From patchwork Mon May  3 23:43:56 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Xu <peterx@redhat.com>
X-Patchwork-Id: 12237237
Return-Path: <SRS0=6v1A=J6=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6848CC433B4
	for <linux-mm@archiver.kernel.org>; Mon,  3 May 2021 23:44:07 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 0CC79611EE
	for <linux-mm@archiver.kernel.org>; Mon,  3 May 2021 23:44:07 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0CC79611EE
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 8B6DD8D0003; Mon,  3 May 2021 19:44:06 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 7F40B8D0002; Mon,  3 May 2021 19:44:06 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 67AF58D0003; Mon,  3 May 2021 19:44:06 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0200.hostedemail.com
 [216.40.44.200])
	by kanga.kvack.org (Postfix) with ESMTP id 4E68A8D0002
	for <linux-mm@kvack.org>; Mon,  3 May 2021 19:44:06 -0400 (EDT)
Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 06E65249A
	for <linux-mm@kvack.org>; Mon,  3 May 2021 23:44:06 +0000 (UTC)
X-FDA: 78101550492.23.11BE8BA
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
	by imf03.hostedemail.com (Postfix) with ESMTP id D29F1C0007C4
	for <linux-mm@kvack.org>; Mon,  3 May 2021 23:43:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1620085445;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ABt25pzgCO1gaqcFMnixhdZW8Kc2SCW/u3hnQ6DkL1o=;
	b=dc7Iax5/KJqm2pKl9Eehhk8i27A/XiVsb3STeefTgM/DZsHaj+4jW05NMvmRDNwfNcWWwK
	ltjDq1NqE3Es5LSZNEnD3qtQyYYNy7YHDGYfPZVsfewX0mdBhc1GgIlAnF65xlEbJqF5sP
	jwWRnxBolt4McHS+RpxNtVN3ns8kZYk=
Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com
 [209.85.160.199]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-27-C_WMgh7TNqy8ewHVgLOgyQ-1; Mon, 03 May 2021 19:44:03 -0400
X-MC-Unique: C_WMgh7TNqy8ewHVgLOgyQ-1
Received: by mail-qt1-f199.google.com with SMTP id
 a15-20020a05622a02cfb02901b5e54ac2e5so2486248qtx.4
        for <linux-mm@kvack.org>; Mon, 03 May 2021 16:44:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=ABt25pzgCO1gaqcFMnixhdZW8Kc2SCW/u3hnQ6DkL1o=;
        b=jJFVafw7RuBSg/OprlSgiqS3uIq0Y7KzBl6ZTYxDaS5CtwCepg4bUCSsi4pONlaHiI
         VokQyyDyO+dUo7cBbGwaMM5l0CFDyZamVM+GDv/qZqysm5Pz0ibLO9yoDBc2Ek3zjqSF
         8B4z7UHvgI3xx0kY1vRBOe82nGm1Oy/DFAV15GvuhEXNbtWHPuAu/tsBrIxY6e3UGRts
         BjTbIoK86y4/cjZJPJT4eZNqs8nSAXSoFaQB2NiOLPzpi6YMzz39gdup6mhR0cM1akB8
         SMyROYCD0TVzjMxysCSQT5FKzcwaGS7YryQG36ViZ74oX9NOPd1fgwHLNFdXg3zfHI9G
         UcqA==
X-Gm-Message-State: AOAM533lG8FgiLT51BCPgGZXvEYAGw0dvVULP4M8TYp6oQ6lnGLgH5Gb
	9TwbT5ZKb+jVmoZGJnPORAER8EVv1hvMa6zj1G7dINyhPieyiSaX8N95xpmRT4zu/K5I2qBy51I
	uQNsm0Ou1y+fYNLZhS8ZvxeMXv5ExVmOJ4zy6D3X+SmxI6KB/aRyhK7mFRe/7
X-Received: by 2002:a05:620a:799:: with SMTP id
 25mr12553408qka.188.1620085442815;
        Mon, 03 May 2021 16:44:02 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJyvHpI4ndR9mV1KvzNSVtc1wN86uhUFbQX4EF4jyJbcv4dd7JFS0AMYcw+HYYlme5jwSVS1Rg==
X-Received: by 2002:a05:620a:799:: with SMTP id
 25mr12553383qka.188.1620085442514;
        Mon, 03 May 2021 16:44:02 -0700 (PDT)
Received: from t490s.redhat.com
 (bras-base-toroon474qw-grc-72-184-145-4-219.dsl.bell.ca. [184.145.4.219])
        by smtp.gmail.com with ESMTPSA id
 189sm7126903qkh.99.2021.05.03.16.44.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 03 May 2021 16:44:01 -0700 (PDT)
From: Peter Xu <peterx@redhat.com>
To: linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Cc: Axel Rasmussen <axelrasmussen@google.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	peterx@redhat.com,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Hugh Dickins <hughd@google.com>,
	stable@vger.kernel.org
Subject: [PATCH v2 2/2] mm/hugetlb: Fix cow where page writtable in child
Date: Mon,  3 May 2021 19:43:56 -0400
Message-Id: <20210503234356.9097-3-peterx@redhat.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210503234356.9097-1-peterx@redhat.com>
References: <20210503234356.9097-1-peterx@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: D29F1C0007C4
X-Stat-Signature: obx7whuhzdts4fkf1h1zsmubb3r7pn9c
Authentication-Results: imf03.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="dc7Iax5/";
	spf=none (imf03.hostedemail.com: domain of peterx@redhat.com has no SPF
 policy when checking 216.205.24.124) smtp.mailfrom=peterx@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
Received-SPF: none (redhat.com>: No applicable sender policy available)
 receiver=imf03; identity=mailfrom; envelope-from="<peterx@redhat.com>";
 helo=us-smtp-delivery-124.mimecast.com; client-ip=216.205.24.124
X-HE-DKIM-Result: pass/pass
X-HE-Tag: 1620085438-17392
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

When rework early cow of pinned hugetlb pages, we moved huge_ptep_get() upper
but overlooked a side effect that the huge_ptep_get() will fetch the pte after
wr-protection.  After moving it upwards, we need explicit wr-protect of child
pte or we will keep the write bit set in the child process, which could cause
data corrution where the child can write to the original page directly.

This issue can also be exposed by "memfd_test hugetlbfs" kselftest.

Cc: stable@vger.kernel.org
Fixes: 4eae4efa2c299 ("hugetlb: do early cow when page pinned on src mm")
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
---
 mm/hugetlb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index aab3a33214d10..72544ebb24f0e 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -4076,6 +4076,7 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
 				 * See Documentation/vm/mmu_notifier.rst
 				 */
 				huge_ptep_set_wrprotect(src, addr, src_pte);
+				entry = huge_pte_wrprotect(entry);
 			}
 
 			page_dup_rmap(ptepage, true);