From patchwork Mon Nov 7 20:11:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Liam R. Howlett" X-Patchwork-Id: 13035199 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F220FC433FE for ; Mon, 7 Nov 2022 20:11:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4D1F56B0071; Mon, 7 Nov 2022 15:11:48 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 481ED6B0072; Mon, 7 Nov 2022 15:11:48 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2FC0A6B0073; Mon, 7 Nov 2022 15:11:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 205C06B0071 for ; Mon, 7 Nov 2022 15:11:48 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id F3F42C01F1 for ; Mon, 7 Nov 2022 20:11:47 +0000 (UTC) X-FDA: 80107741896.27.E6B2CBD Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by imf24.hostedemail.com (Postfix) with ESMTP id 908A218000B for ; Mon, 7 Nov 2022 20:11:46 +0000 (UTC) Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 2A7JNsLk029390; Mon, 7 Nov 2022 20:11:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=corp-2022-7-12; bh=iEhGQBORrPVumnBMxTMLBFbKr9wQqOi5a+QB0GVHkd0=; b=aYtTWShI2naZ5BLIU8BpbMYqwdpv9Hk91BrQsU0BEJc9NaYvmETi/Co0+0z0Vu5eeU+5 EeHFgZpVwnAHJUBRo1kL4baSz98BmldA4uZX/DUNsKLFk2yf+Ee0T3mfVLKtgTO4fJ/O 2CV6gH5O51Ah3KSBaxmYA82E2CdSJL1ODgxC4pYNTFJA/9/FLANmaOqYFV1ERu5kZc+E u+qnD9tqKi5+PpIRDEOqwVFax132Ok10eengmjCwA4UPUZmm1fR4DJRng6DxlzO1e+/T AhDE0LHzAJ7EC/A0iZa0aBFStTgJotx3VgVoDMVxKViRFhp/+fK6y+Ejouc2N4Tkfud0 iw== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3kngmj4v2w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 07 Nov 2022 20:11:45 +0000 Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 2A7IHgHU034422; Mon, 7 Nov 2022 20:11:44 GMT Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2171.outbound.protection.outlook.com [104.47.57.171]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3kpcscpqw3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 07 Nov 2022 20:11:44 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hmP1xIa+RENwQ5IpEU/XBCYomod6l04FlVdSE3fD8oXRABpwp5BAlQcHh3DBO2JlBbLwfuNO/DEPK67+f+KpWXemqFcgv47bnrpckZFagPM9Q7NKIL0eMRRnLt3nHTgZWdoVm7HaFigVo/SLThlfVQNIlzFc6xRmrlj23EJYpE0XFccnNK44Q2yf9s68RHRRVQIwHzseWv2JkAoeNlfVK4CwszVZJPnXWNFf9fxUzXuqDMSY53czI5AQ2ZzDiYQvApF8ABEWxsmkYywKESf0h734x4c6i4Gp66EOqKm585YR4TX/pI0pzUzLdafOlD2chGKonJQpm4UIeKdy1Vnk4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iEhGQBORrPVumnBMxTMLBFbKr9wQqOi5a+QB0GVHkd0=; b=F9K+MVIDz5G+noq6uCie5Aw7ORDi18qwx72qPegaMn4SRT8WbycUX3CJaDdM8rDdNX+T2mZ/SNJfutsLdjbfpRiPaWIxpdzIcuedh96TUp54L+JrrI2OoJogPerVSRFqbegjjaHkFe71gfmR0Vm4xCIqP9PwqfOop1tpMeHxE9VyTivc0Ic64uVAr1FOamJ1x7Ja4SqrXnZpy2+2VOz41um3X2dpqgXZwC4k5qs+xNLzvtXU3Z17QWrxt2oGO00mgP9Lo+ltzjNcWGQEJtm2RmVyr8zUK9ZaSL6UB2ZKuxGzp+czC6qPJRBzxzo+PGzsVZfgk+itBiC0eW/g+k+sLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iEhGQBORrPVumnBMxTMLBFbKr9wQqOi5a+QB0GVHkd0=; b=zckah8y4Cn/7nOoGqY7F2Dd5RxrLV+czPHyTHLhhYxPLh0/1ALeGv9L1/szN/BZbMWXkAbATCWFhZfGbRNf9NGw2PH4tvBqksgrmIepnyXFwu4LcP9Z5yv4LQn4tWAOdyd09gA2UTJ0OLyX6E5KUD4xy6qzN/CoDpwij78Wetsg= Received: