From patchwork Wed Jul 12 19:56:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suren Baghdasaryan X-Patchwork-Id: 13310854 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F41ACEB64DD for ; Wed, 12 Jul 2023 19:56:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D9B58E0006; Wed, 12 Jul 2023 15:56:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 664DD8E0002; Wed, 12 Jul 2023 15:56:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4DD0B8E0006; Wed, 12 Jul 2023 15:56:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 39F908E0002 for ; Wed, 12 Jul 2023 15:56:58 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 0228CA0388 for ; Wed, 12 Jul 2023 19:56:57 +0000 (UTC) X-FDA: 81004018116.25.332E4C3 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf28.hostedemail.com (Postfix) with ESMTP id 4222CC001D for ; Wed, 12 Jul 2023 19:56:55 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=sK8Qv7jg; spf=pass (imf28.hostedemail.com: domain of 3hwWvZAYKCHoqspclZemmejc.amkjglsv-kkitYai.mpe@flex--surenb.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3hwWvZAYKCHoqspclZemmejc.amkjglsv-kkitYai.mpe@flex--surenb.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689191816; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=2BtXsjfKyBZZ4hGpVoJMLLIXywElgntexK2sVj3vQno=; b=vMJtfpMmE3Mijo4FejbhZWZoSI9NO/8hveB/kXwF11sNW4VDRWDU7mfqJTQtpafGnZeqvR ymwgbQaq5fR/ZIY2Sqj2lxmjeWcU6UM2jZaN+AoKK8dZVfn1GL1AUyCwrMMyaVcCC/69kc ++Jv8US6Oi74gk94JmHAQCqsfSyj4C0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689191816; a=rsa-sha256; cv=none; b=PXjVps1POkG1pRzqFPhh9UM47e0rqeDfHe8fZICOxRKXj5IYeKthV8mz+Dd0SNkq/M/33O guSvj4eQsNtrwbpL/43xizxN901JQV5xEMETbn8PXtRwgNwpvKuLtVq9Fpp3wZXNM1A7jq NgQvPSXS5VNXyfo6cqJgc5jeXEJPvjY= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=sK8Qv7jg; spf=pass (imf28.hostedemail.com: domain of 3hwWvZAYKCHoqspclZemmejc.amkjglsv-kkitYai.mpe@flex--surenb.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3hwWvZAYKCHoqspclZemmejc.amkjglsv-kkitYai.mpe@flex--surenb.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-57a43b50c2fso59035647b3.0 for ; Wed, 12 Jul 2023 12:56:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689191815; x=1691783815; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=2BtXsjfKyBZZ4hGpVoJMLLIXywElgntexK2sVj3vQno=; b=sK8Qv7jgQFBakMmJ76L4YwA9bGaXfKDlEpXmENSJ0IEZGo2dC+BmgF3N3EInITTrUE Iok6sB9ubdOYOq2TAsfOVa+3Hm6cFze9Abo4hMHfjKfXNl+9NS//kwmXOV6tj0cUv3sh 05ZYyZhcZjT7LR3qUxIbJhO0D6YaxWxoxPeWpsGphNLAtWPqT2ymZHXgK9TwZSuqBHLt +9/Gpa/LwODCRC4pANti+N5Y/1o6wU10fIlBnKMX7BH0d9X5MDtsY4C8ps+6/GwK+OJy MS1a/JxHHWixAuD8GqIwTg2wq5sPthIN4NFiZtinDB/kc9ouymP0mFWHsTtrvrc3+HLf B1Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689191815; x=1691783815; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=2BtXsjfKyBZZ4hGpVoJMLLIXywElgntexK2sVj3vQno=; b=E7z/ZjcsKEP1Yq4ovmrzc7oHhlVWn1ZCVJc8x/7/nBPVAk2fs/VpbNvCZssBEdPi5X 