From patchwork Wed May 17 15:04:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13245168 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CEF8C77B75 for ; Wed, 17 May 2023 15:05:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9491B90000A; Wed, 17 May 2023 11:05:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8F932900003; Wed, 17 May 2023 11:05:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7C26B90000A; Wed, 17 May 2023 11:05:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 6E2F8900003 for ; Wed, 17 May 2023 11:05:38 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 1450E1A039D for ; Wed, 17 May 2023 15:05:38 +0000 (UTC) X-FDA: 80800071156.27.3283211 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf12.hostedemail.com (Postfix) with ESMTP id 7376840031 for ; Wed, 17 May 2023 15:04:15 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=g7q6+UDZ; spf=pass (imf12.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684335855; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=aKfI7nGzD2I3Ynu22nDkf4FYJvZWwReJ+wZAUGwJk6mQyzXipRWiXpQCdZUytMv5npNrWD drDw+cOU+k0yJmzUk0Z72XIRwFw9I1EGF/nY74DCWHOe50o6N5seY1KYpYAEYy6bePoM2J Ho2ONG943U1MreRC3od9ng+nDBvjsrs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684335855; a=rsa-sha256; cv=none; b=cEg33J751JsL6McLvtYsIA5SM4tIIf+JCXrD7z8e67BlBLFtBZO7wZXOeYuNleqq3AhRjL /v0/bq3bRX9aRO/Q7jpM4BFEMQKyjTUJAclP9Tpq5IrwJwqrVFKSqItFhU0+aGr7PfjCB0 QAMwD39V/L+3wfGo71GbN0wiC8HsQGc= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=g7q6+UDZ; spf=pass (imf12.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684335854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=g7q6+UDZXgs8jKvcS5sgqJWBcVUtkmBSmQtQOteh9lAGVixpqq2tQF7ryBpToOZ3i9HlMJ bIM4eNsAW39DpHWmdx0uUjxCM/MV31DoItTZa12gfBoyH78YHPLPHPsOUgfYCU6gUvOxYy bRXZw1HfsKytQ2ulS6rdPCzCrnEY0gQ= Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com [209.85.219.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-664-mE_D4iguMWeprytTLRyXBw-1; Wed, 17 May 2023 11:04:13 -0400 X-MC-Unique: mE_D4iguMWeprytTLRyXBw-1 Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-61b636b5f90so1796946d6.1 for ; Wed, 17 May 2023 08:04:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684335853; x=1686927853; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=edglVjlipN4lhW5SleLWbOX7Z/+w/1aIJGr/McbvQgaHSsROuvk7k4aFYkfwiBDDb3 7eE62J2KIz8Tlo+beDLGgu9Z9yqjezgIbbxq/Vo/c0T7yXaHvLk5yvFHGheyNCVtWqR8 Ksa3DTKaBiiBzFp4DFotSq0meBy99Z+E5TFDjN+a+pWb+DHGrg+sTnGhgtzSQTtJJHQt SpvTbTEWpny0Ic6ev9/q3Q1xcUxYP0C8e0sgAIFx20E0pkpn/Pl7BrjPs9AsBTvb2vgb Ekfmobl9C7CDrzsFfxq/3o96lQxkVRnLJ/KZ7x6JZoXyHr/6j22U9XHhla5AErjZuSYH AkwQ== X-Gm-Message-State: AC+VfDy+AS/xFhk9KMRE+ivcUxQWgvgI99Ubi6QzYKs2+MZTVjpJpOJ4 C88KArLjaVH+7s42039Ej+bxXp4Z3VmEarI0hQL0XB5n25UHAeMn7hyAM9bAX1NYPGda6vIyYPu 5uYwwveofrDE= X-Received: by 2002:a05:6214:cc8:b0:623:5678:1285 with SMTP id 8-20020a0562140cc800b0062356781285mr5664662qvx.2.1684335852776; Wed, 17 May 2023 08:04:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4A7kugtT7Bx+EHF80tM99neHimNnRwy8AYQ2bdr/AsAi1MAhOSAI8qAPppaefRrYgb8kIRbA== X-Received: by 2002:a05:6214:cc8:b0:623:5678:1285 with SMTP id 8-20020a0562140cc800b0062356781285mr5664630qvx.2.1684335852517; Wed, 17 May 2023 08:04:12 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id u10-20020a05620a120a00b0074d4cf8f9fcsm661141qkj.107.2023.05.17.08.04.