From patchwork Wed May 17 19:09:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13245567 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFC39C77B7A for ; Wed, 17 May 2023 19:09:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7DC4D900003; Wed, 17 May 2023 15:09:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7654C280002; Wed, 17 May 2023 15:09:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5928B90000A; Wed, 17 May 2023 15:09:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 44F9D900003 for ; Wed, 17 May 2023 15:09:29 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id E5DEB1A06DD for ; Wed, 17 May 2023 19:09:28 +0000 (UTC) X-FDA: 80800685616.01.2398698 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf29.hostedemail.com (Postfix) with ESMTP id AF77812000C for ; Wed, 17 May 2023 19:09:26 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="h/dkP2+9"; spf=pass (imf29.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684350566; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=OVDA9W+iug9Yt9MTv4cvO0c49bQ2zr3wlOofBP3/JExtbToCjyCSNODNhOU3m9nZeTRa3u 3m1jpoBa2G8eeVXcFd4Yil8QT7NkOhR2eEtJjchkc1cLyKbuv4VMu9kQmAY4s06vg+nTeF T3xnwOnHwutTHpL9p4RRc6iZO83Ypb8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684350566; a=rsa-sha256; cv=none; b=Sf4DNTz1QGfyEAwaR5czhK6UbwU1Gvm6ryiMsdkgWg1e1n6gunOGS+o4WkfrNAKVSY8srO a7/orbSww9E3K9vcVAw4QwmDPMJTySl5pAuVGtbMy7EsbpBPCaCm3egrUp6RWSThS0LiuO gWL9+cdBBpqgtjLRkKkDWDCIKUl0PWo= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="h/dkP2+9"; spf=pass (imf29.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684350566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=h/dkP2+9PgDkQcuiQnCqKkcSZ7jnhT4foQpYp7duVmgckwXtAi68Ly3wKhEl3wthZW333I gIMrXHcz+2MJkVdXhvpoP3gNu4QPA8ghE+xL7gPrgZmiyvHBSm5oc+1EKX2ZI6pDla0ibf aOEJa5qibWbVlWCgrwNDrPMASJdN7rc= Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-328-968Q_tZ1Mv6shQaOqF2Z3Q-1; Wed, 17 May 2023 15:09:24 -0400 X-MC-Unique: 968Q_tZ1Mv6shQaOqF2Z3Q-1 Received: by mail-qt1-f199.google.com with SMTP id d75a77b69052e-3f39195e7e5so2360071cf.0 for ; Wed, 17 May 2023 12:09:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684350562; x=1686942562; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=lJaEXKwcpcbAWSM04uy4ke3+vxYUsj1dc6i49xokv4W6vZpwayKv8955N5F5Mj//cp YonheRS6HjNqcXPN5M9UVx7htyuwJvoNHOL1z+n6DEsOFQC9iG7dWkt3V33+OCw77x2K BGHJ3KEH4GY/uBXhVqfPGauin1dpzCkYS90h/Pmghfw2zARsU8I6uGG4lhj5jMPniS9H Dfq2/tZ1Vp9a4PRS5DpcHUvvM4DDeSanVXEtdb681BOgv0mjvHV9qwk4QMi89J7uvDoC ClQo0dgvz0dxMEnEnTnTuPPUe7cOfqJCMmDiQhp54DMtcniZfApnsiED6/4jD9Um+u0t aShw== X-Gm-Message-State: AC+VfDxZLaUy52/GN33oxnVl9nnWy7+0TMywNUzDyXhwgMtPLN/WOozD FY3bF/NUWk9Byd8x3O6hIMxplA2E1Ej73XayY0trVht1mrbkH7GAUShX6A0DlM9RbouCiVmZg5Z tfKsBWFKF8Gg= X-Received: by 2002:a05:622a:2cd:b0:3ef:4614:d0de with SMTP id a13-20020a05622a02cd00b003ef4614d0demr6995402qtx.4.1684350561787; Wed, 17 May 2023 12:09:21 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7J2wzPLNuWb2xStmEdoJDaUJKipyb+2I0xjiFg3N5ksFe4XH0shtqnXZrCduoJFkiMn/Bkjw== X-Received: by 2002:a05:622a:2cd:b0:3ef:4614:d0de with SMTP id a13-20020a05622a02cd00b003ef4614d0demr6995376qtx.4.1684350561541; Wed, 17 May 2023 12:09:21 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id k21-20020a05620a143500b0075954005b46sm833464qkj.48.2023.05.17.12.09.