From patchwork Thu Nov 16 20:15:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13458259 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA93FC47071 for ; Thu, 16 Nov 2023 20:15:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2A9AF6B0492; Thu, 16 Nov 2023 15:15:57 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2584D6B046F; Thu, 16 Nov 2023 15:15:57 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0D2946B0492; Thu, 16 Nov 2023 15:15:57 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id E99476B0464 for ; Thu, 16 Nov 2023 15:15:56 -0500 (EST) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id C369D1A0D0A for ; Thu, 16 Nov 2023 20:15:56 +0000 (UTC) X-FDA: 81464923512.28.168FBD0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf04.hostedemail.com (Postfix) with ESMTP id A8D6F40008 for ; Thu, 16 Nov 2023 20:15:54 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=OONXwb8M; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf04.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1700165754; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=K5Hs9QdfwrjJDDWeQ9cxEQGj2Q5OwzhPOjdAfeINdzY=; b=mm+WuhX/i5/13fKZcy/GXzSBZ0paqwJjdIuCiuSDo4u4AsFYd21nZNpLaXjL//v3suBl1G u4/DSvUX3AMuz9aqG2GGcOXxAz0/NEctSTnQ0O5Ydy/fayz0PCsV5dlWebf0Vl6dHYKk74 mjI+mFETea4sApzIB1OvmTUyAbtREpo= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=OONXwb8M; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf04.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1700165754; a=rsa-sha256; cv=none; b=nDJYMeEKY4oShkmWM86Y2lBDCA1kt9GZpNEBXYMwxVmZtUiKvwyGMpiIXriaKHs5dlK2RX DeYIUbqZMByUxlvMPmrDPp8rS+C3+r4QOOVrENDdfj0HQFHf8HKBXNVeouBAALDrf7DwyZ bjeuvm87aMc2hOuSuyC07q72Rwm7uPY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700165753; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K5Hs9QdfwrjJDDWeQ9cxEQGj2Q5OwzhPOjdAfeINdzY=; b=OONXwb8MAFG1fQGCj4GhIQkwyqvNBxOAilJvZyYbWD+rE1tM+WltWHNmNQtb0VaaUbjDYF D/MKsXrwo7/2ogFgav0fheq+azQuGknIJPtgfh6uOXgWgjSaSWxBvhnRpMY3sNefDRzhci Oj8g99CeV0WZQhTsgBQtI3KF1SJ+h8E= Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-122-ONJfOif8OS-tOpPCE1iqeA-1; Thu, 16 Nov 2023 15:15:52 -0500 X-MC-Unique: ONJfOif8OS-tOpPCE1iqeA-1 Received: by mail-qv1-f71.google.com with SMTP id 6a1803df08f44-66ffa15d354so3241406d6.0 for ; Thu, 16 Nov 2023 12:15:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700165752; x=1700770552; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5Hs9QdfwrjJDDWeQ9cxEQGj2Q5OwzhPOjdAfeINdzY=; b=RZlQm/1+KZdkT3UiSNsCNMPk45XMk3KZv2gOFT7iwKarQ+5b9Yt8Ln8wOjxmxZsvSj g53FDy96rQvMa0IDwk8qHNpdKcd5IWRdhXhmzgT1jJSImftRbMKPZyTepEmYrDKNjfsv RCKO1Jnoecu/ustPCjrhRwIb8+G52PWWATTYkHSHSVX2QFjHsU+HitbCGnmQgiFj6P5S VhZI7BL1CebZaRwv3aO3Pim+PBsNTsRUp4YoMeWdtiw12rR24zZMDJRTutMtftM23sJB OYuWrxl+4UgREhY5OKHKFMOup70P2jMWZl9IVEpC1hsYMvRY6Ou3p0Ol5yX9xO/XlDEB