From patchwork Wed May 17 15:04:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13245168 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CEF8C77B75 for ; Wed, 17 May 2023 15:05:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9491B90000A; Wed, 17 May 2023 11:05:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8F932900003; Wed, 17 May 2023 11:05:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7C26B90000A; Wed, 17 May 2023 11:05:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 6E2F8900003 for ; Wed, 17 May 2023 11:05:38 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 1450E1A039D for ; Wed, 17 May 2023 15:05:38 +0000 (UTC) X-FDA: 80800071156.27.3283211 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf12.hostedemail.com (Postfix) with ESMTP id 7376840031 for ; Wed, 17 May 2023 15:04:15 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=g7q6+UDZ; spf=pass (imf12.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684335855; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=aKfI7nGzD2I3Ynu22nDkf4FYJvZWwReJ+wZAUGwJk6mQyzXipRWiXpQCdZUytMv5npNrWD drDw+cOU+k0yJmzUk0Z72XIRwFw9I1EGF/nY74DCWHOe50o6N5seY1KYpYAEYy6bePoM2J Ho2ONG943U1MreRC3od9ng+nDBvjsrs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684335855; a=rsa-sha256; cv=none; b=cEg33J751JsL6McLvtYsIA5SM4tIIf+JCXrD7z8e67BlBLFtBZO7wZXOeYuNleqq3AhRjL /v0/bq3bRX9aRO/Q7jpM4BFEMQKyjTUJAclP9Tpq5IrwJwqrVFKSqItFhU0+aGr7PfjCB0 QAMwD39V/L+3wfGo71GbN0wiC8HsQGc= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=g7q6+UDZ; spf=pass (imf12.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684335854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=g7q6+UDZXgs8jKvcS5sgqJWBcVUtkmBSmQtQOteh9lAGVixpqq2tQF7ryBpToOZ3i9HlMJ bIM4eNsAW39DpHWmdx0uUjxCM/MV31DoItTZa12gfBoyH78YHPLPHPsOUgfYCU6gUvOxYy bRXZw1HfsKytQ2ulS6rdPCzCrnEY0gQ= Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com [209.85.219.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-664-mE_D4iguMWeprytTLRyXBw-1; Wed, 17 May 2023 11:04:13 -0400 X-MC-Unique: mE_D4iguMWeprytTLRyXBw-1 Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-61b636b5f90so1796946d6.1 for ; Wed, 17 May 2023 08:04:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684335853; x=1686927853; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=edglVjlipN4lhW5SleLWbOX7Z/+w/1aIJGr/McbvQgaHSsROuvk7k4aFYkfwiBDDb3 7eE62J2KIz8Tlo+beDLGgu9Z9yqjezgIbbxq/Vo/c0T7yXaHvLk5yvFHGheyNCVtWqR8 Ksa3DTKaBiiBzFp4DFotSq0meBy99Z+E5TFDjN+a+pWb+DHGrg+sTnGhgtzSQTtJJHQt SpvTbTEWpny0Ic6ev9/q3Q1xcUxYP0C8e0sgAIFx20E0pkpn/Pl7BrjPs9AsBTvb2vgb Ekfmobl9C7CDrzsFfxq/3o96lQxkVRnLJ/KZ7x6JZoXyHr/6j22U9XHhla5AErjZuSYH AkwQ== X-Gm-Message-State: AC+VfDy+AS/xFhk9KMRE+ivcUxQWgvgI99Ubi6QzYKs2+MZTVjpJpOJ4 C88KArLjaVH+7s42039Ej+bxXp4Z3VmEarI0hQL0XB5n25UHAeMn7hyAM9bAX1NYPGda6vIyYPu 5uYwwveofrDE= X-Received: by 2002:a05:6214:cc8:b0:623:5678:1285 with SMTP id 8-20020a0562140cc800b0062356781285mr5664662qvx.2.1684335852776; Wed, 17 May 2023 08:04:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4A7kugtT7Bx+EHF80tM99neHimNnRwy8AYQ2bdr/AsAi1MAhOSAI8qAPppaefRrYgb8kIRbA== X-Received: by 2002:a05:6214:cc8:b0:623:5678:1285 with SMTP id 8-20020a0562140cc800b0062356781285mr5664630qvx.2.1684335852517; Wed, 17 May 2023 08:04:12 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id u10-20020a05620a120a00b0074d4cf8f9fcsm661141qkj.107.2023.05.17.08.04.