From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83F6AC5AD49 for ; Tue, 3 Jun 2025 22:15:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A7AF26B052C; Tue, 3 Jun 2025 18:15:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A2C4A6B052E; Tue, 3 Jun 2025 18:15:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8A65A6B052F; Tue, 3 Jun 2025 18:15:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 67E806B052C for ; Tue, 3 Jun 2025 18:15:35 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 1134F5FD18 for ; Tue, 3 Jun 2025 22:15:35 +0000 (UTC) X-FDA: 83515497030.04.B62B1D4 Received: from mx0a-00364e01.pphosted.com (mx0a-00364e01.pphosted.com [148.163.135.74]) by imf29.hostedemail.com (Postfix) with ESMTP id 6EA7D120003 for ; Tue, 3 Jun 2025 22:15:32 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b="hpRQPKI/"; spf=pass (imf29.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.135.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu; dmarc=pass (policy=none) header.from=columbia.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748988932; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=e3pRUkgAh0M+NosxUGiJVwkSepJnz0HXGJMPqHgMtIg=; b=BPn+CttOYTDHfZKRwsoy+oXddimqPaVQ58ktRGF0NGVX4ZbSSXTKpIfZHpEpuez+oTjoi0 66ApRVY+J/ygLOKscpU1qpuAgoYGMV+Bw1efPFI7yPqmEZcPO+f4Uq21GTFm/r9IkmOj+C dHm1eeKlOrGrlfkZeuonPiJPiOjPgoA= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b="hpRQPKI/"; spf=pass (imf29.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.135.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu; dmarc=pass (policy=none) header.from=columbia.edu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748988932; a=rsa-sha256; cv=none; b=dVOcdxLBWio1cxtUqRt+UeHpNIlvwzaD8i0gnjT0YU+1CwuVxqfIuHkOGEEvpwVIQAeB3o C//1bzehB5//vZC2hYsa7HQHJxJ92MEqkeR84y1i3DEmKKK/zfUis5uyDpImRtmOfqZvtR /ASs9WSG7nB84/IprLj9iRYmG5m2xgA= Received: from pps.filterd (m0167072.ppops.net [127.0.0.1]) by mx0a-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 553LApqH028388 for ; Tue, 3 Jun 2025 18:15:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc : content-transfer-encoding : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=pps01; bh=e3pRUkgAh0M+NosxUGiJVwkSepJnz0HXGJMPqHgMtIg=; b=hpRQPKI/stzykwj0Xw1FNjj6jqkUtRpSx0IsC9REneCnCMqLkZV+uzxWU70WWvD2oZM+ cW/5JPBhw9omfekfmKxXMZE/Zk5cG6h2nah119uxbsZABTAMvV/3whUd7Qriobuc/C5V 5ApFr0yCjIhJ/pmSKKSfQbiTAYkFxpO+Ag+nMGRxy2gAyxXLWWWVhziM0v5/E9vA7WRl BavMqEQ1oJt3WWLQ3sDhhO22aetov0m31E7ajdvDix/N5RDGVmt0vUr+q32tcB1acI78 hpzgejCSbEH04DcCTiXu8x2jzqJ+G70svatGKRp2W6cARY1ZK/tjiseDbg8VoNbnv4tj 7w== Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by mx0a-00364e01.pphosted.com (PPS) with ESMTPS id 46ywy0gy1w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Tue, 03 Jun 2025 18:15:30 -0400 Received: by mail-qt1-f199.google.com with SMTP id d75a77b69052e-4a4369e7413so111102951cf.1 for ; Tue, 03 Jun 2025 15:15:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748988905; x=1749593705; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=e3pRUkgAh0M+NosxUGiJVwkSepJnz0HXGJMPqHgMtIg=; b=SK1XMQENRJWlBv5NJcHSN8+7/mI4CVMv4bmbMgmLSk97vh6KuesAJ7eO4VIcGPHNmM 36snwdjdaZ4MQxNJG8tlZ7hZIy+IsKVaoxOM6jhByAHEfEOogU+OX/5OUlbs+lLWlrUM ZhXlOG6pHO3uOVUOxchXlGWWwAZQADoeHdKTAAtTKIZl+duRquKT4WKjVjjvQN0Hm8yN