From patchwork Fri Jan 12 01:39:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suren Baghdasaryan X-Patchwork-Id: 13517880 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6CE8C4707B for ; Fri, 12 Jan 2024 01:39:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 17C2A6B009A; Thu, 11 Jan 2024 20:39:42 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 12B666B009B; Thu, 11 Jan 2024 20:39:42 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F0E0D6B009C; Thu, 11 Jan 2024 20:39:41 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id DD1F86B009A for ; Thu, 11 Jan 2024 20:39:41 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A557B40658 for ; Fri, 12 Jan 2024 01:39:41 +0000 (UTC) X-FDA: 81668952162.12.1044156 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf19.hostedemail.com (Postfix) with ESMTP id 0D75C1A0003 for ; Fri, 12 Jan 2024 01:39:39 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="AXAVOD/j"; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf19.hostedemail.com: domain of 3W5igZQYKCEIwyvirfksskpi.gsqpmry1-qqozego.svk@flex--surenb.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3W5igZQYKCEIwyvirfksskpi.gsqpmry1-qqozego.svk@flex--surenb.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705023580; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=Qjkb+fNJWR6xhFFz1SHKSBqJRogg6FXIJfRr2JQH98A=; b=gOr+35Tf385wPQ9NIG3I2m4Fel7NooXUtmrM+WYyCrKAwjs1EN65gHYPXnHrd+WwRCb9UL HZ/ZVLSKVY+hY+oQMqaKgfyrTsaC5Yudg9FEGeRi94uuec+J8naOKyayAQYxNgP6UtTbDZ 7BiBH7v8sUf6WN5Rzxx7TbNwr2RmKcM= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="AXAVOD/j"; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf19.hostedemail.com: domain of 3W5igZQYKCEIwyvirfksskpi.gsqpmry1-qqozego.svk@flex--surenb.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3W5igZQYKCEIwyvirfksskpi.gsqpmry1-qqozego.svk@flex--surenb.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705023580; a=rsa-sha256; cv=none; b=Mq3U0+Lr39emEd5bGVTPK9wLeNcw/QrQ12VRqxtIbY7uwFlfoOhpfzBWTZRMIl4vbO21/y hvBk6x+SNLbxdDaH0eKCOmD0pYaBnSwA/JtMC7K8tfWFUEUUf/F+PROTT+egyVSN4v8s4F 4E79KHFfDcmr142TFI78FlA2h7pyokw= Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5f8ec09e595so90439877b3.3 for ; Thu, 11 Jan 2024 17:39:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1705023579; x=1705628379; darn=kvack.