IBWA== X-Gm-Message-State: AOJu0YwZIPq3Ciu4wX7qZDmR3fh0f84gM84X0iSuEqBiLGDrT4FFoevG SNN0xBkXaQ2mAQmefMMfXZqymXCICN3w5psAm09Zq/VSmRIhRVmdBEBPclj30mFcxGJcLf7FERt nKX1AvV1YC5bpZuHR0zKW+e+0jOzwBYniGpILqBwOAu3/8zOdcak10axqGtewjA0owZQE X-Received: by 2002:a05:620a:4687:b0:76d:9234:1db4 with SMTP id bq7-20020a05620a468700b0076d92341db4mr10712161qkb.7.1700165751949; Thu, 16 Nov 2023 12:15:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IGmDFvQLKh+9k0oT4EBKFDQfAkcZ4rcK4Q8PBCrNJ52LzF+uNq5CMglTWczZ0GdgxJefrjWuw== X-Received: by 2002:a05:620a:4687:b0:76d:9234:1db4 with SMTP id bq7-20020a05620a468700b0076d92341db4mr10712123qkb.7.1700165751543; Thu, 16 Nov 2023 12:15:51 -0800 (PST) Received: from x1n.redhat.com (cpe688f2e2cb7c3-cm688f2e2cb7c0.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id b19-20020a05620a271300b007659935ce64sm65524qkp.71.2023.11.16.12.15.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:15:50 -0800 (PST) From: Peter Xu To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: peterx@redhat.com, Muhammad Usama Anjum , Andrew Morton , David Hildenbrand , Andrei Vagin , syzbot+e94c5aaf7890901ebf9b@syzkaller.appspotmail.com Subject: [PATCH 1/3] mm/pagemap: Fix ioctl(PAGEMAP_SCAN) on vma check Date: Thu, 16 Nov 2023 15:15:45 -0500 Message-ID: <20231116201547.536857-2-peterx@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231116201547.536857-1-peterx@redhat.com> References: <20231116201547.536857-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: A8D6F40008 X-Stat-Signature: dtjo6aofepy1ocdh787qtxpt1449ppp4 X-HE-Tag: 1700165754-480712 X-HE-Meta: U2FsdGVkX18lhARArOAza0nLhmqvp0rxAV+RvhCkfYY6aOv0NmxFdo0evqeJxagHvsPXXctI41jsBTsr+HwD2KMe7PYLGquwiwFZ9Sg9paEyM5/G5kLf89m9kRBbf0CjdJJDidMryR9PLp0dF+t2AJX4YNcGFygTm3xdpZKEV69YP92O9VwFUAjKy/xL4OFKpnBKnN3ysNlb8sLV1J+jXi0wrsA5jyCm3v+1n3mN3xM4TM9KDY1CNJvWBkwZzGORrutM5CcYKZXGmgtCId71Pcsmm0yOqAKVmeJhElH3AHQqzpantqQrbcEd46ZtCQP9/2qIPclR84eKWrJxaDwncQ7vY9GWqU2yNy8vn4uUh78R9LPHRXQGlwBwViujFM8AOzFajUSLvHxO/lD3ir0vEVWaEX4DryupTYsU4LbByjIYQiULxOJOWlF6uxfGuoA+G4QZAPvGzHN0tIgzrgt09eVXhdwhCsDn8AJh1HV5zintknLfHNhEocWTB9ZX6dv4hONvG0ukiuHGMsEcqkx/h0rFmEIzPixjtKVXS+6pFDPolp+AWXB7i8y/71K0bXJikBoyRVASMNF8S9gTwGpmdL0jjRzmjRcYrEP9AotkKgck+BS7mfmeZ2f6IjxwS3B6ZmUgaOMQZmbveDLJE4d0FboJgNHA9B79SMzLSn2as4sCPnlRGLvtighU7J7C6xXOtcPFWa1+qvwfvjLpqAXE46c8bhqrnTkGWmT1IoYk254kDuozjosuA8VoRLV9glzalX+cjpPHgRc0IXcZyFUgBgZYcJbfQu5cfvRj5QM+A9xHS6J8pMjCVYwrtZeh8Zdw439e/KKOo6zmf12NmKI+ZLYhLK2xUD/Gu8FTdzwFckeaV5WwzNodsFWuBJBzzcRYXjvosItHU6Vlh1vDeAfbz659HHTblw1Uwc2wyiCVNJ0A3zq9EcbNvNwfy7LghxtqVQsB4ZyXTMb01+/TdO2 EVdz85Jm