kjGA5nuA5GR8bGV1p5hT60mJyGmuG1i/22fZocFIEmUibaEDmYPruGXvDhyUumTd6ajY XdO6sdPgZwk284BD/4jxxjtelJIMNzLWwI3MK2SLPJbWX8ObCIRJf/29c9qAWyZIyWSZ aKEQ== X-Gm-Message-State: AOJu0Yy+pULnW6JmZYu1BtmrhUwCOE7s1ugOz04roO//W2QkjsxR2+6P h+DFwirl9Va4yRjpTekawhQjqL/rcKBRTSwfIVH9tiIsWu6hvaYbVQ59WLmdUhwyhZANKvMmfrE CUcA2Z6BJ9hs0pfUulhuBPoWHc2ki+ND97/UVgDsGg7fa9EGL X-Gm-Gg: ASbGncv7MlNyI5gZu6rhUEsIXQ4tyeKbFOLXO1xqckfAlyT3pCw1cwocR9MWXaZ6kSr pKNJm9RHRfeSYUd93ojWdMW98k4L8Vx9kE4pneFHp2ivbtYosSdrpMVImD7onM2h22eK6kRbO4f Fem47j2jwX3z983HSg+HJkL7FdDFXozGTS3DWF+pjDx75lmRNL0WeNvCMJvt7eULpcE9a0Y2Xo2 WO/wcOOwdHfl/TE3XBKAPbMS4+e2fEx/v/Q1TjUUgFHsAo27brf8ytUVYDFXG/UyMQuv/zdMaKu Uybfud971FTLCMGfMHSxMw2cfqVqhdgW5+VpMt8/IPdrWjlxT2MpAP0A/Ep8cUU8Ebkm X-Received: by 2002:a05:622a:1e1a:b0:4a4:33b4:1b27 with SMTP id d75a77b69052e-4a5a5779217mr10447671cf.20.1748988905427; Tue, 03 Jun 2025 15:15:05 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEikFmrJJ/dqAk5juLthWKuprt/L7CUTwYwNjyF38/d/IpLrhGAlBMbPlvV4jfR+m7idIKeKw== X-Received: by 2002:a05:622a:1e1a:b0:4a4:33b4:1b27 with SMTP id d75a77b69052e-4a5a5779217mr10447331cf.20.1748988904980; Tue, 03 Jun 2025 15:15:04 -0700 (PDT) Received: from [127.0.1.1] (nat-128-59-176-95.net.columbia.edu. [128.59.176.95]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a5919064dbsm33085741cf.53.2025.06.03.15.15.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Jun 2025 15:15:04 -0700 (PDT) From: Tal Zussman Date: Tue, 03 Jun 2025 18:14:21 -0400 Subject: [PATCH 2/3] userfaultfd: prevent unregistering VMAs through a different userfaultfd MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250603-uffd-fixes-v1-2-9c638c73f047@columbia.edu> References: <20250603-uffd-fixes-v1-0-9c638c73f047@columbia.edu> In-Reply-To: <20250603-uffd-fixes-v1-0-9c638c73f047@columbia.edu> To: Andrew Morton , Peter Xu , "Jason A. Donenfeld" , David Hildenbrand , Alexander Viro , Christian Brauner , Jan Kara , Pavel Emelyanov , Andrea Arcangeli Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Tal Zussman X-Mailer: b4 0.14.3-dev-d7477 X-Developer-Signature: v=1; a=ed25519-sha256; t=1748988902; l=1931; i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id; bh=6173djIpHY67AhiXkmcV2Ll4/Vt187imCK1efPD/7Ig=; b=8T6QODEVbi/mmjgbGFVZw/+kv6elEEqujUq9MRPiKoJoVsE166mOElZRzmD6ONQRXFEo8XnjJ botepy2REz7D8IxaMBLxBbHhlpvV1GgeUlQ3cMmpb5UsMDK0c3QU9g4 X-Developer-Key: i=tz2294@columbia.edu; a=ed25519; pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y= X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjAzMDE5MyBTYWx0ZWRfX6ENDBqOVj3du WQyV2YaqhQvsjbmYRuFYA3NVpy/tOi/rZdqapKX7zVECey8nX5i5RDWQWP74tcw4doB7sPKTFsm pSakNQv3FHZ1P7hXIQNqFIiYjTyppgSN8MMZtodbgOD2PlFHJ9z8/sS3D2bOmPH++nLuyh8emUJ TRC+nXBpAiDNNDEB+0UI5Q400L9XXqm7trvZJl4YXl3IkgzTu5xE0icF5nKAZhfAVJOKFmMPkHt AX7057E4L1nN0cYqIioRoHoD6YkjZ5n2Q5NZxl9gguCVGAywWMFvePGVR9o9z6a9o2c/m7K7LrJ kw+29Ue/KOs1CYgibBNlknjbaoqd3C9Wb7xP4AiygFo+TxvFaWAfnrDAXVYs91x/1tvFcVPncnV TC1tVl+X X-Proofpoint-GUID: I3dR_04XocuM5E_cAdpXrn0lR2h9ZEmY X-Proofpoint-ORIG-GUID: I3dR_04XocuM5E_cAdpXrn0lR2h9ZEmY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-03_03,2025-06-03_02,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 bulkscore=10 suspectscore=0 mlxlogscore=709 clxscore=1015 spamscore=0 mlxscore=0 lowpriorityscore=10 malwarescore=0 impostorscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2505160000 definitions=main-2506030193 X-Rspamd-Queue-Id: 6EA7D120003 X-Stat-Signature: hid1c5trwwgd5fik7fuck3hu7otcdnq7 X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1748988932-268987 X-HE-Meta: U2FsdGVkX189jL/DzCU0mrFCNbxYOhD8CCq4yYk6UZti29Q5zq1PCi+Q2iWQ3fukI6bYiM4Zbl8QM5l0RwZmPPzxQiCW0mOfMqzhyI6xTRleRs7kUWM7hplxG5xvbFn0US66ZFi6RqFyOR7LITW4bzcRpl9uX/i9U+JkShMT/6Py2n1pqmazXyKZlL7Ev38zBjyAJ0SGM6jV7uFcqsuAQ77AWjCgjA+4hrUQHZEGPS4d+qgknNCBh4o5+H+htCgt/fwL762hrUFZsgTn6HSrG/IZvm5JgZ0I8l14AESoakvi5gLBteQzeMP3JCFimFZbx1RVlYaPle9zH8wcCIj8as0ClRZnSllYX6VNu6NlCP3iFoaAWr2LOA1naeNZaWbYg2qdWc11Esfzi737xNk2XiNfcgP0Von4TTwFP4WlR4zhulDMKEsX+vJk3f3QQMMcpEf+2tcA6tSQ0CtwhkAQINS3hjEBzDCgotf8fXwnNckd6U7hDd/wHz6L30oMoGg5StNpCj5+z1sRPwrflwsgwvEdgi7OfHCmB82igfMwaoawEofDM0r9haTjn+dCznd6VTzQwYc7ZY3YAlxPj/YWhodzWkCJGrw/9ULKLb0CHWXp3lTOda2IQ+Qtzd203Kj5rCJygcxxqxt95Mj+1tVGmRRByOXXgaQJIgrPJYNwUyv6XiD3kplL2LEkZ1WpRtxrjm2juO8bdQsPo0aleG8/DKgu6nNk0fVfxSeM2++LAmyzUXO4uA83rIBukjNBSgXpzDU13ET4B5OqCadIwxKcqApF2vdN2DWYwgpNNQajk/w+unpNW+wyKtTIBep0h/hj3/+CpHTBE7hh1WNz/udmAomgNUOzDCEKAVUtRl7+QEB+cb1Ei8WjFtbsOJD5p4YbozrgLrBNcFy2D/WYXyMdYiRCaSS90Nl5+cUE5G7wW3QmqJPGcJKeu+vePfakIeaLGQcbdwS8q2OHtnN1jYy NdpPSM7O +xIdK6LuSKmBQTP8MA7OAxBetGeNz0Hk8tWReL4pjQI1MgPsW35hWVDuqKPnf52VXN1wpmF/5lRDmXaegmKCmUrPA+ZzFqcmtT0PSuNv5ZmjJxKH4rw6+ExGvTgzNR986S+hp+WqgYcOKJOwJ2VorsKWrVkWLgULDeHiHyNNkM21KUtdXHlQTpmzDFHPvtPd/x3p93JOBSXRy07PdW9ng3XGFS2fqouWBi5sFEOBwySka5RsEH90legK8wAgEVYY8o5lY1i9CqKBrUqHHkHjt7SNLJsNp+y5QX3JAhq1us/2k+B5kGTRUb+v5izSZiaaWAz7LpRq4Z1qiouf1aDFBq7Fw2A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently, a VMA registered with a uffd can be unregistered through a different uffd asssociated with the same mm_struct. Change this behavior to be stricter by requiring VMAs to be unregistered through the same uffd they were registered with. While at it, correct the comment for the no userfaultfd case. This seems to be a copy-paste artifact from the analagous userfaultfd_register() check. Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization") Signed-off-by: Tal Zussman --- fs/userfaultfd.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 22f4bf956ba1..9289e30b24c4 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1477,6 +1477,16 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, if (!vma_can_userfault(cur, cur->vm_flags, wp_async)) goto out_unlock; + /* + * Check that this vma isn't already owned by a different + * userfaultfd. This provides for more strict behavior by + * preventing a VMA registered with a userfaultfd from being + * unregistered through a different userfaultfd. + */ + if (cur->vm_userfaultfd_ctx.ctx && + cur->vm_userfaultfd_ctx.ctx != ctx) + goto out_unlock; + found = true; } for_each_vma_range(vmi, cur, end); BUG_ON(!found); @@ -1491,10 +1501,11 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, cond_resched(); BUG_ON(!vma_can_userfault(vma, vma->vm_flags, wp_async)); + BUG_ON(vma->vm_userfaultfd_ctx.ctx && + vma->vm_userfaultfd_ctx.ctx != ctx); /* - * Nothing to do: this vma is already registered into this - * userfaultfd and with the right tracking mode too. + * Nothing to do: this vma is not registered with userfaultfd. */ if (!vma->vm_userfaultfd_ctx.ctx) goto skip; -- 2.39.5