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=Qjkb+fNJWR6xhFFz1SHKSBqJRogg6FXIJfRr2JQH98A=; b=AXAVOD/jIKZDTp7QD7kBMipM4eb1PH8Pxp6vGdJqknume9jbkdFCjzckgBuyCb9y6U AjOmgyxruWJ4XiCJbh2eHcOlH4okwYeZfwWQfOQte0tHQ0plx1ip18yLuknPFrKssE5A HBcppo2jfM9cNSlOiBsv3B9u43NBi3Fmnw/1E6xQzoeGcG1dC0uVWtCbFVr1IczkRsnv wTJq8U6hdstYaRR1maQTKFilyzEYVQasSnwwD7JnvlqXec5i9FuSuUyYqOBkpkxEro5q sRDY6eJaPAacrIjCTjNVFlfQtRn/+OFYUH4Z89oL6pFS3sO6ythA50BbALmAbrjItPGb IA1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705023579; x=1705628379; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Qjkb+fNJWR6xhFFz1SHKSBqJRogg6FXIJfRr2JQH98A=; b=kIiG3aDiwl2OQB3wjeLVwfISG75Mt3AS1rOBVa3/st66jvj5HDbgLFYp7ge0OJ0jSg IaUZW9Vhkt5Ai6j8RIrnp5BfrmyplQVFUSEoLP3cAHoT9MDmN81KD/oy615JGAZNWOoq Lx5eZEzP/9k/lpnvAGE6W0hBC8WY0qLL+g+Fjt982ipnTf2hcNZF+uICmY5ZDSZZZtR0 /GrBdBwOw9Z35BhJcLP3EZoDGk96yBc5oeoUWWT7axPQiQzLGpHlSt8T/KxzSMWHO/wO oIpg/yyc2qOBjqbbxpFMZwG9rHXUfwHDgaj3TmZOmUNEJSJhkZqLFU/VOauLRWOve8SI h+VA== X-Gm-Message-State: AOJu0Yxf9B/OV/rQIFiko8D6fugLNm2KUZDu7HRbAr3g9w0eVxYY7QVz nYMYm01TA4RDAn+DYJ530GzaPgWTVoxp8N9OMQ== X-Google-Smtp-Source: AGHT+IGzJzjHd+iigkHZAN1EU611VoZCrWCQGShoybdldgtRabz4JD0KU6CFkn8b9WwpgLdsvL/6X/kfzfQ= X-Received: from surenb-desktop.mtv.corp.google.com ([2620:15c:211:201:ab5b:bf4d:6e91:c0b3]) (user=surenb job=sendgmr) by 2002:a0d:f983:0:b0:5fa:4896:7114 with SMTP id j125-20020a0df983000000b005fa48967114mr361857ywf.5.1705023579073; Thu, 11 Jan 2024 17:39:39 -0800 (PST) Date: Thu, 11 Jan 2024 17:39:35 -0800 Mime-Version: 1.0 X-Mailer: git-send-email 2.43.0.275.g3460e3d667-goog Message-ID: <20240112013935.1474648-1-surenb@google.com> Subject: [PATCH 1/1] userfaultfd: avoid huge_zero_page in UFFDIO_MOVE From: Suren Baghdasaryan To: akpm@linux-foundation.org Cc: sfr@canb.auug.org.au, david@redhat.com, peterx@redhat.com, aarcange@redhat.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Suren Baghdasaryan , syzbot+705209281e36404998f6@syzkaller.appspotmail.com X-Rspamd-Queue-Id: 0D75C1A0003 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: kqysetk5yabyeqtea4pdeemypqzhtajm X-HE-Tag: 1705023579-962232 X-HE-Meta: U2FsdGVkX189TtceTHx9o8duLRcRh342Pu3kni/ePXXXlJxmn3ry2jG5WCekXIJplbyuPlNJsd+j52NZS5yMFHxIo6TFetUC3sIcl9SyLBFQ9L5UyZXUnfwdWp8p/yn6lst51uDThsUIIEtIxvTF81bOVxUuC9VJDrIbVllK6ziNASnMS4JUzM9tZxHahFBMbvJL23lA6QaKYxYofdwdDFUWOgtJJdWzjz3KKUz/SfVyD3INEReORNwukwbsnBgetphR5iHFEQYHe8DKXvVFTd6CxNbEH4Ouua+cErb19VKvXWxGQal4+V4dY8+7cmo+lMWCmBt21qVVU00z6NvPBsKWEijonmKsPImggfTa1glx9AYeEioC3kHsT/do5XTelpoyh/vQ8GOeYJUHPjVm/Da9ieaoWUDHc+uwjLC0jv8Tb5Azocn89s84nBpZ6j5bOUe4iKN0QFm1zKclwrxdjraFxEEtvsacgDAr2RBX3afRP6iZQKlNPx+gzUOmHMk/S9fn61hM6005tF1iwlb1Ktt3ycVwh3slZ5VAb+iS1gPZ7X4C/UNADCkoot6swTke690iGUP29Zt9ydVPVLr9VNE1pWF872aO4z8UjTYVEU7qeXph59+IPUkhqogpnqD7E5lWW3BoSZN1pfPUbiUFClouzS+3fPRYdGtR/0qV/7DWiMIG1SNvIlXI2QfFucGYx/c+p9GMhbgP6Uh4N3qjz5sy+2y0tXUkq57c/1bFJ7BVhwrRcFJ3ZjMP40RI97FwOtBOTuP88IBe0uNWFqOXDbyRuC+fLwuEAo0BUW1aR+VOwN4w3GSqKFiNpJD/6cSOP5tkgoSLGPOlwb9xFHal6B8vuDqrRint7AnDLTa+yTEWI2QanFq02WLK3fnpU+x2YH7WDLsWnsmwh7x9qocxzVZsUkH0XFS+mrWr6ufb5WFxlvYChXDQNNMsRP5iByHDQa6R/dRp0/uJZawbXhx ImMQ3un4 IqwwoTeDlDZbg5Vm0k4/MLmfOOzyE4rQQt5KlgJy2J4HMTPkA1jJJ82NiSqrdG2n6yaCCoNJNsKfJdfZW9IaZduvDxNilTyhsmRHL8gU/IxHZ7mlnL9gbUXbkcWq314k+5DhQy8DasAVZLrPWd0fCqOjROiGVq2M0Hk/keAfA4IWBW1NuYeb3lRH9D4QgLzWm4vwOX2dMuNKx8vXYl+DvDesmfzfM9u4A/gTb7OUlz8fvJ6GFAdQDzt6MQjvh1gh51Z3r96m5Jt+CqIOBaqUW6a8MlaGqohh+ob0jzZ/gR8BwNyjL/ivJ9G2zN80b01FNZKgzB06yxXwBuUmO6ckY7I3UYIDWKnf1TG8iFI4MjhxkPrgGZtWpLE2Amnq3rEcskq01H2N25QFqqxD6fYeuJTb2XH8GpzR9awK+9pNEfWqWNXISe1lJ0F4AFqKjEDnIJ/GimU6PmmFzLDrByOG7jojL0zbpxyt1SwMp2uJ9eV4hx4WZO9LyIJ0cGZTokr9vV/5Nt3XOLK9TdfYX//QUq/Z/MUUCAeyOUWkaSPdoownuzvDQlCGY+VKV2o+PfsldHSQwYk75SHlPC+6m2M15BygfxYcY0jGgIOcb9q1NEN3wU8D8Pr1GMryrjMFIEiTxNalwE2AVOVrblIFnB+wDvASQLpHYLoR0S4cmqA5P61VbkV9yRqgvcmC8CdvkSilAgyHhS01zjBppp9qLRDBrEtuJa0Mh184DpEZAN/qrrTWQlDmDfAHrJSWbVyJpMBxNBPzrGClnQHvva5CHLZlRz2ELzJL0d+GmJY5kCnrC7HaxPZT/PvObhQ2bJA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.003883, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: While testing UFFDIO_MOVE ioctl, syzbot triggered VM_BUG_ON_PAGE caused by a call to PageAnonExclusive() with a huge_zero_page as a parameter. UFFDIO_MOVE does not yet handle zeropages and returns EBUSY when one is encountered. Add an early huge_zero_page check in the PMD move path to avoid this situation. Reported-by: syzbot+705209281e36404998f6@syzkaller.appspotmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan Acked-by: David Hildenbrand --- Applies cleanly over linux-next, mm-stable and mm-unstable branches mm/userfaultfd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 216ab4c8621f..20e3b0d9cf7e 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1393,6 +1393,12 @@ ssize_t move_pages(struct userfaultfd_ctx *ctx, struct mm_struct *mm, err = -ENOENT; break; } + /* Avoid moving zeropages for now */ + if (is_huge_zero_pmd(*src_pmd)) { + spin_unlock(ptl); + err = -EBUSY; + break; + } /* Check if we can move the pmd without splitting it. */ if (move_splits_huge_pmd(dst_addr, src_addr, src_start + len) ||