From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB5CBC61CE8 for ; Sat, 7 Jun 2025 06:40:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BC8D16B0089; Sat, 7 Jun 2025 02:40:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BA0196B008A; Sat, 7 Jun 2025 02:40:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AB5406B008C; Sat, 7 Jun 2025 02:40:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8DACA6B0089 for ; Sat, 7 Jun 2025 02:40:13 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 0B4F4C17C2 for ; Sat, 7 Jun 2025 06:40:12 +0000 (UTC) X-FDA: 83527655106.07.AD8F157 Received: from mx0b-00364e01.pphosted.com (mx0b-00364e01.pphosted.com [148.163.139.74]) by imf09.hostedemail.com (Postfix) with ESMTP id 9785014000A for ; Sat, 7 Jun 2025 06:40:10 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b=VoZQaagw; dmarc=pass (policy=none) header.from=columbia.edu; spf=pass (imf09.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.139.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1749278410; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=eaF9ZDIYfaNPwqo33y/LzhOGAoT+trG57Ins5sBuVJU=; b=wSemf0rGCoDosJAb+5XX8k2jVYDH888OgGLLJcMdJRXIWvfb6CtUW/XA2AA/2hA8Fd6tN1 eKBYMKCdWGM3soFj4b6lWFyUOZ5fLOfukA0vhPAspotIlN9MDprvZORbdl3hvSqqHIsAOc w+VjbhS3QP20Bva9ngV3JK1IwkGo4PY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749278410; a=rsa-sha256; cv=none; b=O1TC+Pd8FAbgCwr+bM1pzJ4qdx78iN/WjdvIpXGuWTujFO6jmphMQTP2fRIu6ETDT6bmYH w/Lkavirlw5zjNrPueNxjlYXfgp4CFLekBMS/wjwE+cEqdFLWuty1w4D9Z5QaTQTAkB4s1 4upIDpbo0DCWk216QkuwCtG4RHyMbM0= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b=VoZQaagw; dmarc=pass (policy=none) header.from=columbia.edu; spf=pass (imf09.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.139.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu Received: from pps.filterd (m0167076.ppops.net [127.0.0.1]) by mx0b-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5576LqLW014773 for ; Sat, 7 Jun 2025 02:40:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc : content-transfer-encoding : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=pps01; bh=eaF9ZDIYfaNPwqo33y/LzhOGAoT+trG57Ins5sBuVJU=; b=VoZQaagwt5enjptpd1TPl1Zpsx9Lh8tfd1l1+TN2m8NquYeF6qRzFvoPHMwHfKLEW7J/ qVFs1HsUl8OTJ+bwCWlGjyykPPSyFM1hMKLwuYBCeOi1BHqQIoSdi611Ru3eBYn9UEsx yjlPt6UC0QxmRNDcJSuN+yTd9fkOwy9QLn4izW7wtKTSM7TP5OmXoDPdKY05a07ng2DW U4FJ4tkMup1KSVmfZATnGzHOduYxGe0c5fhoxtLNaqk3hXKvnV8tL1AWCYvSEEnOiUU3 UKM4DZp3DNpQecnEVE9YecJeeJoY5yHq91ZG2vtKg6MA8EvOZXZ6d3Ros0/ElAAjdZDf Gg== Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by mx0b-00364e01.pphosted.com (PPS) with ESMTPS id 474ehw0888-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Sat, 07 Jun 2025 02:40:09 -0400 Received: by mail-qv1-f71.google.com with SMTP id 6a1803df08f44-6fafc5092daso48556756d6.1 for ; Fri, 06 Jun 2025 23:40:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749278409; x=1749883209; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eaF9ZDIYfaNPwqo33y/LzhOGAoT+trG57Ins5sBuVJU=; b=BJ9kc090HeQ6IAMeEeZ7WX6l07LidaHv7TstUEN7Jse64tcoTvUcUJebm0CFAs3GKk