From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B19DC7115A for ; Fri, 20 Jun 2025 01:25:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2BBF76B008A; Thu, 19 Jun 2025 21:25:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 23C456B0095; Thu, 19 Jun 2025 21:25:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 022066B0092; Thu, 19 Jun 2025 21:25:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id DF6876B008C for ; Thu, 19 Jun 2025 21:25:18 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 79EB5BEA4E for ; Fri, 20 Jun 2025 01:25:18 +0000 (UTC) X-FDA: 83574035916.23.ED67AAA Received: from mx0b-00364e01.pphosted.com (mx0b-00364e01.pphosted.com [148.163.139.74]) by imf21.hostedemail.com (Postfix) with ESMTP id 193531C0004 for ; Fri, 20 Jun 2025 01:25:15 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b=k3eSBrgQ; spf=pass (imf21.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.139.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu; dmarc=pass (policy=none) header.from=columbia.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750382716; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+FYO/0M59dmuE89lk57/ngo+KRWnkH8LVWe4hPQu/fY=; b=SpkaDbGazOxNqpbA3Iox7S4nk8aX9bBZOT467SLTpHo9xPnxwgSM5KC9BjQrOoPSNVIVWc rvaWeXITHj7u6khPCfKsajLapr8jbHtVtvioaBtwE5YUgVxAlNAKMHjEqKqMmhr3P4xl1m BXRkSaLIvJ+ovtpiupRzNJtc21euYcA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750382716; a=rsa-sha256; cv=none; b=baozX/cLhes9N90Y5LEbDzkk4rX4FILB/BXYCGJjaI2ZtZL266R+EPX018hVeZTSMrhK7B itFNzgqZbOtedELqnBtBF5IZVKNljTrUStuxxHRmX7HGf1UzIIraC3NIB86F/i99fYCBeY tJiUCq/qCYtewY73IVngGJ7gyVQGxF8= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b=k3eSBrgQ; spf=pass (imf21.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.139.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu; dmarc=pass (policy=none) header.from=columbia.edu Received: from pps.filterd (m0167073.ppops.net [127.0.0.1]) by mx0b-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55JKDbcl020279 for ; Thu, 19 Jun 2025 21:25:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc : content-transfer-encoding : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=pps01; bh=+FYO/0M59dmuE89lk57/ngo+KRWnkH8LVWe4hPQu/fY=; b=k3eSBrgQX8ugAmAyRe9Y8gTr+vIJTGwUdhWsl33rAVAvAreqvtjanDBu0qjPU8Oq7R+7 YsDbmccg6QIu6OBC/zvL+r7RWga5vZOEqFhHjEVtPMVo/p9py7inWML+bxPmQxUmxoUb MWg+df+2YSh9fTRYsIOjAjSSpLQyVy5ZFGNXSWXoetYRK2QVxLJ0chcaAHRRTRYWXxdM XFp4MHrN5VScIMTxXI8+X/4ukqULTb//4zsYL/80h17AcXWhgXqW+s1D4HLcDX4ruCxS d6cHYpTQc5CAvR3Or0dJWrU3zokzK1F/AqEEXhQmW3ovbwBDwcJAMH8XU6/hcg2xJT4Q Eg== Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by mx0b-00364e01.pphosted.com (PPS) with ESMTPS id 4794yg4h78-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 19 Jun 2025 21:25:14 -0400 Received: by mail-qt1-f197.google.com with SMTP id d75a77b69052e-4a585dc5f6aso26037871cf.3 for ; Thu, 19 Jun 2025 18:25:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750382691; x=1750987491; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+FYO/0M59dmuE89lk57/ngo+KRWnkH8LVWe4hPQu/fY=; b=HSWBZewcYpy+pwPmcWvYEypP8h+PohwAakLC2chwEH813hp+SZL7fEYv9nem/Ww9+Q