From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98EC5C5AD49 for ; Tue, 3 Jun 2025 22:15:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 179766B0527; Tue, 3 Jun 2025 18:15:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 104156B0528; Tue, 3 Jun 2025 18:15:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F0D796B0529; Tue, 3 Jun 2025 18:15:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id CE65E6B0527 for ; Tue, 3 Jun 2025 18:15:29 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 4359D1218F9 for ; Tue, 3 Jun 2025 22:15:29 +0000 (UTC) X-FDA: 83515496778.28.07C11F8 Received: from mx0a-00364e01.pphosted.com (mx0a-00364e01.pphosted.com [148.163.135.74]) by imf14.hostedemail.com (Postfix) with ESMTP id 5C04F100012 for ; Tue, 3 Jun 2025 22:15:26 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b=Jv+6vYCt; dmarc=pass (policy=none) header.from=columbia.edu; spf=pass (imf14.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.135.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748988926; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bg24Q9e8jtah/xAc16ck8SlLx6Biq7CXknAdWAqxD5E=; b=lnvhuTsoCCYRwlChDSdKdlWf/AkVVAOKlzJWQpfFZdv0xky0Ejy/p40MK+X6ex8oXddVB5 Evw7ZCb9JAaHxhPpr5/hMuHsxuLEGFkIP4gJqO/ZSWxxUska4aMzi+HV11KfZTunutdOFW FgeyyV+VxlbvN0N3NalvA2PacCXYZCs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748988926; a=rsa-sha256; cv=none; b=1hvvwlvB4sZ8Oe7la85BIjM1IwUP4fU8yY2L2Hv71584N5Wa2kIsDD5PEtFuO+6NzgjPmz elceu91BBoE5Dj+1AXMi+T/Td3acFBrkMn/+QdFFtDw4sM1yk0RBiRdfKkcwkhpVRV4xLo XhDtR/lH0CFsnOTE+mLIbET4Fq3sN0c= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b=Jv+6vYCt; dmarc=pass (policy=none) header.from=columbia.edu; spf=pass (imf14.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.135.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu Received: from pps.filterd (m0167069.ppops.net [127.0.0.1]) by mx0a-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 553LAXD2016965 for ; Tue, 3 Jun 2025 18:15:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc : content-transfer-encoding : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=pps01; bh=bg24Q9e8jtah/xAc16ck8SlLx6Biq7CXknAdWAqxD5E=; b=Jv+6vYCtH1vIb9muE4Lvzej/sas2AFv3Cdwkj/GjTqqJjHlkyONBXnQDUHbzoawoaRxI 6RCo9rJ0YkpD9LVB2u8VMUiAUsaS8nu25GMCtMtpUirPXMHzd4PKLVPxZ0JG1DrApnvw ypYLxFs5rCwMnM+s2LSJGVnUvcO4ybERM9j6S7A3SM6ieRzJfxcbOdmLbMfipo3dLzBa VtHfI1kGHi++3OIEbX3DxU/+Ugh6+lT+/PVgVWKSdC+V+4vZVm2x7o+lCnaS6JiqVv0+ thlRq3LN2FQU6WojkTIrgpII0vrqMYivQiyaNPEplaWZpBHdDpfhh9MGgQtw9rZPbArt KA== Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by mx0a-00364e01.pphosted.com (PPS) with ESMTPS id 471etgv2rq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Tue, 03 Jun 2025 18:15:24 -0400 Received: by mail-qt1-f197.google.com with SMTP id d75a77b69052e-4a42d650185so73634061cf.0 for ; Tue, 03 Jun 2025 15:15:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748988905; x=1749593705; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bg24Q9e8jtah/xAc16ck8SlLx6Biq7CXknAdWAqxD5E=; b=WupvHxQDISTK5GEw6ci80qpFbereQIAc+qhwIIXv1XibkqHAlVzBskf9isPtfZi/G9 