < pte + HPAGE_PMD_NR;
>> _pte++, addr += PAGE_SIZE) {
>> pte_t pteval = ptep_get(_pte);
>> - if (is_swap_pte(pteval)) {
>> + if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
>> + ++none_or_zero;
>> + if (!userfaultfd_armed(vma) &&
>> + (!cc->is_khugepaged ||
>> + none_or_zero <= khugepaged_max_ptes_none)) {
>> + continue;
>> + } else {
>> + result = SCAN_EXCEED_NONE_PTE;
>> + count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
>> + goto out_unmap;
>> + }
>> + } else if (!pte_present(pteval)) {
>> + if (non_swap_entry(pte_to_swp_entry(pteval))) {
>
Thanks for pointing that out!
> Hm but can't this be pte_protnone() at this stage (or something else)? And then
Yeah. The funny thing is, a protnone pte cannot actually get here, IIUC.
```
static inline int pte_protnone(pte_t pte)
{
return (pte_flags(pte) & (_PAGE_PROTNONE | _PAGE_PRESENT))
== _PAGE_PROTNONE;
}
static inline int pte_present(pte_t a)
{
return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE);
}
```
On x86, pte_present() returns true for a protnone pte. And I'd assume
other archs behave similarly ...
> we're just assuming pte_to_swp_entry() is operating on a swap entry when it in
> fact might not be?
>
> Couldn't we end up with false positives here?
Emm, I think we're good here and the code is doing the right thing.
>
>> + result = SCAN_PTE_NON_PRESENT;
>> + goto out_unmap;
>> + }
>> +
>> ++unmapped;
>> if (!cc->is_khugepaged ||
>> unmapped <= khugepaged_max_ptes_swap) {
>> @@ -1290,7 +1311,7 @@ static int hpage_collapse_scan_pmd(struct mm_struct *mm,
>> * enabled swap entries. Please see
>> * comment below for pte_uffd_wp().
>> */
>> - if (pte_swp_uffd_wp_any(pteval)) {
>> + if (pte_swp_uffd_wp(pteval)) {
>
> Again you're assuming it's a swap entry but you're not asserting this is a swap
> entry in this branch?
As we discussed above, the non_swap_entry() check has already kicked out
anything that isn't a true swap entry, right?
>
> Also an aside - I hate, hate, hate how this uffd wp stuff has infiltrated all
> kinds of open-coded stuff. It's so gross (not your fault, just a general
> comment...)
Haha, tell me about it. No argument from me there ;)
Thanks,
Lance
Powered by blists - more mailing lists