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 12:09:20 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Mike Rapoport , peterx@redhat.com, Alexander Viro , Andrew Morton , "Liam R . Howlett" , Andrea Arcangeli , Mark Rutland , Lorenzo Stoakes , linux-stable Subject: [PATCH v2 1/2] mm/uffd: Fix vma operation where start addr cuts part of vma Date: Wed, 17 May 2023 15:09:15 -0400 Message-Id: <20230517190916.3429499-2-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517190916.3429499-1-peterx@redhat.com> References: <20230517190916.3429499-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspamd-Queue-Id: AF77812000C X-Stat-Signature: ix3bi6ryzqyeuesypd3kbz6odrqozwao X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1684350566-777638 X-HE-Meta: U2FsdGVkX1+lsuYqp4mWy/W6kwhO4nEwRt1/6EaBFGN174lJB7FMvyY8KFYcMvWyAdrG0gbJNXHpficikXEj9B6snj9trPmWld3ps/c76JNddNQxFk7o4Ned3i2BngaYtLYkbPe9QQocws1XTqyIJz9IE2WGG6/qK8Je3i/vWajyDaHV5CT3kWLfynvL2yLche71/G5z9LQZsoDElqkrheGg7YnrkFwirg4eYHpeX56rd0szkjjlAG/HfHr9aJNZxeTDKFofgnD6FBMFqIyMokQ0sfIvD4Mdx0bvJqyoiuiRPC3zxBqbTiQwJYEMp/TEmKwCGCzVWdw9pT/hNpNYoojkLhO7nQ2rFImY4ZGK5hge+88jTV0rpQTNFNnY10/sySLoMfzjM5kTnEnwAs2kcS0zf5J2oRvZ/NiQLRilW7jlBZ8NjlMnqn7zuqMQHekr/UmUDqUfq7fC0+I+dvvn5+2lATac2VzRgLdRg1S/8ISa3Sp8iAnDvdQO5ZAvU0yvx9MG41Ea5OcAipO6ZVPzTIfLY4yVo9GdRskLHp8QIq+hQW0K/2fnedmvpZLaFavRzEWAIxjsGfh3MH46QJ49F1aTg+SZAvigC7q6CkFYtE8cEP1hFqCTJiYqU5nnS1v5iJl9kZXVAsAUGJ9BdvVF15w/fjwpwG6ka7MN4Z6G+M5/0BLHMMyXpJDdedDp42TA78rfPNbjMuJ9qE1ctHNd32Kaesw+3NcdkaHT2h9spZ2ZZkUJGyn4kR+zy2x4qbApEi4jBStiE2qW2r/OFbcC5guP7xQYnZ6ry8AGujYNhfu2VygCGOKqTKb1vf5343u2Qt4Fi9mWTZ3PJcW6DneRuSMtLeKegW6/XS/Fa/Inw+YHmnnjlSoIaab684sH8V1F+t6HdQbA383hmsSpE3MAOTmRCVXgwInDs2ZTorMFZoTCRgo7yCt79B+cp/miWR83Ieig8dDvrmmpY/HZ1Fc Fekxs05e 0R+TyGbwQ227L+/rZ1Vl7xAgr8z++7pnvHHtVKRC+4qoNzGK5x9dYY0LDGRItsgLHVXqMRnrK1rOmVVuYCS82G2CnN6VDJ7RCEpVMKmb790I36I6Du+y6/YyCLboEQ+JQ6AwRh97JF1IwViVnpNXg/Ai3wq9Myp1kyBP2hLXKbj9fdR6WO+HT5SvGAY3VFKlOwd03iE9TShzPKov7zSGnWteiIDOBYM4sb6qqVg2YR+RAu8HZTGE5yj4BvBdepGtWN9duzwzTmOklaD0yQ83P3nWbi7scMjjKIWWOI89wzh5T2G64Gw9//+cB0izxtuZrX606vs39KaA3bHZZoQSp2cIGL0LNt3ksagZx5PqSBdHR1obxhtS94ur9xYiX14bCBMNvwtmohgTmTEpuJ1CIlS3OYDLvGoNJYr7YFBXvQ8VImfy1Fkr/gxs1dpsP9cyY7bSlpKnbBonWg1uhmlP4uapdHncPZSxi2wvS9a0BV6xO3X9KMDafUHh3xjSXe3zliH9fwVFcIungrbmpl8ErPaBFgJUfRM3E4flLvR7ym5WbFpI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: It seems vma merging with uffd paths is broken with either register/unregister, where right now we can feed wrong parameters to vma_merge() and it's found by recent patch which moved asserts upwards in vma_merge() by Lorenzo Stoakes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ It's possible that "start" is contained within vma but not clamped to its start. We need to convert this into either "cannot merge" case or "can merge" case 4 which permits subdivision of prev by assigning vma to prev. As we loop, each subsequent VMA will be clamped to the start. This patch will eliminate the report and make sure vma_merge() calls will become