IY/Q3LnwJ3tz6G5kVP53JRbzk/Q2ZWlbQZCFRhlh1d1/fFdGw4XtqYtVqyk1HQWdIfsdUu4VSmXIsBgMyLYVyK1b+cZ/5Pm14UYtlr1YUiwhEx7nhNjS8y0lqbhHe9bejYnvBcp1oOKZtoI7jbIDmU80UbBZcxmWTrouR+SN465M5xGjB2n/iE5TNyEkUX944ehLkHfH4rA4YC7TlKBVMWt/q1n2sjMWBOXCSQlS7Xv21Deoc0Q60TLYVB60rfz+AmjkCLEyVNzwlEjVp6opZaQeQTDFTLM8n+l6Lr49QrSk9VDlkK7LYuYQRCmPs/ebkZS4RfDQDgoVxuRwfeMHL+97GTZZ9h/0JHYvVnWEDVO5QAb7O2DYzRp/CzVehh6kojvwmACLaigtSkXAAkFPBq0HhYjlsbwHTNvUS1UG4XUHFR8n1D7VDJ+QZhopyl7VX44gvT9tH8dbgz5DgCyEf7PKSGk+x+EF91D+pTVhjnfAM3L4JfbenzzOg5+8tbWRfZ2Fo7EWN/+boHDrxIGaqRQc4uaH2LEf8+5k7wtLA6GbJNMB8z8FMBKHc4rVQAcSvepCyLTdK1GSoCBI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The new ioctl(PAGEMAP_SCAN) relies on vma wr-protect capability provided by userfault, however in the vma test it didn't explicitly require the vma to have wr-protect function enabled, even if PM_SCAN_WP_MATCHING flag is set. It means the pagemap code can now apply uffd-wp bit to a page in the vma even if not registered to userfaultfd at all. Then in whatever way as long as the pte got written and page fault resolved, we'll apply the write bit even if uffd-wp bit is set. We'll see a pte that has both UFFD_WP and WRITE bit set. Anything later that looks up the pte for uffd-wp bit will trigger the warning: WARNING: CPU: 1 PID: 5071 at arch/x86/include/asm/pgtable.h:403 pte_uffd_wp arch/x86/include/asm/pgtable.h:403 [inline] Fix it by doing proper check over the vma attributes when PM_SCAN_WP_MATCHING is specified. Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Reported-by: syzbot+e94c5aaf7890901ebf9b@syzkaller.appspotmail.com Signed-off-by: Peter Xu Reviewed-by: David Hildenbrand Reviewed-by: Andrei Vagin Reviewed-by: Muhammad Usama Anjum --- fs/proc/task_mmu.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 51e0ec658457..e91085d79926 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -1994,15 +1994,31 @@ static int pagemap_scan_test_walk(unsigned long start, unsigned long end, struct pagemap_scan_private *p = walk->private; struct vm_area_struct *vma = walk->vma; unsigned long vma_category = 0; + bool wp_allowed = userfaultfd_wp_async(vma) && + userfaultfd_wp_use_markers(vma); - if (userfaultfd_wp_async(vma) && userfaultfd_wp_use_markers(vma)) - vma_category |= PAGE_IS_WPALLOWED; - else if (p->arg.flags & PM_SCAN_CHECK_WPASYNC) - return -EPERM; + if (!wp_allowed) { + /* User requested explicit failure over wp-async capability */ + if (p->arg.flags & PM_SCAN_CHECK_WPASYNC) + return -EPERM; + /* + * User requires wr-protect, and allows silently skipping + * unsupported vmas. + */ + if (p->arg.flags & PM_SCAN_WP_MATCHING) + return 1; + /* + * Then the request doesn't involve wr-protects at all, + * fall through to the rest checks, and allow vma walk. + */ + } if (vma->vm_flags & VM_PFNMAP) return 1; + if (wp_allowed) + vma_category |= PAGE_IS_WPALLOWED; + if (vma->vm_flags & VM_SOFTDIRTY) vma_category |= PAGE_IS_SOFT_DIRTY; From patchwork Thu Nov 16 20:15:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13458260 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 