rQnOQ8xJDQem81STVcCo4xr0P42Sd1qIv7U8ZlRZIb+CEDoD9nFX+/eixn+lM1Cv9rUv wcorvQTOIGtV3gKgNq/hHzXEGNInUuzmqjVL/egWVEdDrAszs8CPZSoJ2tdQuYrngMT4 77vXRdQhWUy6CWV6Ekq2rlNWBpT77fxryRLhM4lWVIm2gPK6e/DSiY5ja4a7Ym6i+gfA GBQZ+kWeyC8UJ9B/v4sRDJ4aXxSFewuNR31zwgdrlCHessxdCEfa6Enh4o2zy9vvOVFr TSwA== X-Gm-Message-State: AOJu0YwhotwzhJh4sSh5TJNg7QZfTp0bQ7Nw6/C2vOCzsvpk+FQfL0J6 FYrKDspNOaR+HipDRahciPBCb4QDh8DnAs3hbOGX2/BEDoxFolZTTNVipjpTJi3f0GIRCsZh8vL B+CMxI6ZriYhYO20gILQscLHKFzlEZmnt4zrF2Gvqf2SBpW5l X-Gm-Gg: ASbGnctGMdyyAiPQ5qcJixqyCtgXgpBI0GTYEaTb89XkiPnV0Xb73n8IbZqS84S2Z6m HDES9ZdB8ZWnfvEnOl42eU5vqKBx4Osx0HoPR40fq8CGU/kh1TCG1s8R3Qaak0X+iA7xgdMiTwx +577bXLnuyCfycMKUpJcXHM1RQGT7lxOPjoZS2q0JE4BQLVi+9UCjMfwleQ+9pru+pAKCTkL3pH ZuaDFdOGMchjHSRCZok8zVv704QqwIRy32tGkx5oWvl4BRc3gzNVahZXPvGnxs/nDZZlhUeRsfl gzH2BjY5a5Nqf94085ztAEoT4c0R8Sdc/db/0YZj3w1DWB/vERKDPHNsu8Su90RgUSAR X-Received: by 2002:a05:622a:40f:b0:47a:e482:2eae with SMTP id d75a77b69052e-4a77a229e06mr20311201cf.31.1750382690657; Thu, 19 Jun 2025 18:24:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFpgKZPPSMphCZVQvNohMUiRd5i1lgxsJaw2otLFCbdmxNwVix523VQOy7E3/sJIy61nwUvHA== X-Received: by 2002:a05:622a:40f:b0:47a:e482:2eae with SMTP id d75a77b69052e-4a77a229e06mr20310941cf.31.1750382690182; Thu, 19 Jun 2025 18:24:50 -0700 (PDT) Received: from [127.0.1.1] (dyn-160-39-33-242.dyn.columbia.edu. [160.39.33.242]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a779e79c12sm3794321cf.53.2025.06.19.18.24.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Jun 2025 18:24:49 -0700 (PDT) From: Tal Zussman Date: Thu, 19 Jun 2025 21:24:23 -0400 Subject: [PATCH v3 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250619-uffd-fixes-v3-1-a7274d3bd5e4@columbia.edu> References: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu> In-Reply-To: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu> To: Andrew Morton , Peter Xu , "Jason A. Donenfeld" , David Hildenbrand , Alexander Viro , Christian Brauner , Jan Kara , Andrea Arcangeli Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Tal Zussman X-Mailer: b4 0.14.3-dev-d7477 X-Developer-Signature: v=1; a=ed25519-sha256; t=1750382688; l=1272; i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id; bh=48H87QO2Pis/SoCKFWPY9K3keEwEH0YOZ4nBSSNwcvE=; b=anDw4BUOIaeEyJ5c4porbKpKkHrHAXlVWt+d9mp9dQbT/Aordkik+mDY6JLUsIbX3B3SmAthB I7FE0uQDxRzCy7TSGKnedagoQqrgduV4YtN885eaf3bwsgnhRjP1ODV X-Developer-Key: i=tz2294@columbia.edu; a=ed25519; pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y= X-Proofpoint-ORIG-GUID: BB252I2k4H5vntfQd5BzudwUxciBfyHb X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIwMDAwOSBTYWx0ZWRfX1OkJW2hkJ612 /QuLjeuYaRYmLLR9fG2LMF1BHML90n2TfvalYi5mDWEwpfj78dv/Kmzk4c/5rsKe78MF0E/Qdf5 CfRM4qoly8mHc0qPwuSJVapfri3VAJQPy69MOhWs6fgLwTzirw7yZI/zVD+7AQF2HZ5tVxyCBlO MXqPa4qzLboc//5Sg2nl5QH2D9rU5HFKhqp7U33a703K9OSIuJ11tYFLCuZjmUxWIWvuljZil/o ZN8fdLkiZB510eBh0l+GG/aXZcsVj4g2jQXGq4od7jNaOJpv9LAPmAHI45G9LyxceMuCk4uIqZZ UMo3F8TjT0VTMduW7cLmeL3jOF5j9FOFp9yUg69+JCaqfyiSrt+6Re8lMTMMdj4+RduTk6xI5JS z27t+n9c X-Proofpoint-GUID: BB252I2k4H5vntfQd5BzudwUxciBfyHb