From patchwork Fri Aug 31 21:48:48 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrea Arcangeli <aarcange@redhat.com>
X-Patchwork-Id: 10584493
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EA6B5139B
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Fri, 31 Aug 2018 21:49:35 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D5B452C6E4
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Fri, 31 Aug 2018 21:49:35 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C94722C6F7; Fri, 31 Aug 2018 21:49:35 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6577E2C6E4
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Fri, 31 Aug 2018 21:49:35 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0D15B6B5920; Fri, 31 Aug 2018 17:49:34 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 07FB86B5921; Fri, 31 Aug 2018 17:49:34 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id EB1DC6B5922; Fri, 31 Aug 2018 17:49:33 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qt0-f198.google.com (mail-qt0-f198.google.com
 [209.85.216.198])
	by kanga.kvack.org (Postfix) with ESMTP id BF5896B5920
	for <linux-mm@kvack.org>; Fri, 31 Aug 2018 17:49:33 -0400 (EDT)
Received: by mail-qt0-f198.google.com with SMTP id v52-v6so16213551qtc.3
        for <linux-mm@kvack.org>; Fri, 31 Aug 2018 14:49:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id;
        bh=gOaK+U7b0GOsd/twyTNY+xb2WCT5dVpCYYZM8RlWcj8=;
        b=LyrbGICJCt9EP3rr4t1NSpspVITIe+gcDuReKPKhSUTYmUEbMx9B65ylcGfypS87s1
         vxjDARrPdYX9hLKZ7xTYVEe1GJW/mGnFEmugugrBO6DX4bwjV8WWdMgud/o6ak9nj/N5
         1EaajgurPvW1zaB8UUvRqdSP8FIY9vcqMOrD5O0D8t+Qo0shURIoMjJOfjKpNYhJg1Hs
         npRh2iviP9gnMxYDxwMzlMkCm118FuZHrWhHzhWVT09PC8hu69LP+b0edReiDueMzyiV
         aKhX5n6voOKFG9tSw13nwaY3QzSwj0zfBC3Tg8eTCJeC/Dch5eIzq4ZkK4zWhyobQdRA
         jIwQ==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of aarcange@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APzg51C34urZMkNA4eTamgY8rYj+C0LXHoirMZjU1UgHo48B4lnDf55j
	ZhlrssvC7E0Ziix1j6D/9ny1naitHgHnf3/7yzYKqHcYURFnSlemCd5QwhkMag4EcIbJnsb7Gx1
	HNkUA2bx6bCbCeOwBnxGmweEPQjF4BvrI6hMroZFY7O+bygjrqwYbwQi5Uab7nuc+Dw==
X-Received: by 2002:ac8:2c72:: with SMTP id
 e47-v6mr17800074qta.60.1535752173528;
        Fri, 31 Aug 2018 14:49:33 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdazhXPugER3+U7r3j3HUQMCcYYq8w6DJPq1ZrpxOUWQv3hxF16vl8tq6L+bRmFWy+y+On2c
X-Received: by 2002:ac8:2c72:: with SMTP id
 e47-v6mr17800059qta.60.1535752172933;
        Fri, 31 Aug 2018 14:49:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535752172; cv=none;
        d=google.com; s=arc-20160816;
        b=Pr2sWmjIu5/oGi12l+Ff9vFDMXwW9fyTklHFBYt2xKUVpLSiAx0W71Uqee2I6h+w30
         Y7+lq0h/JGFLzwVvHKV+CE/mWbiVN73+7Dgs/eMWBAmJKiOJvDVXowMO69RoY8xxu9iA
         onTT2C2wOKaqF2VgUEt9dhZjDIisgDOyeg7RHyok+KyGx5cX76rli9UEVhc+Uu+gbjif
         +pCTDOpwGZ0w2/+hT5ZL348woHTEn7ox25D5zLIwHxKXqU/DHdt3F9tJxDsE6pbj3b4Y
         AvGVDJeBSDgXktDQ+nXf0XQkJzHO08aMA1ybnBfMaJT2sexa8X4Wu05vfks6QHBwlbkh
         TNjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=message-id:date:subject:cc:to:from:arc-authentication-results;
        bh=gOaK+U7b0GOsd/twyTNY+xb2WCT5dVpCYYZM8RlWcj8=;
        b=0oGFFRtlwyd4G4bLInzl4TRogIpArTO7a7QUjGzD1mGUVl+P3DKhmzlBBl2M7fzv+e
         e3dCaIKuC/VwcolzGctNGBtvBbYmmJ0nn4r623vTAAuNbT6zxiJeHyslX8QGBYujZKxa
         RxPditNcwisXomkkkvx0etGhfXwhD4iJuQCOKNYYtmMU1nwTN6/MeD8wo9Bt/sz2FW8L
         N0r3aAnNTjqDnp7vQRFBEfbYcjPDXeIfQu8AZvPycMOyo7dQoXo/Jvrtrk00oKknQhOI
         2dEpudOaj+cB50Aaekv5a0AkuO/0OYtxmlXJJrhhUun14BrWWyTBQWb4t2I8SXqMEEtH
         Y/kg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of aarcange@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id
 h14-v6si9910258qka.90.2018.08.31.14.49.32
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 31 Aug 2018 14:49:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of aarcange@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of aarcange@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=aarcange@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id EB4BD8831A;
	Fri, 31 Aug 2018 21:49:31 +0000 (UTC)
Received: from sky.random (ovpn-120-21.rdu2.redhat.com [10.10.120.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 091E65795;
	Fri, 31 Aug 2018 21:49:27 +0000 (UTC)
From: Andrea Arcangeli <aarcange@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-mm@kvack.org,
	Maxime Coquelin <maxime.coquelin@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	Mike Rapoport <rppt@linux.vnet.ibm.com>
Subject: [PATCH 1/1] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR)
 to trigger userfaults
Date: Fri, 31 Aug 2018 17:48:48 -0400
Message-Id: <20180831214848.23676-1-aarcange@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]);
 Fri, 31 Aug 2018 21:49:32 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) called a get_user_pages that
would not be waiting for userfaults before failing and it would hit on
a SIGBUS instead. Using get_user_pages_locked/unlocked instead will
allow get_mempolicy to allow userfaults to resolve the fault and fill
the hole, before grabbing the node id of the page.