275FFC54E76 for ; Thu, 16 Nov 2023 20:15:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5BDEB6B046F; Thu, 16 Nov 2023 15:15:58 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 53E706B0498; Thu, 16 Nov 2023 15:15:58 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 36E6A6B0499; Thu, 16 Nov 2023 15:15:58 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 21CF76B046F for ; Thu, 16 Nov 2023 15:15:58 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id E931A805D2 for ; Thu, 16 Nov 2023 20:15:57 +0000 (UTC) X-FDA: 81464923554.18.7C3EEAE Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf30.hostedemail.com (Postfix) with ESMTP id D6C7480013 for ; Thu, 16 Nov 2023 20:15:55 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Ii1Az5lL; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf30.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1700165755; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rVI0G/o2WVlv6Ps9x/muR3n3l0/Wk8HAmms0O3t+e7A=; b=o6c+8mywdGqYXVdgsJZ8Ah+L1OTTHXRCbHVToSqZBAepP+Ly58EFcLZ7Xd2RI51Z9oVZ6y mx+zBtLDHDFFVD02LVPeVhveelBJQt9JdoWqscPimIb//CfE+NuiLa9Xgry6KfW4165vlo NfV6SW0wqw3zVWCFhIpUUJxijvWPCwg= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Ii1Az5lL; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf30.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1700165755; a=rsa-sha256; cv=none; b=5Bk7jSlgFs5TCmdJ7gTDWgls1pslMde6n2C9ToqUY1UZIMzpMh8whHA7mv88TMSPhozjwE VFcTbdp0g+U8SBhXninMjMHE0N76gvlyYLKNNwUoLdXJv0GOIL0j7Hnam1tj+ftM3ltxMW MtxUYX41U9YqRKKeJ0O/H1BYrq/bA18= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700165755; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rVI0G/o2WVlv6Ps9x/muR3n3l0/Wk8HAmms0O3t+e7A=; b=Ii1Az5lLM9J0xj4EDONOSftcBEZmqlUUMC8HAoJenvRFx7YW3P3KwetaBhH5sPhKFaCrPQ IfikXw5QiuzOEJ65SrMX/2N4lbMnSwxyKteJoF5de/Aw3+FFNZ/0vTxA+i754lEPfIlZtA NFCqBxC7bz+RLpwleFDFSc4L59OAVP4= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-166-UTbe9GIPNviGZ-gLQCjNSA-1; Thu, 16 Nov 2023 15:15:54 -0500 X-MC-Unique: UTbe9GIPNviGZ-gLQCjNSA-1 Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-77a02ceef95so18075985a.0 for ; Thu, 16 Nov 2023 12:15:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700165753; x=1700770553; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rVI0G/o2WVlv6Ps9x/muR3n3l0/Wk8HAmms0O3t+e7A=; b=qTlzMlEdQ7Cu12KMSAug/9OcLkBR/qt7PdnpPUN+tOzaxDBxJv1mDoC1ePlkzf1mUK 0ha0iU5IciOUBwwDhPqPgUwIFNOeCFV4LnR5aSsi16NgsaLIOOi5zgV4bZ4s0TVQhkqw H2xJdnm91LUjjAuuA4pW/O/4Dg/l29vDpAMWgLvCdyyjAVy3DjQSIx5lPbp1DI9I1ODM WCRjySBg+ixXlHg9hygEDZj238LoToGr7AQJzF6nZJ8CseYmx5bRxEMV6zh2BWjzuyd5 sk34r7HT9HHW3xYASy57IhBX2UtSVJ6w+helyArex2t3D32sB95TMwjqA8M/zXnDo3ha nx1A== X-Gm-Message-State: AOJu0Yzmpqi5tdKnavkFOlL8FmCV03SA6ZwCZ1UM1+bEl4sRJh6DnxFF 2cKRvZMRzqQuHNb8nyrlR8iNZ8u+8YIU1EDxIyMVg0iNxryulOUQxaycWuhSsxvECXXTVRU7CGk