From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28977C5B543 for ; Sat, 7 Jun 2025 06:40:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EFC386B0092; Sat, 7 Jun 2025 02:40:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EAE756B0095; Sat, 7 Jun 2025 02:40:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D27D66B0093; Sat, 7 Jun 2025 02:40:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id B77BB6B008C for ; Sat, 7 Jun 2025 02:40:15 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 7509B1A186F for ; Sat, 7 Jun 2025 06:40:15 +0000 (UTC) X-FDA: 83527655190.07.6DF4B3E Received: from mx0b-00364e01.pphosted.com (mx0b-00364e01.pphosted.com [148.163.139.74]) by imf26.hostedemail.com (Postfix) with ESMTP id 2368E14000C for ; Sat, 7 Jun 2025 06:40:12 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b=GeQQw7Dg; spf=pass (imf26.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.139.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu; dmarc=pass (policy=none) header.from=columbia.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1749278413; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=O3hRpBEKykTos0eYdysg7Qljwq5u2yLqFXW9AcwF/YQ=; b=IMAazwiMoYDIW1tRKY8OqHcdJpXMWoueyRJ3IremOdjLf9dN7puBcpOEetk/CLCP3QqyYw SBv35f5ws2QMvgakiqqioMd0H0Ud+eus9offR5HC44hnH0AhCuU0xs24Lbr1VJ5eoNkD2m sEsZNDOjxaur6tJs0BCg1PHLL8YTAc8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749278413; a=rsa-sha256; cv=none; b=q9J9UeZZot/mJBuywwF63xvDulQMPeG4MIwXLdGtClMeAwB7KNlzBeVAKHSFsR3W1E9LVU /znmbkZNpSx7degwdEEVlNGiPhaj9iSr+8NE5VluVzFjlK6Dfs3rFQtF4n9pUeuSBT7Bfr SnIXFAoUsNJO3PbceTjvqV762obVYV8= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b=GeQQw7Dg; spf=pass (imf26.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.139.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu; dmarc=pass (policy=none) header.from=columbia.edu Received: from pps.filterd (m0167074.ppops.net [127.0.0.1]) by mx0b-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5575wnmF005445 for ; Sat, 7 Jun 2025 02:40:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc : content-transfer-encoding : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=pps01; bh=O3hRpBEKykTos0eYdysg7Qljwq5u2yLqFXW9AcwF/YQ=; b=GeQQw7DgwSo8C5AIrIb3odSN5wUmysiIVlawRTjxm4i0/HUJAiZfKx+wIGq0ludDH0ji KR01EwmQf3b/m4cTxErPkmml76GEY1TexpZNZAOzvwvOuI10phmbD2jon2fGe7j22rYN nyyQfou7Gae9i3pcaRgVV3NJ/KeLCFuiP9ctIDIZx1RtagnFeHeqstmgh+aMZ1UJ+F6O PyT8M8nBxEZAiFgCaw/fD/lp/6IHt7TCGisCkMQGdbsWyycw96+k4vMOzJJCaFLvqglb 4nWiw24sKQfJAA0HvHhJog71aodH0h/YtQVEtmTTH7cDj3Zs7TdlQP+Rlj5VBJyn8lBG uw== Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com [209.85.219.72]) by mx0b-00364e01.pphosted.com (PPS) with ESMTPS id 474efj089s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Sat, 07 Jun 2025 02:40:11 -0400 Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-6fae0df0b35so42718706d6.3 for ; Fri, 06 Jun 2025 23:40:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749278411; x=1749883211; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O3hRpBEKykTos0eYdysg7Qljwq5u2yLqFXW9AcwF/YQ=; b=UJ4g91f8NXR/JIFWDool81yi+q/4iNQgEhpwRWcIFy/k1m/lp8DcrIQPwVBJmV/YO7 MNAS/2iOYL4tzBUfruLATg6bNOKHSPrzSgOgXpEs1Gud4XPKC/ybfUcPMDo7Et9xrWK5 gpyQiEQ5KJLueUPZ9UJDGirBc5f+uUhj2FZLSTIOJWE/c0/bRruJgJHQN+3csPKspwhi XNfVxrUqIDCN2uCM2fPdjJvGNzgPVrulYD1byGGCMxsIHVGMrb1PI78OObXgIkLITEAR LWt/8KL7XNC0mUvaEt0I/CYAmw+EGPBAGdcQNPb9eV4tt+zxYa7/yoAnVn7sGTFtzZZ8 a4ew== X-Gm-Message-State: AOJu0YyLcFQRAbzjO7JuEE77zfHNiqNwA+Mtbyl6mVZzqMyJjzQN+NM2 TanUF0JKWsPsS2my+gDbvcp7bQ/WYqnjdbU/cMShj8mVhHgkFCLS/qhPkY0829SCXOKtcAk6irD +BDy+i7jDWnFeRoAFd9ht6Fk/D1VBMXuNL+dEFBV4I39w/o+N X-Gm-Gg: ASbGncvfBUyzJR0DNduJTb1ALW130cMJDNlYQOOrwR3MAV0s2UaVCD0WP0kp5aEC5/u jKVAwDw423KAUzovyqpmJ0AH9CcavR42lQTYpPJie+q6GbvMMo1XNPHQxw+k9aGgN5r5SxF+pD5 Q9M4LUTjufgRyo6WxLB7CU+aFhinvXxBZmp8/tpk2KHzr6nhA2BqRFtAjRUzW4wjFn2gwogCELy vP06cHS0+VnFP0gD3UgkekwoufMVvthPJgw81RfLV1ITAg8cycveRaAW6DZ6I5AweeYZ0JLOmWU 3xEJt/sO/knGHJrFmEuAvKH2lMGaXO65a64WePIKBNsBftcajod6X52QOmiKTV2WYVe9 X-Received: by 2002:a05:6214:c29:b0:6f5:3a79:a4b2 with SMTP id 6a1803df08f44-6fb08f5a53bmr101411526d6.14.1749278411226; Fri, 06 Jun 2025 23:40:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEmVrk/VdZ4ByYAP6ObydcI2V+4WHKHTrNByFsQ6SroU2GDeGkFxy7AqxcuptII4nzRfd/vNg== X-Received: by 2002:a05:6214:c29:b0:6f5:3a79:a4b2 with SMTP id 6a1803df08f44-6fb08f5a53bmr101411316d6.14.1749278410836; Fri, 06 Jun 2025 23:40:10 -0700 (PDT) Received: from [127.0.1.1] (dyn-160-39-33-242.dyn.columbia.edu. [160.39.33.242]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6fb09ac95e5sm24461256d6.43.2025.06.06.23.40.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 23:40:09 -0700 (PDT) From: Tal Zussman Date: Sat, 07 Jun 2025 02:40:02 -0400 Subject: [PATCH v2 3/4] userfaultfd: prevent unregistering VMAs through a different userfaultfd MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250607-uffd-fixes-v2-3-339dafe9a2fe@columbia.edu> References: <20250607-uffd-fixes-v2-0-339dafe9a2fe@columbia.edu> In-Reply-To: <20250607-uffd-fixes-v2-0-339dafe9a2fe@columbia.edu> To: Andrew Morton , Peter Xu , "Jason A. Donenfeld" , David Hildenbrand , Alexander Viro , Christian Brauner , Jan Kara , Andrea Arcangeli Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Tal Zussman X-Mailer: b4 0.14.3-dev-d7477 X-Developer-Signature: v=1; a=ed25519-sha256; t=1749278406; l=2794; i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id; bh=ZV6IvBG9rODNxyRdIe9D1A/OZu56meo0GhXdqsXp4+g=; b=cbRiuPYOlDNC85xvdOnlaqM/TKAJAmMIkwYerXoRYFE+4o6gzxXLjI8Dj43tZLoBroYGTs5dk 1vFeBnd/qJIBrk2shfUuxz4u8JfXfa2uUChkESjNV74hDtToHHfWXG+ X-Developer-Key: i=tz2294@columbia.edu; a=ed25519; pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y= X-Proofpoint-ORIG-GUID: gzE1Ud0q5NZbdqIYlSzZ4FPBMMIhZe7I X-Proofpoint-GUID: gzE1Ud0q5NZbdqIYlSzZ4FPBMMIhZe7I X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjA3MDA0NyBTYWx0ZWRfXxPyHjpw68ayh mjtCUWS+RQG207QWo59Q8TfUpYt2qywkod+UHwxlj2R/GsRyT15hcg7AnPt0ZyzLFAQagml3B52 Om3cn0TcbYcNhj/M1UU2lHICBhRx+JG/ZimuO0oJ37uqbvT6HS4+OCeKxr60sOFdXtxlQx0lwAH NjtKEniTDwLIHK4FsFUrXQZ6tYzrJkRfb8PRrhB35VfF5NYWpAQaZo4rzzXdZegprztWyvho4h1 m00riitoG5dtW2kP0tUOeOL3/O4aEi03KsS0C6YkPYL7FoSogaDA3dSU+ZdqIyV0S2wSFKWiINa 5Kg+MIxAUj7EKk8x0UFBIfylqT+C+ObsYfeBb1aFj2pai9UpQ+gqjzk0VoqF4FvuHwowytlfNwu 6FqyKc3j X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-07_03,2025-06-05_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 suspectscore=0 phishscore=0 impostorscore=0 lowpriorityscore=10 malwarescore=0 adultscore=0 clxscore=1015 spamscore=0 mlxlogscore=821 bulkscore=10 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2505160000 definitions=main-2506070047 X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 2368E14000C X-Stat-Signature: g9ascnq46yfoe6984a9rgp1f7epwq1md X-Rspam-User: X-HE-Tag: 1749278412-47406 X-HE-Meta: U2FsdGVkX19Z/SpMxjBjl2JL+HBqg3SAJIQroAg7roPn9Bht+ihqoCYxQGaP5hH7qv0zFb1a2Q8npU9CNXYd56SwxfUE7AWRQgxxtWArjRxnWe1gUapNYiO+M4XjH8NzAONCi/VgIncrNVV5MAX5+ITJpjSlG4SCM0YMjwDZ+utGxrN9RXKALcyrWI1ceAh3NLa1oIz8Gbaj3fxyBPEgBru7pXnuHp/bIDkdwVsQKoru8CaivTKkWMyUbymqCNYELPgxb6BdVTkX/Ot25otB8yH9rJUyWPy9b993PzWZKbdePw+H3Iq9yPFvqukiAYELKUseXoaEtKTMfjpzwVnKc3YNTdPXHxmTbfKYEnNrw3w67H8kFoqtNXTtIAefslYc2k9dPvpaN0iIC0UeiFIE2P/petc/c9fSFu8sBdHXzQW4VulfIDGAnzi+6enWbyXhDKEvDTn4yRYxEG26GqB2QP5B2ouUXwbEeAkUv6cucDgzKniYkQLOIxGLy6VO87IC52hzQazkYmQKkTA+cMhMUZEiuv75eWuJH6H8bBWJCSkxdsEsIGG5oB1L9PxnnTvAnS+Vxr0biqrUt9E5xr8UbizBLaMQQ0J7y77VQDi76bJrv4bjgPRGCoJ4n65bRD/leeUhhQWVMtK+DLn4os8PaimV0HvGKykqcUf9ymHr6ZxeGxB8Fo858mc3tK7bz5NGwHkAl3QpZLt3Gc+WuixrE2tYuVEcqhYCYU+ecV3Z403T4kABz4tXRPLBIhGXzACTd/fTePerJZuL4Zknj5wF5ePGF3dfyRBTz811DmEIAhT5/f7Y5HEzQS6EKGqixZ395GOaqJhbzKwAXwk8BRcAryKc/gpImJL6mU00VxIWb6YLk3gyI8g2dvGE4f4kyIS6SNLJdWQCpoNG5OjNEah0hugk51jknb9LYcbnM+qkC0Ig4bqrMRm+OEYIKoepd2FZO88pEjpBVf0S0KO1FOF PNSuvv/G