From patchwork Thu Oct 17 02:26:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13839328 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00CACD2F7DE for ; Thu, 17 Oct 2024 02:26:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 822966B007B; Wed, 16 Oct 2024 22:26:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7D2ED6B0082; Wed, 16 Oct 2024 22:26:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 672CC6B0083; Wed, 16 Oct 2024 22:26:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 4A5B66B007B for ; Wed, 16 Oct 2024 22:26:34 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 3111D1A0DDE for ; Thu, 17 Oct 2024 02:26:15 +0000 (UTC) X-FDA: 82681505382.28.47108F9 Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by imf14.hostedemail.com (Postfix) with ESMTP id 92CB510000B for ; Thu, 17 Oct 2024 02:26:21 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bFtSSrxD; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf14.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.215.169 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729131874; a=rsa-sha256; cv=none; b=wurCnk/NDnTtPFovS2JujRK1JNC90T5bIIysmOedS72HrJHSkBOTZHGzOhrbRJmJIcLDfB wv+0BAKcBEHx/RwyYgeiCfenHfQ5gaDJTM/PZcAnp3I1pMeQw51imPKO8yV+UcKiz6pieY 3iI4RuDamaihpCJOja164/OBaNwi4Vc= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bFtSSrxD; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf14.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.215.169 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1729131874; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=9RN8JQgiITrQj6lHgprvd2MNM/V86U6nLKZivNfuyP0=; b=1SNu6WcEoMVsjMquPjoG2nvHUCs4wCLMuJ9frMryM2mCItPfYx+kdxrA9G4wYcO3BaAUoI VavJnIBxjIE+3eIA0A6q87msutvJNdnB72tLj3QKmOh28npQzVrQgV4P2USrjQLy6kUyMj pUxMS9Z1A6HM7RZvy0NPtLdhtiI+6WM= Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-7ea64af4bbbso56668a12.1 for ; Wed, 16 Oct 2024 19:26:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1729131991; x=1729736791; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=9RN8JQgiITrQj6lHgprvd2MNM/V86U6nLKZivNfuyP0=; b=bFtSSrxDO2j3KlasYWi2KX/Zti5rQ1/id0H6oJMAXH1B6R4DOjLZHJBu+jiVGg+jnr Ou7gOUjnasnYh7FSd59gm6y/ewAJMddKlLQxWuCwZCeZiSSJ9838BNvrU9OTV8McjmNs /KVx71+0oDJrO8/Qo6vOnDAxioOb8GsLLe1Zk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729131991; x=1729736791; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9RN8JQgiITrQj6lHgprvd2MNM/V86U6nLKZivNfuyP0=; b=eLh1xvE3fqT+RQZ0Hsd7DoB3GsJJfftw2Fag4YyLJsXWbnkQDPMiZQlJb/nwCeRiDH G9PZQHwkTPdjj3hgsn40bBww4NgcS8ma7BGbteL1vuuI3sakRfrfmWklXHWpd5UGRjFD fCi704daTMHno7Lfkb4svYQjx5eYlSF2zqKX1fqmu4/2a7mefAZukLj1p232fxtbTSeQ bViqYFrbPW1AnSX/PuvlsFZUny6POElJlfIAQ4fPqPeYIbmBQiYJPZhzgzBZGBiIaW5Z K/eXcC4jy7C6AIpI1Rqf/Q8rddkpj2roZsYDqMwQg3Z2SxSTMpAwKlHfA95mDhVLj1/c EUqw== X-Forwarded-Encrypted: i=1; AJvYcCW72tlAT84oMkj7lYD2l937O1oKkjm442o7X/EPhgUe8bECVghl+B1iPrrdPuWIYS07gIWoEammLQ==@kvack.org X-Gm-Message-State: AOJu0YziI+nreJ1dvDDn76iyFoqCi6ycxi1G6Py96atFfMmvJDh+tfrk n+ew0awirkOMepIyyAFF4BCw2rbEFvc1kTKoLwN26g7bt6ILqSEh77Rv65ivKg== X-Google-Smtp-Source: AGHT+IHwzw6bEAHzD80log/xY9cbw81AdrYOnN6MnrGumBq7RqUgylPY4QxMSEBQbIgjN2nq1fXnjw== X-Received: by 2002:a17:902:c454:b0:20d:345a:965b with SMTP id d9443c01a7336-20d345a9a5fmr22565015ad.7.1729131990866; Wed, 16 Oct 2024 19:26:30 -0700 (PDT) Received: from localhost (56.4.82.34.bc.googleusercontent.com. [34.82.4.56]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-20d18036714sm34755975ad.152.2024.10.16.19.26.30 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 16 Oct 2024 19:26:30 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, torvalds@linux-foundation.org, usama.anjum@collabora.com, corbet@lwn.net, Liam.Howlett@oracle.com, lorenzo.stoakes@oracle.