From: Greg Kroah-Hartman Date: Thu, 4 Nov 2021 08:20:26 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.19.216~22 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3794bd32dbfd2d17158b50afcf71a43326ee8c59;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: mm-khugepaged-skip-huge-page-collapse-for-special-files.patch --- diff --git a/queue-5.10/mm-khugepaged-skip-huge-page-collapse-for-special-files.patch b/queue-5.10/mm-khugepaged-skip-huge-page-collapse-for-special-files.patch new file mode 100644 index 00000000000..26eb44a52ca --- /dev/null +++ b/queue-5.10/mm-khugepaged-skip-huge-page-collapse-for-special-files.patch @@ -0,0 +1,77 @@ +From a4aeaa06d45e90f9b279f0b09de84bd00006e733 Mon Sep 17 00:00:00 2001 +From: Yang Shi +Date: Thu, 28 Oct 2021 14:36:30 -0700 +Subject: mm: khugepaged: skip huge page collapse for special files + +From: Yang Shi + +commit a4aeaa06d45e90f9b279f0b09de84bd00006e733 upstream. + +The read-only THP for filesystems will collapse THP for files opened +readonly and mapped with VM_EXEC. The intended usecase is to avoid TLB +misses for large text segments. But it doesn't restrict the file types +so a THP could be collapsed for a non-regular file, for example, block +device, if it is opened readonly and mapped with EXEC permission. This +may cause bugs, like [1] and [2]. + +This is definitely not the intended usecase, so just collapse THP for +regular files in order to close the attack surface. + +[shy828301@gmail.com: fix vm_file check [3]] + +Link: https://lore.kernel.org/lkml/CACkBjsYwLYLRmX8GpsDpMthagWOjWWrNxqY6ZLNQVr6yx+f5vA@mail.gmail.com/ [1] +Link: https://lore.kernel.org/linux-mm/000000000000c6a82505ce284e4c@google.com/ [2] +Link: https://lkml.kernel.org/r/CAHbLzkqTW9U3VvTu1Ki5v_cLRC9gHW+znBukg_ycergE0JWj-A@mail.gmail.com [3] +Link: https://lkml.kernel.org/r/20211027195221.3825-1-shy828301@gmail.com +Fixes: 99cb0dbd47a1 ("mm,thp: add read-only THP support for (non-shmem) FS") +Signed-off-by: Hugh Dickins +Signed-off-by: Yang Shi +Reported-by: Hao Sun +Reported-by: syzbot+aae069be1de40fb11825@syzkaller.appspotmail.com +Cc: Matthew Wilcox +Cc: Kirill A. Shutemov +Cc: Song Liu +Cc: Andrea Righi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/khugepaged.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +--- a/mm/khugepaged.c ++++ b/mm/khugepaged.c +@@ -443,21 +443,24 @@ static bool hugepage_vma_check(struct vm + if (!transhuge_vma_enabled(vma, vm_flags)) + return false; + ++ if (vma->vm_file && !IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - ++ vma->vm_pgoff, HPAGE_PMD_NR)) ++ return false; ++ + /* Enabled via shmem mount options or sysfs settings. */ +- if (shmem_file(vma->vm_file) && shmem_huge_enabled(vma)) { +- return IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - vma->vm_pgoff, +- HPAGE_PMD_NR); +- } ++ if (shmem_file(vma->vm_file)) ++ return shmem_huge_enabled(vma); + + /* THP settings require madvise. */ + if (!(vm_flags & VM_HUGEPAGE) && !khugepaged_always()) + return false; + +- /* Read-only file mappings need to be aligned for THP to work. */ ++ /* Only regular file is valid */ + if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && vma->vm_file && + (vm_flags & VM_DENYWRITE)) { +- return IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - vma->vm_pgoff, +- HPAGE_PMD_NR); ++ struct inode *inode = vma->vm_file->f_inode; ++ ++ return S_ISREG(inode->i_mode); + } + + if (!vma->anon_vma || vma->vm_ops) diff --git a/queue-5.10/series b/queue-5.10/series index ba4acbccb05..d32e2433a87 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -8,3 +8,4 @@ mm-filemap-check-if-thp-has-hwpoisoned-subpage-for-pmd-page-fault.patch media-firewire-firedtv-avc-fix-a-buffer-overflow-in-avc_ca_pmt.patch revert-xhci-set-hcd-flag-to-defer-primary-roothub-registration.patch revert-usb-core-hcd-add-support-for-deferring-roothub.patch +mm-khugepaged-skip-huge-page-collapse-for-special-files.patch