[v3,0/5] fix error handling in mmap_region() and refactor

Message ID	cover.1729858176.git.lorenzo.stoakes@oracle.com (mailing list archive)
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> To: Andrew Morton <akpm@linux-foundation.org> Cc: "Liam R . Howlett" <Liam.Howlett@oracle.com>, Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds <torvalds@linux-foundation.org>, Peter Xu <peterx@redhat.com> Subject: [PATCH v3 0/5] fix error handling in mmap_region() and refactor Date: Fri, 25 Oct 2024 13:26:22 +0100 Message-ID: <cover.1729858176.git.lorenzo.stoakes@oracle.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	fix error handling in mmap_region() and refactor \| expand [v3,0/5] fix error handling in mmap_region() and refactor [v3,1/5] tools: testing: add additional vma_internal.h stubs [v3,2/5] mm: isolate mmap internal logic to mm/vma.c [v3,3/5] mm: refactor __mmap_region() [v3,4/5] mm: remove unnecessary reset state logic on merge new VMA [v3,5/5] mm: defer second attempt at merge on mmap()

Message ID

cover.1729858176.git.lorenzo.stoakes@oracle.com (mailing list archive)

Headers

From: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "Liam R . Howlett" <Liam.Howlett@oracle.com>,
        Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>,
        linux-kernel@vger.kernel.org, linux-mm@kvack.org,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Peter Xu <peterx@redhat.com>
Subject: [PATCH v3 0/5] fix error handling in mmap_region() and refactor
Date: Fri, 25 Oct 2024 13:26:22 +0100
Message-ID: <cover.1729858176.git.lorenzo.stoakes@oracle.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 xfESnH5ZVvAej4rchA7KtLbcnffaMmAfyJnDY0kaTA8+vLdaU/GrgZ94YVZEu6uWrBI3gz4Pt0p23BiuaX8M2JMl31CRQpcAXr+TC7ZY0p4MsYBH6a+QpMbq/hDXjye36yCdNczIoBqlofHB1yPGSmil0uKzpjY4QzMl8UecdFdnsuDWpVUtf5LmJKu91Ds3hpHMXiJSXMh7ZvboQb3v+u2SM+WkjVw6BfUIS9XgVUmDBa3acb0wvekos3OAJPGTrBjU8Ic/349VsR4ei5RPLEGj+QdyDQYRXthq0x1uZ7dK8JCThwt27PE2Cr0VAPnj//uU5RjFIR/Aer9oGuK3uIfJMdxYB01IrhJvXVHENygn4XxWyF7jhUEsawnAq94mGMe3KoXgzPW89N9LhcRkep7Oypo/M1Pxjw0b2F1AJturrsirp20twpL5CaABsMjUB2zLsSiQFkFwN4giNIlt6WoWe/j+G+auhkwMb37SX4IDT8xKZoRtqlhbHCffrRBqNPDfPFIyvghumSG0v6mEFQqv0ji+7nUrft9MJNhGpvuPg/6EgJ166J0Xg2HTuuqxT8Zl85Kbzx8SBCsvPdD27IBL8q4