Re: [PATCH stable 5.10] mm: numa: preserve PMD write permissions in migrate_misplaced_transhuge_page

[xu.xin16]

> When a process allocates a transparent huge page in its address space, and
> then enters the kernel driver via an ioctl system call, a driver (eg.
> ib_uverbs) calls the pin_user_pages_fast function to pin the process’s
> virtual addresses to physical pages. Subsequently, when the process
> accesses this pinned memory across NUMA nodes, triggering the system’s
> NUMA balancing capability, a page fault occurs and the kernel enters
> do_huge_pmd_numa_page, then it calls migrate_misplaced_transhuge_page to
> migrate the transparent huge page. However, because the memory within the
> huge page has been pinned by pin_user_pages_fast, numamigrate_isolate_page
> returns 0. migrate_misplaced_transhuge_page proceeds to the out_fail path,
> where it changes the PMD page table entry to write-protected by pte_modify.
> If the process then performs a fork operation, copy_huge_pmd is invoked.
> Due to the pinned memory, __split_huge_pmd is called to split the PMD page
> table entry into PTE page table entries. These PTEs are also set to
> write-protected. Finally, when the process writes to this memory region, a
> copy-on-write (COW) operation takes place, allocating a new physical
> memory page. This breaks the binding between the process’s virtual
> address and the pinned physical memory.
> 
> commit b191f9b106ea ("mm: numa: preserve PTE write permissions across a
> NUMA hinting fault") added write permission recovery in
> do_huge_pmd_numa_page, but did not add the same recovery in
> migrate_misplaced_transhuge_page. Later, commit d042035eaf5f ("mm/thp:
> Split huge pmds/puds if they're pinned when fork()") enforced that
> transparent huge pages with pinned memory must have their PMD page
> tables split into PTE page tables in copy_huge_pmd. After that, this
> issue started to appear.
> 
> So, the simplest way to fix this issue is to also perform the
> corresponding write permission recovery in the out_fail code path of
> migrate_misplaced_transhuge_page.
> 
> Signed-off-by: Chen Junlin <chen.junlin@xxxxxxxxxx>

It seems the latest kernel version is not affected by the issue you point out
because commit f66e2727ddfc ("mm: huge_memory: use folio_can_map_prot_numa() for pmd folio")
will make pined huge pages skip numa_balancing.

Could you please add two tags?  
1) Add a "fixes" tag (the commit that introduced this issue)
2) Cc: stable@xxxxxxxxxxxxxxx

and Could you answer which other long-term stable branches are also affected?


The patch itself seems fine; if the above questions is resolved, feel free to add:
Reviewed-by: xu xin <xu.xin16@xxxxxxxxxx>