From nobody Sat Apr 4 00:05:58 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 559D633F5A2 for ; Sun, 22 Mar 2026 05:43:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774158197; cv=none; b=SCr6BncUfdixJazZYAFiYH7m4jeXR8EzztHpoCZmdQlWEoEUcj3V+0CZw4Hh2jbkRnHLV7JZ4Nivu29+M5N7fT8zePRiCCkDdlsgqVNRsSUZHt6DEpqjt227aP9TH7+f6wCS8s/8VB9FmbCNRQgJIiAUvxEUlZLVvaVTOQxNZlY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774158197; c=relaxed/simple; bh=k8vibHg0a/FCBygledpiedlSEfAweaWApztc8G2PWnA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=bzWsERPyj1QTs++QYUAZsNR2f/HLqXNKLb5N11RLpgQiB1J5lCi4wPjyIx9cFbwtfgbsprT3Y4sqUPNV9D7Ooag0MEbysydnXf3uBqKXH2TTuA9SqklFW4ZtIWGD+yWq1xefwI07hhF1+qcDeQ4i+LCLJO2w/soCbGww5Qp6R2k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--surenb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qTDOSeQ4; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--surenb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qTDOSeQ4" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-82c38b85ca2so358961b3a.3 for ; Sat, 21 Mar 2026 22:43:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1774158195; x=1774762995; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=NCLfYASgT0jKid/tJ2FF95GlZkyQeWGLzgzFGOQGNX4=; b=qTDOSeQ4Qtmnjgypt5z5+M6sVHCc2VQSL4OSpBiKaDJIOau0T/7F2TfinA+DHmAFC9 feD8hz5eKLzrULOZE0bbmqVgKSKAj9jm0l3w0oZc3zbHMdxvewZawYvyxgWFIz1W148S 7gHa+GJagVTctWodEboCUCemZr2N28fEGFHrEGyXZpW4Lvs4uZNImFGBvTwtUningz72 xyNDn4YoCDlRGHzDIY8mPewDG7R8kvaRH0QyS+SYknYHHLEsXBGjqa6MZ0RCIW03mncl ApyC6lIaQcFbMwdQkgN3dEIVvKyHueFOO5gJegq6Q5Yet4ENBnyo+9q/ffXC4HKRsGgH rpgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774158195; x=1774762995; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NCLfYASgT0jKid/tJ2FF95GlZkyQeWGLzgzFGOQGNX4=; b=DmZPKt/de7IdDfFKN+7w7LNpXEacTVfbx6n+tQ8982/1g3R+yvwYYeL7N+CyJj5fsn Jf5iszWlvRXjFO/EHXJQSNHkOSxg54h8prUhQbo+BBhHv/mlzsvAju+Wq/vAn1AesJ6b xfE528ht+tx2VSqbpUQ2+4HBC/dg8sBt6dXx/6Q2hhyF3/SVYXvTU/R4ANiwub8rI4zb cSeLC1H5fPHc1Nrp20rXRH0dDd8vqhbx4stPrVTGGwRm5ThP6N9Qj0akrEzTsqn9mKMT mNpZg+XIMRYrGMJYaAy56Cohl0xGIoR9J5ApbbfCz8BUCtbgpFEnm5Pv9PkeMjJboEt5 ISow== X-Forwarded-Encrypted: i=1; AJvYcCUrjJDirtrlyro1ke2z8TyxaEXKh1X53MoMQyE1PQFvRmzhKPJwRyr8l5C7hC52tKBmjhKIwRHsGmrVvRY=@vger.kernel.org X-Gm-Message-State: AOJu0YyiWZ0H5SUEABnH4iaVikjMQiKt8rXR14Bp1nyHvFIkHBxy+Om8 82kPPlPiQ+qB5yjvoW+yZRCtC+78JqBrtQWge8Y04QtELxrmLfRYgT6mbqTa35N0BQrJiWV29jt EdZqUsQ== X-Received: from pfbfb12.prod.google.com ([2002:a05:6a00:2d8c:b0:829:769a:a81]) (user=surenb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:4191:b0:829:809e:8977 with SMTP id d2e1a72fcca58-82a8c346979mr6884137b3a.49.1774158194950; Sat, 21 Mar 2026 22:43:14 -0700 (PDT) Date: Sat, 21 Mar 2026 22:43:05 -0700 In-Reply-To: <20260322054309.898214-1-surenb@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260322054309.898214-1-surenb@google.com> X-Mailer: git-send-email 2.53.0.1018.g2bb0e51243-goog Message-ID: <20260322054309.898214-2-surenb@google.com> Subject: [PATCH v4 1/4] mm/vma: cleanup error handling path in vma_expand() From: Suren Baghdasaryan To: akpm@linux-foundation.org Cc: willy@infradead.org, david@kernel.org, ziy@nvidia.com, matthew.brost@intel.com, joshua.hahnjy@gmail.com, rakie.kim@sk.com, byungchul@sk.com, gourry@gourry.net, ying.huang@linux.alibaba.com, apopple@nvidia.com, lorenzo.stoakes@oracle.com, baolin.wang@linux.alibaba.com, Liam.Howlett@oracle.com, npache@redhat.com, ryan.roberts@arm.com, dev.jain@arm.com, baohua@kernel.org, lance.yang@linux.dev, vbabka@suse.cz, jannh@google.com, rppt@kernel.org, mhocko@suse.com, pfalcato@suse.de, kees@kernel.org, maddy@linux.ibm.com, npiggin@gmail.com, mpe@ellerman.id.au, chleroy@kernel.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com, imbrenda@linux.ibm.com, hca@linux.ibm.com, gor@linux.ibm.com, agordeev@linux.ibm.com, svens@linux.ibm.com, gerald.schaefer@linux.ibm.com, linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, surenb@google.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" vma_expand() error handling is a bit confusing with "if (ret) return ret;" mixed with "if (!ret && ...) ret =3D ...;". Simplify the code to check for errors and return immediately after an operation that might fail. This also makes later changes to this function more readable. Change variable name for storing the error code from "ret" to "err". No functional change intended. Suggested-by: Jann Horn Signed-off-by: Suren Baghdasaryan Reviewed-by: Liam R. Howlett Reviewed-by: Lorenzo Stoakes Reviewed-by: Barry Song --- mm/vma.