Reported-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Reviewed-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
---
 mm/mempolicy.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 01f1a14facc4..a7f7f5415936 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -797,16 +797,19 @@ static void get_policy_nodemask(struct mempolicy *p, nodemask_t *nodes)
 	}
 }
 
-static int lookup_node(unsigned long addr)
+static int lookup_node(struct mm_struct *mm, unsigned long addr)
 {
 	struct page *p;
 	int err;
 
-	err = get_user_pages(addr & PAGE_MASK, 1, 0, &p, NULL);
+	int locked = 1;
+	err = get_user_pages_locked(addr & PAGE_MASK, 1, 0, &p, &locked);
 	if (err >= 0) {
 		err = page_to_nid(p);
 		put_page(p);
 	}
+	if (locked)
+		up_read(&mm->mmap_sem);
 	return err;
 }
 
@@ -817,7 +820,7 @@ static long do_get_mempolicy(int *policy, nodemask_t *nmask,
 	int err;
 	struct mm_struct *mm = current->mm;
 	struct vm_area_struct *vma = NULL;
-	struct mempolicy *pol = current->mempolicy;
+	struct mempolicy *pol = current->mempolicy, *pol_refcount = NULL;
 
 	if (flags &
 		~(unsigned long)(MPOL_F_NODE|MPOL_F_ADDR|MPOL_F_MEMS_ALLOWED))
@@ -857,7 +860,16 @@ static long do_get_mempolicy(int *policy, nodemask_t *nmask,
 
 	if (flags & MPOL_F_NODE) {
 		if (flags & MPOL_F_ADDR) {
-			err = lookup_node(addr);
+			/*
+			 * Take a refcount on the mpol, lookup_node()
+			 * wil drop the mmap_sem, so after calling
+			 * lookup_node() only "pol" remains valid, "vma"
+			 * is stale.
+			 */
+			pol_refcount = pol;
+			vma = NULL;
+			mpol_get(pol);
+			err = lookup_node(mm, addr);
 			if (err < 0)
 				goto out;
 			*policy = err;
@@ -892,7 +904,9 @@ static long do_get_mempolicy(int *policy, nodemask_t *nmask,
  out:
 	mpol_cond_put(pol);
 	if (vma)
-		up_read(&current->mm->mmap_sem);
+		up_read(&mm->mmap_sem);
+	if (pol_refcount)
+		mpol_put(pol_refcount);
 	return err;
 }