From patchwork Thu Apr 1 18:17:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suren Baghdasaryan X-Patchwork-Id: 12179113 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB8BAC41515 for ; Thu, 1 Apr 2021 18:17:50 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4A7D060724 for ; Thu, 1 Apr 2021 18:17:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4A7D060724 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A533D6B0073; Thu, 1 Apr 2021 14:17:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A034D6B0074; Thu, 1 Apr 2021 14:17:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8CAEC6B0075; Thu, 1 Apr 2021 14:17:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0075.hostedemail.com [216.40.44.75]) by kanga.kvack.org (Postfix) with ESMTP id 747D16B0073 for ; Thu, 1 Apr 2021 14:17:49 -0400 (EDT) Received: from smtpin09.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 1BC4AD20D for ; Thu, 1 Apr 2021 18:17:49 +0000 (UTC) X-FDA: 77984606658.09.35FBD99 Received: from mail-qk1-f201.google.com (mail-qk1-f201.google.com [209.85.222.201]) by imf23.hostedemail.com (Postfix) with ESMTP id BB41AA000396 for ; Thu, 1 Apr 2021 18:17:47 +0000 (UTC) Received: by mail-qk1-f201.google.com with SMTP id 130so4296739qkm.0 for ; Thu, 01 Apr 2021 11:17:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=LPFWmJy1CR1Tecu95yi/uuh4QosZ2hRzRB/6uLDr3pg=; b=U/hIVzen7h5iBYCTINhsdvlCIxT9bQoEkiUuVj6wyA3f3yFx7A9gdg0qKC8Z+EfrFV O5YF45bNSQgokePzuLdTj89hb7rRyPSXG/OXOtZbf23vNx4W9KLI3368F0b9XRoXvM9A 2iISQ9Ss1tzF0OOqnCYY6G3Jgbj4fQZlmW7HHx2lmCViU4QkSJmxeivTAstXqOUK2+Wj mBoTrjGW218GT90ckbb1GaRsqs0WrKUiCch7pg78HAUqiV2CF5USWTfwz0YjYLhJXu+I odTxDIWm3pgKH/RnZW0gXxqfJzvJiktdKyuUQa3sc1MGzuKp9My+LPOvtJVfX7RcwT6R kNGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=LPFWmJy1CR1Tecu95yi/uuh4QosZ2hRzRB/6uLDr3pg=; b=eIo6OHyIE605bjd2hkWPobt1ZSJ2fl3pD8l9PSWsnhl/eSCA5km898NdqFXCwPScBF GKHdEDedFwA6Gb6vrn05tIWD5Uu37oyLOREYPzyvidShuw2N+nDxEMFhKMfRwsPsm6+g LvdK50WFuOVWTKkcYY76+GWLCsTvluNevl2bIb9mJvptGd4x+ATKfxA8dnt/FDBP0tU1 JS4t321oEBQ/ZvLWAukwe7r1MLAzFUAAJFfl3nhdsjl6xiojJPIwlFXGEJyqpk9w+4Ze 13BTtyAyrMBK0edYar7RAinl+aB5crOwkoD8N1mYn66A7oW/z/mmdeWgZ9+zFTx9ZG4T D36w== X-Gm-Message-State: AOAM531eOnfCkXTUxrlC4exkQepYSQkeuYUPqd0eqe4Of0ZD2cdzBU/6 b1v0BNYevbSqMIH/aj5JCuwlm5V7Djs= X-Google-Smtp-Source: ABdhPJw3F1KX4e2DJnP33lAQeo4/gq99iK78UX7Xwlo3sqgnSKgk2nmVQXajUO34F3V/0QA2K1uBVmt5inQ= X-Received: from surenb1.mtv.corp.google.com ([2620:15c:211:200:899:1066:21fc:b3c5]) (user=surenb job=sendgmr) by 2002:a0c:cb0c:: with SMTP id o12mr9357867qvk.54.1617301067902; Thu, 01 Apr 2021 11:17:47 -0700 (PDT) Date: Thu, 1 Apr 2021 11:17:36 -0700 Message-Id: <20210401181741.168763-1-surenb@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [PATCH 0/5] 4.14 backports of fixes for "CoW after fork() issue" From: Suren Baghdasaryan To: stable@vger.kernel.org Cc: gregkh@linuxfoundation.org, jannh@google.com, ktkhai@virtuozzo.com, torvalds@linux-foundation.org, shli@fb.com, namit@vmware.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-team@android.com, Suren Baghdasaryan X-Stat-Signature: uzeawtrs4ixuwwiei8n1ycwwzocyyapq X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: BB41AA000396 Received-SPF: none (flex--surenb.bounces.google.com>: No applicable sender policy available) receiver=imf23; identity=mailfrom; envelope-from="<3Sw5mYAYKCAo241oxlqyyqvo.mywvsx47-wwu5kmu.y1q@flex--surenb.bounces.google.com>"; helo=mail-qk1-f201.google.com; client-ip=209.85.222.201 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1617301067-884683 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We received a report that the copy-on-write issue repored by Jann Horn in https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 is still reproducible on 4.14 and 4.19 kernels (the first issue with the reproducer coded in vmsplice.c). I confirmed this and also that the issue was not reproducible with 5.10 kernel. I tracked the fix to the following patch introduced in 5.9 which changes the do_wp_page() logic: 09854ba94c6a 'mm: do_wp_page() simplification' I backported this patch (#2 in the series) along with 2 prerequisite patches (#1 and #4) that keep the backports clean and two followup fixes to the main patch (#3 and #5). I had to skip the following fix: feb889fb40fa 'mm: don't put pinned pages into the swap cache' because it uses page_maybe_dma_pinned() which does not exists in earlier kernels. Because pin_user_pages() does not exist there as well, I *think* we can safely skip this fix on older kernels, but I would appreciate if someone could confirm that claim. The patchset cleanly applies over: stable linux-4.14.y, tag: v4.14.228 Note: 4.14 and 4.19 backports are very similar, so while I backported only to these two versions I think backports for other versions can be done easily. Kirill Tkhai (1): mm: reuse only-pte-mapped KSM page in do_wp_page() Linus Torvalds (2): mm: do_wp_page() simplification mm: fix misplaced unlock_page in do_wp_page() Nadav Amit (1): mm/userfaultfd: fix memory corruption due to writeprotect Shaohua Li (1): userfaultfd: wp: add helper for writeprotect check include/linux/ksm.h | 7 ++++ include/linux/userfaultfd_k.h | 10 ++++++ mm/ksm.c | 30 ++++++++++++++++-- mm/memory.c | 60 ++++++++++++++++------------------- 4 files changed, 73 insertions(+), 34 deletions(-)