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/mm/vma.c b/mm/vma.c index a43f3c5d4b3d..ba78ab1f397a 100644 --- a/mm/vma.c +++ b/mm/vma.c @@ -1170,7 +1170,7 @@ int vma_expand(struct vma_merge_struct *vmg) vma_flags_t sticky_flags =3D vma_flags_and_mask(&vmg->vma_flags, VMA_STICKY_FLAGS); vma_flags_t target_sticky; - int ret =3D 0; + int err =3D 0; =20 mmap_assert_write_locked(vmg->mm); vma_start_write(target); @@ -1200,12 +1200,16 @@ int vma_expand(struct vma_merge_struct *vmg) * Note that, by convention, callers ignore OOM for this case, so * we don't need to account for vmg->give_up_on_mm here. */ - if (remove_next) - ret =3D dup_anon_vma(target, next, &anon_dup); - if (!ret && vmg->copied_from) - ret =3D dup_anon_vma(target, vmg->copied_from, &anon_dup); - if (ret) - return ret; + if (remove_next) { + err =3D dup_anon_vma(target, next, &anon_dup); + if (err) + return err; + } + if (vmg->copied_from) { + err =3D dup_anon_vma(target, vmg->copied_from, &anon_dup); + if (err) + return err; + } =20 if (remove_next) { vma_flags_t next_sticky; --=20 2.53.0.1018.g2bb0e51243-goog From nobody Sat Apr 4 00:05:58 2026 Received: from mail-dl1-f74.google.com (mail-dl1-f74.google.com [74.125.82.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A1E137F73F for ; Sun, 22 Mar 2026 05:43:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774158201; cv=none; b=caYqEU/Fu16M5+HKcB7+rF5xglzLQlWV5l7QDJYec8hTzCX/EgBDhSLHAR4qYTiAMzWyrDNPrXiin+Y3F+uh5JIxDR32ERQC/XkT2NfUfHDV7Mnz0da9me0hAeXYjztft44s9HG3AR8TsqHCs/WJ8Wa+aV38TvHFi3236/8Q9ok= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774158201; c=relaxed/simple; bh=DNY0X+PcFJlfUy4fhmHQZAJ9FKzE935dP7hKIXQ2fFo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=h+M4ao2+t84CWGk43ic7RXEEWichXcX+tWRFqFnNknQmATEl2iL88QgnukmHbqW4rr/epmzIHJ+TV9PlmwY1/svGNSMfYdZtwM/1aRHftOm3C+u4jJ5FtC3STQodnx6zdHH33BqQFE2liuE1JEIyWP6VEy1uKYd12IKItWubrhE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--surenb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=iVDAN8pD; arc=none smtp.client-ip=74.125.82.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--surenb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="iVDAN8pD" Received: by mail-dl1-f74.google.com with SMTP id a92af1059eb24-127133794b6so3073573c88.1 for ; Sat, 21 Mar 2026 22:43:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1774158197; x=1774762997; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=d5b6oMhN2dhkfmGBpy5mRDDv5v06S/XLpgPev0I+15w=; b=iVDAN8pDXGMxGLS8mR+t7P0WbXPZDzP0X7I8EOhsmYRF8dkZV27TacokDlCyW2yVPG y7BDXWJyOYtGbAUg0/XOQmJO9DUoP2u9NuEeDIYfahhP8M14hfOzz2x9lexOj47Gm6mS J7hBhcdjmhgdBudr/tK/wDz3sYRbUHN3cLfJGgHrXcstbSCwSjyYuAPqCN1PHC1Ln+UX f1GnFL9RHNMIAf+EGw8mosGgJFUCZ1nSWe7l1d/KkBVxVMitXr4FBdwRKxcEBHmpWEdS sQe52zSTqm/4MSNKY6NLEeUT3+WpLHjtJIfuBfU+ihyheWywQ9xTg8seL0wIXuWgQ1kK C+Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774158197; x=1774762997; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=d5b6oMhN2dhkfmGBpy5mRDDv5v06S/XLpgPev0I+15w=; b=dCX5aqQA/2ZV5rIQDt4uipXuS4a3moL2NwBZXn9mAx1HuTwxdKP+QSQgW+GOiccQZu aswBKFPx4FH9zyXP1RcGMHJNJJTdiN7wrYvFgH+TojSlTNgUw083qLDgPhuhkVJXMXQj orrSDVGPawNCY9KsyK0NJKbMxAK0GA3D/Bjzoeezat2jpmSDC0VC6E+t8o/MKEIaV1AZ xKSwU0OE8VqsR3OWofHjuGSdD2xmLaIlDAONWRzChYHNz1WuPzYerrPj/wUOXcotoPcw 5nFAg/RkVffuupcIGpQKPFS9OAJJOM3pB044RMUqHy5scUCoNz+sR6mFSm4kgoSlxhTN c56w== X-Forwarded-Encrypted: i=1; AJvYcCUDVtY6OE2775dUsdrE7YrBiXxOLPqM3fddFkOYS4y52ehf7DobSG9M+xN/suh1GJunZ217neFc0UqbKbE=@vger.kernel.org X-Gm-Message-State: AOJu0Yw3MFBXmxGFbh/2kx2fqnBHiD0CeZzeWvx8WKmv5v0VcbNnWh46 4ylGIxaBF5s+UKmIEkZyhoOkP79dTWXQZGEb8x3dvisdXYbkxF9pUzFVwHYB49KowGbcZALP3QC eCco3aQ== X-Received: from dlbts5-n2.prod.google.com ([2002:a05:7022:b045:20b0:12a:7c27:8e88]) (user=surenb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:2591:b0:127:5c54:a124 with SMTP id a92af1059eb24-12a726db50fmr3890614c88.31.1774158197165; Sat, 21 Mar 2026 22:43:17 -0700 (PDT) Date: Sat, 21 Mar 2026 22:43:06 -0700 In-Reply-To: <20260322054309.898214-1-surenb@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260322054309.898214-1-surenb@google.com> X-Mailer: git-send-email 2.53.0.1018.g2bb0e51243-goog Message-ID: <20260322054309.898214-3-surenb@google.com> Subject: [PATCH v4 2/4] mm: replace vma_start_write() with vma_start_write_killable() From: Suren Baghdasaryan To: akpm@linux-foundation.org Cc: willy@infradead.org, david@kernel.org, ziy@nvidia.com, matthew.brost@intel.com, joshua.hahnjy@gmail.com, rakie.kim@sk.com, byungchul@sk.com, gourry@gourry.net, ying.huang@linux.alibaba.com, apopple@nvidia.com, lorenzo.stoakes@oracle.com, baolin.wang@linux.alibaba.com, Liam.Howlett@oracle.com, npache@redhat.com, ryan.roberts@arm.com, dev.jain@arm.com, baohua@kernel.org, lance.yang@linux.dev, vbabka@suse.cz, jannh@google.com, rppt@kernel.org, mhocko@suse.com, pfalcato@suse.de, kees@kernel.org, maddy@linux.ibm.com, npiggin@gmail.com, mpe@ellerman.id.au, chleroy@kernel.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com, imbrenda@linux.ibm.com, hca@linux.ibm.com, gor@linux.ibm.com, agordeev@linux.ibm.com, svens@linux.ibm.com, gerald.schaefer@linux.ibm.com, linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, surenb@google.com, "Ritesh Harjani (IBM)" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that we have vma_start_write_killable() we can replace most of the vma_start_write() calls with it, improving reaction time to the kill signal. There are several places which are left untouched by this patch: 1. free_pgtables() because function should free page tables even if a fatal signal is pending. 2. process_vma_walk_lock(), which requires changes in its callers and will be handled in the next patch. 