On Sat, 5 Mar 2022, gregkh@linuxfoundation.org wrote:
This is a note to let you know that I've just added the patch titled
memfd: fix F_SEAL_WRITE after shmem huge page allocated
to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: memfd-fix-f_seal_write-after-shmem-huge-page-allocated.patch and it can be found in the queue-5.4 subdirectory.
Thank you for adding that patch to 5.16, 5.15, 5.10 and 5.4: please accept the substitute patch below for 4.14 and 4.9 - thanks. A different patch for 4.19 has been sent separately.
From f2b277c4d1c63a85127e8aa2588e9cc3bd21cb99 Mon Sep 17 00:00:00 2001 From: Hugh Dickins hughd@google.com Date: Fri, 4 Mar 2022 20:29:01 -0800 Subject: memfd: fix F_SEAL_WRITE after shmem huge page allocated
From: Hugh Dickins hughd@google.com
commit f2b277c4d1c63a85127e8aa2588e9cc3bd21cb99 upstream.
Wangyong reports: after enabling tmpfs filesystem to support transparent hugepage with the following command:
echo always > /sys/kernel/mm/transparent_hugepage/shmem_enabled
the docker program tries to add F_SEAL_WRITE through the following command, but it fails unexpectedly with errno EBUSY:
fcntl(5, F_ADD_SEALS, F_SEAL_WRITE) = -1.
That is because memfd_tag_pins() and memfd_wait_for_pins() were never updated for shmem huge pages: checking page_mapcount() against page_count() is hopeless on THP subpages - they need to check total_mapcount() against page_count() on THP heads only.
Make memfd_tag_pins() (compared > 1) as strict as memfd_wait_for_pins() (compared != 1): either can be justified, but given the non-atomic total_mapcount() calculation, it is better now to be strict. Bear in mind that total_mapcount() itself scans all of the THP subpages, when choosing to take an XA_CHECK_SCHED latency break.
Also fix the unlikely xa_is_value() case in memfd_wait_for_pins(): if a page has been swapped out since memfd_tag_pins(), then its refcount must have fallen, and so it can safely be untagged.
Link: https://lkml.kernel.org/r/a4f79248-df75-2c8c-3df-ba3317ccb5da@google.com Signed-off-by: Hugh Dickins hughd@google.com Reported-by: Zeal Robot zealci@zte.com.cn Reported-by: wangyong wang.yong12@zte.com.cn Cc: Mike Kravetz mike.kravetz@oracle.com Cc: Matthew Wilcox (Oracle) willy@infradead.org Cc: CGEL ZTE cgel.zte@gmail.com Cc: Kirill A. Shutemov kirill@shutemov.name Cc: Song Liu songliubraving@fb.com Cc: Yang Yang yang.yang29@zte.com.cn Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org --- mm/shmem.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
--- a/mm/shmem.c +++ b/mm/shmem.c @@ -2689,7 +2689,8 @@ static void shmem_tag_pins(struct address_space *mapping) slot = radix_tree_iter_retry(&iter); continue; } - } else if (page_count(page) - page_mapcount(page) > 1) { + } else if (!PageTail(page) && page_count(page) != + hpage_nr_pages(page) + total_mapcount(page)) { radix_tree_tag_set(&mapping->page_tree, iter.index, SHMEM_TAG_PINNED); } @@ -2749,8 +2750,8 @@ static int shmem_wait_for_pins(struct address_space *mapping) page = NULL; }
- if (page && - page_count(page) - page_mapcount(page) != 1) { + if (page && page_count(page) != + hpage_nr_pages(page) + total_mapcount(page)) { if (scan < LAST_SCAN) goto continue_resched;
On Sun, Mar 06, 2022 at 01:09:16AM -0800, Hugh Dickins wrote:
On Sat, 5 Mar 2022, gregkh@linuxfoundation.org wrote:
This is a note to let you know that I've just added the patch titled
memfd: fix F_SEAL_WRITE after shmem huge page allocated
to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: memfd-fix-f_seal_write-after-shmem-huge-page-allocated.patch and it can be found in the queue-5.4 subdirectory.
Thank you for adding that patch to 5.16, 5.15, 5.10 and 5.4: please accept the substitute patch below for 4.14 and 4.9 - thanks. A different patch for 4.19 has been sent separately.
All now queued up, thanks for the backports!
greg k-h
linux-stable-mirror@lists.linaro.org