| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251126035008.1919461-1-ziy@nvidia.com>
Date: Tue, 25 Nov 2025 22:50:04 -0500
From: Zi Yan <ziy@...dia.com>
To: David Hildenbrand <david@...nel.org>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Zi Yan <ziy@...dia.com>,
Baolin Wang <baolin.wang@...ux.alibaba.com>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>,
Nico Pache <npache@...hat.com>,
Ryan Roberts <ryan.roberts@....com>,
Dev Jain <dev.jain@....com>,
Barry Song <baohua@...nel.org>,
Lance Yang <lance.yang@...ux.dev>,
Miaohe Lin <linmiaohe@...wei.com>,
Naoya Horiguchi <nao.horiguchi@...il.com>,
Wei Yang <richard.weiyang@...il.com>,
Balbir Singh <balbirs@...dia.com>,
linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v3 0/4] Improve folio split related functions
Hi all,
This patchset improves several folio split related functions to avoid
future misuse. The changes are:
1. Consolidated folio splittable checks by moving truncated folio check,
huge zero folio check, and writeback folio check into
folio_split_supported(). Changed the function return type. Renamed it
to folio_check_splittable() for clarification.
2. Replaced can_split_folio() with open coded folio_expected_ref_count()
and folio_ref_count() and introduced folio_cache_ref_count().
3. Changed min_order_for_split() to always return an order.
4. Fixed folio split stats counting.
Motivation
===
This is based on Wei's observation[1] and solves several potential
issues:
1. Dereferencing NULL folio->mapping in try_folio_split_to_order() if it
is called on truncated folios.
2. Not handling of negative return value of min_order_for_split() in
mm/memory-failure.c
There is no bug in the current code.
The code is based on mm-new with V2 reverted and can replace V2 cleanly
on mm-new branch.
Changelog
===
>From V2[3]:
1. Removed "bool warns" parameter from folio_check_splittable().
2. Removed all warnings in folio_check_splittable() and added a single
warning in its caller, __folio_split() instead.
3. Spelled out in the comment in folio_check_splittable() that folios
without a mapping in the swapcache can be shmem or to-be-anon folios.
4. Renamed folio_cache_references to folio_cache_ref_count.
5. Removed extra_pins variable.
6. Replaced folio_expected_ref_count() with folio_cache_ref_count() for
folio_ref_unfreeze() uses in __folio_freeze_and_split_unmapped(),
since they are equivalent at those call sites.
>From RFC[2]:
1. Renamed folio_split_supported() to folio_check_splittable(), changed
its return type from bool to int to return error code directly, and
added kernel-doc.
2. Moved truncated folio check, zero huge folio check, and writeback
check in folio_check_splittable().
3. Changed zero huge folio check's error number from -EBUSY to -EINVAL.
4. Replaced can_split_folio() with open code.
5. Changed min_order_for_split() to return 0 for truncated folio instead
of -EBUSY and added kernel-doc.
6. Fixed folio split stats counting.
Comments and feedbacks are welcome.
Link: https://lore.kernel.org/all/20251120004735.52z7r4xmogw7mbsj@master/ [1]
Link: https://lore.kernel.org/all/20251120035953.1115736-1-ziy@nvidia.com/ [2]
Link: https://lore.kernel.org/all/20251122025529.1562592-1-ziy@nvidia.com/ [3]
Zi Yan (4):
mm/huge_memory: change folio_split_supported() to
folio_check_splittable()
mm/huge_memory: replace can_split_folio() with direct refcount
calculation
mm/huge_memory: make min_order_for_split() always return an order
mm/huge_memory: fix folio split stats counting
include/linux/huge_mm.h | 13 ++--
mm/huge_memory.c | 161 ++++++++++++++++++++++------------------
mm/vmscan.c | 3 +-
3 files changed, 97 insertions(+), 80 deletions(-)
--
2.51.0
Powered by blists - more mailing lists