From patchwork Mon Apr 22 13:33:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 13638529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EBE9AC07C79 for ; Mon, 22 Apr 2024 13:33:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5E7B36B0083; Mon, 22 Apr 2024 09:33:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 59BF86B0087; Mon, 22 Apr 2024 09:33:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 438256B0088; Mon, 22 Apr 2024 09:33:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 259436B0083 for ; Mon, 22 Apr 2024 09:33:23 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id BE1771A0C49 for ; Mon, 22 Apr 2024 13:33:22 +0000 (UTC) X-FDA: 82037259444.07.36791C6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf28.hostedemail.com (Postfix) with ESMTP id BE732C0025 for ; Mon, 22 Apr 2024 13:33:20 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=J9vrGOBL; spf=pass (imf28.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713792800; a=rsa-sha256; cv=none; b=X+2hf5mPp/XE3z0aEBeNnqkwna8ARAO8OUxzdKbGT9bBnga7Iezt2iLhG9d9NBsYcd873k lDplk747q3NXL7zSxzxNaA3/9d+rmSc7VJG1e5/BlqmdTGxaKMyExc6CebB27g75KIoIlY YUhfyeNcwfHrJMxAogZ7wmIcWL86XFY= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=J9vrGOBL; spf=pass (imf28.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713792800; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=TsLvrrpgeWiaazNPsZyT6zMTgXSV8fNIsFxUi4A9ymE=; b=fyC84KjnbR1SRyI34opyBK9G9xsFGABV+SmGCn4P8wGA0loFXf0583Mdy5eIHoIn1aQNRa RTmtNEJf9S48wVTJ3WvTRRFedGpgiGmwfl0MglbvAND7TbWC9ivh22XhM5Uy/sMUwQuin6 GvUbi60ga/V4JieS6vJeOVT79ISA06Y= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1713792800; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TsLvrrpgeWiaazNPsZyT6zMTgXSV8fNIsFxUi4A9ymE=; b=J9vrGOBLg/sPrWl9201dAdgqVQprSf2UtZYSwrzFa9EobYLhRO0Rqa0M7DmiQQcbayLc9b 2GDWqE+9BP0KQx/x8zKq79pFusH45U3CTdStvoTFtqCdYTSl77VhMki9vBmSTTz5P6mWTj 9LSIKd7uhdkaChj/KEWzIL4sx5gsNnE= Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-296-qSe8pPHzPQq-FeMJA0fadw-1; Mon, 22 Apr 2024 09:33:18 -0400 X-MC-Unique: qSe8pPHzPQq-FeMJA0fadw-1 Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ab48d18776so522536a91.2 for ; Mon, 22 Apr 2024 06:33:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713792797; x=1714397597; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TsLvrrpgeWiaazNPsZyT6zMTgXSV8fNIsFxUi4A9ymE=; b=s96beGujImPzrn/cXFiOSyVWR7mICtmyixJhuTuafC1Ed3VrKc+YzsWXWhbKqgqkXp +3lljAF7LZPil41Tjr7tuW5cwI5U2DzYcSR3lKswjt1+wR2InLPPfh5dkJLGrOLL4y4E WcKjFK8e6VNRfUYSG8rIUE9soESIuF/zPz8OPJHWH91bXZcVfKVxYgkzqmRwaHZYqvQB 3g8M48aDdlzj61sZdx0G5NG/xPGbTKL/DvOJZm9Ohx7ta9UwQ+pJXVKD4lIVsL1sf4ZZ nrqlSvTWnVDOouIG1JfBhRuJOGv3ccEUJ27JUlmLVRXqkwA1Md+6qhAl7oRib2fljgNB Spgw== X-Forwarded-Encrypted: i=1; AJvYcCXINCBiKumaRYzeypPwhFZedk8Y6Obsp4kUws18YudeG54/mCjoZLBAOocGTSX59BD4ONBVJJy3PhUusrgC2AM11Sg= X-Gm-Message-State: AOJu0YxPnfd6gQhP9wIgLs5GmPwrQokwttl0gOTOmifPb9P/bDNzihpy IBCt7WESlsfhTI5owwuOVOpYRAwTOueFc+EhjbQsCnjNvXu98fWoOvMW97feKZjGZ2DYFaRcJ1s PXhAjVgp6Eud6a/jQgsdsYspRE2vCSySm5+nkMPMYCaPg+FWp X-Received: by 2002:a17:902:7b87:b0:1dd:e128:16b1 with SMTP id w7-20020a1709027b8700b001dde12816b1mr11644757pll.6.1713792797251; Mon, 22 Apr 2024 06:33:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFs+daoEIT53Szg5CEW494B5kmIIY0NotIcW6GQlEiEV8dnhii0L57FjTPcisCk2Mis3NrHgw== X-Received: by 2002:a17:902:7b87:b0:1dd:e128:16b1 with SMTP id w7-20020a1709027b8700b001dde12816b1mr11644713pll.6.1713792796619; Mon, 22 Apr 2024 06:33:16 -0700 (PDT) Received: from x1n.redhat.com (pool-99-254-121-117.