On 2024/6/14 04:46, Andrew Morton wrote:
The patch titled
Subject: mm-memory-extend-finish_fault-to-support-large-folio-fix
has been added to the -mm mm-unstable branch. Its filename is
mm-memory-extend-finish_fault-to-support-large-folio-fix.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-memory-extend-finish_fault-to-support-large-folio-fix.patch
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Baolin Wang <baolin.wang@xxxxxxxxxxxxxxxxx>
Subject: mm-memory-extend-finish_fault-to-support-large-folio-fix
Date: Thu, 13 Jun 2024 21:03:36 +0800
avoid going beyond the PMD pagetable size
Link: https://lkml.kernel.org/r/b0e6a8b1-a32c-459e-ae67-fde5d28773e6@xxxxxxxxxxxxxxxxx
Signed-off-by: Baolin Wang <baolin.wang@xxxxxxxxxxxxxxxxx>
Reported-by: syzbot+d6e5c328862b5ae6cbfe@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: 1c05047ad016 ("mm: memory: extend finish_fault() to support
Cc: Barry Song <v-songbaohua@xxxxxxxx>
Cc: Daniel Gomez <da.gomez@xxxxxxxxxxx>
Cc: David Hildenbrand <david@xxxxxxxxxx>
Cc: "Huang, Ying" <ying.huang@xxxxxxxxx>
Cc: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: Kefeng Wang <wangkefeng.wang@xxxxxxxxxx>
Cc: Lance Yang <ioworker0@xxxxxxxxx>
Cc: Pankaj Raghav <p.raghav@xxxxxxxxxxx>
Cc: Ryan Roberts <ryan.roberts@xxxxxxx>
Cc: Yang Shi <shy828301@xxxxxxxxx>
Cc: Zi Yan <ziy@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/memory.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/mm/memory.c~mm-memory-extend-finish_fault-to-support-large-folio-fix
+++ a/mm/memory.c
@@ -4875,13 +4875,17 @@ vm_fault_t finish_fault(struct vm_fault
pgoff_t idx = folio_page_idx(folio, page);
/* The page offset of vmf->address within the VMA. */
pgoff_t vma_off = vmf->pgoff - vmf->vma->vm_pgoff;
+ /* The index of the entry in the pagetable for fault page. */
+ pgoff_t pte_off = pte_index(vmf->address);
/*
* Fallback to per-page fault in case the folio size in page
- * cache beyond the VMA limits.
+ * cache beyond the VMA limits and PMD pagetable limits.
*/
if (unlikely(vma_off < idx ||
- vma_off + (nr_pages - idx) > vma_pages(vma))) {
+ vma_off + (nr_pages - idx) > vma_pages(vma) ||
+ pte_off < idx ||
+ pte_off + (nr_pages - idx) > PTRS_PER_PTE - 1)) {
We should use 'PTRS_PER_PTE' instead of 'PTRS_PER_PTE - 1'. Sorry for my
math fault (I wrote the code too late last night, wasn't thinking
clearly:( ).
Sorry Andrew, could you help to squash this change? Thanks.
diff --git a/mm/memory.c b/mm/memory.c
index b7137d9c99a9..e6521dd82281 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -4888,7 +4888,7 @@ vm_fault_t finish_fault(struct vm_fault *vmf)
if (unlikely(vma_off < idx ||
vma_off + (nr_pages - idx) > vma_pages(vma) ||
pte_off < idx ||
- pte_off + (nr_pages - idx) > PTRS_PER_PTE -
1)) {
+ pte_off + (nr_pages - idx) > PTRS_PER_PTE)) {
nr_pages = 1;
} else {
/* Now we can set mappings for the whole large
folio. */
nr_pages = 1;
} else {
/* Now we can set mappings for the whole large folio. */
_
Patches currently in -mm which might be from baolin.wang@xxxxxxxxxxxxxxxxx are
mm-memory-extend-finish_fault-to-support-large-folio.patch
mm-memory-extend-finish_fault-to-support-large-folio-fix.patch
mm-shmem-add-thp-validation-for-pmd-mapped-thp-related-statistics.patch
mm-shmem-add-multi-size-thp-sysfs-interface-for-anonymous-shmem.patch
mm-shmem-add-multi-size-thp-sysfs-interface-for-anonymous-shmem-fix.patch
mm-shmem-add-mthp-support-for-anonymous-shmem.patch
mm-shmem-add-mthp-size-alignment-in-shmem_get_unmapped_area.patch
mm-shmem-add-mthp-counters-for-anonymous-shmem.patch
