From patchwork Tue Jan 23 14:17:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Roberts X-Patchwork-Id: 13527487 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20FC1C47258 for ; Tue, 23 Jan 2024 14:18:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 89DCD6B0081; Tue, 23 Jan 2024 09:18:14 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 84D5D6B0082; Tue, 23 Jan 2024 09:18:14 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 73CB06B0083; Tue, 23 Jan 2024 09:18:14 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 64A1A6B0081 for ; Tue, 23 Jan 2024 09:18:14 -0500 (EST) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id E1819403A2 for ; Tue, 23 Jan 2024 14:18:13 +0000 (UTC) X-FDA: 81710780466.05.B8EAF79 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf04.hostedemail.com (Postfix) with ESMTP id 3ABB740022 for ; Tue, 23 Jan 2024 14:18:11 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=none; spf=pass (imf04.hostedemail.com: domain of ryan.roberts@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=ryan.roberts@arm.com; dmarc=pass (policy=none) header.from=arm.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706019491; a=rsa-sha256; cv=none; b=5zzenun9WNOkNNMaImptZQVRglzekZ29Z5JV7DAwpDs0bxU8xtam9tJUsfqoD9dQPOyvLI kv3vWecW1qMQqjh+SoZWL+x9Iuv3iH1qX2p2DWbAQaBFwl7AtoA0kpQO+cM/mibMuzVTpC BT1V/N/jOfsucW4VS0KGn9eOjSEP6Pk= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=none; spf=pass (imf04.hostedemail.com: domain of ryan.roberts@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=ryan.roberts@arm.com; dmarc=pass (policy=none) header.from=arm.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706019491; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references; bh=6B1uX1FJTjP/kTXT6lMokENlQFc8B1yKDxwb7iJ7EzA=; b=tVCFW+Cd5SfzHkTnz19YgTylHU3do1AKBpdVniHVfeI9tE+9Q+D11nv+4lpnK1m4Gbzqv6 g5zrBJ9vdc4GDG3WN6emxddrUCapImuj9eIWPArPWfTos6t0dJDazQWD5lJDjteIsKdzOu FbUaL1KGrBDoF6cFU25+wF9idCYuIVY= Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id ACAC51FB; Tue, 23 Jan 2024 06:18:55 -0800 (PST) Received: from e125769.cambridge.arm.com (e125769.cambridge.arm.com [10.1.196.26]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 92A2D3F762; Tue, 23 Jan 2024 06:18:09 -0800 (PST) From: Ryan Roberts To: Andrew Morton , Suren Baghdasaryan , Andrea Arcangeli Cc: Ryan Roberts , linux-mm@kvack.org Subject: [PATCH v1] mm/userfaultfd: UFFDIO_MOVE implementation should use ptep_get() Date: Tue, 23 Jan 2024 14:17:55 +0000 Message-Id: <20240123141755.3836179-1-ryan.roberts@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 3ABB740022 X-Stat-Signature: rmwhyurhfr1wit9exx8dmtzuaefnaxtd X-HE-Tag: 1706019491-389037 X-HE-Meta: U2FsdGVkX1/6M3H/AvioZBRmpWSC7NDHja/A9Zl/kAgpw0PrSkS2Im5YWyawrJs41lealwSs4HJd8Z0yM/ZTanCAXMqhKPA1ZnijGByZToL+Tv4/QeUszRJlCsXfC62cXKiLY6ASELWCvPnRD+Nl2vZyw19okE1vUjkSGlfiRCVQpHTPuWJ9QrmwL9EYKJSwBvKW9fT59S78IVwBE6RYLg09xOw8mdaNbsFyRoUygSVr5zHBNos8ZKUdhQjMz9RU1RARdPC5DZB8WMcdYkMQ5lEeO6m+F81kidi8IkXS8s1dOctzPc5y0J05hN0PXnfTGgQ4rVMTk8ORTkKIVAK4ys6bu05ODr5qbyFt8wPxNmdZpG6wePH/Vv+4KixlYwAte/uxkMOwCFsCl8CL36exL5TDuliTDExyGmz5Fmi0bYuiVqCSL2N3LBRqUMbmMgdZxxTv73R9j0MmdyYjFAfeLUaNdHwZZ28Zu4LKIpoNEml5UkEpQ5tXsLew72qN3KisVcZxm/VaKK5B/Bc2x6YZTdbs9oEVZB5S0TlzZUs8o/hAz74e4Va8wark01ESbzzuiyQyFmVuCNK3VunVHuCy7W9ZE9vzxVXMhVDakIuTPg3Ze3NLV9yVcJn+xYaPELZB10Bsl1d+0GudwKslUsLwLu896+rhluviGjrl4X7JA8bCNrbkchlTdFHJZZMDDrthTQiQtpW86nlpdghgQI/XfuwOfjVgdshIVClotBLzcl4Fn0zlEiRUd27FWfpx4CYpXxFCHgFyxum/wW44rWvRNUSYCHv7XLOex1jykvlmQtJ9+IE0HEXPbgYOQBqhNWwLcaT/wJUE3fjpawRB2I6mCFbbOABzKXhNPGOFQpCC7KJ99Qv/nzDrWSHYOeMfWDJzdQWvLc7+kc9Nm+bBEkO5KOqYws9PuzWlQ5q5/aWUCcJdrA6Lks2uap9XhIx2o+UBcOtGVbsV2F3V3LGFoHn