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, sroettger@google.com, pedro.falcato@gmail.com, linux-hardening@vger.kernel.org, willy@infradead.org, gregkh@linuxfoundation.org, deraadt@openbsd.org, surenb@google.com, merimus@google.com, rdunlap@infradead.org Subject: [PATCH] munmap sealed memory cause memory to split (bug) Date: Thu, 17 Oct 2024 02:26:27 +0000 Message-ID: <20241017022627.3112811-1-jeffxu@chromium.org> X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog MIME-Version: 1.0 X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 92CB510000B X-Stat-Signature: mjce48kjfzpc7djc3yr7dwoyhaa4gf4g X-Rspam-User: X-HE-Tag: 1729131981-21586 X-HE-Meta: U2FsdGVkX1/Zna+7HazRG0j+Z6rntPvwXe8L1ideaNo+CWSH1F1pmcJT+OsLM2j07G4TyxNuDbH3eLxxX9zO9JQRX+e9wbhqTVPeAGcVnQ5sHHSxNy3M2l+EZSzM16eWld+dD8nza2l6WknqMk9D42+FyQ08geEyDeKsl0RwVGjQ+/hD8GgciSSmHVpNoGKRoOT9SnCMDAlgRqYa5MZjYVaJcKK72ReyHdr8pscrcpR8VxqiSgaSHdUhzqF/hDc1BP7hMmMVTJjkQgxlwSWVn29ETmkP0YFpl0nO5HfFBrQOQi/VZca39mMYD0oEQ/CsYlVp5tCRTqZo5+ZzsjvuL0yRL03gN3NzO+YyCgqwN28C/NpzMhrLrJuw06Vtq3q9nDX/MNjpK8peel28pkOPRsBDOdcLeQQh93A5kppYEt+p08kFjx520PGK8GjODRyJHE9uxKps7Je6ew44lAqAAv7snCeLvww3SuLrpuWeLEGgP57DakZ3DHBimRgkpjmzHDOTwfPkwlKwuINlDQtUvdfaleL89feT/q82J+3fb7Lvr/efZP5lGgMQ5iwnzGl6bs0iW2NeAc4aHuCJHY1EFQMaGXU7K07cGByiNLW/n1IBXDjppyf7CVB5BxkJXhqYTWs/lnzUGJAxUy28KU2jrlefsBOKME8UfJ0zdQHJttUk7hhVjgDB1RXGaQipVrc8OTUBMG543lFLXGw3wqK17HdHQ2EobBzAv/a56CeaZHgBrRzgyP4c/bxGlwDjD87hb9zAZjgK8o68AGkRk6c6g3HmdQZ10mEZ/BDDZvllBEaaG91YLDFLQ7a4xw1oIx6MUx0onduSoylhPXOaTvVTqurQadbmLO0mwqusS/QtKwhXSzx4Xe98HD6wknUgX6Kjv8byWk/Uwks7FYj7r2KPxcb1HXqy7rt/C4B1u/cdf+0rjOwIU5cVtpvKlwgBxbJhe65ck7wAyLy5YgKU7O+ 1bJTQGaR fuZ/Nymwtna2Yxk+ojS0gzmCGX30uSUuwjn/oRcf/6IehRU09jj2RzF5cxeHN4UPLfhV5ixxe3kxKxEEYUeIUtSp9mMLYeFzwlBSnp834f3uIDfRZrLUOw+h+3qooJ+3Yy6b/CR1vMaG1ejW+sIwmnjJFm3fh03YvtboYdB8RAx7A9l3IfVZMw7ruGe7vZ/7VmHXGqVO0JaRicnka8KwnO4QyVFkHtrXox9p8StZItb+hRzBC9yRebuT0nS7CaO1mBlniPj+AHOk3yRzxmYfElHZfWsDUsWDl9Y8tEFKTjlEyHfosmJA6ryrUXo6KiPDhQPCb/EYtPnr/h+w= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Jeff Xu It appears there is a regression on the latest mm, when munmap sealed memory, it can cause unexpected VMA split. E.g. repro use this test. --- tools/testing/selftests/mm/mseal_test.c | 76 +++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/selftests/mm/mseal_test.c index fa74dbe4a684..0af33e13b606 100644 --- a/tools/testing/selftests/mm/mseal_test.c +++ b/tools/testing/selftests/mm/mseal_test.c @@ -1969,6 +1969,79 @@ static void test_madvise_filebacked_was_writable(bool seal) REPORT_TEST_PASS(); } +static void test_munmap_free_multiple_ranges_with_split(bool seal) +{ + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 12 * page_size; + int ret; + int prot; + + setup_single_address(size, &ptr); + FAIL_TEST_IF_FALSE(ptr != (void *)-1); + + /* seal the middle 4 page */ + if (seal) { + ret = sys_mseal(ptr + 4 * page_size, 4 * page_size); + FAIL_TEST_IF_FALSE(!ret); + + size = get_vma_size(ptr, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + + size = get_vma_size(ptr + 4 * page_size, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + + size = get_vma_size(ptr + 8 * page_size, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + } + + /* munmap 4 pages from the third page */ + ret = sys_munmap(ptr + 2 * page_size, 4 * page_size); + if (seal) { + FAIL_TEST_IF_FALSE(ret); + FAIL_TEST_IF_FALSE(errno == EPERM); + + size = get_vma_size(ptr, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + + size = get_vma_size(ptr + 4 * page_size, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + + size = get_vma_size(ptr + 8 * page_size, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + } else + FAIL_TEST_IF_FALSE(!ret); + + /* munmap 4 pages from the sealed page */ + ret = sys_munmap(ptr + 6 * page_size, 4 * page_size); + if (seal) { + FAIL_TEST_IF_FALSE(ret); + FAIL_TEST_IF_FALSE(errno == EPERM); + + size = get_vma_size(ptr + 4 * page_size, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + + size = get_vma_size(ptr + 4 * page_size, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + + size = get_vma_size(ptr + 8 * page_size, &prot); + FAIL_TEST_IF_FALSE(size == 4 * page_size); + FAIL_TEST_IF_FALSE(prot == 4); + } else + FAIL_TEST_IF_FALSE(!ret); + + REPORT_TEST_PASS(); +} + + int main(int argc, char **argv) { bool test_seal = seal_support(); @@ -2099,5 +2172,8 @@ int main(int argc, char **argv) test_madvise_filebacked_was_writable(false); test_madvise_filebacked_was_writable(true); + test_munmap_free_multiple_ranges_with_split(false); + test_munmap_free_multiple_ranges_with_split(true); + ksft_finished(); }