VOSMTUFKY21//F8Snv6qhZTrpY4dLh0s6F4IEMsct+YtyCKIfE5X0Xf9KCy4DqMka8EoY X-Received: by 2002:a05:620a:bd3:b0:772:5300:1c3d with SMTP id s19-20020a05620a0bd300b0077253001c3dmr9471547qki.0.1700165753286; Thu, 16 Nov 2023 12:15:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IH6NhVg5ATijtU5gZAjIsSdXlgC1Wv7DJob8yOxfAJNeWszVXZfkcVZW+Oo0riZTR5pk+BEJA== X-Received: by 2002:a05:620a:bd3:b0:772:5300:1c3d with SMTP id s19-20020a05620a0bd300b0077253001c3dmr9471523qki.0.1700165752989; Thu, 16 Nov 2023 12:15:52 -0800 (PST) Received: from x1n.redhat.com (cpe688f2e2cb7c3-cm688f2e2cb7c0.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id b19-20020a05620a271300b007659935ce64sm65524qkp.71.2023.11.16.12.15.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:15:52 -0800 (PST) From: Peter Xu To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: peterx@redhat.com, Muhammad Usama Anjum , Andrew Morton , David Hildenbrand , Andrei Vagin , syzbot+7ca4b2719dc742b8d0a4@syzkaller.appspotmail.com Subject: [PATCH 2/3] mm/pagemap: Fix wr-protect even if PM_SCAN_WP_MATCHING not set Date: Thu, 16 Nov 2023 15:15:46 -0500 Message-ID: <20231116201547.536857-3-peterx@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231116201547.536857-1-peterx@redhat.com> References: <20231116201547.536857-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D6C7480013 X-Stat-Signature: b4hum3mng13dgqtxy8obghekrq6ba7ce X-HE-Tag: 1700165755-252475 X-HE-Meta: U2FsdGVkX18Fpa6QyfU2VcOUWFG13LAgfddcZB+oH91xDAjWSl4apYzORC23+PwxrNPidiCNgV7dm1/6RFI6fw2PPrViG9K/5nb5Zkbkguu5DfPhtG5Dha9QJcLBeCERbozXjfoBE+bGrY+1mtoTyiva45sEeYUxYPhUeuJm5Ij7S8Voz8u+z62VVA8VktNEXZUCt13vE1OHlqjuQPCe0asYmJREpq2ZZ4Q35XSpo+Gm46hv/tRs0kICDQyuUlRj8CXzs0dgT87Tt681Mt6h22FIDWsyONdh9PgZDNuy/+WS4moYWS5U+vjf7OzhPLzlXpwCystc+mTR3NSdC9BwVUBe/W2QJ3V5Yg7pzcwBcqDhWc6Kx1s0Yx8+AF2Af8HTEBWB5YHMIFkQ9RXFZZgcLIe3b2rnESEvJ8QpVsOictUIfrCDSohB4HxW3Q0DLZpBwcY4g8vwrLBTTSiHGah07WVFop+JJlEU176ftiplFeCjSIDTmeiolV1owtP1Psxe+cIZDOEWP1sPGycjEyBWe7wscbP4zD0fj4LIDdci5CkRkfsQFSpbx4Epf2fslBtQuPCYKSNIgZqLI0jCfYewrct9jxy8TdFkPNsQ3erfO2sf1qryCG5chLmA/H4WkEcjYlOdfuCW/UyJnx0ehVfDKZwRJwMvUxt/n8u3exZoHOODFeI1/U02M6sBRNx68yy/I5lpcapRsfMmMnUdKsdcAGvNnow5sLACsLqxPTuppy3VXsBtUkweJeeHfMIxMnJASiAE7RePhYRibAM6o2h0IpTcEfI/jITwPAuMMwbAf64Pn40ru4RCAa2wCcQgjO9tfHJ2odgtU9yvsSY/ejP52i3ab8TCGMWBa7m3Vbwa31j7HgafV6uxMRHwzWhAojCn270gEbB90BDxe3SCxVfrJlmJQFtJXI8y9LrXyOLvRLY4PB83mrPNNDJUwulEcyi9LwVKBsOOd4oB7s52wxJ VWkdBJ4w p+UZjpRpKg5j6dcw+HbnOKcOlNngiyoHJs0THNtxlYaXu0t0WiGOgpYwnaPV39dP+7DOld3yC2ZUrP2mdpmBpqGY4UpPqBDBEESRPDmzy3FFIFOSeLQuw2ZgiYNjN8VjdkoszTTN0CAjoDZ0OiY1RUTf3jBftumpa4O1MCKpGqHGHsHlQuZFhyrwoFaqTmekGiYEVvQukRYrhzRS5Pmo7/tvURnamk4ZLrHyNyqiW3eDzvlqx0nlYCZ4Gq1MmXSsLqQzltLeuhCcbwMGZK4N4IzNkc1E+rEGvyyPHiQV7fqpIBLPhJVhvcYCYC8IVQyY0dKUDfqRuYmtGs9MSbBmA9La2twbXV+Hl3xSnPCjI59D+XzZTQzbT9E/yE+HYW6kgsY1UioNsVnQUYBhw08hRKepY+j9ltpAOawGZL7gP5/ZVesqGBcHALwQbTX7gL5y5ZoS05p0l8oin/mQP34Fs919mdgsnYB5nw8OtDIWrZE95IW7valcGtFdlH/SPz21WM+BaMsWoPXiiaxwtlp5RYnU651rB7i1l/vSGduphn9hrXssrmT8V09+jQx/5KihQjpCQIc2gijVMwvo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The