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 08:04:11 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Lorenzo Stoakes , Andrew Morton , "Liam R . Howlett" , Mark Rutland , Andrea Arcangeli , Mike Rapoport , peterx@redhat.com, Alexander Viro , linux-stable Subject: [PATCH 1/2] mm/uffd: Fix vma operation where start addr cuts part of vma Date: Wed, 17 May 2023 11:04:07 -0400 Message-Id: <20230517150408.3411044-2-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517150408.3411044-1-peterx@redhat.com> References: <20230517150408.3411044-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Stat-Signature: totzp9874ejx8hs4auc6hmkienorbj93 X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 7376840031 X-HE-Tag: 1684335855-944950 X-HE-Meta: U2FsdGVkX18C4BoWqfWWQFQ9IAJnSjh4Hqay4ZWGtH//M7BuKIxv7aJ9+HL6JUy7unzDXRdpy91wU6coPyyQ7neJlG8Qfdamz651f8uO4FZTOYqj3f4J0KUIc4VTH2P5bmY0VZrvQwbYefpEBS7RY1w6d0xr8SFWRHxJazsE86x+e/kwaDoGKbg/4/MkHx3PPVmWWjnd17B4JkqodKpufEUGtP8+fmjJ9ZqS+C22lj5Y6dzl7MHx4Q3JGnsJPva20oUJBhSrbvxr/xtVJqI6LdrKKg+tObdD+DK1ipk1UxdKUsTswOAtx+8xBHp4plgx9siuQNQVCMCq8h4Rpw70mJDBLmwgTLOy8dl+vNonIbjRDissTuU9wTOw/u1tLS6UXV5wkS5xmfY4z9rL4YLS1Au9t4qG18/HQ/9oFlQAjt8Ma/tlNTarFfko0TKiuVs/+G69uG5FSSCU807xB6odBRp4GVYR2AXrda16SJvFyEE3gSYsDlMBwZtyRl2hTX4LApj6aP5np6lXQd2rZDWqbI9zteYszoAGO+g5hKoSZi7DGwxvGD/dhtTqjxKFPAqfFR0bgf2xI6+0OqukMsiJq5mp+XRnYFa34kVCw+qJwjqjxj+/xba/aU3TTrbX8LJaW11pruZWHKEHI7FKjng0I4h2O4lnmSyn+zh6riOpA9RJfIRvpszYHgwheHzYn0CjjVD6DPKG9h1gebYrgA4uqWxoGk30J7iX2aGuZNCbpwX6dATPwhCeHHxlqSjVrtME7Za9TBxt1Kjbymi00ZRK/7Dc0JOUGAcw7xaq5r7YO4qkk9zPoRUh7dMlBCyB6UNLYDRDTL5pBAJ1K3KeZWyJ0Q0/w+Nm+WmiWziN7gb4ChM1fk6abaDNsCimAiKJmcxX7LQ9rItLjHt2STd2UrAsIWBvEQYGp7VRnpi0OCg7mz4AkwLe76JtGQ1j0mvvITiUU8rYw+RbavsYYWbM02X lUCVfNw2 wqaETvhtuQ7OoD1LkWZeUPrnjG7trBKWCMBRKprKeDEgmFbg8rD0vqs+bu7lcppSpgTYaSgw6DU7Hp/wJ31vvZtFOt9gqtSLYbZCrpSE2NMEngfB4zjDOo1kHdpfrtdOAk2gSK+7gWcezYSce2hWT66oqcMtXy8IG+sMVlKdoPjZ1PIpGDsUT7w4t95LDcdOeA2o80zR6pVzfND99fKExRJG2I3tjPwZtoqSnE9xMThyFjfdioMFbBEol3M6OJSXY8rXCtDK3lbqVjo9UiQJ6946U7NwZ5sTjl184NehibfluYGia6BNZlldk2BUX+dVBrhtHTWUZeMh4/QeAcu4WY2w2xDBb13zhVUhSr9urLRtoLHmet/xLZ5W0rVOkE3QbgXXDwXu7+zr4Jm/Tu2/jWaVds+5Cqw+48tXwlZV2Jdjxc99qFcwKLQq+uwKYVFZLOe9lRQtmZ8i4Saq1Vf21gNk5cxOtifxZGy4TszfasKG+vewiaqdsSMCoYYewhMPL0QBgz3V5HNofTEYVwH5Et72Eofhk9Mhj3WDtuJ7avAlDM2Y= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: It seems vma merging with uffd paths is broken with either register/unregister, where right now we can feed wrong parameters to vma_merge() and it's found by recent patch which moved asserts upwards in vma_merge() by Lorenzo Stoakes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ The problem is in the current code base we didn't fixup "prev" for the case where "start" address can be within the "prev" vma section. In that case we should have "prev" points to the current vma rather than the previous one when feeding to vma_merge(). This patch will eliminate the report and make sure vma_merge() calls