• Ma Wupeng's avatar
    x86/mm/pat: clear VM_PAT if copy_p4d_range failed · d155df53
    Ma Wupeng authored
    Syzbot reports a warning in untrack_pfn().  Digging into the root we found
    that this is due to memory allocation failure in pmd_alloc_one.  And this
    failure is produced due to failslab.
    
    In copy_page_range(), memory alloaction for pmd failed.  During the error
    handling process in copy_page_range(), mmput() is called to remove all
    vmas.  While untrack_pfn this empty pfn, warning happens.
    
    Here's a simplified flow:
    
    dup_mm
      dup_mmap
        copy_page_range
          copy_p4d_range
            copy_pud_range
              copy_pmd_range
                pmd_alloc
                  __pmd_alloc
                    pmd_alloc_one
                      page = alloc_pages(gfp, 0);
                        if (!page)
                          return NULL;
        mmput
            exit_mmap
              unmap_vmas
                unmap_single_vma
                  untrack_pfn
                    follow_phys
                      WARN_ON_ONCE(1);
    
    Since this vma is not generate successfully, we can clear flag VM_PAT.  In
    this case, untrack_pfn() will not be called while cleaning this vma.
    
    Function untrack_pfn_moved() has also been renamed to fit the new logic.
    
    Link: https://lkml.kernel.org/r/20230217025615.1595558-1-mawupeng1@huawei.comSigned-off-by: default avatarMa Wupeng <mawupeng1@huawei.com>
    Reported-by: <syzbot+5f488e922d047d8f00cc@syzkaller.appspotmail.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Borislav Petkov <bp@suse.de>
    Cc: Dave Hansen <dave.hansen@linux.intel.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Suresh Siddha <suresh.b.siddha@intel.com>
    Cc: Toshi Kani <toshi.kani@hp.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    d155df53
memory.c 159 KB