new pagemap ioctl contains a fast path for wr-protections without looking into category masks. It forgets to check PM_SCAN_WP_MATCHING before applying the wr-protections. It can cause, e.g., pte markers installed on archs that do not even support uffd wr-protect. WARNING: CPU: 0 PID: 5059 at mm/memory.c:1520 zap_pte_range mm/memory.c:1520 [inline] Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag") Reported-by: syzbot+7ca4b2719dc742b8d0a4@syzkaller.appspotmail.com Signed-off-by: Peter Xu Reviewed-by: David Hildenbrand Reviewed-by: Andrei Vagin --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index e91085d79926..d19924bf0a39 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -2171,7 +2171,7 @@ static int pagemap_scan_pmd_entry(pmd_t *pmd, unsigned long start, return 0; } - if (!p->vec_out) { + if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) { /* Fast path for performing exclusive WP */ for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { if (pte_uffd_wp(ptep_get(pte))) From patchwork Thu Nov 16 20:15:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13458261 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50171C47071 for ; Thu, 16 Nov 2023 20:16:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8EA656B0498; Thu, 16 Nov 2023 15:15:59 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 89AAF6B049B; Thu, 16 Nov 2023 15:15:59 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6ED4F6B049C; Thu, 16 Nov 2023 15:15:59 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 56EEF6B0498 for ; Thu, 16 Nov 2023 15:15:59 -0500 (EST) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 334AF808B0 for ; Thu, 16 Nov 2023 20:15:59 +0000 (UTC) X-FDA: 81464923638.09.A39DF68 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf05.hostedemail.com (Postfix) with ESMTP id 15244100012 for ; Thu, 16 Nov 2023 20:15:56 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=LeHVayb9; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf05.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1700165757; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QIfhkJ5q+MuBUNqDP7+llj85JgVyRPSym9vvMGwkwM8=; b=T//XVA/M0sB7isOnIg/O6jYsafVe5Lna2cXkWbZZmWYnk00VqArAIExSpIzU9bOD6eLP67 7Q0Tc70sAyL+4FYC4abCEPhvNjRyOhW32DS0dsDwhDOYpF+oH9xqaKmBFKrAUQOfpoNkLL LT3XVLSMABaS5QFnFFY8vfDRxHOXr4M= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=LeHVayb9; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf05.