Patch "mm: enable maple tree RCU mode by default." has been added to the 6.1-stable tree

gregkh at linuxfoundation.org gregkh at linuxfoundation.org
Wed Apr 12 01:13:32 PDT 2023 

This is a note to let you know that I've just added the patch titled

    mm: enable maple tree RCU mode by default.

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     mm-enable-maple-tree-rcu-mode-by-default.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable at vger.kernel.org> know about it.


>From stable-owner at vger.kernel.org Tue Apr 11 17:14:26 2023
From: "Liam R. Howlett" <Liam.Howlett at oracle.com>
Date: Tue, 11 Apr 2023 11:10:55 -0400
Subject: mm: enable maple tree RCU mode by default.
To: Greg Kroah-Hartman <gregkh at linuxfoundation.org>, stable at vger.kernel.org
Cc: maple-tree at lists.infradead.org, linux-mm at kvack.org, linux-kernel at vger.kernel.org, "Liam R. Howlett" <Liam.Howlett at Oracle.com>, "Liam R . Howlett" <Liam.Howlett at oracle.com>, syzbot+8d95422d3537159ca390 at syzkaller.appspotmail.com
Message-ID: <20230411151055.2910579-15-Liam.Howlett at oracle.com>

From: "Liam R. Howlett" <Liam.Howlett at Oracle.com>

commit 3dd4432549415f3c65dd52d5c687629efbf4ece1 upstream.

Use the maple tree in RCU mode for VMA tracking.

The maple tree tracks the stack and is able to update the pivot
(lower/upper boundary) in-place to allow the page fault handler to write
to the tree while holding just the mmap read lock.  This is safe as the
writes to the stack have a guard VMA which ensures there will always be
a NULL in the direction of the growth and thus will only update a pivot.

It is possible, but not recommended, to have VMAs that grow up/down
without guard VMAs.  syzbot has constructed a testcase which sets up a
VMA to grow and consume the empty space.  Overwriting the entire NULL
entry causes the tree to be altered in a way that is not safe for
concurrent readers; the readers may see a node being rewritten or one
that does not match the maple state they are using.

Enabling RCU mode allows the concurrent readers to see a stable node and
will return the expected result.

Link: https://lkml.kernel.org/r/20230227173632.3292573-9-surenb@google.com
Cc: stable at vger.kernel.org
Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree")
Signed-off-by: Liam R. Howlett <Liam.Howlett at oracle.com>
Reported-by: syzbot+8d95422d3537159ca390 at syzkaller.appspotmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
 include/linux/mm_types.h |    3 ++-
 kernel/fork.c            |    3 +++
 mm/mmap.c                |    3 ++-
 3 files changed, 7 insertions(+), 2 deletions(-)

--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -725,7 +725,8 @@ struct mm_struct {
 	unsigned long cpu_bitmap[];
 };
 
-#define MM_MT_FLAGS	(MT_FLAGS_ALLOC_RANGE | MT_FLAGS_LOCK_EXTERN)
+#define MM_MT_FLAGS	(MT_FLAGS_ALLOC_RANGE | MT_FLAGS_LOCK_EXTERN | \
+			 MT_FLAGS_USE_RCU)
 extern struct mm_struct init_mm;
 
 /* Pointer magic because the dynamic array size confuses some compilers. */
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -617,6 +617,7 @@ static __latent_entropy int dup_mmap(str
 	if (retval)
 		goto out;
 
+	mt_clear_in_rcu(mas.tree);
 	mas_for_each(&old_mas, mpnt, ULONG_MAX) {
 		struct file *file;
 
@@ -703,6 +704,8 @@ static __latent_entropy int dup_mmap(str
 	retval = arch_dup_mmap(oldmm, mm);
 loop_out:
 	mas_destroy(&mas);
+	if (!retval)
+		mt_set_in_rcu(mas.tree);
 out:
 	mmap_write_unlock(mm);
 	flush_tlb_mm(oldmm);
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2308,7 +2308,7 @@ do_mas_align_munmap(struct ma_state *mas
 	int count = 0;
 	int error = -ENOMEM;
 	MA_STATE(mas_detach, &mt_detach, 0, 0);
-	mt_init_flags(&mt_detach, MT_FLAGS_LOCK_EXTERN);
+	mt_init_flags(&mt_detach, mas->tree->ma_flags & MT_FLAGS_LOCK_MASK);
 	mt_set_external_lock(&mt_detach, &mm->mmap_lock);
 
 	if (mas_preallocate(mas, vma, GFP_KERNEL))
@@ -3095,6 +3095,7 @@ void exit_mmap(struct mm_struct *mm)
 	 */
 	set_bit(MMF_OOM_SKIP, &mm->flags);
 	mmap_write_lock(mm);
+	mt_clear_in_rcu(&mm->mm_mt);
 	free_pgtables(&tlb, &mm->mm_mt, vma, FIRST_USER_ADDRESS,
 		      USER_PGTABLES_CEILING);
 	tlb_finish_mmu(&tlb);


Patches currently in stable-queue which might be from stable-owner at vger.kernel.org are

queue-6.1/maple_tree-fix-potential-rcu-issue.patch
queue-6.1/maple_tree-add-smp_rmb-to-dead-node-detection.patch
queue-6.1/maple_tree-add-rcu-lock-checking-to-rcu-callback-functions.patch
queue-6.1/maple_tree-fix-handle-of-invalidated-state-in-mas_wr_store_setup.patch
queue-6.1/maple_tree-reduce-user-error-potential.patch
queue-6.1/maple_tree-fix-mas_prev-and-mas_find-state-handling.patch
queue-6.1/maple_tree-remove-gfp_zero-from-kmem_cache_alloc-and-kmem_cache_alloc_bulk.patch
queue-6.1/maple_tree-be-more-cautious-about-dead-nodes.patch
queue-6.1/mm-enable-maple-tree-rcu-mode-by-default.patch
queue-6.1/maple_tree-detect-dead-nodes-in-mas_start.patch
queue-6.1/maple_tree-fix-freeing-of-nodes-in-rcu-mode.patch
queue-6.1/maple_tree-remove-extra-smp_wmb-from-mas_dead_leaves.patch
queue-6.1/maple_tree-refine-ma_state-init-from-mas_start.patch

More information about the maple-tree mailing list