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id w17-20020a1709029a9100b001e2a4663179sm8101993plp.258.2024.04.22.06.33.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Apr 2024 06:33:15 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: peterx@redhat.com, Nadav Amit , Andrew Morton , David Hildenbrand , syzbot+d8426b591c36b21c750e@syzkaller.appspotmail.com Subject: [PATCH] mm/userfaultfd: Reset ptes when close() for wr-protected ones Date: Mon, 22 Apr 2024 09:33:11 -0400 Message-ID: <20240422133311.2987675-1-peterx@redhat.com> X-Mailer: git-send-email 2.44.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: BE732C0025 X-Stat-Signature: hx83dyw1nzr9hdxpk4nhq5b174ktghy5 X-Rspam-User: X-HE-Tag: 1713792800-950529 X-HE-Meta: U2FsdGVkX1/xZ1F8fmpyHQYTZCeJ/uPoZi+AsjtZb9mNGrN2PMbQoPwvFDfaJ5yvbiybRg1kLFO8URYqkUS5ca+REsWaNyhux2JMHMutSi+KHhX3rw+mwSht2qamBksO+x3g81uNzT2gr8Rwiw8dhaZlhQtsLPBkbSBfzHX6jvk1C4ZDyGO632h9hE4K2BerMEipx1p7g1f/vBHVFSs6j5f65qG4mL2oP5e3kOisj1oU+8c2/aq7NYN+gpu6fO8b9r6hND8zWbP6CRksRMEb/rLdj0xDOReSSaF9oc0zd/7kyG0i8/6Um99wUPNRFqLu8XzbhbBW4ZeYENXmk1dR6kLduVSfKLJ97dqubIt0wIJYn4CoM1otvg+i/zRjuBLjwvNGQxQDBbimv27Ixuo0WTi7PPR0EBsqnorWugk3K5vyZXS4zKrOS6p2uaPf3ZI917Y98ApN5lGsqwoViU4n/X8Z9eaxkMEl8tB/RkSxLKigJXXhn6l7wGyCHCIIheWy7QsGAQoOu+UtkWxiMEyAmA12HVjCmUrHiKW3Kn+tuCT+9Fv1sajOBNA3LGCRXIb5D4GaussDBcI2OeB+gJQzFrBGBKV1U5HB0yJ70dZ3/fHZj99KK80msg8+Q3aHoSdfj8JgWLdLB5FKYS3jMxxQpNWea96/wlUP8cqeP6DjKY3wLM8o8uXHACuZ11aRSOJft8x9+ttRv3b1RpaMYZYFoZiIra8NfF8Oa8UMBWumBWF12OK+1pw7DQ7c8P5SJ6BhwPFlzc8/F/OrTi3S2/v2p2usPbrBk8xK/bUXRrzKq9jScURxba1RvANa/3BhDgoOlse+FKV/73HZGJJ2zxSQJO7QMkYMEBkx5K4Cd5VpMijV3kBaqzz5/51LIYj5eosSS8B0/+M6aduC/gXusPINMnQKZN0zJEZXm1l5it2K0NiedyL/Za5PaWoOmgrd9HqVBSSHzTLQGzWi3URN9bX HkYiTOUN oa7fROSD8CdX848rahiTFd0l3YOrRmCuyY05O0g4Ih5aCeCfvl4RsEjQFzCE8yONCeOq9I9w9nOFu8+MPXC5rEmZn1kWPQxr96Yi3zvd0Hz4LIfJU1uZhtbNAD+gLnIW5pigME5465VgyzZOVfy2lJm5jFIUPVfe1saWwmI/VIIyOOXBt4spwWfFgZKh4FEz+fS0guKQuEepbhkDvnOtv/6we9nuq3808MRHCoVJ3zHCy6Bhs/xC3gRWBTWt7Tj5c+bP5Qw1sgwV0Tjh4hM6LRaI0Woq4iKUaMwmH/4tI46W7HE0VnqpV0FRouiVuPirOe8vAwGR9wV02LHY8C6SbeZw2/YS/PaOYy69WOLDuduYCAhA85LVM7s8s/W8muk03XaJdSE06h85r9DLc2NlVueBj4TqefHCofsjSDQE2+RVAyaZ++InaauPL7YxflB8Ib/37GmvwEX8x2myMq9VtsAu94DcawtOupsxvdY9e0ASCXeJQCz33B0aLHcdDaCIdfyO9iTEKPhF8YGh5jcDr7pULcPIK2X5mz0s9WWoXPYsgYMPgd0k8gVQivXhOckystHTmYSdwysWy9CXTY8rW1WtwHtDkn7aVQeL+Uc6A3hWnVrEWUGiObGtvQw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover that too. Link: https://lore.kernel.org/all/000000000000ca4df20616a0fe16@google.com/ Analyzed-by: David Hildenbrand Reported-by: syzbot+d8426b591c36b21c750e@syzkaller.appspotmail.com Signed-off-by: Peter Xu Reviewed-by: David Hildenbrand --- fs/userfaultfd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 3e6ddda6f159..d2c3879745e5 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -898,6 +898,10 @@ static int userfaultfd_release(struct inode *inode, struct file *file) prev = vma; continue; } + /* Reset ptes for the whole vma range if wr-protected */ + if (userfaultfd_wp(vma)) + uffd_wp_range(vma, vma->vm_start, + vma->vm_end - vma->vm_start, false); new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS; vma = vma_modify_flags_uffd(&vmi, prev, vma, vma->vm_start, vma->vm_end, new_flags,