1 |
From 5cbfca68cfeeb2e8f417010ab5d4183116b0afa1 Mon Sep 17 00:00:00 2001 |
2 |
From: Sasha Levin <sashal@kernel.org> |
3 |
Date: Fri, 5 Aug 2022 12:00:03 -0400 |
4 |
Subject: mm/smaps: don't access young/dirty bit if pte unpresent |
5 |
|
6 |
From: Peter Xu <peterx@redhat.com> |
7 |
|
8 |
[ Upstream commit efd4149342db2df41b1bbe68972ead853b30e444 ] |
9 |
|
10 |
These bits should only be valid when the ptes are present. Introducing |
11 |
two booleans for it and set it to false when !pte_present() for both pte |
12 |
and pmd accountings. |
13 |
|
14 |
The bug is found during code reading and no real world issue reported, but |
15 |
logically such an error can cause incorrect readings for either smaps or |
16 |
smaps_rollup output on quite a few fields. |
17 |
|
18 |
For example, it could cause over-estimate on values like Shared_Dirty, |
19 |
Private_Dirty, Referenced. Or it could also cause under-estimate on |
20 |
values like LazyFree, Shared_Clean, Private_Clean. |
21 |
|
22 |
Link: https://lkml.kernel.org/r/20220805160003.58929-1-peterx@redhat.com |
23 |
Fixes: b1d4d9e0cbd0 ("proc/smaps: carefully handle migration entries") |
24 |
Fixes: c94b6923fa0a ("/proc/PID/smaps: Add PMD migration entry parsing") |
25 |
Signed-off-by: Peter Xu <peterx@redhat.com> |
26 |
Reviewed-by: Vlastimil Babka <vbabka@suse.cz> |
27 |
Reviewed-by: David Hildenbrand <david@redhat.com> |
28 |
Reviewed-by: Yang Shi <shy828301@gmail.com> |
29 |
Cc: Konstantin Khlebnikov <khlebnikov@openvz.org> |
30 |
Cc: Huang Ying <ying.huang@intel.com> |
31 |
Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
32 |
Signed-off-by: Sasha Levin <sashal@kernel.org> |
33 |
--- |
34 |
fs/proc/task_mmu.c | 7 ++++--- |
35 |
1 file changed, 4 insertions(+), 3 deletions(-) |
36 |
|
37 |
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c |
38 |
index 2d04e3470d4cd..313788bc0c307 100644 |
39 |
--- a/fs/proc/task_mmu.c |
40 |
+++ b/fs/proc/task_mmu.c |
41 |
@@ -525,10 +525,12 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, |
42 |
struct vm_area_struct *vma = walk->vma; |
43 |
bool locked = !!(vma->vm_flags & VM_LOCKED); |
44 |
struct page *page = NULL; |
45 |
- bool migration = false; |
46 |
+ bool migration = false, young = false, dirty = false; |
47 |
|
48 |
if (pte_present(*pte)) { |
49 |
page = vm_normal_page(vma, addr, *pte); |
50 |
+ young = pte_young(*pte); |
51 |
+ dirty = pte_dirty(*pte); |
52 |
} else if (is_swap_pte(*pte)) { |
53 |
swp_entry_t swpent = pte_to_swp_entry(*pte); |
54 |
|
55 |
@@ -558,8 +560,7 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, |
56 |
if (!page) |
57 |
return; |
58 |
|
59 |
- smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), |
60 |
- locked, migration); |
61 |
+ smaps_account(mss, page, false, young, dirty, locked, migration); |
62 |
} |
63 |
|
64 |
#ifdef CONFIG_TRANSPARENT_HUGEPAGE |
65 |
-- |
66 |
2.35.1 |
67 |
|