95krJ92SQgg6LEDSvSj8VUl3wPzHgmMq/Jqgvcqel9TM+O6B5qw0CZU2fHP5ok4yQgdR H0GvDVZKkUSchzSE3N6Ms488V/n8rZej27n2CG61arud/LPwhuQ3QAUkzRyw8Rljs38t h9VLjf6qQRpY9IBqi5dNjgn+kP2b1om7fCnEI9Gje2fI6TKRcjxZf/kMp2f9u2PjsuQL ERu/ni2p3Eux34MITFrJxDcGeznOryRxwpsoD10M/wlhZFha1oneneWGSnCw31ABPqTy v9ZQ== X-Gm-Message-State: AOJu0YzoGz268FMha1C3wZe+S8123mcrLpk1CUx/m0QbKWS0xfmNpAX8 wtXiX3IeFNBMTENBJIHiBxIivQXCPn4zHTWKtjzXJaz7YauiENy5byXb2+K7qVVtOiYp7O7/79B OvjIPoDRpnt/OOlPXt71VKWYx/aP6ZTujL4VXK+3rsstva19N X-Gm-Gg: ASbGnctjeZQrDmw4duG+OGrDLMTjJophga4HoRWzgnLOxpigZ3FysxL2ZKTBkT19tg8 VtvVfN3r5shv6IREmkosBdG8gtDtSbSHiJhthTSxHp22rP+AZlBSKdm/cTPOYEDQ7JatG37ji59 4xyLfsaEe8XV2/93Ar6Xnec6v8qGTzukUYUNZIJ6ncEpTZpzz7cAQoDuD8u1At49bqNEhtbMMLb gljqDauJxXwgUUt0bih7/mOUO+aET5nC5OR9Ruw5lq3Epg+oc0d8V99r+3g76Ghz0YnRNSf6asY FVOSQyX11mPpw2LeOGJHje31vYZNlHuNuxgIAY7A+lDaeUwL6p8lqZoaUA== X-Received: by 2002:a05:622a:5c9a:b0:4a4:3414:3f79 with SMTP id d75a77b69052e-4a5a5759bbemr12581061cf.13.1748988904795; Tue, 03 Jun 2025 15:15:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGEzoQH0sZBSRBHSaxiM1Ih0R6jzNTzEVjvBDvtQBBl6VqSZjQ1HlVesCPRbevn0B99owMG5Q== X-Received: by 2002:a05:622a:5c9a:b0:4a4:3414:3f79 with SMTP id d75a77b69052e-4a5a5759bbemr12580311cf.13.1748988904139; Tue, 03 Jun 2025 15:15:04 -0700 (PDT) Received: from [127.0.1.1] (nat-128-59-176-95.net.columbia.edu. [128.59.176.95]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a5919064dbsm33085741cf.53.2025.06.03.15.15.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Jun 2025 15:15:03 -0700 (PDT) From: Tal Zussman Date: Tue, 03 Jun 2025 18:14:20 -0400 Subject: [PATCH 1/3] userfaultfd: correctly prevent registering VM_DROPPABLE regions MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250603-uffd-fixes-v1-1-9c638c73f047@columbia.edu> References: <20250603-uffd-fixes-v1-0-9c638c73f047@columbia.edu> In-Reply-To: <20250603-uffd-fixes-v1-0-9c638c73f047@columbia.edu> To: Andrew Morton , Peter Xu , "Jason A. Donenfeld" , David Hildenbrand , Alexander Viro , Christian Brauner , Jan Kara , Pavel Emelyanov , Andrea Arcangeli Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Tal Zussman X-Mailer: b4 0.14.3-dev-d7477 X-Developer-Signature: v=1; a=ed25519-sha256; t=1748988902; l=1136; i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id; bh=37Yhqy8AU4wbTPIPEN/cYvBNg1+kOJHWPvbBST22r2A=; b=1POmKOKsf0VyIS7OUyi5fS+1vuMjG1lwHk/1r/s7Bsd3ipsKiWh0nDa3vFHMa3L6VFfXSZnr0 W8emj/MDZjPArf1SvuAY/CYJ6S30Ab1/x0gnYzXMV5ycQo2rlyY4eDt X-Developer-Key: i=tz2294@columbia.edu; a=ed25519; pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y= X-Proofpoint-GUID: wvSWUuhP2UFDTgqSneDiWFAM8lq1mrSD X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjAzMDE5MyBTYWx0ZWRfXyZv9HyHM8EAQ Q7Y8LmCVuB+3XTR4MYVwNEqYfZ7yf2vXzktf/Uqi/9Ch2dW0w51Ovql0j2ClOzFP9U9YD3vmghd 5jRzUbnDMdUGn1OyffxLq57vZIwF12TqWTOyMWdiwQAol/0exCVgw+XVE6dmlO2rX9v/l0OyI+h Ze5dqXv1t4T7fZwUg+Npj/NkuuRIPjvsokUXOF41RkHcQMWkO91s6N+Zu19huSAfNBaSLfIphiC yaOvKS+OFAB8VFvrRfBsvNJKZDUWk355dVlPW9k614IdSfnvbQGIgZXZjQ6QQKcHpG5duCdIAOV JqVtk2jQ4UhAhr5kFEP6SLWvX+4QDEMLi55DvzbO4RcwvssfC1V5Dc0o6Kk9LxvMV5zzjEhc2st yb0FrC97 