From 64297b5aa68665f2b4316d70a111809bbae5f94d Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Apr 13 2023 15:23:17 +0000 Subject: mm: enable maple tree RCU mode by default (bsc#1012628). --- diff --git a/patches.kernel.org/6.2.11-173-mm-enable-maple-tree-RCU-mode-by-default.patch b/patches.kernel.org/6.2.11-173-mm-enable-maple-tree-RCU-mode-by-default.patch new file mode 100644 index 0000000..5236daa --- /dev/null +++ b/patches.kernel.org/6.2.11-173-mm-enable-maple-tree-RCU-mode-by-default.patch @@ -0,0 +1,99 @@ +From: "Liam R. Howlett" +Date: Tue, 11 Apr 2023 11:10:55 -0400 +Subject: [PATCH] mm: enable maple tree RCU mode by default. +References: bsc#1012628 +Patch-mainline: 6.2.11 +Git-commit: 3dd4432549415f3c65dd52d5c687629efbf4ece1 + +commit 3dd4432549415f3c65dd52d5c687629efbf4ece1 upstream. + +Use the maple tree in RCU mode for VMA tracking. + +The maple tree tracks the stack and is able to update the pivot +(lower/upper boundary) in-place to allow the page fault handler to write +to the tree while holding just the mmap read lock. This is safe as the +writes to the stack have a guard VMA which ensures there will always be +a NULL in the direction of the growth and thus will only update a pivot. + +It is possible, but not recommended, to have VMAs that grow up/down +without guard VMAs. syzbot has constructed a testcase which sets up a +VMA to grow and consume the empty space. Overwriting the entire NULL +entry causes the tree to be altered in a way that is not safe for +concurrent readers; the readers may see a node being rewritten or one +that does not match the maple state they are using. + +Enabling RCU mode allows the concurrent readers to see a stable node and +will return the expected result. + +Link: https://lkml.kernel.org/r/20230227173632.3292573-9-surenb@google.com +Cc: stable@vger.kernel.org +Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree") +Signed-off-by: Liam R. Howlett +Reported-by: syzbot+8d95422d3537159ca390@syzkaller.appspotmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + include/linux/mm_types.h | 3 ++- + kernel/fork.c | 3 +++ + mm/mmap.c | 3 ++- + 3 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h +index 9757067c..0e41359d 100644 +--- a/include/linux/mm_types.h ++++ b/include/linux/mm_types.h +@@ -810,7 +810,8 @@ struct mm_struct { + unsigned long cpu_bitmap[]; + }; + +-#define MM_MT_FLAGS (MT_FLAGS_ALLOC_RANGE | MT_FLAGS_LOCK_EXTERN) ++#define MM_MT_FLAGS (MT_FLAGS_ALLOC_RANGE | MT_FLAGS_LOCK_EXTERN | \ ++ MT_FLAGS_USE_RCU) + extern struct mm_struct init_mm; + + /* Pointer magic because the dynamic array size confuses some compilers. */ +diff --git a/kernel/fork.c b/kernel/fork.c +index 8dd0127d..e8808ffb 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -617,6 +617,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, + if (retval) + goto out; + ++ mt_clear_in_rcu(mas.tree); + mas_for_each(&old_mas, mpnt, ULONG_MAX) { + struct file *file; + +@@ -703,6 +704,8 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, + retval = arch_dup_mmap(oldmm, mm); + loop_out: + mas_destroy(&mas); ++ if (!retval) ++ mt_set_in_rcu(mas.tree); + out: + mmap_write_unlock(mm); + flush_tlb_mm(oldmm); +diff --git a/mm/mmap.c b/mm/mmap.c +index 425a9349..1931da07 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -2308,7 +2308,7 @@ do_mas_align_munmap(struct ma_state *mas, struct vm_area_struct *vma, + int count = 0; + int error = -ENOMEM; + MA_STATE(mas_detach, &mt_detach, 0, 0); +- mt_init_flags(&mt_detach, MT_FLAGS_LOCK_EXTERN); ++ mt_init_flags(&mt_detach, mas->tree->ma_flags & MT_FLAGS_LOCK_MASK); + mt_set_external_lock(&mt_detach, &mm->mmap_lock); + + if (mas_preallocate(mas, vma, GFP_KERNEL)) +@@ -3095,6 +3095,7 @@ void exit_mmap(struct mm_struct *mm) + */ + set_bit(MMF_OOM_SKIP, &mm->flags); + mmap_write_lock(mm); ++ mt_clear_in_rcu(&mm->mm_mt); + free_pgtables(&tlb, &mm->mm_mt, vma, FIRST_USER_ADDRESS, + USER_PGTABLES_CEILING); + tlb_finish_mmu(&tlb); +-- +2.35.3 + diff --git a/series.conf b/series.conf index 9b0f66c..2a4c6b5 100644 --- a/series.conf +++ b/series.conf @@ -2226,6 +2226,7 @@ patches.kernel.org/6.2.11-170-maple_tree-remove-extra-smp_wmb-from-mas_dead_.patch patches.kernel.org/6.2.11-171-maple_tree-add-smp_rmb-to-dead-node-detection.patch patches.kernel.org/6.2.11-172-maple_tree-add-RCU-lock-checking-to-rcu-callba.patch + patches.kernel.org/6.2.11-173-mm-enable-maple-tree-RCU-mode-by-default.patch ######################################################## # Build fixes that apply to the vanilla kernel too.