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 08:04:11 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Lorenzo Stoakes , Andrew Morton , "Liam R . Howlett" , Mark Rutland , Andrea Arcangeli , Mike Rapoport , peterx@redhat.com, Alexander Viro , linux-stable Subject: [PATCH 1/2] mm/uffd: Fix vma operation where start addr cuts part of vma Date: Wed, 17 May 2023 11:04:07 -0400 Message-Id: <20230517150408.3411044-2-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517150408.3411044-1-peterx@redhat.com> References: <20230517150408.3411044-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Stat-Signature: totzp9874ejx8hs4auc6hmkienorbj93 X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 7376840031 X-HE-Tag: 1684335855-944950 X-HE-Meta: U2FsdGVkX18C4BoWqfWWQFQ9IAJnSjh4Hqay4ZWGtH//M7BuKIxv7aJ9+HL6JUy7unzDXRdpy91wU6coPyyQ7neJlG8Qfdamz651f8uO4FZTOYqj3f4J0KUIc4VTH2P5bmY0VZrvQwbYefpEBS7RY1w6d0xr8SFWRHxJazsE86x+e/kwaDoGKbg/4/MkHx3PPVmWWjnd17B4JkqodKpufEUGtP8+fmjJ9ZqS+C22lj5Y6dzl7MHx4Q3JGnsJPva20oUJBhSrbvxr/xtVJqI6LdrKKg+tObdD+DK1ipk1UxdKUsTswOAtx+8xBHp4plgx9siuQNQVCMCq8h4Rpw70mJDBLmwgTLOy8dl+vNonIbjRDissTuU9wTOw/u1tLS6UXV5wkS5xmfY4z9rL4YLS1Au9t4qG18/HQ/9oFlQAjt8Ma/tlNTarFfko0TKiuVs/+G69uG5FSSCU807xB6odBRp4GVYR2AXrda16SJvFyEE3gSYsDlMBwZtyRl2hTX4LApj6aP5np6lXQd2rZDWqbI9zteYszoAGO+g5hKoSZi7DGwxvGD/dhtTqjxKFPAqfFR0bgf2xI6+0OqukMsiJq5mp+XRnYFa34kVCw+qJwjqjxj+/xba/aU3TTrbX8LJaW11pruZWHKEHI7FKjng0I4h2O4lnmSyn+zh6riOpA9RJfIRvpszYHgwheHzYn0CjjVD6DPKG9h1gebYrgA4uqWxoGk30J7iX2aGuZNCbpwX6dATPwhCeHHxlqSjVrtME7Za9TBxt1Kjbymi00ZRK/7Dc0JOUGAcw7xaq5r7YO4qkk9zPoRUh7dMlBCyB6UNLYDRDTL5pBAJ1K3KeZWyJ0Q0/w+Nm+WmiWziN7gb4ChM1fk6abaDNsCimAiKJmcxX7LQ9rItLjHt2STd2UrAsIWBvEQYGp7VRnpi0OCg7mz4AkwLe76JtGQ1j0mvvITiUU8rYw+RbavsYYWbM02X lUCVfNw2 wqaETvhtuQ7OoD1LkWZeUPrnjG7trBKWCMBRKprKeDEgmFbg8rD0vqs+bu7lcppSpgTYaSgw6DU7Hp/wJ31vvZtFOt9gqtSLYbZCrpSE2NMEngfB4zjDOo1kHdpfrtdOAk2gSK+7gWcezYSce2hWT66oqcMtXy8IG+sMVlKdoPjZ1PIpGDsUT7w4t95LDcdOeA2o80zR6pVzfND99fKExRJG2I3tjPwZtoqSnE9xMThyFjfdioMFbBEol3M6OJSXY8rXCtDK3lbqVjo9UiQJ6946U7NwZ5sTjl184NehibfluYGia6BNZlldk2BUX+dVBrhtHTWUZeMh4/QeAcu4WY2w2xDBb13zhVUhSr9urLRtoLHmet/xLZ5W0rVOkE3QbgXXDwXu7+zr4Jm/Tu2/jWaVds+5Cqw+48tXwlZV2Jdjxc99qFcwKLQq+uwKYVFZLOe9lRQtmZ8i4Saq1Vf21gNk5cxOtifxZGy4TszfasKG+vewiaqdsSMCoYYewhMPL0QBgz3V5HNofTEYVwH5Et72Eofhk9Mhj3WDtuJ7avAlDM2Y= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: It seems vma merging with uffd paths is broken with either register/unregister, where right now we can feed wrong parameters to vma_merge() and it's found by recent patch which moved asserts upwards in vma_merge() by Lorenzo Stoakes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ The problem is in the current code base we didn't fixup "prev" for the case where "start" address can be within the "prev" vma section. In that case we should have "prev" points to the current vma rather than the previous one when feeding to vma_merge(). This patch will eliminate the report and make sure vma_merge() calls will become legal again. One thing to mention is that the "Fixes: 29417d292bd0" below is there only to help explain where the warning can start to trigger, the real commit to fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the issue, but unfortunately we may want to keep it in Fixes too just to ease kernel backporters for easier tracking. Cc: Lorenzo Stoakes Cc: Mike Rapoport (IBM) Cc: Liam R. Howlett Reported-by: Mark Rutland Fixes: 29417d292bd0 ("mm/mmap/vma_merge: always check invariants") Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs") Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ Cc: linux-stable Signed-off-by: Peter Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- fs/userfaultfd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0fd96d6e39ce..17c8c345dac4 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1459,6 +1459,8 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; ret = 0; for_each_vma_range(vmi, vma, end) { @@ -1625,6 +1627,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; + ret = 0; for_each_vma_range(vmi, vma, end) { cond_resched();