OBogYmdd8n6CqvJJ5cmRJucln/fVOozaAoP1oGBmpwjc7O4JVlZ2o39VmNLt+Ey5GqSn chduyeeIx7NkNMOnA9v+FBmCaQ3NSbP3NA5OWdGT+G+7RPcgiJg6WjZv1Y2Vntbg9+Wh 5D6XJl/4tuLFc7ldUxsWaEOVpfuITDGDozrajongpZS7eIrswUsxdOPjohmbv7gwAFzl Xe2HMWOzL6DN3CGVs+4U1/6jXXHPHC/RA9yIuH+YhNVzlKayouFvlIbMeF0TutPAVU4Q YNTA== X-Gm-Message-State: AOJu0YyDSsVjp56Krsm1YMfDIUralk3455ZT2ogRWaeji0bVM2XaauNw CatMr1IYOugArpa1NJj2uYUXLD6UcnP3yfSFwEIJWtmj8CCTkpggxyAk9LIL6nEMsb5E5DEs2FR +hC3DI5HFx9SDr0CLI1imASKkGLoXf9bel+7wwGoKlg6cMlPY X-Gm-Gg: ASbGnctIcQnmJ/YzbimNV+Y6s4GAcFX+hCrtN2FxlHMsOzxKAuEH4rNf3b2h5Bdlp9e 6yXlyBD5u066AEYeKWduB/WsKdwo6Ot8jD8J7w1ZTBK0onxlgNtOTTMi3RuP/hFlq80HLe5IEHD zjMvPEjzFxCGQYaZ1v++2iI/F+LPxz3OYsnWsHuvZGNn2VxISBBjUTk04ov7q/+uJVaHgWAoXRR GvbukST1wYAh2hKjaqzgywx51CB/Wa29dAiTrfeON841ZU8JWANdpc1hqApdWnJcctVKGC8C0Wj gSkvfstxoqwFwFn3gLiCI4dB8EpcBfWcjOwrtu4/1nhhxmzpd3XC7VljU6lFeVdwWuMy X-Received: by 2002:a05:6214:624:b0:6f5:1192:ccdf with SMTP id 6a1803df08f44-6fb0922740cmr85295726d6.6.1749278408750; Fri, 06 Jun 2025 23:40:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHcjl9GUbUvEFtWZ3GsQ4g7VepvswlFi7U+0OrNlaG/MUErefc5q5qG7CspnMXy4V+lIvtikQ== X-Received: by 2002:a05:6214:624:b0:6f5:1192:ccdf with SMTP id 6a1803df08f44-6fb0922740cmr85295506d6.6.1749278408385; Fri, 06 Jun 2025 23:40:08 -0700 (PDT) Received: from [127.0.1.1] (dyn-160-39-33-242.dyn.columbia.edu. [160.39.33.242]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6fb09ac95e5sm24461256d6.43.2025.06.06.23.40.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 23:40:07 -0700 (PDT) From: Tal Zussman Date: Sat, 07 Jun 2025 02:40:00 -0400 Subject: [PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250607-uffd-fixes-v2-1-339dafe9a2fe@columbia.edu> References: <20250607-uffd-fixes-v2-0-339dafe9a2fe@columbia.edu> In-Reply-To: <20250607-uffd-fixes-v2-0-339dafe9a2fe@columbia.edu> To: Andrew Morton , Peter Xu , "Jason A. Donenfeld" , David Hildenbrand , Alexander Viro , Christian Brauner , Jan Kara , Andrea Arcangeli Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Tal Zussman X-Mailer: b4 0.14.3-dev-d7477 X-Developer-Signature: v=1; a=ed25519-sha256; t=1749278406; l=1224; i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id; bh=n8v8jQPEHBDi3OBta5pBlj9xOrKQ3fNVoKSw2MhnIFs=; b=rLCjnu3AuVjLMRsMouTDVAgFuy+fcnCkD8pTP58asoC4UhRlnYBPIGfGT7fICZTuJrXdQHyrR wFAzlGwgnCNACX8voDZpUDTUa7mpjPed0z1/ibxyJptvF9x6tZPNH0i X-Developer-Key: i=tz2294@columbia.edu; a=ed25519; pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y= X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjA3MDA0NyBTYWx0ZWRfXw8yIqLo7A/Zv DwKSrmy9vkXFktcOEnquHM6S8Z087lefbMFC3FAuUtUsSMxmEkNY1B2F2FZc0Z8Yxpf6u9pAs7E 0BG29s6q7wC0+QdSRkhC/3p73T6EzBjOfcbxBcbTd/cPG4PJv5PpI6RpLF9KLSCa/ePZVZHwSLA GwL3Few1NdTuBFCZy6Q9cq2Lslv8dRgpoJ3nfouzx7wXpayq/ZP5q6O8KG6viwyj6Nt8Qe9uRgO 6QkTwcobKgf9BchARptc0X6g0mynBs/ILLkWkRL+2TMmrGys9rpcpzLxcp/SCLx/gDK6knESs9d nLaR/DnhXM5/TPILXthoE+cHzuUUBCEbpUgAIzhKYJebIhnRGayM/5NO3JK8r+3vXcaMPXkMVeD NkYYf1ID X-Proofpoint-GUID: lmr7NdR6l7IjV5FKFZwYHsynRVX1ivrH X-Proofpoint-ORIG-GUID: lmr7NdR6l7IjV5FKFZwYHsynRVX1ivrH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-07_03,2025-06-05_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxscore=0 suspectscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=10 impostorscore=0 mlxlogscore=893 bulkscore=10 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2505160000 definitions=main-2506070047 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 9785014000A X-Stat-Signature: jyeqhje4j97f931yfys131y6kja44jai X-Rspam-User: X-HE-Tag: 1749278410-461370 X-HE-Meta: U2FsdGVkX196ob+8Aii0MvaRbGM+w8zkj50ICNphkQWCITTe9WOnjaIrFZpw/l+ZD6rR06Pb4U9KdL7n2mCvQo0Bq7z9xyy+DgtL+2ZYVpLIyyarmuNOBVTMhR9idxYYAuHWdChFgVyjeNqd8a0of6rcXxlWuyqN5b3G/CnEDr2oQqDhojNvrktIqUtOShNpJHMRzI+ngnQ6kXUtoMrbiJ8GCG1JpbEKDbbc9231VscgvPJ8Iab41xutVCfYBS8cjUN9Cq2KpgfoWD9n0BK8GPoziSz384RpWnHLmHEIuajdAhjPtJIaSvYPIHC24JjVjbVvc6GqSUMtjcC3BHUEXJz3Ff/rJKYtIwjvFxPmsrPN1PuQsRThPF955B0s5BYAcjXhU6UcVl/XphftGVkQJPGPndy5EL+bIK6fDQwUkv4bQxvT8/VJeLM3dWAbzGsDfwCe16POYhsryrfJlfqHBACS0P509OkB3RYj09uixb39yC0VzDIrhtGzQW254VB3t8wim4gbYuphAvc35yIfXqXlUGGF2g/RPHP0HN1hPLhtBnQP2O8LYnJIhHArpcQIl5MFhM5Rer+TGEOgHXjOkBlBTBkXCrGsuNQF5GMUwyjuprxG1sWa99u47iPSK4FQNd6s5D3IRXp3cpgEuBEQzMSU4mZhoNJbZ+X143dwdrNPtLBQnw7Tqzt8F54CP1cHw/MYQvJLvbx1GbONNL8CHtIlGPx6jyZ7Qzyh5j6zM5EZgrNicFFatSpDNrsoLZAzt5AiCS8ekd+q48f6FY30P4sdusSY5ADRQ3FQOKkciw18Dvh528zra4ocKIpV/RP/w3UQHbXJPXnV+x5cQ07ax8+rWFqD2ToA6AtLsIx0E9XJtLcdaFu3HX69P9iYchUa3KZc6Pt8VtboQ3IM+dXFDYI5PVbaAn1GjixMtgUd/DupGyXRDIIJIk2W85C+kewUSqVpFZhQK08PbrNarBX 52nUzVJR deEoFwSe4/KTPEReX5Gv+rs4mhw5cUwSbOWNhuNVXDqNkvL9cGv6tA54xW/g3IvZtswVLoibbCZjNY0QvFuHkIoXubOli8xYOHQiLhJRRJ1hEfElwmmD6XhxDq+sMK8Iwo71KEwTazzUx3aGkClNgT8FYHZiQtrdJFZByikw/tFHVU/oq4MZ8AUVWqS9HEHiBXsZ8s5W2h6OwCWoVfE47YtMNuvEQ9U4PHKoMCzrhLiEgtwmuzmIlHvRfKg7PlzKovvjWxgMx2K+1saHD6jIczYufeROZUEkbboKhGmRwJPJ8RiMYCCggtyCEj4hdqxdjqu8gcxj+OKBIk5QBXilGZOCPnSw8CNtkTHMD7ysOnxbwUw/VT1ahHgD1sfA9OpPZx0rG46IN/WZTIfZcqnyV53IF3ngrzB1h+msBvw3VWN8O3DMoLhZJpDeTdjYAE2Nms78F X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: vma_can_userfault() masks off non-userfaultfd VM flags from vm_flags. The vm_flags & VM_DROPPABLE test will then always be false, incorrectly allowing VM_DROPPABLE regions to be registered with userfaultfd. Additionally, vm_flags is not guaranteed to correspond to the actual VMA's flags. Fix this test by checking the VMA's flags directly. Link: https://lore.kernel.org/linux-mm/5a875a3a-2243-4eab-856f-bc53ccfec3ea@redhat.com/ Fixes: 9651fcedf7b9 ("mm: add MAP_DROPPABLE for designating always lazily freeable mappings") Acked-by: David Hildenbrand Acked-by: Peter Xu Signed-off-by: Tal Zussman --- include/linux/userfaultfd_k.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h index 75342022d144..f3b3d2c9dd5e 100644 --- a/include/linux/userfaultfd_k.h +++ b/include/linux/userfaultfd_k.h @@ -218,7 +218,7 @@ static inline bool vma_can_userfault(struct vm_area_struct *vma, { vm_flags &= __VM_UFFD_FLAGS; - if (vm_flags & VM_DROPPABLE) + if (vma->vm_flags & VM_DROPPABLE) return false; if ((vm_flags & VM_UFFD_MINOR) && -- 2.39.5