legal again. One thing to mention is that the "Fixes: 29417d292bd0" below is there only to help explain where the warning can start to trigger, the real commit to fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the issue, but unfortunately we may want to keep it in Fixes too just to ease kernel backporters for easier tracking. Cc: Lorenzo Stoakes Cc: Mike Rapoport (IBM) Cc: Liam R. Howlett Reported-by: Mark Rutland Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Fixes: 29417d292bd0 ("mm/mmap/vma_merge: always check invariants") Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs") Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ Cc: linux-stable Signed-off-by: Peter Xu --- fs/userfaultfd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0fd96d6e39ce..17c8c345dac4 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1459,6 +1459,8 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; ret = 0; for_each_vma_range(vmi, vma, end) { @@ -1625,6 +1627,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; + ret = 0; for_each_vma_range(vmi, vma, end) { cond_resched(); From patchwork Wed May 17 19:09:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13245568 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F8D9C77B75 for ; Wed, 17 May 2023 19:09:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B122B280001; Wed, 17 May 2023 15:09:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9B4B5900009; Wed, 17 May 2023 15:09:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 653F9280001; Wed, 17 May 2023 15:09:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 46362900009 for ; Wed, 17 May 2023 15:09:29 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id DD8D41A06DA for ; Wed, 17 May 2023 19:09:28 +0000 (UTC) X-FDA: 80800685616.02.4AC022D Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf17.hostedemail.com (Postfix) with ESMTP id 9A7D040012 for ; Wed, 17 May 2023 19:09:26 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=W98rDRnr; spf=pass (imf17.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684350566; a=rsa-sha256; cv=none; b=L9DCzK+NOyA2W+WM62LVPDx6r5fb5rcwF7QfdyyjmX57ON8wyouhTEjWRrmRd8t/ALOclh vVTAlnqrgnPth6ksV65vr4yh81woaP5xuB3FCSVk5cqgKreMAtW1p0jIjUbCPZerZGIznn ltY1Kg+tKP9T3N+aCPTa4CqHhDrZiBA= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=W98rDRnr; spf=pass (imf17.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684350566; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iN+jv8msY1qYvEsq3XmStz9lSIVf2EzEiCXgZiX6HJw=; b=zfUNl+nLV3uANNE4NNRrF06DjyV4ypW1DsWVe+93INju3e4idk75koqTFbwQcFOUlNp6JW YSLmcVKxX9bVf92CObedcxFDE1TrNRdnSS/kLwEPlgpGQ6H6U2fADxX05Ih1zHiXYYzov1 veD7Td9PhMG3OkFTT507Y1GTyyB6xXg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684350565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iN+jv8msY1qYvEsq3XmStz9lSIVf2EzEiCXgZiX6HJw=; b=W98rDRnr89/PtgAOaq+HlMjbX4jkMcMl9UytYI1wj9ZPmJUANf1JjL/FKYN990Oj/f6zXY bOUSsKeWmRfK/8fchO7kCULAaRT96C3Usk1ORwRJjj9Wt182mqbD8lIatK+xoeRsnB2pl4 cRkJr3vKrZrw87m+Yz6f0Z+d8wtkl7M= Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-9-Xp7ljQ1bMya5c0BfFNr5aQ-1; Wed, 17 May 2023 15:09:24 -0400 X-MC-Unique: Xp7ljQ1bMya5c0BfFNr5aQ-1 