3. userfaultd code, where some paths calling vma_start_write() can handle EINTR and some can't without a deeper code refactoring. 4. mpol_rebind_mm() which is used by cpuset controller for migrations and operates on a remote mm. Incomplete operations here would result in an inconsistent cgroup state. 5. vm_flags_{set|mod|clear} require refactoring that involves moving vma_start_write() out of these functions and replacing it with vma_assert_write_locked(), then callers of these functions should lock the vma themselves using vma_start_write_killable() whenever possible. In a number of places we now lock VMA earlier than before to avoid doing work and undoing it later if a fatal signal is pending. This is safe because the moves are happening within sections where we already hold the mmap_write_lock, so the moves do not change the locking order relative to other kernel locks. Suggested-by: Matthew Wilcox Signed-off-by: Suren Baghdasaryan Reviewed-by: Ritesh Harjani (IBM) # powerpc --- arch/powerpc/kvm/book3s_hv_uvmem.c | 5 +- mm/khugepaged.c | 5 +- mm/madvise.c | 4 +- mm/memory.c | 2 + mm/mempolicy.c | 12 ++- mm/mlock.c | 28 +++++-- mm/mprotect.c | 5 +- mm/mremap.c | 4 +- mm/vma.c | 117 +++++++++++++++++++++-------- mm/vma_exec.c | 6 +- 10 files changed, 142 insertions(+), 46 deletions(-) diff --git a/arch/powerpc/kvm/book3s_hv_uvmem.c b/arch/powerpc/kvm/book3s_h= v_uvmem.c index 5fbb95d90e99..0a28b48a46b8 100644 --- a/arch/powerpc/kvm/book3s_hv_uvmem.c +++ b/arch/powerpc/kvm/book3s_hv_uvmem.c @@ -410,7 +410,10 @@ static int kvmppc_memslot_page_merge(struct kvm *kvm, ret =3D H_STATE; break; } - vma_start_write(vma); + if (vma_start_write_killable(vma)) { + ret =3D H_STATE; + break; + } /* Copy vm_flags to avoid partial modifications in ksm_madvise */ vm_flags =3D vma->vm_flags; ret =3D ksm_madvise(vma, vma->vm_start, vma->vm_end, diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 4b0e59c7c0e6..e2f263076084 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -1159,7 +1159,10 @@ static enum scan_result collapse_huge_page(struct mm= _struct *mm, unsigned long a if (result !=3D SCAN_SUCCEED) goto out_up_write; /* check if the pmd is still valid */ - vma_start_write(vma); + if (vma_start_write_killable(vma)) { + result =3D SCAN_FAIL; + goto out_up_write; + } result =3D check_pmd_still_valid(mm, address, pmd); if (result !=3D SCAN_SUCCEED) goto out_up_write; diff --git a/mm/madvise.c b/mm/madvise.c index 69708e953cf5..feaa16b0e1dc 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -175,7 +175,9 @@ static int madvise_update_vma(vm_flags_t new_flags, madv_behavior->vma =3D vma; =20 /* vm_flags is protected by the mmap_lock held in write mode. */ - vma_start_write(vma); + if (vma_start_write_killable(vma)) + return -EINTR; + vma->flags =3D new_vma_flags; if (set_new_anon_name) return replace_anon_vma_name(vma, anon_name); diff --git a/mm/memory.c b/mm/memory.c index 68cc592ff0ba..b930459e32ec 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -366,6 +366,8 @@ void free_pgd_range(struct mmu_gather *tlb, * page tables that should be removed. This can differ from the vma mappi= ngs on * some archs that may have mappings that need to be removed outside the v= mas. * Note that the prev->vm_end and next->vm_start are often used. + * We don't use vma_start_write_killable() because page tables should be f= reed + * even if the task is being killed. * * The vma_end differs from the pg_end when a dup_mmap() failed and the tr= ee has * unrelated data to the mm_struct being torn down. diff --git a/mm/mempolicy.c b/mm/mempolicy.c index e5528c35bbb8..929e843543cf 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1784,7 +1784,8 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, unsigned lon= g, start, unsigned long, le return -EINVAL; if (end =3D=3D start) return 0; - mmap_write_lock(mm); + if (mmap_write_lock_killable(mm)) + return -EINTR; prev =3D vma_prev(&vmi); for_each_vma_range(vmi, vma, end) { /* @@ -1801,13 +1802,20 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, unsigned l= ong, start, unsigned long, le err =3D -EOPNOTSUPP; break; } + /* + * Lock the VMA early to avoid extra work if fatal signal + * is pending. + */ + if (vma_start_write_killable(vma)) { + err =3D -EINTR; + break; + } new =3D mpol_dup(old); if (IS_ERR(new)) { err =3D PTR_ERR(new); break; } =20 - vma_start_write(vma); new->home_node =3D home_node; err =3D mbind_range(&vmi, vma, &prev, start, end, new); mpol_put(new); diff --git a/mm/mlock.c b/mm/mlock.c index 8c227fefa2df..efbb9c783f25 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -419,8 +419,10 @@ static int mlock_pte_range(pmd_t *pmd, unsigned long a= ddr, * * Called for mlock(), mlock2() and mlockall(), to set @vma VM_LOCKED; * called for munlock() and munlockall(), to clear VM_LOCKED from @vma. + * + * Return: 0 on success, -EINTR if fatal signal is pending. */ -static void mlock_vma_pages_range(struct vm_area_struct *vma, +static int mlock_vma_pages_range(struct vm_area_struct *vma, unsigned long start, unsigned long end, vma_flags_t *new_vma_flags) { @@ -442,7 +444,9 @@ static void mlock_vma_pages_range(struct vm_area_struct= *vma, */ if (vma_flags_test(new_vma_flags, VMA_LOCKED_BIT)) vma_flags_set(new_vma_flags, VMA_IO_BIT); - vma_start_write(vma); + if (vma_start_write_killable(vma)) + return -EINTR; + vma_flags_reset_once(vma, new_vma_flags); =20 lru_add_drain(); @@ -453,6 +457,7 @@ static void mlock_vma_pages_range(struct vm_area_struct= *vma, vma_flags_clear(new_vma_flags, VMA_IO_BIT); vma_flags_reset_once(vma, new_vma_flags); } + return 0; } =20 /* @@ -506,11 +511,13 @@ static int mlock_fixup(struct vma_iterator *vmi, stru= ct vm_area_struct *vma, */ if (vma_flags_test(&new_vma_flags, VMA_LOCKED_BIT) && vma_flags_test(&old_vma_flags, VMA_LOCKED_BIT)) { + ret =3D vma_start_write_killable(vma); + if (ret) + goto out; /* No work to do, and mlocking twice would be wrong */ - vma_start_write(vma); vma->flags =3D new_vma_flags; } else { - mlock_vma_pages_range(vma, start, end, &new_vma_flags); + ret =3D mlock_vma_pages_range(vma, start, end, &new_vma_flags); } out: *prev =3D vma; @@ -739,9 +746,18 @@ static int apply_mlockall_flags(int flags) =20 error =3D mlock_fixup(&vmi, vma, &prev, vma->vm_start, vma->vm_end, newflags); - /* Ignore errors, but prev needs fixing up. */ - if (error) + if (error) { + /* + * If we failed due to a pending fatal signal, return + * now. If we locked the vma before signal arrived, it + * will be unlocked when we drop mmap_write_lock. + */ + if (fatal_signal_pending(current)) + return -EINTR; + + /* Ignore errors, but prev needs fixing up. */ prev =3D vma; + } cond_resched(); } out: diff --git a/mm/mprotect.c b/mm/mprotect.c index 110d47a36d4b..ae6ed882b600 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -768,7 +768,10 @@ mprotect_fixup(struct vma_iterator *vmi, struct mmu_ga= ther *tlb, * vm_flags and vm_page_prot are protected by the mmap_lock * held in write mode. */ - vma_start_write(vma); + error =3D vma_start_write_killable(vma); + if (error) + goto fail; + vma_flags_reset_once(vma, &new_vma_flags); if (vma_wants_manual_pte_write_upgrade(vma)) mm_cp_flags |=3D MM_CP_TRY_CHANGE_WRITABLE; diff --git a/mm/mremap.c b/mm/mremap.c index e9c8b1d05832..dec39ec314f9 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -1356,7 +1356,9 @@ static unsigned long move_vma(struct vma_remap_struct= *vrm) return -ENOMEM; =20 /* We don't want racing faults. */ - vma_start_write(vrm->vma); + err =3D vma_start_write_killable(vrm->vma); + if (err) + return err; =20 /* Perform copy step. */ err =3D copy_vma_and_data(vrm, &new_vma); diff --git a/mm/vma.c b/mm/vma.c index ba78ab1f397a..7930a4270eb9 100644 --- a/mm/vma.c +++ b/mm/vma.c @@ -524,6 +524,17 @@ __split_vma(struct vma_iterator *vmi, struct vm_area_s= truct *vma, new->vm_pgoff +=3D ((addr - vma->vm_start) >> PAGE_SHIFT); } =20 + /* + * Lock VMAs before cloning to avoid extra work if fatal signal + * is pending. + */ + err =3D vma_start_write_killable(vma); + if (err) + goto out_free_vma; + err =3D vma_start_write_killable(new); + if (err) + goto out_free_vma; + err =3D -ENOMEM; vma_iter_config(vmi, new->vm_start, new->vm_end); if (vma_iter_prealloc(vmi, new)) @@ -543,9 +554,6 @@ __split_vma(struct vma_iterator *vmi, struct vm_area_st= ruct *vma, if (new->vm_ops && new->vm_ops->open) new->vm_ops->open(new); =20 - vma_start_write(vma); - vma_start_write(new); - init_vma_prep(&vp, vma); vp.insert =3D new; vma_prepare(&vp); @@ -900,12 +908,16 @@ static __must_check struct vm_area_struct *vma_merge_= existing_range( } =20 /* No matter what happens, we will be adjusting middle. */ - vma_start_write(middle); + err =3D vma_start_write_killable(middle); + if (err) + goto abort; =20 if (merge_right) { vma_flags_t next_sticky; =20 - vma_start_write(next); + err =3D vma_start_write_killable(next); + if (err) + goto abort; vmg->target =3D next; next_sticky =3D vma_flags_and_mask(&next->flags, VMA_STICKY_FLAGS); vma_flags_set_mask(&sticky_flags, next_sticky); @@ -914,7 +926,9 @@ static __must_check struct vm_area_struct *vma_merge_ex= isting_range( if (merge_left) { vma_flags_t prev_sticky; =20 - vma_start_write(prev); + err =3D vma_start_write_killable(prev); + if (err) + goto abort; vmg->target =3D prev; =20 prev_sticky =3D vma_flags_and_mask(&prev->flags, VMA_STICKY_FLAGS); @@ -1170,10 +1184,12 @@ int vma_expand(struct vma_merge_struct *vmg) vma_flags_t sticky_flags =3D vma_flags_and_mask(&vmg->vma_flags, VMA_STICKY_FLAGS); vma_flags_t target_sticky; - int err =3D 0; + int err; =20 mmap_assert_write_locked(vmg->mm); - vma_start_write(target); + err =3D vma_start_write_killable(target); + if (err) + return err; =20 target_sticky =3D vma_flags_and_mask(&target->flags, VMA_STICKY_FLAGS); =20 @@ -1201,6 +1217,13 @@ int vma_expand(struct vma_merge_struct *vmg) * we don't need to account for vmg->give_up_on_mm here. */ if (remove_next) { + /* + * Lock the VMA early to avoid extra work if fatal signal + * is pending. + */ + err =3D vma_start_write_killable(next); + if (err) + return err; err =3D dup_anon_vma(target, next, &anon_dup); if (err) return err; @@ -1214,7 +1237,6 @@ int vma_expand(struct vma_merge_struct *vmg) if (remove_next) { vma_flags_t next_sticky; =20 - vma_start_write(next); vmg->__remove_next =3D true; =20 next_sticky =3D vma_flags_and_mask(&next->flags, VMA_STICKY_FLAGS); @@ -1252,9 +1274,14 @@ int vma_shrink(struct vma_iterator *vmi, struct vm_a= rea_struct *vma, unsigned long start, unsigned long end, pgoff_t pgoff) { struct vma_prepare vp; + int err; =20 WARN_ON((vma->vm_start !