from SN6PR10MB3022.namprd10.prod.outlook.com (2603:10b6:805:d8::25) by PH0PR10MB4806.namprd10.prod.outlook.com (2603:10b6:510:3a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.26; Mon, 7 Nov 2022 20:11:42 +0000 Received: from SN6PR10MB3022.namprd10.prod.outlook.com ([fe80::f378:f1d0:796a:55a1]) by SN6PR10MB3022.namprd10.prod.outlook.com ([fe80::f378:f1d0:796a:55a1%3]) with mapi id 15.20.5791.026; Mon, 7 Nov 2022 20:11:42 +0000 From: Liam Howlett To: "maple-tree@lists.infradead.org" , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , Andrew Morton CC: Linus Torvalds , Liam Howlett , "syzbot+0d2014e4da2ccced5b41@syzkaller.appspotmail.com" Subject: [PATCH] fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() Thread-Topic: [PATCH] fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() Thread-Index: AQHY8uUn9z2eFZfR+0CuLW4biB/bkw== Date: Mon, 7 Nov 2022 20:11:42 +0000 Message-ID: <20221107201121.1169273-1-Liam.Howlett@oracle.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.35.1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN6PR10MB3022:EE_|PH0PR10MB4806:EE_ x-ms-office365-filtering-correlation-id: f7139114-7f10-443d-09eb-08dac0fc49d6 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 9YiD66a8qORCaKI0LVrJdSMkwwP60XSkxmSoHOyL3f0/2UwgRMqFs5FNDiCoCwDH4AXtnA38HxDze1N3XEwPAGzEJcj1PfA9hrG44ct6IiCKfWH8eekNUVbzc0fDl3IVgzbqVPAtgU447n3SEydB0B+VoNEig4fhp6ioTfyxhDFSxTy4KjUvzqCsjbZbR8kweI2JwUvmOQ+3kzdAOcG/ZZcBZ15GTWX6MukaxjqB129JifZp6+2nWLtCfWGXeov9KrQU5u45DFcL4lP4eFXXheiJ78+0u+YXvSb6CCOcbfxXI6DSleA6+Za0JaGNM2fVSGVHPfwNyPjlYRK7UcN76QKMcAsuGEqzEoStw+H9oDdRWedB3Eta2fsv8dV/YMEg1g4ohQyC/iiGwXCp1HEG0BngiPysdPDyfMpKShdXzxiXHAOS8rEkg+Z6WPYbM1BawiGSWx+3sWSyMPF3Omjx07fifFqiaJrF8sz9X2VHMpMTz5NjNYPIgh/98mLDg9I70z6/3ok/EqXC+Eir1/JZU4cLiHBJFtaNocM4MsnKUWu/HABlM9IvAo9UPjogwycXRXx5ePg/nTLb5ahpvQaOLfjhPX0oP9QWOxwuFElVt+lMHrKZlvHMVgw8iN6MbCYQWnb/OGeJWe3lY6cEDOPST2mIHpFT2onPFi30ggeDv5z1/UIh9oh7J0NDDhtOxxVFgActTrDGTQM/lhQFNJ9Lcnk1joa/KFx/uRr62UL432UCnQrjfO4mTk8ZYgWBKghrTbaMMHjwnbFGQ08dcUYOtw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR10MB3022.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(366004)(396003)(136003)(346002)(376002)(39860400002)(451199015)(2906002)(478600001)(8676002)(66556008)(4326008)(66476007)(64756008)(91956017)(66946007)(66446008)(8936002)(76116006)(41300700001)(44832011)(110136005)(6486002)(71200400001)(316002)(5660300002)(83380400001)(38070700005)(122000001)(6506007)(86362001)(186003)(1076003)(6512007)(2616005)(54906003)(38100700002)(26005)(36756003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?0ukvLBKL8k+X1DVuXPhqBqY?