BKVwvrrCJmu56YgB/LgAlrzMS+tjmsK/ftx9Sdf2vkxhXiufDRLSMy3qwQWyBvcdfzdQHltKVNT6eDDLz3aG+OBb7pIM3lFsPe+uqQnjBVd+lzPijfvKQGBt1TvU0thjy/3J9di1vkum+LYhUd8lRgCLGYbwN0lg2qQzRBq+2T7/3MfnyrswqRVsfTrAFWXrHJKr8QxVnmCk5bts9YCNKAjPNMwIhj+Wtqx0FA1IoszNeFHETVLDFT+F9GO6MDDOK+sGCcE97/lcu+OrQ5H5GEEgKgF8fZpqKl1MWTDaGU3BoPXKOIHyBsawrVtDFQi5J+t+tDs39QxaJ7T6DhHXrcY5iSQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently, a VMA registered with a uffd can be unregistered through a different uffd associated with the same mm_struct. The existing behavior is slightly broken and may incorrectly reject unregistering some VMAs due to the following check: if (!vma_can_userfault(cur, cur->vm_flags, wp_async)) goto out_unlock; where wp_async is derived from ctx, not from cur. For example, a file-backed VMA registered with wp_async enabled and UFFD_WP mode cannot be unregistered through a uffd that does not have wp_async enabled. Rather than fix this and maintain this odd behavior, make unregistration stricter by requiring VMAs to be unregistered through the same uffd they were registered with. Additionally, reorder the WARN() checks to avoid the aforementioned wp_async issue in the WARN()s. This change slightly modifies the ABI. It should not be backported to -stable. While at it, correct the comment for the no userfaultfd case. This seems to be a copy-paste artifact from the analogous userfaultfd_register() check. Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization") Signed-off-by: Tal Zussman --- fs/userfaultfd.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 80c95c712266..10e8037f5216 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1466,6 +1466,16 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, VM_WARN_ON_ONCE(!!cur->vm_userfaultfd_ctx.ctx ^ !!(cur->vm_flags & __VM_UFFD_FLAGS)); + /* + * Check that this VMA isn't already owned by a different + * userfaultfd. This provides for more strict behavior by + * preventing a VMA registered with a userfaultfd from being + * unregistered through a different userfaultfd. + */ + if (cur->vm_userfaultfd_ctx.ctx && + cur->vm_userfaultfd_ctx.ctx != ctx) + goto out_unlock; + /* * Check not compatible vmas, not strictly required * here as not compatible vmas cannot have an @@ -1489,15 +1499,14 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, for_each_vma_range(vmi, vma, end) { cond_resched(); - VM_WARN_ON_ONCE(!vma_can_userfault(vma, vma->vm_flags, wp_async)); - /* - * Nothing to do: this vma is already registered into this - * userfaultfd and with the right tracking mode too. + * Nothing to do: this vma is not registered with userfaultfd. */ if (!vma->vm_userfaultfd_ctx.ctx) goto skip; + VM_WARN_ON_ONCE(vma->vm_userfaultfd_ctx.ctx != ctx); + VM_WARN_ON_ONCE(!vma_can_userfault(vma, vma->vm_flags, wp_async)); WARN_ON(!(vma->vm_flags & VM_MAYWRITE)); if (vma->vm_start > start) -- 2.39.5