0h3b3rx08J6X2ZeOLnRODvxmuPKiXsxNs+KTY7db1ZogFPNvZfj9QgO5T5CbgQdhq3yG OONNJPdpxi3VBM5IzvKc88m3ykcB6WJsVugoWM+F4d0e8++drZp9hxeHI+IrrxF/FBOR LcZMav5AqBQl3WSDrFYHaxM7RypQ3MW1+O752mWb/mUhgZHilkofCwBxgdO50To9DGMD OWtqjOw5pshiXcdXwkdcJ+YKwiDBJRhAn7PaWJTl1G11Hb13mpFY7lG8Iyz5UEjO5nVW aAwA== X-Gm-Message-State: ABy/qLZKUepBb9f5cNqQwGsgev8hNozvX7vJOPbvxF67yFjwX2aCkm6r 0eChzjvX6QRkHGZSg4qqzqvSXvbmPa8= X-Google-Smtp-Source: APBJJlF9Q/vZpfBREpRg5ypLsgVDhpX4u3umnCxJNyVvelWjyn/NUiGUk739RK0xqeWTgDRuQ+qE9rOKyNk= X-Received: from surenb-desktop.mtv.corp.google.com ([2620:15c:211:201:cf1c:cfa6:8f82:4b58]) (user=surenb job=sendgmr) by 2002:a81:b603:0:b0:56c:e0c5:de88 with SMTP id u3-20020a81b603000000b0056ce0c5de88mr160708ywh.1.1689191815286; Wed, 12 Jul 2023 12:56:55 -0700 (PDT) Date: Wed, 12 Jul 2023 12:56:52 -0700 Mime-Version: 1.0 X-Mailer: git-send-email 2.41.0.455.g037347b96a-goog Message-ID: <20230712195652.969194-1-surenb@google.com> Subject: [PATCH 1/1] mm: fix a lockdep issue in vma_assert_write_locked From: Suren Baghdasaryan To: akpm@linux-foundation.org Cc: Liam.Howlett@oracle.com, linux-mm@kvack.org, willy@infradead.org, ldufour@linux.ibm.com, michel@lespinasse.org, jglisse@google.com, vbabka@suse.cz, paulmck@kernel.org, brauner@kernel.org, linux-kernel@vger.kernel.org, Suren Baghdasaryan , "Liam R . Howlett" , syzbot+339b02f826caafd5f7a8@syzkaller.appspotmail.com X-Rspamd-Queue-Id: 4222CC001D X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: j5rzg63fnxchp4bpz7dj8tqi3rdhbjxr X-HE-Tag: 1689191815-2221 X-HE-Meta: U2FsdGVkX1/PNUwBopl/UkJ83s3oMdO4KODWws9iXtjMY0otpfXLJKXj9e+ejBbDYDOYeof3iwlgFYmY4QheAsHhEmRx0PkRU1YORTmsOUSWhy4l9vvDbwB6M/DkZSoefr1h3roaL9EpMBRbxXVNg8VXd+yWo6k61OpNtPquQGp/nW9WZELewCRxHUAhTTI+y+8m4rhHmShOYc2G3KNA/lAzbRvIkc+MLLBi4pOVVppD/OWJ2hfPYmu280TP9WTa4giN+mfc8sDjIi1enKEI4BI06Mp9rcJLbQulIxh67l8t3V73CZMO1Tgfean/KmDC+LityAWlcWmviDZB97Q5Wl1AEMoUi1jgcnrVT3DmbjPM+a6MhVF34siXELGxC0gEVHrT6H+Tc5eJ6uL2nW3C5JOIQX0r/Su3JLxZn5kHIXEDjLQdlbXAOU/6RoQ3wp2owPtWtMbT+Col/MDEkFFbS9f+QjnCLgUYSTHLLbsMVQMVSCc2Dawo2Cq4Cj/Z5fVflBRhN87pD9Wm6zbLBXPnoHXBgvp2lu7migvuiC4jM2vNnS/A+pnSYawQbKLBiw57NxkY/soiMVX3GZsz2Y2yLI0rM7hj3Du0acubSYtyecWC+cwaFrmujVze1H7FmSJiy8FFowtNkf6JbFOfZJg961dhWX3SIFUEh80WINdddmBHAy8c+YjL/nOhkaxZqmHY3VuczSRVxVFdUcwwt00jIa3+yGYfkquH4qNHB6GcWUjjvCQgY/16WgzBoEfa6eoN+rbGebU+Trec6FsVKO9EkGgKGcg8RLy21K0eUlJO75r+pbQP7OMPjI63/Lj6sK8hyxpXjcpX55sYTMKy0LgljArBOeXghVaQBvkBI//5hsTJ55DZsQsttU9kGzz3g4yEQKk/r0FbeflguzTV5AXqcidDGOpbf3AHyXWYiPeg7O1aCHu1Ebw6KpsTD32yECFCdcElHFwwYZjQgwBOzLz YmZVJLkr