=3D start) && (vma->vm_end !=3D end)); =20 + err =3D vma_start_write_killable(vma); + if (err) + return err; + if (vma->vm_start < start) vma_iter_config(vmi, vma->vm_start, start); else @@ -1263,8 +1290,6 @@ int vma_shrink(struct vma_iterator *vmi, struct vm_ar= ea_struct *vma, if (vma_iter_prealloc(vmi, NULL)) return -ENOMEM; =20 - vma_start_write(vma); - init_vma_prep(&vp, vma); vma_prepare(&vp); vma_adjust_trans_huge(vma, start, end, NULL); @@ -1453,7 +1478,9 @@ static int vms_gather_munmap_vmas(struct vma_munmap_s= truct *vms, if (error) goto end_split_failed; } - vma_start_write(next); + error =3D vma_start_write_killable(next); + if (error) + goto munmap_gather_failed; mas_set(mas_detach, vms->vma_count++); error =3D mas_store_gfp(mas_detach, next, GFP_KERNEL); if (error) @@ -1848,12 +1875,16 @@ static void vma_link_file(struct vm_area_struct *vm= a, bool hold_rmap_lock) static int vma_link(struct mm_struct *mm, struct vm_area_struct *vma) { VMA_ITERATOR(vmi, mm, 0); + int err; + + err =3D vma_start_write_killable(vma); + if (err) + return err; =20 vma_iter_config(&vmi, vma->vm_start, vma->vm_end); if (vma_iter_prealloc(&vmi, vma)) return -ENOMEM; =20 - vma_start_write(vma); vma_iter_store_new(&vmi, vma); vma_link_file(vma, /* hold_rmap_lock=3D */false); mm->map_count++; @@ -2239,9 +2270,8 @@ int mm_take_all_locks(struct mm_struct *mm) * is reached. */ for_each_vma(vmi, vma) { - if (signal_pending(current)) + if (signal_pending(current) || vma_start_write_killable(vma)) goto out_unlock; - vma_start_write(vma); } =20 vma_iter_init(&vmi, mm, 0); @@ -2540,8 +2570,8 @@ static int __mmap_new_vma(struct mmap_state *map, str= uct vm_area_struct **vmap, struct mmap_action *action) { struct vma_iterator *vmi =3D map->vmi; - int error =3D 0; struct vm_area_struct *vma; + int error; =20 /* * Determine the object being mapped and call the appropriate @@ -2552,6 +2582,14 @@ static int __mmap_new_vma(struct mmap_state *map, st= ruct vm_area_struct **vmap, if (!vma) return -ENOMEM; =20 + /* + * Lock the VMA early to avoid extra work if fatal signal + * is pending. + */ + error =3D vma_start_write_killable(vma); + if (error) + goto free_vma; + vma_iter_config(vmi, map->addr, map->end); vma_set_range(vma, map->addr, map->end, map->pgoff); vma->flags =3D map->vma_flags; @@ -2582,8 +2620,6 @@ static int __mmap_new_vma(struct mmap_state *map, str= uct vm_area_struct **vmap, WARN_ON_ONCE(!arch_validate_flags(map->vm_flags)); #endif =20 - /* Lock the VMA since it is modified after insertion into VMA tree */ - vma_start_write(vma); vma_iter_store_new(vmi, vma); map->mm->map_count++; vma_link_file(vma, action->hide_from_rmap_until_complete); @@ -2878,6 +2914,7 @@ int do_brk_flags(struct vma_iterator *vmi, struct vm_= area_struct *vma, unsigned long addr, unsigned long len, vma_flags_t vma_flags) { struct mm_struct *mm =3D current->mm; + int err; =20 /* * Check against address space limits by the changed size @@ -2910,24 +2947,33 @@ int do_brk_flags(struct vma_iterator *vmi, struct v= m_area_struct *vma, =20 if (vma_merge_new_range(&vmg)) goto out; - else if (vmg_nomem(&vmg)) + if (vmg_nomem(&vmg)) { + err =3D -ENOMEM; goto unacct_fail; + } } =20 if (vma) vma_iter_next_range(vmi); /* create a vma struct for an anonymous mapping */ vma =3D vm_area_alloc(mm); - if (!vma) + if (!vma) { + err =3D -ENOMEM; goto unacct_fail; + } =20 vma_set_anonymous(vma); vma_set_range(vma, addr, addr + len, addr >> PAGE_SHIFT); vma->flags =3D vma_flags; vma->vm_page_prot =3D vm_get_page_prot(vma_flags_to_legacy(vma_flags)); - vma_start_write(vma); - if (vma_iter_store_gfp(vmi, vma, GFP_KERNEL)) + if (vma_start_write_killable(vma)) { + err =3D -EINTR; + goto vma_lock_fail; + } + if (vma_iter_store_gfp(vmi, vma, GFP_KERNEL)) { + err =3D -ENOMEM; goto mas_store_fail; + } =20 mm->map_count++; validate_mm(mm); @@ -2942,10 +2988,11 @@ int do_brk_flags(struct vma_iterator *vmi, struct v= m_area_struct *vma, return 0; =20 mas_store_fail: +vma_lock_fail: vm_area_free(vma); unacct_fail: vm_unacct_memory(len >> PAGE_SHIFT); - return -ENOMEM; + return err; } =20 /** @@ -3112,8 +3159,8 @@ int expand_upwards(struct vm_area_struct *vma, unsign= ed long address) struct mm_struct *mm =3D vma->vm_mm; struct vm_area_struct *next; unsigned long gap_addr; - int error =3D 0; VMA_ITERATOR(vmi, mm, vma->vm_start); + int error; =20 if (!vma_test(vma, VMA_GROWSUP_BIT)) return -EFAULT; @@ -3149,12 +3196,14 @@ int expand_upwards(struct vm_area_struct *vma, unsi= gned long address) =20 /* We must make sure the anon_vma is allocated. */ if (unlikely(anon_vma_prepare(vma))) { - vma_iter_free(&vmi); - return -ENOMEM; + error =3D -ENOMEM; + goto vma_prep_fail; } =20 /* Lock the VMA before expanding to prevent concurrent page faults */ - vma_start_write(vma); + error =3D vma_start_write_killable(vma); + if (error) + goto vma_lock_fail; /* We update the anon VMA tree. */ anon_vma_lock_write(vma->anon_vma); =20 @@ -3183,6 +3232,8 @@ int expand_upwards(struct vm_area_struct *vma, unsign= ed long address) } } anon_vma_unlock_write(vma->anon_vma); +vma_lock_fail: +vma_prep_fail: vma_iter_free(&vmi); validate_mm(mm); return error; @@ -3197,8 +3248,8 @@ int expand_downwards(struct vm_area_struct *vma, unsi= gned long address) { struct mm_struct *mm =3D vma->vm_mm; struct vm_area_struct *prev; - int error =3D 0; VMA_ITERATOR(vmi, mm, vma->vm_start); + int error; =20 if (!vma_test(vma, VMA_GROWSDOWN_BIT)) return -EFAULT; @@ -3228,12 +3279,14 @@ int expand_downwards(struct vm_area_struct *vma, un= signed long address) =20 /* We must make sure the anon_vma is allocated. */ if (unlikely(anon_vma_prepare(vma))) { - vma_iter_free(&vmi); - return -ENOMEM; + error =3D -ENOMEM; + goto vma_prep_fail; } =20 /* Lock the VMA before expanding to prevent concurrent page faults */ - vma_start_write(vma); + error =3D vma_start_write_killable(vma); + if (error) + goto vma_lock_fail; /* We update the anon VMA tree. */ anon_vma_lock_write(vma->anon_vma); =20 @@ -3263,6 +3316,8 @@ int expand_downwards(struct vm_area_struct *vma, unsi= gned long address) } } anon_vma_unlock_write(vma->anon_vma); +vma_lock_fail: +vma_prep_fail: vma_iter_free(&vmi); validate_mm(mm); return error; diff --git a/mm/vma_exec.c b/mm/vma_exec.c index 5cee8b7efa0f..8ddcc791d828 100644 --- a/mm/vma_exec.c +++ b/mm/vma_exec.c @@ -41,6 +41,7 @@ int relocate_vma_down(struct vm_area_struct *vma, unsigne= d long shift) struct vm_area_struct *next; struct mmu_gather tlb; PAGETABLE_MOVE(pmc, vma, vma, old_start, new_start, length); + int err; =20 BUG_ON(new_start > new_end); =20 @@ -56,8 +57,9 @@ int relocate_vma_down(struct vm_area_struct *vma, unsigne= d long shift) * cover the whole range: [new_start, old_end) */ vmg.target =3D vma; - if (vma_expand(&vmg)) - return -ENOMEM; + err =3D vma_expand(&vmg); + if (err) + return err; =20 /* * move the page tables downwards, on failure we rely on --=20 2.53.0.1018.g2bb0e51243-goog From nobody Sat Apr 4 00:05:58 2026 Received: from mail-dl1-f73.google.com (mail-dl1-f73.google.com [74.125.82.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D2EC34B1A8 for ; Sun, 22 Mar 2026 05:43:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774158204; cv=none; b=Hxaf/W86X8MWh31v9C8g2ZQ0vyhVMJl7+9wzcbU731fhOmjCJw2OTEf8nY/BaA5hwOK5wT4fOVD5JRz9+V0OnscFqrwWvAK+LDXnpyywTWsuy1yxnvl+3/gwkiRjjJ4oEKp77faRhd1tKg1wKWt5nHYhaLKpS7jIfn2tiZ1FBsI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774158204; c=relaxed/simple; bh=pUtFLNM8bIVhn1C4HEgCXPw2t6WuvF6D4DtWrOoUcZE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=uoEb1L1/zoGBOfzKQEcpZS9VLl4TDc7QN2rFhzzLMZcTvWWlZQ4nqhPwzBKEw7jTMOcKKxHR66SqwGLGYVk86qpmXrDNzhiHP/yxFaA9UZXifXmvVSL4oVzoX5K2KGfDBHfzJbIoOIqAMQvepTHGCORIzJepes3WO5+9TaVKeto= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--surenb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=QLdApo9d; arc=none smtp.client-ip=74.125.82.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--surenb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QLdApo9d" Received: by mail-dl1-f73.google.com with SMTP id a92af1059eb24-127337c8e52so16082483c88.1 for ; Sat, 21 Mar 2026 22:43:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1774158199; x=1774762999; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=GvTHfHDaEeYEd5IaJalf0yvJB887/iPHMmYQM447rIU=; b=QLdApo9dPCkZ+nxKcg5Yf4uSU8WqNlWQwJZqkLijWO2ayLb557eRaVtf8M+4svxnDt gMfeiZKU2TgKgkFmIKiuuzv8ISdqLw/++zLdsVdUjgBaqMO7TGwVB1QPRXSamF/q9owj s+BvOX1ACKPySBYqQK5+KRMzYQy+gmCMebvzqaytVSimWlv9oTbzHxewTQRu16UMVsTs 40gUmFPy7ML+DU3AVFs2vJymMhH+TRiMXuVMVpqMXN1WjWI57Lyyyyby69ehc1Kk/4no 90/AQ2hbPtG/FZmJaG7Zts7euL9CHTsb+JXwLV5EYYsb1zvRxWRs4OckOvbpGaSLDj8A Mjmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774158199; x=1774762999; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GvTHfHDaEeYEd5IaJalf0yvJB887/iPHMmYQM447rIU=; b=KhELwxOlc1pBh2hFVxqUKJA50+c0jR4L3MTBHb3t6dSF3kpPQgrgAlqCcE3jhppZnz rwBW8TEYpZgyo5UA4lKOiczR/BYABww6UBifkAuzUDhvJm82CMmq0EPvV1WuMp5fDUJt 4L0ClEBKa8PxVaHiUuBliAATjh88AXWCTUkaO2sAI5MSwnUzykoJ6km6+uY46rwMUqZk m2Fg7iI5seBUhYAuce+2fe4Ik1z2zM5R94kYvkziXwRXPa70f1NKbfR78voFYZ1or1+e jUTrUiJjodCy16Dcc/VoC51vLDUFIxxdY+F6xAKO3zLlJJ5Tf4NVoeyfoNmzPBctlM0e SlWg== X-Forwarded-Encrypted: i=1; AJvYcCWxYwQT9HqbBsjDML++FP0H77xH+bLpT6SLpMkObuJ6igfim+vPFojmikmjx1qnjNSbSzWGVSx33RLcF7w=@vger.kernel.org X-Gm-Message-State: AOJu0YyRCfhxCMhX6iO20UUmgEe06Fta2G91vgs6M5f8AP/ruzKcuUpt IH6qpdnCiSFYUeh4SeXBSvg6tilcn87dAD9/ZuRFoFKuBclyOyOO/SXunCnxS1lpf/rK0CGURQs 5DLwmWQ== X-Received: from dlbvg27.prod.google.com ([2002:a05:7022:7f1b:b0:128:d754:39d]) (user=surenb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:41a8:b0:127:33e0:ea33 with SMTP id a92af1059eb24-12a726b3177mr4054533c88.22.1774158199330; Sat, 21 Mar 2026 22:43:19 -0700 (PDT) Date: Sat, 21 Mar 2026 22:43:07 -0700 In-Reply-To: <20260322054309.898214-1-surenb@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260322054309.898214-1-surenb@google.com> X-Mailer: git-send-email 2.53.0.1018.g2bb0e51243-goog Message-ID: <20260322054309.898214-4-surenb@google.com> Subject: [PATCH v4 3/4] KVM: s390: avoid kvm_s390_handle_pv() error overwrite From: Suren Baghdasaryan To: akpm@linux-foundation.org Cc: willy@infradead.org, david@kernel.org, ziy@nvidia.com, matthew.brost@intel.com, joshua.hahnjy@gmail.com, rakie.kim@sk.com, byungchul@sk.com, gourry@gourry.net, ying.huang@linux.alibaba.com, apopple@nvidia.com, lorenzo.stoakes@oracle.com, baolin.wang@linux.alibaba.com, Liam.Howlett@oracle.com, npache@redhat.com, ryan.roberts@arm.com, dev.jain@arm.com, baohua@kernel.org, lance.yang@linux.dev, vbabka@suse.cz, jannh@google.com, rppt@kernel.org, mhocko@suse.com, pfalcato@suse.de, kees@kernel.org, maddy@linux.ibm.com, npiggin@gmail.com, mpe@ellerman.id.au, chleroy@kernel.