will become legal again. One thing to mention is that the "Fixes: 29417d292bd0" below is there only to help explain where the warning can start to trigger, the real commit to fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the issue, but unfortunately we may want to keep it in Fixes too just to ease kernel backporters for easier tracking. Cc: Lorenzo Stoakes Cc: Mike Rapoport (IBM) Cc: Liam R. Howlett Reported-by: Mark Rutland Fixes: 29417d292bd0 ("mm/mmap/vma_merge: always check invariants") Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs") Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ Cc: linux-stable Signed-off-by: Peter Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- fs/userfaultfd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0fd96d6e39ce..17c8c345dac4 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1459,6 +1459,8 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; ret = 0; for_each_vma_range(vmi, vma, end) { @@ -1625,6 +1627,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; + ret = 0; for_each_vma_range(vmi, vma, end) { cond_resched(); From patchwork Wed May 17 15:04:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13245167 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8DA11C77B7D for ; Wed, 17 May 2023 15:05:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 309B4900009; Wed, 17 May 2023 11:05:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2B872900003; Wed, 17 May 2023 11:05:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 17FF5900009; Wed, 17 May 2023 11:05:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 0660B900003 for ; Wed, 17 May 2023 11:05:33 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 8EF2116060E for ; Wed, 17 May 2023 15:05:32 +0000 (UTC) X-FDA: 80800070904.20.F0CD285 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf24.hostedemail.com (Postfix) with ESMTP id 8C68B1800D6 for ; Wed, 17 May 2023 15:04:23 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=hcAHLwoO; spf=pass (imf24.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684335863; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ms+Yw6xLDbHeWgltH2GeZ/mYx1EXxuQy0fD+zKwpp0k=; b=5dzopzAGwudgZVhj8o+XIMgnmpj9+7R41wKa6J8wBUOl7H0RlIINHg6JxaRvwxVTiE6pqr y8h7V4Wc5RqLo68X8DCzb2X/B9K01JMfiQOb6c5g6YNnCepdDvPb1iavf6JUG/srjAmgin VK5r6HIC9WRHnFEBL+70Jh4fM8aEQIc= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=hcAHLwoO; spf=pass (imf24.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684335863; a=rsa-sha256; cv=none; b=S8nnknMfEBzgA735PZ6lfWjCRxo+tapOvm5wy7EdJuCnotgeAtyEJoFPRmJhcO9J4SkcCA X+ei51RLizVHPaOsm2j0Smr/o/l4O7wCYnrUlK0+8gHrBkktYw+xfK4Mbf4GMIghDWxUK6 WCKAjWrwzzGoVkCaedc0StrPBTei22I= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684335862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ms+Yw6xLDbHeWgltH2GeZ/mYx1EXxuQy0fD+zKwpp0k=; b=hcAHLwoOFO6EzS8IBQtau3vvAe1fid/mg5nL8tonFbgkTF/kykh751lUsEYy2tg637ATMw fduivUAEcskJzKUhVT1f/WGMmk9A9R5JVAih5liZDweircY69iPFhYI0o0JcTJz2ENuHDO 2tirxQqk18anO/shw8y2fC5qwsBc+9Y= Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-326-6gJYAoOfMkqG52QZJZRuGw-1; Wed, 17 May 2023 11:04:18 -0400 X-MC-Unique: 