From: wei.guo.simon@gmail.com
To: linux-mm@kvack.org
Cc: Alexey Klimov <klimov.linux@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Eric B Munson <emunson@akamai.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
Mel Gorman <mgorman@techsingularity.net>,
Michal Hocko <mhocko@suse.com>, Shuah Khan <shuah@kernel.org>,
Simon Guo <wei.guo.simon@gmail.com>,
Thierry Reding <treding@nvidia.com>,
Vlastimil Babka <vbabka@suse.cz>
Subject: [PATCH 2/4] mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT)
Date: Tue, 30 Aug 2016 18:59:39 +0800 [thread overview]
Message-ID: <1472554781-9835-3-git-send-email-wei.guo.simon@gmail.com> (raw)
In-Reply-To: <1472554781-9835-1-git-send-email-wei.guo.simon@gmail.com>
From: Simon Guo <wei.guo.simon@gmail.com>
When one vma was with flag VM_LOCKED|VM_LOCKONFAULT (by invoking
mlock2(,MLOCK_ONFAULT)), it can again be populated with mlock() with
VM_LOCKED flag only.
There is a hole in mlock_fixup() which increase mm->locked_vm twice even
the two operations are on the same vma and both with VM_LOCKED flags.
The issue can be reproduced by following code:
mlock2(p, 1024 * 64, MLOCK_ONFAULT); //VM_LOCKED|VM_LOCKONFAULT
mlock(p, 1024 * 64); //VM_LOCKED
Then check the increase VmLck field in /proc/pid/status(to 128k).
When vma is set with different vm_flags, and the new vm_flags is with
VM_LOCKED, it is not necessarily be a "new locked" vma. This patch
corrects this bug by prevent mm->locked_vm from increment when old
vm_flags is already VM_LOCKED.
Signed-off-by: Simon Guo <wei.guo.simon@gmail.com>
---
mm/mlock.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mm/mlock.c b/mm/mlock.c
index 9283187..df29aad 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -516,6 +516,7 @@ static int mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev,
int nr_pages;
int ret = 0;
int lock = !!(newflags & VM_LOCKED);
+ vm_flags_t old_flags = vma->vm_flags;
if (newflags == vma->vm_flags || (vma->vm_flags & VM_SPECIAL) ||
is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))
@@ -550,6 +551,8 @@ success:
nr_pages = (end - start) >> PAGE_SHIFT;
if (!lock)
nr_pages = -nr_pages;
+ else if (old_flags & VM_LOCKED)
+ nr_pages = 0;
mm->locked_vm += nr_pages;
/*
--
1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: wei.guo.simon@gmail.com
To: linux-mm@kvack.org
Cc: Alexey Klimov <klimov.linux@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Eric B Munson <emunson@akamai.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
Mel Gorman <mgorman@techsingularity.net>,
Michal Hocko <mhocko@suse.com>, Shuah Khan <shuah@kernel.org>,
Simon Guo <wei.guo.simon@gmail.com>,
Thierry Reding <treding@nvidia.com>,
Vlastimil Babka <vbabka@suse.cz>
Subject: [PATCH 2/4] mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT)
Date: Tue, 30 Aug 2016 18:59:39 +0800 [thread overview]
Message-ID: <1472554781-9835-3-git-send-email-wei.guo.simon@gmail.com> (raw)
In-Reply-To: <1472554781-9835-1-git-send-email-wei.guo.simon@gmail.com>
From: Simon Guo <wei.guo.simon@gmail.com>
When one vma was with flag VM_LOCKED|VM_LOCKONFAULT (by invoking
mlock2(,MLOCK_ONFAULT)), it can again be populated with mlock() with
VM_LOCKED flag only.
There is a hole in mlock_fixup() which increase mm->locked_vm twice even
the two operations are on the same vma and both with VM_LOCKED flags.
The issue can be reproduced by following code:
mlock2(p, 1024 * 64, MLOCK_ONFAULT); //VM_LOCKED|VM_LOCKONFAULT
mlock(p, 1024 * 64); //VM_LOCKED
Then check the increase VmLck field in /proc/pid/status(to 128k).
When vma is set with different vm_flags, and the new vm_flags is with
VM_LOCKED, it is not necessarily be a "new locked" vma. This patch
corrects this bug by prevent mm->locked_vm from increment when old
vm_flags is already VM_LOCKED.
Signed-off-by: Simon Guo <wei.guo.simon@gmail.com>
---
mm/mlock.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mm/mlock.c b/mm/mlock.c
index 9283187..df29aad 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -516,6 +516,7 @@ static int mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev,
int nr_pages;
int ret = 0;
int lock = !!(newflags & VM_LOCKED);
+ vm_flags_t old_flags = vma->vm_flags;
if (newflags == vma->vm_flags || (vma->vm_flags & VM_SPECIAL) ||
is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))
@@ -550,6 +551,8 @@ success:
nr_pages = (end - start) >> PAGE_SHIFT;
if (!lock)
nr_pages = -nr_pages;
+ else if (old_flags & VM_LOCKED)
+ nr_pages = 0;
mm->locked_vm += nr_pages;
/*
--
1.8.3.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-08-30 11:01 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-30 10:59 [PATCH 0/4] mm: mlock: fix some locked_vm counting issues wei.guo.simon
2016-08-30 10:59 ` wei.guo.simon
2016-08-30 10:59 ` [PATCH 1/4] mm: mlock: check against vma for actual mlock() size wei.guo.simon
2016-08-30 10:59 ` wei.guo.simon
2016-08-30 11:35 ` Kirill A. Shutemov
2016-08-30 11:35 ` Kirill A. Shutemov
2016-08-30 10:59 ` wei.guo.simon [this message]
2016-08-30 10:59 ` [PATCH 2/4] mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) wei.guo.simon
2016-08-30 11:36 ` Kirill A. Shutemov
2016-08-30 11:36 ` Kirill A. Shutemov
2016-08-30 10:59 ` [PATCH 3/4] selftest: split mlock2_ funcs into separate mlock2.h wei.guo.simon
2016-08-30 10:59 ` wei.guo.simon
2016-08-30 10:59 ` [PATCH 4/4] selftests/vm: add test for mlock() when areas are intersected wei.guo.simon
2016-08-30 10:59 ` wei.guo.simon
2016-08-31 23:14 ` David Rientjes
2016-08-31 23:14 ` David Rientjes
2016-09-01 7:14 ` Simon Guo
2016-09-01 7:14 ` Simon Guo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1472554781-9835-3-git-send-email-wei.guo.simon@gmail.com \
--to=wei.guo.simon@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=emunson@akamai.com \
--cc=geert@linux-m68k.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=klimov.linux@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=mhocko@suse.com \
--cc=shuah@kernel.org \
--cc=treding@nvidia.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.