SgDuJYLoYK6npNruMJOx1blJyL18WdKjZ6/Q+gQuo980I/8oTdcUoZY7dPxiBMS7p5DnKdjT/fguEEoiEvX7hBc24klSSd1jeO8nopAUFPuO2AFvqOi3sDo61V/wz6Ltj4I9bJxRVeAHDo2OjL6af2JgTJIxsGqQzljEwZGxD787+RLRoxXeJzghcMBIq+rm3Oc5Tjoq5jv6dY6N9O3eQ0RkqMam1JuGhn3yESmj73zrnDF0On4LtF+IOahJplgdPfml27skmwGmvgUu9ut/pvPEOOJH2MlSKawiUZHuhGC6Ou2/udPQ3qPjg88tL0pY8LZib2iRbJ2zNNto2luLUzFKeA1QsQNz7n/KMvRjlURuMt6zsRU5KIbzXmtwC6r3JbJf07rgOw7tTvyW2Xv+6A5BZaX/bnElpEYBkkqHuK1DfoSmqEIJ7X10S4gXm94kz9wYLV6boSIC+aEpdOK+TLY6MMsdyBSwnFySY9PcJQgAXF+IbSspY9syCi1ji6jEMPLzAHpROIWqMDPgVQkJbDkS2n7mgmQIewtPlVdFVJYDIwKWgFMbT58e7FaVZtNlPkpbBTd5ksOCTlbTL7SYqFQUrdRcekpod5e0S0VIbP7u5qnE3vXFRLXXQWhaH8JR72i8oN8kgSi0LmdafCyKn3C+++b/WArAeXq1Vh8VO/XoZ/ooWR5weUOsiSTrBNbev3J/T1rzHeoF7EvFV1MgNQU3o/GgfoEG9kcg8q1XV8OA8TuEcRHVSrddFGxuRY/Xzp7mXKx+BGU/jGlNC7/33r8fpzLkvxYKGzYp5vZgMB1+WorduxEgr3w1j5gfqtYjkQ5Ga1YsayH+XlfiKEAF24VDevbolg4HauEpAe9onSSvfoGwQMqpHxGI4+7p/2K/BoYnTKHE0pkUuAoZsayOD1TBD5bRATdG9y7IBlljPgi0hZ8z9eY6LTPR9xZpnAn72PevQim71gkWTB0pjulCNGMCu3g4lbUx/ztRlCmeF0Sl/VJNFCeQKEGwasj7FWufdvhxUNzFROpcUJRPzxv/g5E4F8nOyu2yUbC1uD1mFlyWmDdCyiDpKxW9+kw==
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: 
	uArK7ca24/5U7KEfJ/CXIPVgc/8LIZn41urPr7Dy2O6XkECYEhSpyM6llWnaFRg8x6gcgloz9JyIVBVdaVWs8/wdK3SSiHXItAQwUhlR/QzSVgoG0G1XwFPkPE2p2MQYxffrjx57VgB4J+ntSu8OIvQWbb77/SNWLnaxC5847R/XzzxmV32gon0OFdzhNNk4YQwAGLMcVbu5DpVB+qKoa1Oc2mQVnRxM4xAnyPwlHguAIp1rHqusHqYLvgvoWPaz4nyhv327Zw5niu/bmlvRk2MrohmmHH7GWEgXbgacQBrMc+l/8cQ3o60MXA4fD4ex9REA3O/vWgTYlFX1XLA7l4dZns59PphVa1h4vEF/ykGZRVIP9WtlJBcHZlzGgWK1K/x4hKEN+K4B9bPTMY7V11v1zmNXR7XuVhN1wtAJ4Tzb0vJnUPfNSASS4yJDbdQS3xkNaaZPiXfr1lpKxklLaqFpebI3CK9V4OQ3hUpeoASR2nHnD31y57A/6wK930k6nMHFcnkdwBzpIW+mbipKT216CRltLekAq3DB+9lkdZgp5cXD5PraJo6cKOGkq1L+cidsOXk/Ai1WxuptBtzcJzIm4WqlXQQMjEFET09wWGk=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 43b26e73-8c99-4097-98dd-08dcf4f04bbc
X-MS-Exchange-CrossTenant-AuthSource: BYAPR10MB3366.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2024 12:26:48.1168
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 j9F22pPgXHurNkDjSDhE18p3k2go57KWxxKvKKq6Tc1PvtWtnuLmXQtG0JAED5v7DjKFOHkjayETj540Ganxsj14Ef38EsddHc6whWN1YK0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR10MB4484
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30