6gJYAoOfMkqG52QZJZRuGw-1 Received: by mail-qt1-f199.google.com with SMTP id d75a77b69052e-3f387d3b41eso1457711cf.1 for ; Wed, 17 May 2023 08:04:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684335855; x=1686927855; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ms+Yw6xLDbHeWgltH2GeZ/mYx1EXxuQy0fD+zKwpp0k=; b=HiIwIpEJGMqpklWVprFV3kMPZBjJur8Gr4mdK4YGW+6/t6j73hYxY0Gs9oB4IAchrE rqNIG2FfqpZGhmr0NhaZWFQSK1Zvx1yqvIqJ8SBW9oW0rEyFvs3qK5VHmoHQVyScIW75 VrzAt0wYNA7o8ecwTkpibecy22y+rOtrkzfejllzVcpF2lUK7Uy3SZKj365Kn/GH5+QN w3+enYaSwF56xZzNwrReNCENT2vARfPmSDISa0DoFuwpZB/D1N5awZK8yDvunAuv0uFO fzO3rbpTDZ0HkXsAOH2XUXuWOKVBhmf3YP33MUrU2D0cuzDxUwIu1QoedtVbDY6PAsNE Th9Q== X-Gm-Message-State: AC+VfDw0EQJghtpWHDWhFIBv/mwZOPBjInLX3gYxHG395AZxgxOxsXSY lT7V8FhRIxbTgXmzlxVsbX+czuOjIGpok5U91BUkkzE4d4ZcH39LcXWkT6zhzrvExi9hD2cXW6c VpYofVOrnGRc= X-Received: by 2002:a05:622a:1a9e:b0:3f4:e9bc:22e with SMTP id s30-20020a05622a1a9e00b003f4e9bc022emr5674336qtc.6.1684335855173; Wed, 17 May 2023 08:04:15 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6hB1PyGgcmxyQUgGB/Eq0H7OvCFFhm3wB8MI1WHZGGvhbCG9ZQuuvRPeeeoIz0SVcyOGZnxg== X-Received: by 2002:a05:622a:1a9e:b0:3f4:e9bc:22e with SMTP id s30-20020a05622a1a9e00b003f4e9bc022emr5674272qtc.6.1684335854592; Wed, 17 May 2023 08:04:14 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id u10-20020a05620a120a00b0074d4cf8f9fcsm661141qkj.107.2023.05.17.08.04.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 08:04:13 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Lorenzo Stoakes , Andrew Morton , "Liam R . Howlett" , Mark Rutland , Andrea Arcangeli , Mike Rapoport , peterx@redhat.com, Alexander Viro , linux-stable Subject: [PATCH 2/2] mm/uffd: Allow vma to merge as much as possible Date: Wed, 17 May 2023 11:04:08 -0400 Message-Id: <20230517150408.3411044-3-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517150408.3411044-1-peterx@redhat.com> References: <20230517150408.3411044-1-peterx@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 8C68B1800D6 X-Stat-Signature: rsrw668pm9wt67ukcge5tmuyb199pu9o X-HE-Tag: 1684335863-346962 X-HE-Meta: U2FsdGVkX1+dsvBW0nLK3W96NbLud+v7r+QAXXe3IikWKKDJOORd/R5pYB3k9BNVgohJjwVHqfttijx6ua2XIo+FxhMNTDurTMuwe8i0L/aiQYJZwsP7P/i9RZdB5a6cZsyzNYVqtbV9dm2USomo88p2mVk8wOVmxOGZJvSFlSucJlF2b9e9/m5FWLQ+/1Pj33m5zeVh4paRzyDNSzJXq5KSgHu7LkZzaZ89xlhUsEGsjIfdunzeQsCHz4Rq7E55sy+VSHUVECFKDyo0emV8xs/P1iOvasDDvDmmO7PDJuKUyvLWbeyixuMsKvpjV/kqyxkudid8jLZtp3p39NxfdGnZ4zvsd+bH7O9bOs168jGEa+gJB7vfJheiDCHPU4rww6YKkffnfh2vZEg1NKsQrjbVSFhnavoVLCBcCJulWHh1NrssWPpeHWTxBdn2Og/onhEdGkKCVEGfv49m5qDXhk2lbo0P8/+FO9+t9BUViv0Sh9MI19S1xq1WCcLKXLXXCBvpeNAVa9dym6WlZQDSmXPfThJyyz6oshzfNqbbjOJwP9UZKfBKRKHsUVnny5VFtR2zPuQCSeyyOMbgYqIUcHxaXD7Y7AQhRE2sHo71URJvzf5UpeJuylMyP5/gAOym9ihgxk6ko+Tw1ozg/kj0CkhZhPVhpjISA7tc72Mns6EMZprqz9Az089H9ZrsDuDQOIwm0VpbncwFKG9J3xig349OEQHnV1eHnbJFb5L4X14sdAIc4RNXiRahmGe5IqIemHFFkNa8TFhsIgOYeAWHfabCb3RFBkPWqtTyt5H2D7XzGGk7SNI03uwvDx3ire7GgliYdPBwv+n5CfHDkuUpYFKC8FUu0+NGnU9mcev0/hE4LF5bSZTefnzuGnVCmyOVI/h4+ZAZ+VvQNMhHmOBzUp6QJGo05zsRowprWJoFxm5ZTSDsXPfIcEvbTLYw/uiqrPLoXuycanJv4fAMBjc 1KnVF1Gp