X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-19_08,2025-06-18_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=918 clxscore=1015 bulkscore=10 phishscore=0 adultscore=0 mlxscore=0 spamscore=0 impostorscore=0 lowpriorityscore=10 malwarescore=0 priorityscore=1501 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2505160000 definitions=main-2506200009 X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 193531C0004 X-Stat-Signature: gjfjpa65p65bx8r45kaf5orr8jz7rcab X-Rspam-User: X-HE-Tag: 1750382715-93188 X-HE-Meta: U2FsdGVkX1+ecKqzUZL3UZZU9RAMYr2/WvQemvZfFnvFYh+i7jRj596b3WQAH6jOlRr6vf4xlsFkIv0Px3Jq2cMzPc4lyM5MgdLoyq3gBVj6ozpyhWTht8LLmnWHFwZ5YlNIbNQoh9BJCaGljSSlpEOhbuR9nT3cNyWlYt6h7KXxfvvOgO1J0wq8bfmLQL5r4p6WTEhOd2Qn+EV+HNqY5lu8jSGW9mqKEccvQfHboA/H4P4Q5Azgw8CkbfAEhF/4AmroaPigFJAeKBA8Dbq+jvqp5GkGcNI9LTJFFd6D3C1BiXopNqqUF08l1WUgRTLDc03Y3U4+QcdbyB8fE7LSURRJXuSv3r0XXhiiLKBmDpUj0PGrQAm5L+H/1ylJ1F7bwXyz3A9witij4qq4UYERo0oobE1E/Mb/4y1m57Oa7i+TFEXa5LulLP0iNW7c+WjaznX9IK2Ty473XZZAhrnmcqfhzbzxIFTF6NhkJCXULQtpJQGFPhYGbOkzEQK39cg02SpKOXltS+A7I9WkSWFctRY73dmGAzgRlIwUUQ/8pIcj7WbZISaBpzbwhIpLfZjwqU1TA0uk0J67PA/t2jC6NgDoOsoaE3d/vN0sUZ8PqKoPnfUXESt1e5nnCZr3/Y2k7ookqF0NQs5mIVTU6s854IOJ59hIdepDkUtcV8YU7ylGznwwi61fb/K60x9opvaE8no7624yMkosTkvuM1J4vUXtGNYcoI7FhbGVOf3CgmOnfPBPWMTMMAa2Fna8MG1R6FvZfSRuoygzIsKd1KJ4PEX/cFwUSSSrE8/v0WNOxuV0oheMYSekqlgYCHe448VWT9QQ23ROY3XNk3D2ZmKn/nVfe/Gs1rUVFQWZBDwW3CEyTTmdi+BTtIS9SPsut1qWOfh+W6PQSFtAU2XJsStbDnQ3ttRZ59bV52VlvM0IuMmMtGp0Gl/IpaC8USaOQbzp8mdKlFNblKZ/wRNTmfM SL+a53GR Gk8B0BPMKAkb8Rvu96j43vmwKz6vjioQW/pz4r7zKxS1moN1Y+Amd5zOLTDE59SDTC6VxR3igwTgGSll3mlit12vis7mYRsJL8st/lsP6I4QB63Zd157pWQgKf8kbm/hdSUKx4D01y/q075JL+IkMIuVwsPTPpFdOt/Mo9KIlUKadF9WSm0tr62gzYsXAQNZQD0iAJuZQHSew4skS8pp+qXiNemzGTxULt2zVY2zYETuPyMaDm0i9CgLuvowbd/cKLeqGsVu2GY0sBd7A+o26f2MQB6/9Yr/i+1TxU/mpw0UlhT0doQtcEJ1/WklTiBBQjx4D+bkJ+Wy4e+9glXl7okp9XIvJCGhCfLvt/hu8xNIFmQ675ejyQ4l/FClwbieRHGxD0nOBR1tSJu+IdzhMGGTPwA/P4NWHIXkwUBX1lYpSUfN+hPwNs0XzjLrkh21jSNlHOkbnuJ4HZmmx7arRgImC3eLNYunXWyd+LIB0CxO+Bn/1jXY6hNUKcA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: vma_can_userfault() masks off non-userfaultfd VM flags from vm_flags. The vm_flags & VM_DROPPABLE test will then always be false, incorrectly allowing VM_DROPPABLE regions to be registered with userfaultfd. Additionally, vm_flags is not guaranteed to correspond to the actual VMA's flags. Fix this test by checking the VMA's flags directly. Link: https://lore.kernel.org/linux-mm/5a875a3a-2243-4eab-856f-bc53ccfec3ea@redhat.com/ Fixes: 9651fcedf7b9 ("mm: add MAP_DROPPABLE for designating always lazily freeable mappings") Acked-by: David Hildenbrand Acked-by: Peter Xu Acked-by: Jason A. Donenfeld Signed-off-by: Tal Zussman --- include/linux/userfaultfd_k.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h index 75342022d144..f3b3d2c9dd5e 100644 --- a/include/linux/userfaultfd_k.h +++ b/include/linux/userfaultfd_k.h @@ -218,7 +218,7 @@ static inline bool vma_can_userfault(struct vm_area_struct *vma, { vm_flags &= __VM_UFFD_FLAGS; - if (vm_flags & VM_DROPPABLE) + if (vma->vm_flags & VM_DROPPABLE) return false; if ((vm_flags & VM_UFFD_MINOR) && -- 2.39.5