 definitions=2024-10-25_12,2024-10-25_02,2024-09-30_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
 mlxscore=0 phishscore=0
 suspectscore=0 bulkscore=0 adultscore=0 malwarescore=0 mlxlogscore=999
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2409260000
 definitions=main-2410250095
X-Proofpoint-GUID: u8mp1PHJZCYPCyIKfjmVIb63JrE9Rrx0
X-Proofpoint-ORIG-GUID: u8mp1PHJZCYPCyIKfjmVIb63JrE9Rrx0
X-Rspamd-Queue-Id: 9E11AA0028
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-Stat-Signature: 95n9zjbfm86myr4aesomqporjm1qmn1m
X-HE-Tag: 1729859195-202914
X-HE-Meta: 
 U2FsdGVkX1+AeUSoym7p1OiolE7C09PZ/tkbuT+oOB0bZGo12YayFv2CmfRHIP9ObrrB0ezeK6eOxWTNQ7iQn3ORoWN7Pt5pls3hPVAzBgOG6CupmOqNY6ix0ael98ZS85zLoPqKTUvishQ+GPKEa9MICa9VsIXNBQtchyjAe542bM4Z5yyyIaT+D1y/e49LASGA/ywM3z+onSQGRKl5pU8gfxaY6hbbzrEYhlw/rHq8EBhGLwYkN5zXU0sZQe9vijYU+bjcLu10XbTBIYeGzb63JRdDqWQfXRmk6761p1uMSEBnZ6tPB8/peSLSDY6ylU+rP9VGj0tpr218e6MNuG4+MgioKZ3n71d7cd9Kl3Lfc0k+UW+Gv+cOxcm4RRAVf+/Qm4IuHXRekV779NlxyyY1j+ihtUoX7DLFIehhA+9XJsxyHtvCDn5lxXysyA+Tc/3SyHdN2bBckG0E7qaxCKe4FQEPELXvAr0v4fy/6cZCnL8rQ0V7a0HYSRLTNrMU2IwjEyBrkZcva67atoXnuaM6xTytN/iPU+qaNeZu6i31agWm8QXWKXdP2j8N5xmJlZu22qzVLjl+ftzzOgYIj/f0frDKbOOVep8GHiS5YZ5z/OoiOSWmhdlw0ZSY8HJH0ALooRQFLbH2wFMHrSiyehcqmn9hHNJN+XcU2eOnS6H4rPtjFuMtRepSPsAW7NIrsZHeG/k9dvPS82ElaCDtDJRtRZmaLrN+S8zyqc7SZpq151aZG1D49YlYcnN8ag/7ZH5G1oKgxi+mRs2fN5gKWEbPbw2Mu0j8TKTbtVgI0OayjSKtkCTEX0uZf0JvAAbsKgMM3xVVSx/L+nQxBCPwT0/pkLDjgHw4nR8powv+iWqY86MZtOJCWEJ+kxmtvQOcOVwDVD7wUTl2dhm4tTPbIuw621gi59CefmnpsQrsZAD7n4za7rmkph+CIb4RHG3SjkeheWAL5FxyklAFOMd
 AQ2riTG1
 RV5Ni9N/V2aiJ/EtLt0UdnPE4dalhkH/u1bB6q0mcuuCiPD9tO0pFv5TocaYsSwEfnU/mbkGzQk0wKSy4ixdJ+trf3w6z0grAEgLJkUfAV/viUv9NlR8+TOSlcBox1igiepcpOWFXedHwHL6gtMdzo5sVESTNppaWIvfhdfjMp/n8zgyLLLA92lrWDzCehHXOK2D0OasGjgJ4h0ToS++mLKRIgbD99oRGgrbSLbcNG1OIiRSBWhvt5soFhgQq2Olirhi1ylDPuD9uKnHB7ETZ+tVjOBOcWjS6ALYD/XLYf+UvClHZ0E7shwLYLYTTR4SKtHz6P7MgrrlBQ1fSBkqE9mq70eRkqs2cmJmXNzh8FozHwPd+V0rXqWjkR16fyVp2F0Bcs+5biwGbXyJ0IfAk5yetiRMxIj6wUIVy6jejakgir0oYAhrKsBxwQCPwPn6ysf0T5lOj7uefUki6y4rAjDzq6zcdCVPsAPoFw4sW0D9KoRWHJgsSBSF6B2vOhahcDNu0PlMOh8o1sYTxTelHRL7bjGLyuzz8w0eOw4PBd6AUuHygFMC3L6Fb0MBu/1HMQPYAMwoHC0l57CcxrWfMBYlnZg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Series

