From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1E81FC5B543
	for <linux-mm@archiver.kernel.org>; Wed,  4 Jun 2025 12:59:27 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 99BF36B05D7; Wed,  4 Jun 2025 08:59:26 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 925A26B05D8; Wed,  4 Jun 2025 08:59:26 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 83B0C6B05D9; Wed,  4 Jun 2025 08:59:26 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 5E7AE6B05D7
	for <linux-mm@kvack.org>; Wed,  4 Jun 2025 08:59:26 -0400 (EDT)
Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 10AE11613E3
	for <linux-mm@kvack.org>; Wed,  4 Jun 2025 12:59:26 +0000 (UTC)
X-FDA: 83517724332.22.33EE1D1
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf23.hostedemail.com (Postfix) with ESMTP id 4C828140011
	for <linux-mm@kvack.org>; Wed,  4 Jun 2025 12:59:24 +0000 (UTC)
Authentication-Results: imf23.hostedemail.com;
	dkim=pass header.d=linuxfoundation.org header.s=korg header.b=ItZAoWNm;
	spf=pass (imf23.hostedemail.com: domain of gregkh@linuxfoundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org;
	dmarc=pass (policy=none) header.from=linuxfoundation.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1749041964;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:in-reply-to:
	 references:dkim-signature; bh=uZykBQ1eIIttlMN6uAXTiDWDeBTH7HPN840lR3rrC40=;
	b=jtaB41axOlLCdLHOPuX23iPIyAWnnCASWdNXJU0U9BPvIBbtHkH0vOIutiYKjmIRPBnLzB
	x5q+8LYGWlp9vHpi3zmDMzwIsafAcX7lTXeyaf9Ec/9sS6qQcb03b/dM/PvrmK+PTTydrs
	Jv+Y9vQJEN72i1BvVHLdPv/NRKzExWg=
ARC-Authentication-Results: i=1;
	imf23.hostedemail.com;
	dkim=pass header.d=linuxfoundation.org header.s=korg header.b=ItZAoWNm;
	spf=pass (imf23.hostedemail.com: domain of gregkh@linuxfoundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org;
	dmarc=pass (policy=none) header.from=linuxfoundation.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749041964; a=rsa-sha256;
	cv=none;
	b=D/2tz+/htRaPYOp3sfdXIC9mNAP6FiygSnBZJNVeZi3spVJM4w7cdFtDjdmHIxkBctdNJ4
	QmDclBtgf1jyt/meUyxQ602perzVjNF3Uz2i5+tIqBr8gZfmYKMoZ0dwiShyg18kZHdHcS
	3duCPg1LxizePdkeu0MAdFnvRKjIQWI=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id 5DC375C59B2;
	Wed,  4 Jun 2025 12:57:06 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85F0CC4CEE7;
	Wed,  4 Jun 2025 12:59:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1749041962;
	bh=+gXQyOKukX8W4QypJFZ+lI8XTw8bDpWazWa/VVOGiLg=;
	h=Subject:To:Cc:From:Date:From;
	b=ItZAoWNmpDvEI7S7xZ01l3pUpuvnrKasp6msKe38CyVZ9JYZ9tIm4aDjXvvbrGeSw
	 HkWMgPf+TcP25lEU9qaG7nJxoqQVgrdRVPgAbcrfuuTvSD4Ti9jBhoB0N0mSfgavTF