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com, imbrenda@linux.ibm.com, hca@linux.ibm.com, gor@linux.ibm.com, agordeev@linux.ibm.com, svens@linux.ibm.com, gerald.schaefer@linux.ibm.com, linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, surenb@google.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If kvm_s390_handle_pv() call fails its error code gets recorded but execution proceeds as if the call was successful. If the next call to copy_to_user() fails then the original error is overwritten. The follow-up patch adds fatal signal checks during VMA walk, which makes it possible for kvm_s390_handle_pv() to return EINTR error. Without this fix any error including EINTR can be overwritten and original error will be lost. Change error handling for kvm_s390_handle_pv() to alter normal flow once failure happens. This is consistent with how kvm_arch_vm_ioctl handles errors for other ioctl commands. Signed-off-by: Suren Baghdasaryan --- arch/s390/kvm/kvm-s390.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 3eb60aa932ec..ddad08c0926f 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -2947,6 +2947,8 @@ int kvm_arch_vm_ioctl(struct file *filp, unsigned int= ioctl, unsigned long arg) } /* must be called without kvm->lock */ r =3D kvm_s390_handle_pv(kvm, &args); + if (r) + break; if (copy_to_user(argp, &args, sizeof(args))) { r =3D -EFAULT; break; --=20 2.53.0.1018.g2bb0e51243-goog From nobody Sat Apr 4 00:05:58 2026 Received: from mail-dy1-f201.google.com (mail-dy1-f201.google.com [74.125.82.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80D3233F5BC for ; Sun, 22 Mar 2026 05:43:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774158207; cv=none; b=ZKk7cGjU7aIsx0Xsw5GaTxU+ruHkL6tK0NNZZ7sCtNZS4IiZ5qwf35NQqiNsReLECde8SydYrEwA8xpADRVlnolukrIV0kI/Gj/2ruLHVV8GpL0gqMR7yGmgtrbATdpGZQ4bh2o1u7yqD80LcqQFN8J+kojACqRj0xXKrKzDjK0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774158207; c=relaxed/simple; bh=e3gWeXeUqlHXWzHbzz4ImGosonpJ2v75QKooiU11Mi0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eIYqF0EticGgd/xnx+6PrQFXxUgu/wzI59hTkr4oNbE+qTzIoyhP2NVCPEEWwhjm4oyx98FoSwlBp/x46kSCrS2/Hj3c7TQaedVVi++Mf2cuz8YidY7uSS/3A1kl3tXvN1x8gYY4z3i1EjIR8YTwpBwrY7bc30t00qAABFqdX+4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--surenb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WLOLW2/A; arc=none smtp.client-ip=74.125.82.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--surenb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WLOLW2/A" Received: by mail-dy1-f201.google.com with SMTP id 5a478bee46e88-2bdf6fe90a9so3196648eec.1 for ; Sat, 21 Mar 2026 22:43:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1774158202; x=1774763002; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=pyZbVSMoPQsW5Fww5l9TjItBhtVQ4rSW6pB2FXRdwC8=; b=WLOLW2/AyaZEOkBGbNYcql4O4fVEXA+nfjD6oSIQtq/bAj4eotghev7zRVGu1yJ8xP 5qkbj0Z/fGzHRjNQ/Ep71dLFC6nSaQqx+jYRUDepojhxpRIbQtU5ceT3RBA+YYndwqOQ ++McDa6zTJ2y5I+sW+mOQpOZUKl0oyZdM3LCAvSbCLd5BOwDinyyo7RBAILToDgU48a9 gHciXI895qOfpleuJIxg5HEp7XXs1AVtaVa4Lx6qBH/SSJDmwfOXmguJbw9/pDua1zKX TgEfjS/PY55GtLPTm3sorywiZXQzkvJzAZRnfmskE5IDKmgqRCebaCnZ0VbOKGuBVWoJ ZzBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774158202; x=1774763002; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=pyZbVSMoPQsW5Fww5l9TjItBhtVQ4rSW6pB2FXRdwC8=; b=O9nkNBpUqWadBDIrs2G+yknWnX31PceybUAFCLrSm9GZPRJKPFSsqwNfCa4KppTrWZ HRqsCEOGVDsBZD8bLmdRuUZYHhki7cZnvaBUOPQh0Z3g1AqQKvsgGeCANmro3eynQk+F jnt67ti7x9ragpAlenF9Mlr1kslGuIqmg3K40dMCQTjmxkFKdCGcc21Zrr0ZLihjpWm8 +xn/uTwXNItaplbK7tvzM6d+CAKqkRqNGV1gjITLDsRENMLt5VdGYjIDfyeJ3Ani6a82 jMRAy5DERxhnPd/acDDi19Uev+1oYQqBvjHa2lUQh9o1IGh9+oqyv2jFTkG84D5ZyNYg hESg== X-Forwarded-Encrypted: i=1; AJvYcCXb3FbTV3qZyAyCui03WPZfnRFaSnleqwyGyW2q+ppN0Zk5sz5weBhMK5RyZjX4RTZ3lYV5P5C0RpSakA0=@vger.kernel.org X-Gm-Message-State: AOJu0Yy0oTnj7dpBBjOG0KUNP87AU8FXYjBpHdwsOAD3gF1mWxMoLgQ0 tKVdW2hXMXMTNPMNo0s3+jGahX+jqtWBZzpnf1mQiwsB/PZAGbbgUVtav9WJaW7xHCJJSgWrG0x 2ViLjGQ== X-Received: from dyx25.prod.google.com ([2002:a05:693c:8219:b0:2c0:c743:7f67]) (user=surenb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:220f:b0:119:e56b:98b9 with SMTP id a92af1059eb24-12a726bb993mr3455319c88.32.1774158201439; Sat, 21 Mar 2026 22:43:21 -0700 (PDT) Date: Sat, 21 Mar 2026 22:43:08 -0700 In-Reply-To: <20260322054309.898214-1-surenb@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260322054309.898214-1-surenb@google.com> X-Mailer: git-send-email 