From patchwork Fri Apr  5 23:19:20 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Xu <peterx@redhat.com>
X-Patchwork-Id: 13619577
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 01725C3A59D
	for <linux-mm@archiver.kernel.org>; Fri,  5 Apr 2024 23:19:31 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 559936B0082; Fri,  5 Apr 2024 19:19:31 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5099F6B0085; Fri,  5 Apr 2024 19:19:31 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 3A9E16B0087; Fri,  5 Apr 2024 19:19:31 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com
 [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 1778B6B0082
	for <linux-mm@kvack.org>; Fri,  5 Apr 2024 19:19:31 -0400 (EDT)
Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id D130A1C165F
	for <linux-mm@kvack.org>; Fri,  5 Apr 2024 23:19:30 +0000 (UTC)
X-FDA: 81977046900.01.84D5EC5
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by imf10.hostedemail.com (Postfix) with ESMTP id DFBA2C000D
	for <linux-mm@kvack.org>; Fri,  5 Apr 2024 23:19:27 +0000 (UTC)
Authentication-Results: imf10.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=B0YxqzZS;
	dmarc=pass (policy=none) header.from=redhat.com;
	spf=pass (imf10.hostedemail.com: domain of peterx@redhat.com designates
 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1712359168;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:in-reply-to:
	 references:dkim-signature; bh=HKzTrJInktvfKVrY1P9Lu04jr4tbB0gdRSWQZFOhm8U=;
	b=izGhrCk0ue1vcNyXh63noq/njMe441dSn/aJTWUPRZSabGVzrtmRitaXXs9lBtPeyH35VH
	7R/cVXk7mzNjpdpe6Zvit2ZGnSUs9Sh1pZRQtzlGsAq9O8lI7Gm4vBeSk3/eWVgNEyC0xL
	3nX06V9UsqfmQxp829FJK5F+azRIrSA=
ARC-Authentication-Results: i=1;
	imf10.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=B0YxqzZS;
	dmarc=pass (policy=none) header.from=redhat.com;
	spf=pass (imf10.hostedemail.com: domain of peterx@redhat.com designates
 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1712359168; a=rsa-sha256;
	cv=none;
	b=FAiaIU8N3/S+liYpANrOgQzo4+LvzDEI7guqMSaf3H2GXaIkcP5uPYZT+OVdGaIPIkCYdU
	01ALYj9OcEieBA7cvVXIwZ9HDNRnZeW41zQ7+D1ilnIBQ8TP6cn2S8P+Lhgzc7Y5XS2cZP
	/29etWgdpI1uLX4Bqc3rQXuWUb0NUjk=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1712359167;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HKzTrJInktvfKVrY1P9Lu04jr4tbB0gdRSWQZFOhm8U=;
	b=B0YxqzZSskokgZGLxdHOhPnzOWwwY9+3jM1Scr5AmT6x3Ew96PYM6xZjpw37hlhGicqNGm
	LMpHgrK2MA0Rm1oUaq2C//vMaqM/IfaNsLq7T4a8gC7vrm0lriT848OZSVPcHBtxACviYA
	4lKO+yxqu+QiV7fT/OqQl5duG6tFxaE=
Received: from mail-ot1-f70.google.com (mail-ot1-f70.google.com
 [209.85.210.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-481-hqjYiZ9JPUyWHcUoPkUfcQ-1; Fri, 05 Apr 2024 19:19:23 -0400
X-MC-Unique: hqjYiZ9JPUyWHcUoPkUfcQ-1
Received: by mail-ot1-f70.google.com with SMTP id
 46e09a7af769-6e9f13f050bso665851a34.0
        for <linux-mm@kvack.org>; Fri, 05 Apr 2024 16:19:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1712359162; x=1712963962;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=HKzTrJInktvfKVrY1P9Lu04jr4tbB0gdRSWQZFOhm8U=;
        b=CB1Xgx3t5N4GtQXOziMei2bjniCZXuAwHgipJuJGdb3pHAO1pPJwkLfSUPs6MVt0uT
         x1qC2h/1ZxMXXxSFOGDvkKSe0IXQXmERiDIJ/7HJYjHUoy89AihRzSz6kAWWXWn42nEo
         WlGHpF4qV/gAoTi9gACiqtBKAlo5U6PoUyauenjOuM7HwNnrNQx+mWI3CBdHLvRUG01E
         Ae1dCQ+YeUkPtoUM0xM6hMs//4Lh3XMfrHibxd4B3NbG702DMZxBN8v6oRZROxQ1Lyps
         7PdsIuhw2I79+d6U+efJJL9gWPagIaBphbgnbkO7iNRXKCeFEN5G0L91GwQsY6IJgwTY