	 MMNRGWZTCGGsPd2Nu0i+JjJg85VYRssIEy8Clg0I=
Subject: Patch "mm/uffd: fix vma operation where start addr cuts part of vma" has been added to the 6.1-stable tree
To: Liam.Howlett@oracle.com,ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com,acsjakub@amazon.com,akpm@linux-foundation.org,gregkh@linuxfoundation.org,linux-mm@kvack.org,lstoakes@gmail.com,mark.rutland@arm.com,peterx@redhat.com,rppt@kernel.org
Cc: <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Wed, 04 Jun 2025 14:59:20 +0200
Message-ID: <2025060420-parasitic-word-f315@gregkh>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
X-stable: commit
X-Patchwork-Hint: ignore
X-Rspamd-Queue-Id: 4C828140011
X-Stat-Signature: qkhwn53qf4x4g379hyd4e1dcz69f19s7
X-Rspam-User: 
X-Rspamd-Server: rspam07
X-HE-Tag: 1749041964-686060
X-HE-Meta: U2FsdGVkX19bnL7rNYPHV+8O3HONoM6GagvpEfC+Bm4x+TLbnwmpcqUc/RngQebuN+cuPSlhSUQY/HiDVtKZFHlH2hDPsLi91TefajNs+nizzL48OhW1ug+dQnty3Ll002Iai4giE/EhSub16uUyKDM9ki5DgMi0bodkJV/Uz+twARzKwceHyVD/UGutXGylAnEHJ1xcJ7r1y4ZYZNBbcelDsjj8k/d7fsMIsgUdVirwgVOXP120KfAnn3KMSfBV0GL4Cvzhx3DGwv9ey8vNttvWGmx50ousSF/pl64IqnoEDXUTEn6YZ0SdFeNpPMNO2vr8V+XAST1Tn4SK0YpH6yENHg0voL1BGcCo6dxrPfbZyPSqqYZQyn3a7QPSKTZ0F7BC+z1HxWwpB3qBFnQJwhx3BxhaKl7CAI4lPmeUfDioYCiGILvSJD8XD2gH1KIPl2eICxgGngctOLwCBcF/5geEcjzEElKglMWa/GSwmXv1rFlxMEvg2WTTwT3jeR85t/UrBSAPfLTr1CKbaZS23m0/egtJPStUFBBzpI5dylJzcpmTBFa0AWiatKzE1QjpuB0aPIHSylSkXHILdXsD5LEurFxByNg67657ahKC/EaesUnM3OJiggthNkQBWJ5i96G3NMb9poT1N57xrPSPiArH5zbxUQZQpo+6Yw7SSua3OxDdq6W+pZUqCFm7q4SFVGBQuot/SJfYMS0N0Bi854PC6yYlgY65luwMkF+UVRkqW8ubqmr9bjBUR0DnAoCmROdftFCtvg0n8uyMk5aovAcgiijtQQTr5Gn3QzkFbaDelHJrRjLBm0TrHO8PDbxnzeE3ng/VUoifcT+wco+Z8FlCxVC4llBb0HdihLgl8VAvhOQS8b39M0bUfxlzyA4B3EwGZ3mPJseGEAI/nqljap8s90waiuL1gHtNOmxQm5jQSLEEE6PqSVW3jBcndDUOqfmhOyBHi2rovxUklDr
 yF1IDMUO
 Q15c2gz5yyU3LCYB1j8FdwXjy8+gY5tf80CR0LV5ZCY5+IpUMQ22jY7gtiPXDu9VesQQMq6MZXsY8hUmcnl30GnUDGR7IaoNK2i7ceS2/Y4tOlzI7ZrKdvs/B3Y9AxOveaKP5oWdNAkgEj4NOz4r/SbK4moNlL0gZL+dQAUTXBItoW4vkqfjeuzKFsPzbIY6oZBKBUtttkC8bp7clYcZHZFNRQckC+JwggEiB3BmGV60yFeRwcdqJFbLrn8eJ3pVgUfNplRypBdk8AwJsgTFy80JG0WaKnYu4UxDHmgWbqPraS33M+XRdgpux7eWhGcQyKxpEWiWQQB/BRp9VwfTohxAi1MxOqsiRfFsioC7JRMUoN3ThCpXeLCQm7nDU2lu/47qgFBYCOoHfL2pC+EYy5iiv9pwlz+7t1C0JBJZbvA3jGVW11UlxopuuBiDAp5cHBvppwuUmNPm4ps1qdHlAzRjN29yD7yOwopkAjEj2TlT1V0dJvfEWUeybWGFFRfHsCOCpWQ94pYQMmwnwfo/k4uz80aBUu0NNVQIncMa+61yHHNUpplTJS4glE4tW7x2qKOqJ4alXE+5Un1lDSlM9OLYx3Xwlb5SZ4gZypWrWnx7SAYLTzkOtuEL/XVVfoQlyKf395utmdpJbmKZet0n1GwlQ3/L7weZlytUTItNIrrmKQo0HAZ2UdoTNHHRk1SfIIfDRK7u+4KVxnNALlRQ/LsQZuaC0PAq/X/mb
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>


