From patchwork Wed May 17 19:09:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13245567 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFC39C77B7A for ; Wed, 17 May 2023 19:09:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7DC4D900003; Wed, 17 May 2023 15:09:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7654C280002; Wed, 17 May 2023 15:09:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5928B90000A; Wed, 17 May 2023 15:09:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 44F9D900003 for ; Wed, 17 May 2023 15:09:29 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id E5DEB1A06DD for ; Wed, 17 May 2023 19:09:28 +0000 (UTC) X-FDA: 80800685616.01.2398698 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf29.hostedemail.com (Postfix) with ESMTP id AF77812000C for ; Wed, 17 May 2023 19:09:26 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="h/dkP2+9"; spf=pass (imf29.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684350566; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=OVDA9W+iug9Yt9MTv4cvO0c49bQ2zr3wlOofBP3/JExtbToCjyCSNODNhOU3m9nZeTRa3u 3m1jpoBa2G8eeVXcFd4Yil8QT7NkOhR2eEtJjchkc1cLyKbuv4VMu9kQmAY4s06vg+nTeF T3xnwOnHwutTHpL9p4RRc6iZO83Ypb8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684350566; a=rsa-sha256; cv=none; b=Sf4DNTz1QGfyEAwaR5czhK6UbwU1Gvm6ryiMsdkgWg1e1n6gunOGS+o4WkfrNAKVSY8srO a7/orbSww9E3K9vcVAw4QwmDPMJTySl5pAuVGtbMy7EsbpBPCaCm3egrUp6RWSThS0LiuO gWL9+cdBBpqgtjLRkKkDWDCIKUl0PWo= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="h/dkP2+9"; spf=pass (imf29.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684350566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=h/dkP2+9PgDkQcuiQnCqKkcSZ7jnhT4foQpYp7duVmgckwXtAi68Ly3wKhEl3wthZW333I gIMrXHcz+2MJkVdXhvpoP3gNu4QPA8ghE+xL7gPrgZmiyvHBSm5oc+1EKX2ZI6pDla0ibf aOEJa5qibWbVlWCgrwNDrPMASJdN7rc= Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-328-968Q_tZ1Mv6shQaOqF2Z3Q-1; Wed, 17 May 2023 15:09:24 -0400 X-MC-Unique: 968Q_tZ1Mv6shQaOqF2Z3Q-1 Received: by mail-qt1-f199.google.com with SMTP id d75a77b69052e-3f39195e7e5so2360071cf.0 for ; Wed, 17 May 2023 12:09:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684350562; x=1686942562; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=lJaEXKwcpcbAWSM04uy4ke3+vxYUsj1dc6i49xokv4W6vZpwayKv8955N5F5Mj//cp YonheRS6HjNqcXPN5M9UVx7htyuwJvoNHOL1z+n6DEsOFQC9iG7dWkt3V33+OCw77x2K BGHJ3KEH4GY/uBXhVqfPGauin1dpzCkYS90h/Pmghfw2zARsU8I6uGG4lhj5jMPniS9H Dfq2/tZ1Vp9a4PRS5DpcHUvvM4DDeSanVXEtdb681BOgv0mjvHV9qwk4QMi89J7uvDoC ClQo0dgvz0dxMEnEnTnTuPPUe7cOfqJCMmDiQhp54DMtcniZfApnsiED6/4jD9Um+u0t aShw== X-Gm-Message-State: AC+VfDxZLaUy52/GN33oxnVl9nnWy7+0TMywNUzDyXhwgMtPLN/WOozD FY3bF/NUWk9Byd8x3O6hIMxplA2E1Ej73XayY0trVht1mrbkH7GAUShX6A0DlM9RbouCiVmZg5Z tfKsBWFKF8Gg= X-Received: by 2002:a05:622a:2cd:b0:3ef:4614:d0de with SMTP id a13-20020a05622a02cd00b003ef4614d0demr6995402qtx.4.1684350561787; Wed, 17 May 2023 12:09:21 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7J2wzPLNuWb2xStmEdoJDaUJKipyb+2I0xjiFg3N5ksFe4XH0shtqnXZrCduoJFkiMn/Bkjw== X-Received: by 2002:a05:622a:2cd:b0:3ef:4614:d0de with SMTP id a13-20020a05622a02cd00b003ef4614d0demr6995376qtx.4.1684350561541; Wed, 17 May 2023 12:09:21 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id k21-20020a05620a143500b0075954005b46sm833464qkj.48.2023.05.17.12.09.