O6yQBjI37Q3BP2FRK/fU/Z/jpR+kflT5cyueueitkuGAHdxzZvD+zjtOE26t584104DXPBvJOItlqLoxOaxs8k6xFIswJgOC7vRfNtMNbNxIvD8yZUvkpMfLNSmIXxHZ5ZlU5r8HVTVI2/9kSS79viNiHxlDjg28VKNnY8FRfsFyPSxOZHlZ+1HaRn1ROiB6D4nLUvbGX+cw/lNJbIRCAN6OUL1koobXwruNN53tlNJ3APlxzfXDoZYY1BVRxu03APfBpH+XBQI0x10wo38mMwZ89KDrx6UDFNfhUOe3A0dnRuQVTtcgzduc6dQhqdOnJW2L1Krq5GBYeZXqS40sAMuZ80daByVaQZ3OmJwdGfvn5h629tEAlfnz8IGETCkytDrX30YomyGdnXYGNgkS11neCjR+yVoZQZfnOxjbZ6/LHm06xjm2Z2NaZK4Y94NTqkC+GjA++9/kBGJMLiQHL3HZCqyjOBwyWOaIfs2xYQHYiSybzNiqb7uqKRVm9qYE2+spP X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We used to not pass in the pgoff correctly when register/unregister uffd regions, it caused incorrect behavior on vma merging and can cause mergeable vmas being separate after ioctls return. For example, when we have: vma1(range 0-9, with uffd), vma2(range 10-19, no uffd) Then someone unregisters uffd on range (5-9), it should logically become: vma1(range 0-4, with uffd), vma2(range 5-19, no uffd) But with current code we'll have: vma1(range 0-4, with uffd), vma3(range 5-9, no uffd), vma2(range 10-19, no uffd) This patch allows such merge to happen correctly before ioctl returns. This behavior seems to have existed since the 1st day of uffd. Since pgoff for vma_merge() is only used to identify the possibility of vma merging, meanwhile here what we did was always passing in a pgoff smaller than what we should, so there should have no other side effect besides not merging it. Let's still tentatively copy stable for this, even though I don't see anything will go wrong besides vma being split (which is mostly not user visible). Cc: Andrea Arcangeli Cc: Mike Rapoport (IBM) Cc: linux-stable Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization") Signed-off-by: Peter Xu Acked-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- fs/userfaultfd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 17c8c345dac4..4e800bb7d2ab 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1332,6 +1332,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, bool basic_ioctls; unsigned long start, end, vma_end; struct vma_iterator vmi; + pgoff_t pgoff; user_uffdio_register = (struct uffdio_register __user *) arg; @@ -1484,8 +1485,9 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_end = min(end, vma->vm_end); new_flags = (vma->vm_flags & ~__VM_UFFD_FLAGS) | vm_flags; + pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags, - vma->anon_vma, vma->vm_file, vma->vm_pgoff, + vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), ((struct vm_userfaultfd_ctx){ ctx }), anon_vma_name(vma)); @@ -1565,6 +1567,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, unsigned long start, end, vma_end; const void __user *buf = (void __user *)arg; struct vma_iterator vmi; + pgoff_t pgoff; ret = -EFAULT; if (copy_from_user(&uffdio_unregister, buf, sizeof(uffdio_unregister))) @@ -1667,8 +1670,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, uffd_wp_range(vma, start, vma_end - start, false); new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS; + pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags, - vma->anon_vma, vma->vm_file, vma->vm_pgoff, + vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), NULL_VM_UFFD_CTX, anon_vma_name(vma)); if (prev) {