This is a note to let you know that I've just added the patch titled

    mm/uffd: fix vma operation where start addr cuts part of vma

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     mm-uffd-fix-vma-operation-where-start-addr-cuts-part-of-vma.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 270aa010620697fb27b8f892cc4e194bc2b7d134 Mon Sep 17 00:00:00 2001
From: Peter Xu <peterx@redhat.com>
Date: Wed, 17 May 2023 15:09:15 -0400
Subject: mm/uffd: fix vma operation where start addr cuts part of vma

From: Peter Xu <peterx@redhat.com>

commit 270aa010620697fb27b8f892cc4e194bc2b7d134 upstream.

Patch series "mm/uffd: Fix vma merge/split", v2.

This series contains two patches that fix vma merge/split for userfaultfd
on two separate issues.

Patch 1 fixes a regression since 6.1+ due to something we overlooked when
converting to maple tree apis.  The plan is we use patch 1 to replace the
commit "2f628010799e (mm: userfaultfd: avoid passing an invalid range to
vma_merge())" in mm-hostfixes-unstable tree if possible, so as to bring
uffd vma operations back aligned with the rest code again.

Patch 2 fixes a long standing issue that vma can be left unmerged even if
we can for either uffd register or unregister.

Many thanks to Lorenzo on either noticing this issue from the assert
movement patch, looking at this problem, and also provided a reproducer on
the unmerged vma issue [1].

[1] https://gist.github.com/lorenzo-stoakes/a11a10f5f479e7a977fc456331266e0e


This patch (of 2):

It seems vma merging with uffd paths is broken with either
register/unregister, where right now we can feed wrong parameters to
vma_merge() and it's found by recent patch which moved asserts upwards in
vma_merge() by Lorenzo Stoakes:

https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/

It's possible that "start" is contained within vma but not clamped to its
start.  We need to convert this into either "cannot merge" case or "can
merge" case 4 which permits subdivision of prev by assigning vma to prev.
As we loop, each subsequent VMA will be clamped to the start.

This patch will eliminate the report and make sure vma_merge() calls will
become legal again.

One thing to mention is that the "Fixes: 29417d292bd0" below is there only
to help explain where the warning can start to trigger, the real commit to
fix should be 69dbe6daf104.  Commit 29417d292bd0 helps us to identify the
issue, but unfortunately we may want to keep it in Fixes too just to ease
kernel backporters for easier tracking.

Link: https://lkml.kernel.org/r/20230517190916.3429499-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20230517190916.3429499-2-peterx@redhat.com
Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reported-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/
Cc: Lorenzo Stoakes <lstoakes@gmail.com>
Cc: Mike Rapoport (IBM) <rppt@kernel.org>
Cc: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[acsjakub: contextual change - keep call to mas_next()]
Cc: <linux-mm@kvack.org>
Signed-off-by: Jakub Acs <acsjakub@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/userfaultfd.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1426,6 +1426,9 @@ static int userfaultfd_register(struct u
 	if (prev != vma)
 		mas_next(&mas, ULONG_MAX);
 
+	if (vma->vm_start < start)
+		prev = vma;
+
 	ret = 0;
 	do {
 		cond_resched();
@@ -1603,6 +1606,9 @@ static int userfaultfd_unregister(struct
 	if (prev != vma)
 		mas_next(&mas, ULONG_MAX);
 
+	if (vma->vm_start < start)
+		prev = vma;
+
 	ret = 0;
 	do {
 		cond_resched();


Patches currently in stable-queue which might be from peterx@redhat.com are

queue-6.1/mm-uffd-fix-vma-operation-where-start-addr-cuts-part-of-vma.patch