bxGVGz/4 VErk17c0k5z1Gq/SWCkBIrGRuElaHMrq6qRzTLqRt1EqZkgsOjwq+GTbgjSS/hJBq20DoiAxctAFREjZcRMObvK/6pxe9kpEBcwokmMjJPmBO73uriFAd73rmeuaGIEUnDzCO+yqhlmCK4vrMzWjQw98HbMffb0Ob9/P1wMGdMeDw6SSWOLfKmivJoQfkQ0PWtHjbrlzztTs3MUI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Commit c33c794828f2 ("mm: ptep_get() conversion") converted all (non-arch) call sites to use ptep_get() instead of doing a direct dereference of the pte. Full rationale can be found in that commit's log. Since then, UFFDIO_MOVE has been implemented which does 7 direct pte dereferences. Let's fix those up to use ptep_get(). Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Ryan Roberts Reviewed-by: Suren Baghdasaryan --- Hi All, This applies on top of v6.8-rc1. I'm hoping this can be merged into the next rc. I've asserted in the past that there is no reliable automated mechanism to catch these; I'm relying on a combination of Coccinelle (which throws up a lot of false positives) and some compiler magic to force a compiler error on dereference. But given the frequency with which new issues are coming up, I'll add it to my todo list to try to find an automated solution. Thanks, Ryan mm/userfaultfd.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) -- 2.25.1 diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 20e3b0d9cf7e..aaa7b9821342 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -891,8 +891,8 @@ static int move_present_pte(struct mm_struct *mm, double_pt_lock(dst_ptl, src_ptl); - if (!pte_same(*src_pte, orig_src_pte) || - !pte_same(*dst_pte, orig_dst_pte)) { + if (!pte_same(ptep_get(src_pte), orig_src_pte) || + !pte_same(ptep_get(dst_pte), orig_dst_pte)) { err = -EAGAIN; goto out; } @@ -935,8 +935,8 @@ static int move_swap_pte(struct mm_struct *mm, double_pt_lock(dst_ptl, src_ptl); - if (!pte_same(*src_pte, orig_src_pte) || - !pte_same(*dst_pte, orig_dst_pte)) { + if (!pte_same(ptep_get(src_pte), orig_src_pte) || + !pte_same(ptep_get(dst_pte), orig_dst_pte)) { double_pt_unlock(dst_ptl, src_ptl); return -EAGAIN; } @@ -1005,7 +1005,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, } spin_lock(dst_ptl); - orig_dst_pte = *dst_pte; + orig_dst_pte = ptep_get(dst_pte); spin_unlock(dst_ptl); if (!pte_none(orig_dst_pte)) { err = -EEXIST; @@ -1013,7 +1013,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, } spin_lock(src_ptl); - orig_src_pte = *src_pte; + orig_src_pte = ptep_get(src_pte); spin_unlock(src_ptl); if (pte_none(orig_src_pte)) { if (!(mode & UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES)) @@ -1043,7 +1043,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, * page isn't freed under us */ spin_lock(src_ptl); - if (!pte_same(orig_src_pte, *src_pte)) { + if (!pte_same(orig_src_pte, ptep_get(src_pte))) { spin_unlock(src_ptl); err = -EAGAIN; goto out;