= =?iso-8859-1?q?aL98BNC4Nx3JrxD4g5jsZOfUxvCijNSS9KyZIesRwgvYOY++tSS3EceznXq1?= =?iso-8859-1?q?eC5lw7BKJ5nqPSOP6m8m5nSGdBSMt0v2MH8JQteFM3rg7BGAeRyZfVXzQ5u+?= =?iso-8859-1?q?wY4Tg9SYvpbOCRYmmnepvBLxVzBMmZHVw+NW+WKhgCV+I8pSaGsuI0Dfsfj5?= =?iso-8859-1?q?mJdFqQHwSf2qF3+7IMICRU+p97Hc5fqneJA3HTbJ56IA7rImoO9TSZvhaz16?= =?iso-8859-1?q?50mgdVlCmlmG3ojyV+vtU5RfLgRRenzU+eRnweh0nyD8Up4n9wD357zhF0ei?= =?iso-8859-1?q?6c3FUwdu0V+tDHyPq8f/y0rPGKYVP+Gi3243bJZglFlDkI1sbyX0JreJySry?= =?iso-8859-1?q?49Eg1lgepPwH366B8OXmAqZTJAll51p+sjfoVppFdYKhCCdpdYbAjv93hCD8?= =?iso-8859-1?q?ZGPr3Dqx4fTJR69Y690vIs9dmB+HTCno6L9QU6+B9gvvprA4ezXvwXf1yMQN?= =?iso-8859-1?q?0/ZxutejcE2DT8/0eYFuS+gupazU+jZ0KcpimLRUn26zQWmEJHD8Axj7d/bS?= =?iso-8859-1?q?NVC5hlSyBYl5U21DaTJ7GYCu2pwMxqSacXCW77RmNWAnHaCD8weQjYh3tcl7?= =?iso-8859-1?q?7IJtvmDIcfV3/jT2cMo1RITWKXKj3jOn4uDdZ0zrmmiWiFIMi4pS8Ne4hhyu?= =?iso-8859-1?q?97r9djXIF7JcIJYtaQ8+yKOJEJP9bRe0CSEkSsFrBDihenOVM3zBbA2+vzgz?= =?iso-8859-1?q?Ibn0mB022Ov26AdeIdMaPeiywicLeQZci0WPnCgwE0LHtJL9ipTWYxHBgXcB?= =?iso-8859-1?q?lbknF8mDuoQ3QZtZVcXmJmZruxOjW5H6ypxcRujlClwf11zhIOU84zXlAWa6?= =?iso-8859-1?q?BiiAEEOLg62W/WNhyUwDYfMF7MzzAPHZwx/hSsZHdPxp2islD4Z5scNdeEmK?= =?iso-8859-1?q?3XTb0AmQox9NIbBXF1wDXVW6lWuQHFl3QlCWkx3NB3OEpS5mXAcnsOWcmhqT?= =?iso-8859-1?q?hL6B8J+urcGprsk/y+BzlD5t2J/HGxZvQ71gY2EqP+KrnMPs6cq7cGj+Phwb?= =?iso-8859-1?q?wb8Tn2ccB/pqFz5VNfUuEWHaXpnFoyjQHkCVGcy/bw3CPt1+oj7ybroJNuQq?= =?iso-8859-1?q?HdJ4nOapP1vVeoZvdm9x4m6hKoZcKnX/lZhc1elq2eBSRMJsy+PpP7WU2TN4?= =?iso-8859-1?q?7Edp/J2cFhK8uLlJ1zYN8y0P9PEKlfNQzQaTnbAglmhLFTh7epitjZR8aTNc?= =?iso-8859-1?q?txOO3gh6qAhWkg7UiHAB6NJFSql9Xlc1rxW7+eDKPuz1B9vhUv7GNX/fbMud?= =?iso-8859-1?q?VFBjg86Bq15ws4JBh5vZePY4gSn5v73vXwh5EjHOeoun9iPZdE3CJllSzTD3?= =?iso-8859-1?q?No8UDP2pZML+MGsmFWLB9f34emF71QFNpxtt1zClJEBX0LTsSb+5A97Eb2IW?= =?iso-8859-1?q?hexgA9wC2rgwgSA/mF5a/Hnw3OVuW6qZvi46pRKZOjiB0+56eDa6C9jOEk1C?= =?iso-8859-1?q?B9mXNoD+Hvi/tYQY6FDLfxi1fximRKUqy0QVY2S4NFDqPulGMsZweKIzGkQ6?= =?iso-8859-1?q?O8Irw37N++CVQT7qdZbtVUZ1d8S6Qmo00XmPt49hkdPKSuOHkZ9eNmp3vZpM?= =?iso-8859-1?q?9TyK0PrMJTI51D52cEMWsayeDdKJKDGcXgCG5Lg=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR10MB3022.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f7139114-7f10-443d-09eb-08dac0fc49d6 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2022 20:11:42.8777 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: l1ZiPKhWhd1Xv+TogOjk7mmLyBQMvT47dPfPDz+YpiR5KGekjkya8rHFjSQaivs5fJ9UdcOjtXy4eOvWYHA/8g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR10MB4806 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-07_11,2022-11-07_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxscore=0 spamscore=0 adultscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211070159 X-Proofpoint-GUID: xwawAvHIIE_oZlBj7kZSKt--9E3Ei_IS X-Proofpoint-ORIG-GUID: xwawAvHIIE_oZlBj7kZSKt--9E3Ei_IS ARC-Authentication-Results: i=2; imf24.