From patchwork Sat May  1 14:41:10 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Xu <peterx@redhat.com>
X-Patchwork-Id: 12234801
Return-Path: <SRS0=nXPp=J4=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C8C87C433ED
	for <linux-mm@archiver.kernel.org>; Sat,  1 May 2021 14:41:23 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 58A236157F
	for <linux-mm@archiver.kernel.org>; Sat,  1 May 2021 14:41:23 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 58A236157F
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id D3A006B0070; Sat,  1 May 2021 10:41:22 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id CC4856B0071; Sat,  1 May 2021 10:41:22 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B651F6B0072; Sat,  1 May 2021 10:41:22 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0162.hostedemail.com
 [216.40.44.162])
	by kanga.kvack.org (Postfix) with ESMTP id 978576B0070
	for <linux-mm@kvack.org>; Sat,  1 May 2021 10:41:22 -0400 (EDT)
Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 54804363E
	for <linux-mm@kvack.org>; Sat,  1 May 2021 14:41:22 +0000 (UTC)
X-FDA: 78092925204.23.9275805
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by imf06.hostedemail.com (Postfix) with ESMTP id 4B7F0C0007C9
	for <linux-mm@kvack.org>; Sat,  1 May 2021 14:41:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1619880081;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=C/tBe8WZmkkOxqF/hwRfEFiIpzRFCG2CptqZIBKPw6Q=;
	b=Ysnc9L1IS/Bg54HQuSGmuiOfAHCNtAtdPyrEJDJ6Ooet6HcerIFoFSs4BFAjbC6KXLSq1L
	aQuqYbrwa4QjY0grJCKW3MbSS7KMNRpXztUEqbKepNNmlehcF7kRaopjQS3YCwWEoHhKiJ
	YgkajtTYIOxk2RdQaa6m1HNirRcc8qQ=
Received: from mail-io1-f71.google.com (mail-io1-f71.google.com
 [209.85.166.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-332-jLUuYYL1OcGE95m_cB0ibg-1; Sat, 01 May 2021 10:41:19 -0400
X-MC-Unique: jLUuYYL1OcGE95m_cB0ibg-1
Received: by mail-io1-f71.google.com with SMTP id
 e18-20020a5ed5120000b029041705a6ed5cso584511iom.4
        for <linux-mm@kvack.org>; Sat, 01 May 2021 07:41:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=C/tBe8WZmkkOxqF/hwRfEFiIpzRFCG2CptqZIBKPw6Q=;
        b=KiTkcUk0aPtZAnBz1ytmilIlxzIKTsl9fywbNqStWB/neg/dbINE30idpCsBc6qq3G
         q0OhDNR8plal3rN8LbVY8evV7HOcZargkhYne8upxR6n6BZijWBFj0TSQzK5bmzZb1is
         OQN75Nm0q/I5r3/IBvKyiFQNlqulIQW22XPDMy3k+niR7zvvADOPKbcD11Jph6i5uKa/
         uZwsc3QKo79b/rgSmDrAY8+OqHAYaMeeTAm1n3OsQc71AGErBWC2m7pZCE65D45BZvD2
         LwKncw1lJFRFbHDYpurw5IQqqZEqFG9P1rySB3K9SdSRnL9U7sQWcSckx5Riqe2d7EQS
         jaaA==
X-Gm-Message-State: AOAM532GgTrD9jG1fFPIA48bHQKz2B78rsmi0ThPHTucv5wMAyriqILI
	Dv1FhRQMbAQ/+KZLaNmDEbys9Oh4foc68p8frINcd/BvtF6sJoayaV9Wy87K+BXJ5sMrtD0qLJC
	wOCLTn4S/Y3xFUSzDfcNLvPUeBTMdD5nNaWVLJHtoEMYszk+oLeJH0RhqfKv2
X-Received: by 2002:a05:6e02:1c42:: with SMTP id
 d2mr7926106ilg.287.1619880078517;
        Sat, 01 May 2021 07:41:18 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJx6T9MfV4SDndTsV4uuk0FwJd2cZzRHntQUOZ5i0PdrgXvusQOFPqGUeX8DQ65+FUIWtJ1BJw==
X-Received: by 2002:a05:6e02:1c42:: with SMTP id
 d2mr7926087ilg.287.1619880078253;
        Sat, 01 May 2021 07:41:18 -0700 (PDT)
Received: from localhost.localdomain
 (bras-base-toroon474qw-grc-72-184-145-4-219.dsl.bell.ca. [184.145.4.219])
        by smtp.gmail.com with ESMTPSA id
 k2sm2649343ilq.71.2021.05.01.07.41.16
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 01 May 2021 07:41:17 -0700 (PDT)
From: Peter Xu <peterx@redhat.com>
To: linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Cc: Hugh Dickins <hughd@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Andrea Arcangeli <aarcange@redhat.com>,
	peterx@redhat.com,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Axel Rasmussen <axelrasmussen@google.com>
Subject: [PATCH 2/2] mm/hugetlb: Fix cow where page writtable in child
Date: Sat,  1 May 2021 10:41:10 -0400
Message-Id: <20210501144110.8784-3-peterx@redhat.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210501144110.8784-1-peterx@redhat.com>
References: <20210501144110.8784-1-peterx@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Authentication-Results: imf06.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Ysnc9L1I;
	dmarc=pass (policy=none) header.from=redhat.com;
	spf=none (imf06.hostedemail.com: domain of peterx@redhat.com has no SPF
 policy when checking 170.10.133.124) smtp.mailfrom=peterx@redhat.com
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 4B7F0C0007C9
X-Stat-Signature: gs35zzqf73xpfzi9aahwpmykn7hye1hx
Received-SPF: none (redhat.com>: No applicable sender policy available)
 receiver=imf06; identity=mailfrom; envelope-from="<peterx@redhat.com>";
 helo=us-smtp-delivery-124.mimecast.com; client-ip=170.10.133.124
X-HE-DKIM-Result: pass/pass
X-HE-Tag: 1619880084-542030
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

When fork() and copy hugetlb page range, we'll remember to wrprotect src pte if
needed, however we forget about the child!  Without it, the child will be able
to write to parent's pages when mapped as PROT_READ|PROT_WRITE and MAP_PRIVATE,
which will cause data corruption in the parent process.

This issue can also be exposed by "memfd_test hugetlbfs" kselftest (if it can
pass the F_SEAL_FUTURE_WRITE test first, though).

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
---
 mm/hugetlb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 629aa4c2259c8..9978fb73b8caf 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -4056,6 +4056,8 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
 				 * See Documentation/vm/mmu_notifier.rst
 				 */
 				huge_ptep_set_wrprotect(src, addr, src_pte);
+				/* Child cannot write too! */
+				entry = huge_pte_wrprotect(entry);
 			}
 
 			page_dup_rmap(ptepage, true);