2.53.0.1018.g2bb0e51243-goog Message-ID: <20260322054309.898214-5-surenb@google.com> Subject: [PATCH v4 4/4] mm: use vma_start_write_killable() in process_vma_walk_lock() From: Suren Baghdasaryan To: akpm@linux-foundation.org Cc: willy@infradead.org, david@kernel.org, ziy@nvidia.com, matthew.brost@intel.com, joshua.hahnjy@gmail.com, rakie.kim@sk.com, byungchul@sk.com, gourry@gourry.net, ying.huang@linux.alibaba.com, apopple@nvidia.com, lorenzo.stoakes@oracle.com, baolin.wang@linux.alibaba.com, Liam.Howlett@oracle.com, npache@redhat.com, ryan.roberts@arm.com, dev.jain@arm.com, baohua@kernel.org, lance.yang@linux.dev, vbabka@suse.cz, jannh@google.com, rppt@kernel.org, mhocko@suse.com, pfalcato@suse.de, kees@kernel.org, maddy@linux.ibm.com, npiggin@gmail.com, mpe@ellerman.id.au, chleroy@kernel.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com, imbrenda@linux.ibm.com, hca@linux.ibm.com, gor@linux.ibm.com, agordeev@linux.ibm.com, svens@linux.ibm.com, gerald.schaefer@linux.ibm.com, linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, surenb@google.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace vma_start_write() with vma_start_write_killable() when process_vma_walk_lock() is used with PGWALK_WRLOCK option. Adjust its direct and indirect users to check for a possible error and handle it. Ensure users handle EINTR correctly and do not ignore it. Signed-off-by: Suren Baghdasaryan --- fs/proc/task_mmu.c | 5 ++++- mm/mempolicy.c | 1 + mm/pagewalk.c | 20 ++++++++++++++------ 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index e091931d7ca1..2fe3d11aad03 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -1797,6 +1797,7 @@ static ssize_t clear_refs_write(struct file *file, co= nst char __user *buf, struct clear_refs_private cp =3D { .type =3D type, }; + int err; =20 if (mmap_write_lock_killable(mm)) { count =3D -EINTR; @@ -1824,7 +1825,9 @@ static ssize_t clear_refs_write(struct file *file, co= nst char __user *buf, 0, mm, 0, -1UL); mmu_notifier_invalidate_range_start(&range); } - walk_page_range(mm, 0, -1, &clear_refs_walk_ops, &cp); + err =3D walk_page_range(mm, 0, -1, &clear_refs_walk_ops, &cp); + if (err) + count =3D err; if (type =3D=3D CLEAR_REFS_SOFT_DIRTY) { mmu_notifier_invalidate_range_end(&range); flush_tlb_mm(mm); diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 929e843543cf..bb5b0e83ce0f 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -969,6 +969,7 @@ static const struct mm_walk_ops queue_pages_lock_vma_wa= lk_ops =3D { * (a hugetlbfs page or a transparent huge page being counted as 1). * -EIO - a misplaced page found, when MPOL_MF_STRICT specified without MO= VEs. * -EFAULT - a hole in the memory range, when MPOL_MF_DISCONTIG_OK unspeci= fied. + * -EINTR - walk got terminated due to pending fatal signal. */ static long queue_pages_range(struct mm_struct *mm, unsigned long start, unsigned long= end, diff --git a/mm/pagewalk.c b/mm/pagewalk.c index eda74273c8ec..a42cd6a6d812 100644 --- a/mm/pagewalk.c +++ b/mm/pagewalk.c @@ -438,14 +438,13 @@ static inline void process_mm_walk_lock(struct mm_str= uct *mm, mmap_assert_write_locked(mm); } =20 -static inline void process_vma_walk_lock(struct vm_area_struct *vma, +static inline int process_vma_walk_lock(struct vm_area_struct *vma, enum page_walk_lock walk_lock) { #ifdef CONFIG_PER_VMA_LOCK switch (walk_lock) { case PGWALK_WRLOCK: - vma_start_write(vma); - break; + return vma_start_write_killable(vma); case PGWALK_WRLOCK_VERIFY: vma_assert_write_locked(vma); break; @@ -457,6 +456,7 @@ static inline void process_vma_walk_lock(struct vm_area= _struct *vma, break; } #endif + return 0; } =20 /* @@ -500,7 +500,9 @@ int walk_page_range_mm_unsafe(struct mm_struct *mm, uns= igned long start, if (ops->pte_hole) err =3D ops->pte_hole(start, next, -1, &walk); } else { /* inside vma */ - process_vma_walk_lock(vma, ops->walk_lock); + err =3D process_vma_walk_lock(vma, ops->walk_lock); + if (err) + break; walk.vma =3D vma; next =3D min(end, vma->vm_end); vma =3D find_vma(mm, vma->vm_end); @@ -717,6 +719,7 @@ int walk_page_range_vma_unsafe(struct vm_area_struct *v= ma, unsigned long start, .vma =3D vma, .private =3D private, }; + int err; =20 if (start >=3D end || !walk.mm) return -EINVAL; @@ -724,7 +727,9 @@ int walk_page_range_vma_unsafe(struct vm_area_struct *v= ma, unsigned long start, return -EINVAL; =20 process_mm_walk_lock(walk.mm, ops->walk_lock); - process_vma_walk_lock(vma, ops->walk_lock); + err =3D process_vma_walk_lock(vma, ops->walk_lock); + if (err) + return err; return __walk_page_range(start, end, &walk); } =20 @@ -747,6 +752,7 @@ int walk_page_vma(struct vm_area_struct *vma, const str= uct mm_walk_ops *ops, .vma =3D vma, .private =3D private, }; + int err; =20 if (!walk.mm) return -EINVAL; @@ -754,7 +760,9 @@ int walk_page_vma(struct vm_area_struct *vma, const str= uct mm_walk_ops *ops, return -EINVAL; =20 process_mm_walk_lock(walk.mm, ops->walk_lock); - process_vma_walk_lock(vma, ops->walk_lock); + err =3D process_vma_walk_lock(vma, ops->walk_lock); + if (err) + return err; return __walk_page_range(vma->vm_start, vma->vm_end, &walk); } =20 --=20 2.53.0.1018.g2bb0e51243-goog