fix error handling in mmap_region() and refactor | expand

Message

Lorenzo Stoakes Oct. 25, 2024, 12:26 p.m. UTC

Andrew - Sorry to be a pain, but please keep the first 4 hotfix patches
("mm: resolve faulty mmap_region() error path behaviour", "mm: refactor
map_deny_write_exec()", "mm: unconditionally close VMAs on error", "mm:
avoid unsafe VMA hook invocation when error arises on mmap hook") - in
place and replace the remaining 4 from the series with these, which are
intended for mm-unstable. Thanks!



The mmap_region() function is somewhat terrifying, with spaghetti-like
control flow and numerous means by which issues can arise and incomplete
state, memory leaks and other unpleasantness can occur.

This series goes to great lengths to simplify how mmap_region() works and
to avoid unwinding errors late on in the process of setting up the VMA for
the new mapping, and equally avoids such operations occurring while the VMA
is in an inconsistent state.

This series builds on the previously submitted hotfix patches (see link to
v2 below) which addresses the most critical issues around mmap_region(),
and further works to improve mmap_region() complexity, stability, and
testability.

This series moves the code to mm/vma.c to render it userland testable,
refactors and simplifies it into smaller functions that are significantly
more readable.

It additionally avoids performing an attempt at a second merge mid-way
through allocating a new VMA, a dubious proposition at best and one that is
highly subject to subtle bugs.

Rather than do this, we simply note that we ought to retry the merge and do
this as a final step.

v3:
* Separated out this patch series intended for mm-unstable from the hotfixes.
* Grouped all merge state together in __mmap_region() as suggested by Vlastimil.
* Removed unnecessary vma_iter_config() as suggested by Vlastimil.
* Defined VMG_MMAP_STATE() macro so we don't retain VMG state _at all_ and avoid
  any strange behaviour that comes from re-using it.
* Fixed typo in MMAP_STATE.
* Added additional patch to remove unnecessary reset state logic from
  vma_merge_new_range().
* Moved the merge retry back to before __mmap_complete() - let's try to match
  existing behaviour as much as possible, which previously would not have
  accounted for a potential clearing of the lock flag.

v2:
* Marked first 4 patches as hotfixes, the rest as not.
* Improved comment in vma_close() as per Vlastiml.
* Updated hole byte count as per Jann.
* Updated comment in map_deny_write_exec() as per Jann.
* Dropped unnecessary vma_iter_free() as per Vlastmil, Liam.
* Corrected vms_abort_munmap_vmas() mistaken assumption about nr_pages as
  per Vlasitmil.
* Changed order of initial checks in mmap_region() to avoid user-visible
  side effects as per Vmastlil, Liam.
* Corrected silly incorrect use of vma field.
* Various style corrects as per Liam.
* Fix horrid mistake with merge VMA, reworked the logic to avoid that
  nonsense altogether.
* Add fields to map state rather than using vmg fields to avoid
  confusion/risk of vmg state changing breaking things.
* Replaced last commit removing merge retry with one that retries the
  merge, only sanely.
https://lore.kernel.org/all/cover.1729715266.git.lorenzo.stoakes@oracle.com/

v1:
https://lore.kernel.org/all/cover.1729628198.git.lorenzo.stoakes@oracle.com/

Lorenzo Stoakes (5):
  tools: testing: add additional vma_internal.h stubs
  mm: isolate mmap internal logic to mm/vma.c
  mm: refactor __mmap_region()
  mm: remove unnecessary reset state logic on merge new VMA
  mm: defer second attempt at merge on mmap()

 mm/mmap.c                        | 234 -----------------
 mm/vma.c                         | 437 ++++++++++++++++++++++++++++++-
 mm/vma.h                         |  97 +------
 mm/vma_internal.h                |   5 +
 tools/testing/vma/vma_internal.h | 115 +++++++-
 5 files changed, 546 insertions(+), 342 deletions(-)

--
2.47.0