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 12:09:20 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Mike Rapoport , peterx@redhat.com, Alexander Viro , Andrew Morton , "Liam R . Howlett" , Andrea Arcangeli , Mark Rutland , Lorenzo Stoakes , linux-stable Subject: [PATCH v2 1/2] mm/uffd: Fix vma operation where start addr cuts part of vma Date: Wed, 17 May 2023 15:09:15 -0400 Message-Id: <20230517190916.3429499-2-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517190916.3429499-1-peterx@redhat.com> References: <20230517190916.3429499-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspamd-Queue-Id: AF77812000C X-Stat-Signature: ix3bi6ryzqyeuesypd3kbz6odrqozwao X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1684350566-777638 X-HE-Meta: U2FsdGVkX1+lsuYqp4mWy/W6kwhO4nEwRt1/6EaBFGN174lJB7FMvyY8KFYcMvWyAdrG0gbJNXHpficikXEj9B6snj9trPmWld3ps/c76JNddNQxFk7o4Ned3i2BngaYtLYkbPe9QQocws1XTqyIJz9IE2WGG6/qK8Je3i/vWajyDaHV5CT3kWLfynvL2yLche71/G5z9LQZsoDElqkrheGg7YnrkFwirg4eYHpeX56rd0szkjjlAG/HfHr9aJNZxeTDKFofgnD6FBMFqIyMokQ0sfIvD4Mdx0bvJqyoiuiRPC3zxBqbTiQwJYEMp/TEmKwCGCzVWdw9pT/hNpNYoojkLhO7nQ2rFImY4ZGK5hge+88jTV0rpQTNFNnY10/sySLoMfzjM5kTnEnwAs2kcS0zf5J2oRvZ/NiQLRilW7jlBZ8NjlMnqn7zuqMQHekr/UmUDqUfq7fC0+I+dvvn5+2lATac2VzRgLdRg1S/8ISa3Sp8iAnDvdQO5ZAvU0yvx9MG41Ea5OcAipO6ZVPzTIfLY4yVo9GdRskLHp8QIq+hQW0K/2fnedmvpZLaFavRzEWAIxjsGfh3MH46QJ49F1aTg+SZAvigC7q6CkFYtE8cEP1hFqCTJiYqU5nnS1v5iJl9kZXVAsAUGJ9BdvVF15w/fjwpwG6ka7MN4Z6G+M5/0BLHMMyXpJDdedDp42TA78rfPNbjMuJ9qE1ctHNd32Kaesw+3NcdkaHT2h9spZ2ZZkUJGyn4kR+zy2x4qbApEi4jBStiE2qW2r/OFbcC5guP7xQYnZ6ry8AGujYNhfu2VygCGOKqTKb1vf5343u2Qt4Fi9mWTZ3PJcW6DneRuSMtLeKegW6/XS/Fa/Inw+YHmnnjlSoIaab684sH8V1F+t6HdQbA383hmsSpE3MAOTmRCVXgwInDs2ZTorMFZoTCRgo7yCt79B+cp/miWR83Ieig8dDvrmmpY/HZ1Fc Fekxs05e 0R+TyGbwQ227L+/rZ1Vl7xAgr8z++7pnvHHtVKRC+4qoNzGK5x9dYY0LDGRItsgLHVXqMRnrK1rOmVVuYCS82G2CnN6VDJ7RCEpVMKmb790I36I6Du+y6/YyCLboEQ+JQ6AwRh97JF1IwViVnpNXg/Ai3wq9Myp1kyBP2hLXKbj9fdR6WO+HT5SvGAY3VFKlOwd03iE9TShzPKov7zSGnWteiIDOBYM4sb6qqVg2YR+RAu8HZTGE5yj4BvBdepGtWN9duzwzTmOklaD0yQ83P3nWbi7scMjjKIWWOI89wzh5T2G64Gw9//+cB0izxtuZrX606vs39KaA3bHZZoQSp2cIGL0LNt3ksagZx5PqSBdHR1obxhtS94ur9xYiX14bCBMNvwtmohgTmTEpuJ1CIlS3OYDLvGoNJYr7YFBXvQ8VImfy1Fkr/gxs1dpsP9cyY7bSlpKnbBonWg1uhmlP4uapdHncPZSxi2wvS9a0BV6xO3X9KMDafUHh3xjSXe3zliH9fwVFcIungrbmpl8ErPaBFgJUfRM3E4flLvR7ym5WbFpI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: It seems vma merging with uffd paths is broken with either register/unregister, where right now we can feed wrong parameters to vma_merge() and it's found by recent patch which moved asserts upwards in vma_merge() by Lorenzo Stoakes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ It's possible that "start" is contained within vma but not clamped to its start. We need to convert this into either "cannot merge" case or "can merge" case 4 which permits subdivision of prev by assigning vma to prev. As we loop, each subsequent VMA will be clamped to the start. This patch will eliminate the report and make sure vma_merge() calls will become legal again. One thing to mention is that the "Fixes: 29417d292bd0" below is there only to help explain where the warning can start to trigger, the real commit to fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the issue, but unfortunately we may want to keep it in Fixes too just to ease kernel backporters for easier tracking. Cc: Lorenzo Stoakes Cc: Mike Rapoport (IBM) Cc: Liam R. Howlett Reported-by: Mark Rutland Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Fixes: 29417d292bd0 ("mm/mmap/vma_merge: always check invariants") Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs") Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ Cc: linux-stable Signed-off-by: Peter Xu --- fs/userfaultfd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0fd96d6e39ce..17c8c345dac4 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1459,6 +1459,8 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; ret = 0; for_each_vma_range(vmi, vma, end) { @@ -1625,6 +1627,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; + ret = 0; for_each_vma_range(vmi, vma, end) { cond_resched();