         m2vA==
X-Gm-Message-State: AOJu0YwiT6L48zzMhhKPopIwbjo7bryg6tnE7a1ID0AXdlpqvPhERLru
	DRUTzbGpdRbLK00iKuzTpWx/MVXzaWDKW90IXWtSn8dUmlTDvrcaxxmtrBcPwkHXXst/CIC29Ky
	rB953U7GPE1TUITPDu+asfoW616iQUrBzFVlGj0+rCOozekyWKD80LneoOOeUE7K76PRSeCrQYR
	sF1h/fdE1QbXCT8K+wCwNPrJ8DyXEiBw==
X-Received: by 2002:a05:6808:2385:b0:3c5:dc47:99e9 with SMTP id
 bp5-20020a056808238500b003c5dc4799e9mr3109036oib.5.1712359162524;
        Fri, 05 Apr 2024 16:19:22 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFfjPnSmiyv8P7CJzOP7HOWBiDhIEG/B6ZJWV2xwl0fun8uJUpqbxe6oOulVbdccni8vhEdEA==
X-Received: by 2002:a05:6808:2385:b0:3c5:dc47:99e9 with SMTP id
 bp5-20020a056808238500b003c5dc4799e9mr3109003oib.5.1712359161965;
        Fri, 05 Apr 2024 16:19:21 -0700 (PDT)
Received: from x1n.redhat.com ([99.254.121.117])
        by smtp.gmail.com with ESMTPSA id
 fb17-20020a05622a481100b00434383f2518sm1201198qtb.87.2024.04.05.16.19.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 05 Apr 2024 16:19:21 -0700 (PDT)
From: peterx@redhat.com
To: linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>,
	peterx@redhat.com,
	Axel Rasmussen <axelrasmussen@google.com>,
	David Hildenbrand <david@redhat.com>,
	linux-stable <stable@vger.kernel.org>,
	syzbot+b07c8ac8eee3d4d8440f@syzkaller.appspotmail.com
Subject: [PATCH] mm/userfaultfd: Allow hugetlb change protection upon poison
 entry
Date: Fri,  5 Apr 2024 19:19:20 -0400
Message-ID: <20240405231920.1772199-1-peterx@redhat.com>
X-Mailer: git-send-email 2.44.0
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Rspam-User: 
X-Stat-Signature: m16wy4pksmwj1ykzsfbdaps6axum1tft
X-Rspamd-Server: rspam07
X-Rspamd-Queue-Id: DFBA2C000D
X-HE-Tag: 1712359167-138857
X-HE-Meta: 
 U2FsdGVkX18YhN2UdIhzO7M4oul3YGtjUX2PBfcOtHLP1gx1yHxSs1UlKcEdTeR/yfQy7VTnw1D5IpKcELSfHGAV6Tm/zusORM9NbtfsurHfaGtTpt7Yrnvy1/sB8QrldjACxcxEHhA/YUUjcKUak1gmKrud46syMLYdLXRVNh41nK63yJwGb4gE18mr4hWzFCQUsZtTscYquDT44L8Lk1DMJnBBARoHmMauL0Fb+pQ4BwRp/PFQSalcJjdDCWozF0Q2cL3tqovwajdHSVfnZsKCoeG18rAN/Ux1s7oMQH0DyG6NIaZZf3GK2Kn0ReIwGoEzkQpTRZtUe1MdE7CGr1FHjsvdLyiRl1NVB7XmkFsdhV9dXU/qekNjOqUzziG3TevBGHrz0zJeCApcorAGK6LbROSG1RJch9xt0SvfqP7YobhF7P72vU+GPtNmhqdEZ7YSEJ4qFuMQ/WdBTisAObV1ydhftwSzzw8OKU7fdkIWSM8jcyWbRz+zUA/MN9gBwAPXg1WYAYdLljmPoEsIa8NADJnIE1b8R0hwCKf+0bNvvmErQY9iGRGy3HSeAtcxnkCxfxSPsGbS35rkJ36noR0nwH3EN9LO9MKYOcbDdyOHG1E7Q+5tV7g9bvHnIrSaq4SB2g7xu8Cf2CuNXqQ+j+Mgc/rMaTxWcZh/Qky+F/zYfc0F3pCmSn4oC+mN+1SgogodjnyMnNhPe2T6HpflwzY9+ABvSpdsK2vtHZCY5nddZPqJRlF8UP1Z2WqZxEfDC0h6OmWHvTb+JPUoC1iHRS3Fjv3F8EdiGi/hCELs1BxXwF3dwUu0BBPzUlGduF8MPNZLuPz9Ogvelh4Oe/IUiS/q7Z8CtwewsULkKzyWA93AVliOX5gi9RMScBJlMzFii2/JybGCcMvBKpO4xDPHtmjwdTy0Vu/frSVfqn30AmkVS5cmVOGM06WOq94shvR9kVj7yO0Ivk+BlfIee6L
 kebAqn1s
 Cl4sxklXIOd/lO/TBVoyhbo8Vu0SQMJAjWgAFVIuW0o/qzw/FrS86K2sPwsn1N7Hl+2xjWiAjBXJednAq5TLTtEcnD+EutmseszJHqyRNFSTVTJ8kuMgmxqRFt8FxzTFE3aBXSkqju28sEkz3dAVEBfX985pWAo6AQ5cH7gu3vKsOKBTqnDtzfzruaC0LDXEroWbI/LeotUrmGa61H9ucGqPrSA8fmufQa2Jope3F2YnXeWk5y7DLzenoV3DkiKd+W7/6Ct/Bp7gWpZSDmn5jdRhrebP42HvkyHRryb9qk1kP+LdxDhppcyXi/KFhK6h4T1v6eQgOdzSO/yoiBJhhGLn6BXTwpvIvQQzGw1K62d4aZkR+n2bfPYsOeWxP+T0C8J4A6vS+z6h557DiOUjmyoqKmDVYDEy5lQbWNLJ4ewGXYx3/TCXhqJqTp2CCqAfnuvHGBgfi7y+u4utrRHGqWGvb20c1LivmUUYjhetdYX56nfhmo+FxuEzt0hgoR8evoGpGZX+1g9QWQEwz8rJtmFOOWhXMoG4psCNgbqtPb9OiS89/jNE+B6k7szTzWAwG2+A3w600WwwaneZM5M8EDanSCCeXhnkoT7DF3s5OKtP+aKe9l9UEiidSswN2CLTx8bYtWh2NcnVO0Ekv7Jfbcq4OLycJUBpWkwLRnkJPso0URtE=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