KLut9EuK8rYCUjcmwS1Jcu19i6DaeyyZ2TmUANTj3zThyxileCeOLbSCvwUXtF530+Hyeqk69h7Q/54EiNHgCFV2gMjlD5vw4iRpFJQZKYBZ8MjZs4kuSsSu71RnX76oYoE+f9XYIlKfSC9UvEiwwCYo8gEwME+8qdY62S8wcV4JF02MULpCEt3jsb6+pMoAiiAuZ2WB99aQMnzyAaJqPtcSkBbUfReaR4mBYFRC+flMm/diQaPxNKHw2kPLovLXKXNKugwzy39pJ6gnk8OEofncldKL1qN/lbNSpALvdyIJ++iZqCpxUw8weKWIqg9x6WNnBjGNPA+AKl5BwivcgmMv4xjutPW1D/2KQkGvuCEmHFaIUdTPAVaSfUJqX7fxPoQABnDEsWiuLdxAqXB8/+elY9MokduMddhpwyIBQQ7pehHsxaXFRxJzkJ6KhslzA1htRjxd2QDcFg2JMeaZQG5bBIYrV+0GK4APGkZ6FqjJdmvVtgxfO9/XZpbYdREuOKhZgo6JUpD+EMz+o7kzvONajU55V4DvmB8TuHETmKE/XAVVYRJzuyNp+JqAxLn6OP62Mh4DuWwQC9VdtGBiiZt8ND0ezBCT/2FE8J9HJhXusBgyaI3DQHAD8VUnpXSVwDNoEhEz0qSpIsH5Iy1UXvJNaxso4jO2g0+PaFMBIjAnryVFzm4hyY8AIwgx8+c6SoQZzshB/7DHfRGOfjaxemGyipuSsP+IUmWSo4cZ1B42eIlOqG3wqvWDWET2lIiPBI9ZokMtWBLDy/z7E45klVyRIzQ+aHyHQLAe96sWbPyG79PLNCu50+sbfMJMZAuwmj2NA4biySV4+AdZsf4WzqHtB/uWX9BuGgO7bPHTC6bDSc232bCKCs8xY3CuRLfZNu1On6jyThCMyb1k= X-Bogosity: Ham, tests=bogofilter, spamicity=0.034418, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: __is_vma_write_locked() can be used only when mmap_lock is write-locked to guarantee vm_lock_seq and mm_lock_seq stability during the check. Therefore it asserts this condition before further checks. Because of that it can't be used unless the user expects the mmap_lock to be write-locked. vma_assert_locked() can't assume this before ensuring that VMA is not read-locked. Change the order of the checks in vma_assert_locked() to check if the VMA is read-locked first and only then assert if it's not write-locked. Fixes: 50b88b63e3e4 ("mm: handle userfaults under VMA lock") Reported-by: Liam R. Howlett Closes: https://lore.kernel.org/all/20230712022620.3yytbdh24b7i4zrn@revolver/ Reported-by: syzbot+339b02f826caafd5f7a8@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/0000000000002db68f05ffb791bc@google.com/ Signed-off-by: Suren Baghdasaryan --- include/linux/mm.h | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index 9687b48dfb1b..e3b022a66343 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -668,6 +668,7 @@ static inline void vma_end_read(struct vm_area_struct *vma) rcu_read_unlock(); } +/* WARNING! Can only be used if mmap_lock is expected to be write-locked */ static bool __is_vma_write_locked(struct vm_area_struct *vma, int *mm_lock_seq) { mmap_assert_write_locked(vma->vm_mm); @@ -707,22 +708,17 @@ static inline bool vma_try_start_write(struct vm_area_struct *vma) return true; } -static inline void vma_assert_locked(struct vm_area_struct *vma) +static inline void vma_assert_write_locked(struct vm_area_struct *vma) { int mm_lock_seq; - if (__is_vma_write_locked(vma, &mm_lock_seq)) - return; - - lockdep_assert_held(&vma->vm_lock->lock); - VM_BUG_ON_VMA(!rwsem_is_locked(&vma->vm_lock->lock), vma); + VM_BUG_ON_VMA(!__is_vma_write_locked(vma, &mm_lock_seq), vma); } -static inline void vma_assert_write_locked(struct vm_area_struct *vma) +static inline void vma_assert_locked(struct vm_area_struct *vma) { - int mm_lock_seq; - - VM_BUG_ON_VMA(!__is_vma_write_locked(vma, &mm_lock_seq), vma); + if (!rwsem_is_locked(&vma->vm_lock->lock)) + vma_assert_write_locked(vma); } static inline void vma_mark_detached(struct vm_area_struct *vma, bool detached)