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1700165757; a=rsa-sha256; cv=none; b=df9AO4n2YJ9r5BkGR62zNO0+pC2ZK/KgSsddiuYixKwEN3kzupl4kELZrmwgF0FJVQfESM pmMYsi2Ozz57S9m7Z5KolKyQaqjMbKox0y+1WnZrziGyIsDaWL9xgx+NgbOxWdmwos5Joz yy2enqDw0Z4uQ1hXxwXlAG2+Ror0ATU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700165756; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QIfhkJ5q+MuBUNqDP7+llj85JgVyRPSym9vvMGwkwM8=; b=LeHVayb9kAEAl1wd5gETRffB/czDNtQCSPprKnsZNcjAvUck8+A07o1aP8guqgBhMoqz4N okSCN25t3cIiuj0470wLkrFR6bNlHXwdYAx9IgNX5b/HgLGdZbSF30Bsl8HupX2CtRN05G l6UHLkv1NhB5WEyXe2tCn10j3sjsFag= Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-561-1dhizfHMOL-uPX3kJHXbVg-1; Thu, 16 Nov 2023 15:15:55 -0500 X-MC-Unique: 1dhizfHMOL-uPX3kJHXbVg-1 Received: by mail-qk1-f199.google.com with SMTP id af79cd13be357-77a02ceef95so18076785a.0 for ; Thu, 16 Nov 2023 12:15:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700165754; x=1700770554; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QIfhkJ5q+MuBUNqDP7+llj85JgVyRPSym9vvMGwkwM8=; b=ho+BLWGnh+57zkV8RLcEc8MDthhSCcLHNaKyT144aUrJCifYNk4Mzu4THccXzMyo1L deFuVzYn7XKWj3gkgk+dbCWh9ztk4D+47PrAeKu1RQA5CUBxkzobivk+x/EG0ReU5bw/ lB9lSD4IUsXGHHeBWFoszNhqfp9UXhUnPoLvy9J4GY2eVVGetrVTBI09Q4WfoMP69ono d4LO7eO1YoDh4awUvelTiWwq6yWhvoLpn6lo8CyhCK9/tcrQd1yLkQ6wXjB/PhS4+u2s 22Wi0hv6/vhDPxto4efwMSQbhIvpeYMIt/XF/3O9FwT5hedAAGLEovn9vvimOJYi4UuR 8a8A== X-Gm-Message-State: AOJu0YxioQ7Vkj0CgtXJsC114FgYUsS9UHsULmIshCsdsP27/jK6F/vl bYZvi5MD9rFc3z1ibHR6C/6Fqz2qnSmv0a1Kz5p2K3tLAXsHOwD7M+1Qh7rJDjc4BuxgTU99+m6 NnTGOi0fN9SuW12xMQD9Zlv15ZppqqhriGFaYlzcU7k571RvIgcKopynOKM9L30gml5L1 X-Received: by 2002:a05:620a:460f:b0:777:7178:ebf0 with SMTP id br15-20020a05620a460f00b007777178ebf0mr10983535qkb.5.1700165754445; Thu, 16 Nov 2023 12:15:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IFn7WTMLEwrbmDqREYqOP32v0nHbLxAxhRbfg6zZ9i1WFQBXOXwxoGfistYIkGysffqZC/jBw== X-Received: by 2002:a05:620a:460f:b0:777:7178:ebf0 with SMTP id br15-20020a05620a460f00b007777178ebf0mr10983511qkb.5.1700165754044; Thu, 16 Nov 2023 12:15:54 -0800 (PST) Received: from x1n.redhat.com (cpe688f2e2cb7c3-cm688f2e2cb7c0.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id b19-20020a05620a271300b007659935ce64sm65524qkp.71.2023.11.16.12.15.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:15:53 -0800 (PST) From: Peter Xu To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: peterx@redhat.com, Muhammad Usama Anjum , Andrew Morton , David Hildenbrand , Andrei Vagin Subject: [PATCH 3/3] mm/selftests: Fix pagemap_ioctl memory map test Date: Thu, 16 Nov 2023 15:15:47 -0500 Message-ID: <20231116201547.536857-4-peterx@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231116201547.536857-1-peterx@redhat.com> References: <20231116201547.536857-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 15244100012 X-Stat-Signature: hxei38i4y8waftybpgcj9brkaspe1xe8 X-HE-Tag: 1700165756-759408 X-HE-Meta: U2FsdGVkX1/tskDrmAOOpQoR48jisEuphzIcHsk10zzAG/UiJTw3lvCz22ErnkCzvvcEXFrzEotAA0NUZnU4Km11sq7HMtZ6nAQMRXokiQuvttPomnAh1AhXJOrXNTgeHBFAULqJzyGGZXRfVjmLTQlu6z9noDb5Xh9WdUCHSZJTOM9hf4VN/Swyw3ETXQDk9xHM8hHFxZxVOgWcbKBmz3eCMc45lKhHnsXA0ZcamJIopVHROJ0Kv22Uj9XIJnHGSdTotDBlpSMRGB9+Vm4bxwCHSGE7WhYnANctvdoZp4lX/cW3gTfcd0sRl5IgorUNJT+smJM2lDVAqDwtbMywtOVZV9FnCcUSK91laHdFMIiHbWeRumtr8xTy4YWs4JazukNQqtZVKjr8gdIECuk3W/Zl32+je0Y0SC/Kp8f4sLNe7mcdAdzX8iqpgW/WL97HO4r2FBKMwt5O96As50vJLQIur8mqmHx/zekasCKSsOLDbypj1rqsazDOr7CoKXBLqvekFU8Fofed39A2tJI1IF7zIxsbBpxjNsyhHo2oH78OzCNBVRARoSvt/pFu+b1dXaCBsRQsHPExgislkluz2AKr2R3YCamxbmq/pr9TzHte2x3TeJpSAWQV3JpOePP4V4J8rpzIEjcphaHJeD/+NM4HUSM6w//WkqHzxiB3HaF8AEVpa+uPeaemHAodTNsEo9Xts2BEcK7vD+wwTz3cFu7GT3x9LMbMnv3pLe4vgjYLWJR4VyamLURM8DDBW/0QEr3ZUmG8b+wL6QbIh1XwdWA5X4Dres69pRZII+wpNtYiv4lWPo2ohS9pwhYRq1qLoxTDZdyS+RZglZgdQ+YsuWB/zuoBKaJ6auzFWfaYbV8+xT1hmHp0DYZqboiY05RVc+OmhogPwobcSMty64QbajpGSeYy9TwjEMmJkElrKTZ+GvPslAo3d6z16YTbWziIXbSwUej1J6HsJq0SAhU ZJC7C45D uue8vhG+SUwQBPER5D2mdbJIc51nhdGYFW4cEv7noVDx5awtLXLkUsjPncwWivX6MI9JcoLBcS0ASV6WSFJg2t3ObYbizs+tm5RnojX4lBMk54ieW8KgteFn0rCXruzV3KZ3CA77zW9KuINigE7672kkFTOdNtDfVC5Wuv+BbrSr7Md3nthPimWaioyqiRUiXChWV+1SnhkAyE8ArmB36YyZroCoBkBqR8vL0k2BzqyX3ppv+BLoPjvwHmvnSOrxVV49CdLfOJHfBNhxt//BZWB4TZkZF2jWkchwIfuSa7tiEMCa0rqutOiE/6OzGUViCnpL6HguZlWf/t7xq9tAmZ6DzR+qwNgkUO3CBJa5uF+pcCsXVVSKgwqq4/Hr2JHf17rq8yyNCdBuEkBf9LmSdnVGW4D9ABtkBEoeissKahGYJ4hJS3ohJWwzOhA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: __FILE__ is not guaranteed to exist in current dir. Replace that with argv[0] for memory map test. Fixes: 46fd75d4a3c9 ("selftests: mm: add pagemap ioctl tests") Signed-off-by: Peter Xu Reviewed-by: David Hildenbrand --- tools/testing/selftests/mm/pagemap_ioctl.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/mm/pagemap_ioctl.c b/tools/testing/selftests/mm/pagemap_ioctl.c index befab43719ba..d59517ed3d48 100644 --- a/tools/testing/selftests/mm/pagemap_ioctl.c +++ b/tools/testing/selftests/mm/pagemap_ioctl.c @@ -36,6 +36,7 @@ int pagemap_fd; int uffd; int page_size; int hpage_size; +const char *progname; #define LEN(region) ((region.end - region.start)/page_size) @@ -1149,11 +1150,11 @@ int sanity_tests(void) munmap(mem, mem_size); /* 9. Memory mapped file */ - fd = open(__FILE__, O_RDONLY); + fd = open(progname, O_RDONLY); if (fd < 0) ksft_exit_fail_msg("%s Memory mapped file\n", __func__); - ret = stat(__FILE__, &sbuf); + ret = stat(progname, &sbuf); if (ret < 0) ksft_exit_fail_msg("error %d %d %s\n", ret, errno, strerror(errno)); @@ -1472,12 +1473,14 @@ static void transact_test(int page_size) extra_thread_faults); } -int main(void) +int main(int argc, char *argv[]) { int mem_size, shmid, buf_size, fd, i, ret; char *mem, *map, *fmem; struct stat sbuf; + progname = argv[0]; + ksft_print_header(); if (init_uffd())