| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260118190939.8986-2-shivankg@amd.com> Date: Sun, 18 Jan 2026 19:09:38 +0000 From: Shivank Garg <shivankg@....com> To: Andrew Morton <akpm@...ux-foundation.org>, David Hildenbrand <david@...nel.org>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com> CC: Zi Yan <ziy@...dia.com>, Baolin Wang <baolin.wang@...ux.alibaba.com>, "Liam R . Howlett" <Liam.Howlett@...cle.com>, Nico Pache <npache@...hat.com>, Ryan Roberts <ryan.roberts@....com>, Dev Jain <dev.jain@....com>, Barry Song <baohua@...nel.org>, Lance Yang <lance.yang@...ux.dev>, Masami Hiramatsu <mhiramat@...nel.org>, Steven Rostedt <rostedt@...dmis.org>, <linux-trace-kernel@...r.kernel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Zach O'Keefe <zokeefe@...gle.com>, <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>, Stephen Rothwell <sfr@...b.auug.org.au>, <shivankg@....com> Subject: [PATCH V5 0/2] mm/khugepaged: fix dirty page handling for MADV_COLLAPSE MADV_COLLAPSE on file-backed mappings fails with -EINVAL when TEXT pages are dirty. This affects scenarios like package/container updates or executing binaries immediately after writing them, etc. The issue is that collapse_file() triggers async writeback and returns SCAN_FAIL (maps to -EINVAL), expecting khugepaged to revisit later. But MADV_COLLAPSE is synchronous and userspace expects immediate success or a clear retry signal. Reproduction: - Compile or copy 2MB-aligned executable to XFS/ext4 FS - Call MADV_COLLAPSE on .text section - First call fails with -EINVAL (text pages dirty from copy) - Second call succeeds (async writeback completed) Issue Report: https://lore.kernel.org/all/4e26fe5e-7374-467c-a333-9dd48f85d7cc@amd.com Hi Andrew, This V5 series incorporates David's feedback for simplifying the retry logic. To apply on mm-new, please drop: - 20251215084615.5283-3-shivankg@....com: [PATCH V4 0/2] mm/khugepaged: fix dirty page handling for MADV_COLLAPSE - 20251224111351.41042-4-shivankg@....com: [PATCH V2 0/5] mm/khugepaged: cleanups and scan limit fix (merge conflicts with this series; V3 with review fixes posting soon) Thank you :) Changelog: V5: - In patch 2/2, Simplify dirty writeback retry logic (David) V4: - https://lore.kernel.org/all/20251215084615.5283-3-shivankg@amd.com - Rebase on mm-new - Fix spurious blank line (Lance) V3: - https://lore.kernel.org/all/20251201185604.210634-6-shivankg@amd.com - Reordered patches: Enum definition comes first as the retry logic depends on it - Renamed SCAN_PAGE_NOT_CLEAN to SCAN_PAGE_DIRTY_OR_WRITEBACK (Dev, Lance, David) - Changed writeback logic: Only trigger synchronous writeback and retry if the initial collapse attempt failed specifically due to dirty/writeback pages, rather than blindly flushing all file-backed VMAs (David) - Added proper file reference counting (get_file/fput) around the unlock window to prevent UAF (Lance) V2: - https://lore.kernel.org/all/20251120065043.41738-6-shivankg@amd.com - Move writeback to madvise_collapse() (better abstraction, proper mmap_lock handling and does VMA revalidation after I/O) (Lorenzo) - Rename to SCAN_PAGE_DIRTY to SCAN_PAGE_NOT_CLEAN and extend its use for all dirty/writeback folio cases that previously returned incorrect results (Dev) V1: https://lore.kernel.org/all/20251110113254.77822-1-shivankg@amd.com Thanks, Shivank Garg (2): mm/khugepaged: map dirty/writeback pages failures to EAGAIN mm/khugepaged: retry with sync writeback for MADV_COLLAPSE include/trace/events/huge_memory.h | 3 ++- mm/khugepaged.c | 23 ++++++++++++++++++++--- 2 files changed, 22 insertions(+), 4 deletions(-) -- 2.43.0
Powered by blists - more mailing lists