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2022-7-12 header.b=aYtTWShI; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=zckah8y4; spf=pass (imf24.hostedemail.com: domain of liam.howlett@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=liam.howlett@oracle.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=none) header.from=oracle.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1667851906; a=rsa-sha256; cv=pass; b=l+g0xzCvuEcX+cNK76SL7c4qAdWeuBfeooY5l3O55vfBj2L/eyqoRQ95hNym4Ru3kHby1g tt0a0/AxsKC92F4/GSLC4+fOf+gbOYyWhK9au4n37cuaoswCbO0QhkUJlSI7C3rc8qEUE8 Hgeah9JNAscv2b5Apbyz5aJJ4sdDlhU= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1667851906; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=iEhGQBORrPVumnBMxTMLBFbKr9wQqOi5a+QB0GVHkd0=; b=1A7SjFuNPk2G//zcII/9uCInacBqBam/L+Eq7LrkwYt0sw9kKXLQIwx12iLLk1dBp4wJ/c S1eBKYrzh3BVEPjjdN4ZdwhM2FUxQoFRXp8tY3CS2+89Yf4w92Sed1kaZWdSPBQQaFdDuI NEfXlAkjc7ZqTr+VW08tjXm4AAKWnF0= X-Rspam-User: Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2022-7-12 header.b=aYtTWShI; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=zckah8y4; spf=pass (imf24.hostedemail.com: domain of liam.howlett@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=liam.howlett@oracle.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=none) header.from=oracle.com X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 908A218000B X-Stat-Signature: n571ou597pzc9rkm3jsy7x539mpcbmbt X-HE-Tag: 1667851906-30602 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When iterating the VMAs, the maple state needs to be invalidated if the tree is modified by a split or merge to ensure the maple tree node contained in the maple state is still valid. These invalidations were missed, so add them to the paths which alter the tree. Reported-by: syzbot+0d2014e4da2ccced5b41@syzkaller.appspotmail.com Fixes: 69dbe6daf104 (userfaultfd: use maple tree iterator to iterate VMAs) Signed-off-by: Liam R. Howlett --- fs/userfaultfd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 091d95ddf9a0..a5ed75271c15 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1630,17 +1630,20 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, NULL_VM_UFFD_CTX, anon_vma_name(vma)); if (prev) { vma = prev; + mas_pause(&mas); goto next; } if (vma->vm_start < start) { ret = split_vma(mm, vma, start, 1); if (ret) break; + mas_pause(&mas); } if (vma->vm_end > end) { ret = split_vma(mm, vma, end, 0); if (ret) break; + mas_pause(&mas); } next: /*