From: Peter Xu <peterx@redhat.com>

After UFFDIO_POISON, there can be two kinds of hugetlb pte markers, either
the POISON one or UFFD_WP one.

Allow change protection to run on a poisoned marker just like !hugetlb
cases, ignoring the marker irrelevant of the permission.

Here the two bits are mutual exclusive. For example, when install a
poisoned entry it must not be UFFD_WP already (by checking pte_none()
before such install).  And it also means if UFFD_WP is set there must have
no POISON bit set.  It makes sense because UFFD_WP is a bit to reflect
permission, and permissions do not apply if the pte is poisoned and
destined to sigbus.

So here we simply check uffd_wp bit set first, do nothing otherwise.

Attach the Fixes to UFFDIO_POISON work, as before that it should not be
possible to have poison entry for hugetlb (e.g., hugetlb doesn't do swap,
so no chance of swapin errors).

Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: linux-stable <stable@vger.kernel.org> # 6.6+
Link: https://lore.kernel.org/r/000000000000920d5e0615602dd1@google.com
Reported-by: syzbot+b07c8ac8eee3d4d8440f@syzkaller.appspotmail.com
Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Axel Rasmussen <axelrasmussen@google.com>
---
 mm/hugetlb.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 8267e221ca5d..ba7162441adf 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -6960,9 +6960,13 @@ long hugetlb_change_protection(struct vm_area_struct *vma,
 			if (!pte_same(pte, newpte))
 				set_huge_pte_at(mm, address, ptep, newpte, psize);
 		} else if (unlikely(is_pte_marker(pte))) {
-			/* No other markers apply for now. */
-			WARN_ON_ONCE(!pte_marker_uffd_wp(pte));
-			if (uffd_wp_resolve)
+			/*
+			 * Do nothing on a poison marker; page is
+			 * corrupted, permissons do not apply.  Here
+			 * pte_marker_uffd_wp()==true implies !poison
+			 * because they're mutual exclusive.
+			 */
+			if (pte_marker_uffd_wp(pte) && uffd_wp_resolve)
 				/* Safe to modify directly (non-present->none). */
 				huge_pte_clear(mm, address, ptep, psize);
 		} else if (!huge_pte_none(pte)) {