Received: by mail-qv1-f69.google.com with SMTP id 6a1803df08f44-62387ccd3bdso1582206d6.1 for ; Wed, 17 May 2023 12:09:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684350564; x=1686942564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iN+jv8msY1qYvEsq3XmStz9lSIVf2EzEiCXgZiX6HJw=; b=T6aPEiT9eXlcpxW03fv7y3XMJK8gl2pm6D0kJrpnE8VYiWUydMwszaBOcvRBES45IS UuSbKyUPJcE4OrG3Ks2wRgNBz4NjwWKTfYvZu7IGBWFnnD5oPL8736MgPXoa6yl050P+ TCJHKhRA+BMVEclTs2N/0FgRTvHduD9xXKXQvkK+KEFjIfuG0zXjrDIgVCmG98FUDJtT F2r6PiSOYmjFfiEejr/m5JLerGDcjiuN8ZVnp4q8aXF6HH+VRg41CbEkABbbE5YQM6I8 TDWujPzj/JaMbF4P6c3NVqXb7wzdycOxLIK2MvWzG8Sc4y2DDC6+Zt7UpsseeGfbKyjq Bp4w== X-Gm-Message-State: AC+VfDzgg/f99KbjTth8rleRpEdyKpF7p8OUEaCJl9bkkNUDEgSpIx3C GOb4lfEYMOdMDglQXywZLHf0jHP+yolsNDIhegyVFhKZxxqmQ3sS2bDGzus+6Sj7QM9Pev+sTBJ UZISv0UU8ReA= X-Received: by 2002:a05:6214:c2d:b0:61b:7115:55a9 with SMTP id a13-20020a0562140c2d00b0061b711555a9mr7053384qvd.0.1684350564320; Wed, 17 May 2023 12:09:24 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5P+JGEIsxWMcDTyGW5MOqVSCkIOibsvYLwKde5Ar0gJAeQXW0Wox1vONWp1UZpJXyF/cU+Xg== X-Received: by 2002:a05:6214:c2d:b0:61b:7115:55a9 with SMTP id a13-20020a0562140c2d00b0061b711555a9mr7053354qvd.0.1684350564106; Wed, 17 May 2023 12:09:24 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id k21-20020a05620a143500b0075954005b46sm833464qkj.48.2023.05.17.12.09.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 12:09:23 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Mike Rapoport , peterx@redhat.com, Alexander Viro , Andrew Morton , "Liam R . Howlett" , Andrea Arcangeli , Mark Rutland , Lorenzo Stoakes , linux-stable Subject: [PATCH v2 2/2] mm/uffd: Allow vma to merge as much as possible Date: Wed, 17 May 2023 15:09:16 -0400 Message-Id: <20230517190916.3429499-3-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517190916.3429499-1-peterx@redhat.com> References: <20230517190916.3429499-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 9A7D040012 X-Stat-Signature: m7difdgq44i78waxdhcjwk91rhozhxss X-HE-Tag: 1684350566-727189 X-HE-Meta: U2FsdGVkX1+BCOcP8JVIIXF7lGfDRTAhjwMMe2hpEHaKxpPyso6oxwyCHUSy5MNwEssApWlaO5zTJ95kwukg5JsLll1SWb4uXrHLS/nWKtQWfcFVeDOWHWsxTcX2u95tSm84QMwUSH6OFSgO5QU47BOBIyJYEyXMWwQqHynoSMNmyKTD2+eIj2n+rP9QScNlso3Y/UU3oF0+2XT9wzRyzfSMTzPLItlV64US5HvbttILywM59YmzSgqHFsNfNhtmx2Y04Hys9xT9iVkk4RccrsHE04vNk+dO6VCR1zbI1unSC2P98VPwQBVAaB8RWP7Z2pE2nDrepaxXAQqm2ipCh9stNBBpKdcIPEgkkXp7Ja9Dtv3xFTeCNEHkErirPikUQWtrlakQXfjwS8xNWVOqsKi3NRVWNBK7bNTntCgkxhesJNmDUkr1C08A1H1CMLBBxoaEZ0nOBb7fS5kgyhhETu369mdyIwEvD6W8Vtmrkt/4e8Ss5sM/EPiY3OQO1Z//unsLOJE3BsKH4L0PyAr+FtjEX9u54JJ9HnApL7z52nRkBHbRkVc00tdASvQBJyat2uFOvYY6rsyHW3nvhoNuY6tTQ6jfC8OVbMMMj6bqRI4gKJNrQ/JG8ghRvLgQ3l3PM6Gpb+bB9AvSU5YpGVJ5beFVeXE8WGrF3sBx+G18uWWj+zlJYwUGSihYNgigh0UXzFHmuYjTUZKkGwjUmjRDoNZQh5LoYgl5Jlc0mJQRwMTqOvqGg9aQOkxe0qKbZaCogEIinVp6kY7H/a+vRj1IK2XbNxtm8WNuTqCUXkyJimxGr79ExwFl0w3LwDF+2h8dmA/CmpkNVobmQIPqS22d7skG6sKZtDZIsRw8OT0qSAqvI/KRvfKqsULL1i5kfau99W2PQsVxUCoULBeERcRpmZy5NtI1+h0iT2ufnWI8hH7HUK78fRKBaS0gqjGsXmCwlPoM1cbnuZeEM+irMCo mLb4Cck5 