X-Proofpoint-ORIG-GUID: wvSWUuhP2UFDTgqSneDiWFAM8lq1mrSD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-03_03,2025-06-03_02,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 malwarescore=0 impostorscore=0 suspectscore=0 lowpriorityscore=10 phishscore=0 bulkscore=10 adultscore=0 priorityscore=1501 clxscore=1015 mlxscore=0 mlxlogscore=899 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2505160000 definitions=main-2506030193 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 5C04F100012 X-Stat-Signature: oxujkgp9stjiyr81jumf9bzq5domabf5 X-Rspam-User: X-HE-Tag: 1748988926-595078 X-HE-Meta: U2FsdGVkX199tkMx37mKr1NslEJr2D3WvrmeMO+zgSZAeUHX/OGjLo5iSQQ3SjuflHedkbCJlNi8sqSAVjvVhTbIyPGvrD+VercN1/tJz8OC9lfTonn/t3l1RFxQ8MuJH33/CxtqE0VtRe72t3YJuBIxWDAYL1D/HYarRMFWhtIZY7eUcGoFo2XetlM5YWWo2bguSm+i1TaiIpcgV2LeDKGJi/0hiXe0QrSrhna2w11FwgFy4bzYkz/khFFHwQqKRhVIahlSLM0FJOb7w5jhoqW8GB/YZJH5Yes8fAOWcL547/j/9eOxsO17J+pgWOTNrJ2FuPZ4LrYlwJxkIEqdrX2JDdnZ2879BBOIGGLwnwzvQvoraO2wQy9tKjkFfGgMCipECMm0EVmwrIXXeklVGrANT3Sj7uEzetXj6z1PLXz20O4aBkOqB+kH0tKHCy+C6zGVBnXHGKCbjb4g7QYdpy0+CK8F/Or5reuIJyfAbILaxzfkxpXzXErMHJLpvjZ6vRV8o01HDsUUgBP3cKi/QE0N1aCS6lDx+L4ZveyLjAUrub3XFbbMP+prJ8eEEpspy5me8y76w22h+qsJU3PKo1+CxBv6XyP+FVeZD/zmcowKObDwFHoiX6kjJexWiwtP9GqgV1SFpSP/cLrD72spvLGZW4xuMIC14/N3cPbxpPUYW7JzIKyMT/c9yJ3UwqS0LlvVDsNSVE5zjcRTnWLOLBGc6gnJBE4n6TvjU4YO2J7Ru9r7WdfZYNqN7A/wv7vd03Uv0LIOlNDSENVdOtX7Iz3LNDsJkKEh428DrOmeySpt+0wZGf1R487f+Egh2dPZV0IFbUG9MCsSXG02NDmJEY1WlGVvlZkhqqbX6nIYhliRzVwBfcHLbQ8AGhRBLsErP6eQXDc6SBzg5bHrgtv9NZiZk7dUIdidh/RsJYRsIXbYy/1iYF1/tNWmF5pLWKuDfPcEK9+VvoUzWkebi6J PbxKTY7D oFO4+oelx+Vf/+qyYz2nD+47GMN/+fSUg1ZvHaIBlBwf6gVWacP0tlEnfYdNbpGkZnoUVz84g8PcOqIWa/gUSVbCVhhrzqMVcwH3A09TaFLNJc1D/Llp9dmZIx7I7jex8X4yN1A+n1iHUXLPqIJzH/KQC798gqRp32XwLXzS0YcRjMgfpz2Vj4/lufx5zJIvFy+aokoM6paaPOL7qzI3vEOndcQWvAlMwrsQJH3cMSLKqjuGUM06/+bX8Y2VHbUpkdAv/wH9PvoP1Mrwji/izT68nBZLpP5W3djL3/1hyp4UJBny5l8lOgLHzWKpYqQxFl1+UKqTLiROxRhU5wY4aEpGJNQQr3UiG1ClBeDQNBfJQKw+9YVNzrLyF2jgfv0GJJkaim/ngkuOmwmM2sCKzUVz66BpKiYrjv9vUsjuJH0y47R0KfyQwDFjgcJLxZtpwMRB/ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: vma_can_userfault() masks off non-userfaultfd VM flags from vm_flags. The vm_flags & VM_DROPPABLE test will then always be false, incorrectly allowing VM_DROPPABLE regions to be registered with userfaultfd. Additionally, vm_flags is not guaranteed to correspond to the actual VMA's flags. Fix this test by checking the VMA's flags directly. Link: https://lore.kernel.org/linux-mm/5a875a3a-2243-4eab-856f-bc53ccfec3ea@redhat.com/ Fixes: 9651fcedf7b9 ("mm: add MAP_DROPPABLE for designating always lazily freeable mappings") Signed-off-by: Tal Zussman --- include/linux/userfaultfd_k.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h index 75342022d144..f3b3d2c9dd5e 100644 --- a/include/linux/userfaultfd_k.h +++ b/include/linux/userfaultfd_k.h @@ -218,7 +218,7 @@ static inline bool vma_can_userfault(struct vm_area_struct *vma, { vm_flags &= __VM_UFFD_FLAGS; - if (vm_flags & VM_DROPPABLE) + if (vma->vm_flags & VM_DROPPABLE) return false; if ((vm_flags & VM_UFFD_MINOR) && -- 2.39.5