DsoSCaz6y6F6IkIJaGOWwYHlH4oozq747XLywgokdDrhVcew6rwr5gG3hNu9W6L8rEO1eA8dMVlveLwy8wRiV30fhT9zrHJllS0g4z20hfqZilAEJnvU80gwTNMK+BsqgjPP6pNQMjewZI2qcfRCRONLPJvuF8pH3fJLQqU4hIDVzeBR8g41Qf2K68OlE2BygsYP7SNpOY+imvphrmyAZ3C3E9LSZEHQaI5F3/ZM09JrlfHXmaZJ3b0lrdbwpF5gn6VvT4SxhtVFe0F9p4xVEeZwUYmHpclu8nVGw9tnRqDaI2hTBSKu7qlAMyMLkXUynV2vMxd9VOlhkl22qp3Eya0YTTOwZbQT5zNfIKAhWOy459E+cMWo+OSdtICxMQvkbcwXG9RnEED6/FZUvZPvUCmJcrLWTTu/O4AED6bxkfxL3TPC5+NUBeEwHMP/jyr6MUPsOsFtoufkDJ9RDaNNkJInCxCHQ2AraDEZlWc4qQ3Z87ffsO1M2c/bUnge0/VN7EPE79WqOCopHF6i75SHvUtivWczhjMd04zplRWm0GMyYjfo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We used to not pass in the pgoff correctly when register/unregister uffd regions, it caused incorrect behavior on vma merging and can cause mergeable vmas being separate after ioctls return. For example, when we have: vma1(range 0-9, with uffd), vma2(range 10-19, no uffd) Then someone unregisters uffd on range (5-9), it should logically become: vma1(range 0-4, with uffd), vma2(range 5-19, no uffd) But with current code we'll have: vma1(range 0-4, with uffd), vma3(range 5-9, no uffd), vma2(range 10-19, no uffd) This patch allows such merge to happen correctly before ioctl returns. This behavior seems to have existed since the 1st day of uffd. Since pgoff for vma_merge() is only used to identify the possibility of vma merging, meanwhile here what we did was always passing in a pgoff smaller than what we should, so there should have no other side effect besides not merging it. Let's still tentatively copy stable for this, even though I don't see anything will go wrong besides vma being split (which is mostly not user visible). Cc: Andrea Arcangeli Cc: Mike Rapoport (IBM) Cc: linux-stable Reported-by: Lorenzo Stoakes Acked-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization") Signed-off-by: Peter Xu --- fs/userfaultfd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 17c8c345dac4..4e800bb7d2ab 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1332,6 +1332,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, bool basic_ioctls; unsigned long start, end, vma_end; struct vma_iterator vmi; + pgoff_t pgoff; user_uffdio_register = (struct uffdio_register __user *) arg; @@ -1484,8 +1485,9 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_end = min(end, vma->vm_end); new_flags = (vma->vm_flags & ~__VM_UFFD_FLAGS) | vm_flags; + pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags, - vma->anon_vma, vma->vm_file, vma->vm_pgoff, + vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), ((struct vm_userfaultfd_ctx){ ctx }), anon_vma_name(vma)); @@ -1565,6 +1567,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, unsigned long start, end, vma_end; const void __user *buf = (void __user *)arg; struct vma_iterator vmi; + pgoff_t pgoff; ret = -EFAULT; if (copy_from_user(&uffdio_unregister, buf, sizeof(uffdio_unregister))) @@ -1667,8 +1670,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, uffd_wp_range(vma, start, vma_end - start, false); new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS; + pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags, - vma->anon_vma, vma->vm_file, vma->vm_pgoff, + vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), NULL_VM_UFFD_CTX, anon_vma_name(vma)); if (prev) {