From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3E69C7115A for ; Fri, 20 Jun 2025 01:24:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 440A06B007B; Thu, 19 Jun 2025 21:24:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3E9B16B0089; Thu, 19 Jun 2025 21:24:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D8706B008A; Thu, 19 Jun 2025 21:24:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1B58E6B007B for ; Thu, 19 Jun 2025 21:24:58 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 83AED1212DF for ; Fri, 20 Jun 2025 01:24:57 +0000 (UTC) X-FDA: 83574035034.20.3332926 Received: from mx0a-00364e01.pphosted.com (mx0a-00364e01.pphosted.com [148.163.135.74]) by imf07.hostedemail.com (Postfix) with ESMTP id BA4BB40004 for ; Fri, 20 Jun 2025 01:24:54 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b="YPSmg/uw"; dmarc=pass (policy=none) header.from=columbia.edu; spf=pass (imf07.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.135.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750382695; a=rsa-sha256; cv=none; b=FyP8H0I4JIeR5h3A21o0zUbV21WMoRTw3j7vLC23ws1jFbZucoEUYmxNMMWhMpHcIyeX2d jcPY/+pTIirhPMEyUirhhEJxCe7NpU3pCPIWmmLo/IN3DD/ud/lZmUz9palDRDE5Be4PWG oGvw54aI8TRLu6VcP8hOkfLOSvooiwc= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b="YPSmg/uw"; dmarc=pass (policy=none) header.from=columbia.edu; spf=pass (imf07.hostedemail.com: domain of tz2294@columbia.edu designates 148.163.135.74 as permitted sender) smtp.mailfrom=tz2294@columbia.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750382695; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=X46fh0ZZ1WeD/NYr5w40mQYpquA1g2f04LeJ0ONcmxE=; b=tY8vZR0i6iF1yBkW8WTdnZGoV/owbeDtUPiR80nfyW0F+UmA1FgKKhWc44XjKDRjW9wS78 4730+BDFblSI2WbBLwgsx57ft8iFwGCuED8ZrP2TbAvWKKtW8OFPpi7J96tNJXgSrDquHP ES39L1qaFr09vStcmctM4n8G7hvvx1I= Received: from pps.filterd (m0167071.ppops.net [127.0.0.1]) by mx0a-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55JL4QoA004874 for ; Thu, 19 Jun 2025 21:24:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc : content-transfer-encoding : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=pps01; bh=X46fh0ZZ1WeD/NYr5w40mQYpquA1g2f04LeJ0ONcmxE=; b=YPSmg/uwWqWtGNit0/X0eSqqIz7cpKxTTVyU2f1VKwLviwJL48VFuOSlEL6sul26oyw5 Fx0oLE+3puaartKeVOcQ7NLQ92vPaDkREj/IhWjsyqYFFHGC/izDuMi9Qtq19vY5cSxq UHPqXFxY6HmjzoR8Lbg1YoQIwO48jZT7VRjHPq/ST6Y7kXuyONT75+rHfiufO/vJyEsn hxWHuvW6WcImCSfaeUHUFHiJTrt9Jnq8i/LG5e3szuYn0jPc0ntLyo1GPSXlMWP1bBBq mJaRKc23NmSEt3TjA610x5l2/tr3X3qi1qE9R7WGUDKw1EC/+sAnhsUxd4azXdbzfjhY vQ== Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by mx0a-00364e01.pphosted.com (PPS) with ESMTPS id 47961sbhrj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 19 Jun 2025 21:24:53 -0400 Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-7d3dcac892bso206418385a.1 for ; Thu, 19 Jun 2025 18:24:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750382692; x=1750987492; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X46fh0ZZ1WeD/NYr5w40mQYpquA1g2f04LeJ0ONcmxE=; b=Th5GTSo4woBEO6ySJcs9HqCUc7CbOpuIHDWMxK84Yzdv8h7CFFa9dq828ELWEq2Dhr eYRtrbLzlyULExRifEbnLck+fCGq4P4ZCsVk6OlP0jcnql7msdpm01+F5VGdxt1KXWgA GDFaNj0K4KL91bnawpCw4PMoa7mObz38mBGg7h/EN5s+2df/2ozV7/EAyaN7xIQBbey7 uQamMrdpBfdPt5a29va19h7T4f98Cfiqr5e6/nt7ZzqZ46Z+e8FM8nlEue2aNLLD5Be4 JBbmjXeTm9Hp/kwQfgG8iVmKiEKjUgxFxpIpO/ePhU1hFBQau+JRiZwboWiAxSdhV1wF FXFQ== X-Gm-Message-State: AOJu0YzwTIc3WkhOyF/JgeUNJFgnyEgVusPoAiH2ne169/+mVm+wcPrE Upa0mcWy/XrVja++2+Dwvo3di5+3k/rdISXNzpv2/tJBusuH91d4eBwbI9pvnVHHgUKLy4MT3P6 pev+CRFLCxO1qRx1R4QpPjySzDP1F6gLYPC5RE0xEPqZbS3ER X-Gm-Gg: ASbGncuT28BmChRudQeWk63Ufh5WgoQ1X/Q5XMMAVv51Un8XizcV00BXwQiiVAdtjYO U1WAlbxAbw+Uc/rDPbcKSycf6f+J09doeDnxUoC3+R8bBfDxuWlA9MH/+xtVMeL1foo1GzPmkXI Kp3WG8m/glrAZqS4vxKF6SIbpheNtgqzF9CyGgHrDtcUBRzB6dwpJ4XvBF9jSb3t2UaMy/bkR71 A6upG4+gK2k5CKPF5qlYHypdH0L2p1wSL8lIdoeZpE3Pp46wQkIKH9NBHY/33/twuDaYAD7J+73 Hl5B57oKhFrsdNjnQzwvOVQh0v60A7AWAe1dKdpgopyQXE/Yq/fs1ofMqK22jIjQhUvm X-Received: by 2002:a05:620a:198e:b0:7d3:a7d9:1120 with SMTP id af79cd13be357-7d3fc06b8d5mr63537985a.24.1750382691968; Thu, 19 Jun 2025 18:24:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGJKSrSBgQ4uBVzQlMagjxckiiQ/tQxOZmwuAqKpCEwLsdmkXuPSybt+Cb06ko5l86V7nuVZQ== X-Received: by 2002:a05:620a:198e:b0:7d3:a7d9:1120 with SMTP id af79cd13be357-7d3fc06b8d5mr63533785a.24.1750382690971; Thu, 19 Jun 2025 18:24:50 -0700 (PDT) Received: from [127.0.1.1] (dyn-160-39-33-242.dyn.columbia.edu. [160.39.33.242]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a779e79c12sm3794321cf.53.2025.06.19.18.24.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Jun 2025 18:24:50 -0700 (PDT) From: Tal Zussman Date: Thu, 19 Jun 2025 21:24:24 -0400 Subject: [PATCH v3 2/4] userfaultfd: prevent unregistering VMAs through a different userfaultfd MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250619-uffd-fixes-v3-2-a7274d3bd5e4@columbia.edu> References: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu> In-Reply-To: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu> To: Andrew Morton , Peter Xu , "Jason A. Donenfeld" , David Hildenbrand , Alexander Viro , Christian Brauner , Jan Kara , Andrea Arcangeli Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Tal Zussman X-Mailer: b4 0.14.3-dev-d7477 X-Developer-Signature: v=1; a=ed25519-sha256; t=1750382688; l=2822; i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id; bh=xXMlI7rpm3z9JLZGXMznkVZ0H27f9pBGFKN/B0zsoEE=; b=WzhBLDQrXcUIUlBCP8qTicibv+pXurkXgBplDu92U7x22Aj1+3bJyvMaG1h7d35DYp/eDYzJj iqoX7qrPiMQAmBmnvAIOMBdt+sMK+Un6Ig5Keny2IykvItTmx9ZCkVg X-Developer-Key: i=tz2294@columbia.edu; a=ed25519; pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y= X-Proofpoint-ORIG-GUID: AlS2b0nI0QCJug8SAPg5OemGFHgv9rNU X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIwMDAwOCBTYWx0ZWRfX5Q3hKHWUhtRi Bca7PEZ6FLl9StVZ6YTfVqNyAxK3TmVCv4C8uUeFiqAv7ETMBjoQM7kVusV94cNY7LfeaA+FOvc VDNnlkj/BE8oMeVdjB5oup/oYdZls0mhfn0PQARqubjpS06ER2pqIyVlgIhebS+QxPobqMUDCrt lSwbwACW7R1yzge7sV5rhFg4oNh/wHhROi7wRV0zZZzKJLRrMOCayWNOY9Q67uHouD4x2rM5pnx /2Lr6GeAqkw5TXSQZb/DYYe6enxibqE0k8bdxX+cnbRN8YjZmvDjUVA5+9RbjkCThCfPW2yuVmh FmnitUKnxrjDcTYSz/yNvnx7T/KaGWICBB6hiGXATpGLXR6EXc5OzsFHyy+FUs0Uy+HzebQzP/v GEr5Hs/A X-Proofpoint-GUID: AlS2b0nI0QCJug8SAPg5OemGFHgv9rNU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-19_08,2025-06-18_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxscore=0 mlxlogscore=999 bulkscore=10 malwarescore=0 suspectscore=0 lowpriorityscore=10 impostorscore=0 adultscore=0 spamscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2505160000 definitions=main-2506200008 X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: BA4BB40004 X-Stat-Signature: bft61ttgyrpgm36mduuxkmxtd95eo7i8 X-Rspam-User: X-HE-Tag: 1750382694-953837 X-HE-Meta: U2FsdGVkX1+5qUFz8S4taIMU8zz1QqH9ZjZAwODbWiGQGePVlqY68dVzRkf+oF6TsFkYqnBojF8Bc7CIqwGm9t9yTI/bCOZJmaXTp8LgUg3TGXEIZtcQva3tKvZtAV7C/j6QCbnkARMy+lgHr2uYU63Ut0DQ4IYx3qzDuDpUbhRMHs0Suu8kGbx1AP+xZtyhtzp0VbhzY+a2qT6f/cEEDmDlSwh6xdmrb5BoRa6BU+c02skRfgTwGcP/O16N5yIAV5JeSOagX/hnGyBzjVZ80aUQvoVR2D4Uo/7MTaEiY1bZRbXi4cyembcbFQPTCiFi5wO0owg4zb+8dkTgj6Akc/x1DcG3Vpyytd95NsCi2IYUFnRAOAXrIdTrnu1XFel14VHtOdDv44/CPerPdkj9cFydrN4E+Gk8HFCVFiV4AhZX9mPxMGGDxucgU9jDuxQ6qntbNE0zb1E5Ugr2WyjuBs7dzhuZm/ptRzHCgf1/UEwHGpCSdU4UJ80ovdSLYs9xhbDfsTvEY2pn8PgHb8i9tU+INQLscLJIaiDlUe6BI9Mp74PFAbHxcmX2C9ntrtcSWLytrf5eBAo+b3nxgsQbcfgFjbGlvHjVSKOCx2kPtLsdVMiESGpoale6jzL8Wb6hh9icNkaKn9kOvoSmybmPkQ9mJXlPAkYA9Se2XfbWJwlzc0J/ofN3/cAHzM+2zhtCfB/gqd8GZcjgy8uve3kNc1DhI7i8BrRliTKfKFNaYPVQjEr6DFwtirnP8EAKFFFS6GDPjhkdG+80dc/kpkA4c7qBeL6Qd5guFjwk9GfpjFqXssuvH03b7ey6PkfD6AhJVHThqVgO+Lpdt0f5Rn0EvpH/Qe5Dz0ENjKHh52Q7yl1mmsDWD7Py0oH+Kk7+yx5KZg1zJ9UsUPomfVJY67jsp3MfNam1gauVPonHpNi3pi1Pd5CwH35BqpJbAbU3YiFpXox9KTmBT7+tfF0dmCX hxvPoO3+ 0vLu24kXrLVssUZEsRomLNYPJPENxbceO0nMT8aHzixiL3z5YksXsMYqcoONXoZ3/CBxolL93IHZXlSqkZf3D3dKDTLBPre5w1uSzUAaptFOKgukPKPKSb9MroFd8jhkX1a5773Gmd3t0Aeqd38G2YQCIAuqvfZxBs7HeJcZzDzpi8eAlsnQp5cijKHtPqwtPNUP2z5GbizjstkZCEZqp7UTtr8vmjFmJbbhmb2cOhqUkB03R2uk/BD0vuN/nfADoyeVwlQpv2DDpBIJ4BAFx1SGlH3pQw+SJbcFDolb7qk6yuQTRaUCndmWJVM5zWdu55dJ2TJlda5ZFLR4TyTWMCNBPLXMZ1XGKPua9qOHGGug2IFOf6fs2e8c1Iw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently, a VMA registered with a uffd can be unregistered through a different uffd associated with the same mm_struct. The existing behavior is slightly broken and may incorrectly reject unregistering some VMAs due to the following check: if (!vma_can_userfault(cur, cur->vm_flags, wp_async)) goto out_unlock; where wp_async is derived from ctx, not from cur. For example, a file-backed VMA registered with wp_async enabled and UFFD_WP mode cannot be unregistered through a uffd that does not have wp_async enabled. Rather than fix this and maintain this odd behavior, make unregistration stricter by requiring VMAs to be unregistered through the same uffd they were registered with. Additionally, reorder the BUG() checks to avoid the aforementioned wp_async issue in them. Convert the existing check to VM_WARN_ON_ONCE() as BUG_ON() is deprecated. This change slightly modifies the ABI. It should not be backported to -stable. It is expected that no one depends on this behavior, and no such cases are known. While at it, correct the comment for the no userfaultfd case. This seems to be a copy-paste artifact from the analogous userfaultfd_register() check. Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization") Acked-by: David Hildenbrand Signed-off-by: Tal Zussman --- fs/userfaultfd.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 22f4bf956ba1..8e7fb2a7a6aa 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1467,6 +1467,14 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, BUG_ON(!!cur->vm_userfaultfd_ctx.ctx ^ !!(cur->vm_flags & __VM_UFFD_FLAGS)); + /* + * Prevent unregistering through a different userfaultfd than + * the one used for registration. + */ + if (cur->vm_userfaultfd_ctx.ctx && + cur->vm_userfaultfd_ctx.ctx != ctx) + goto out_unlock; + /* * Check not compatible vmas, not strictly required * here as not compatible vmas cannot have an @@ -1490,15 +1498,12 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, for_each_vma_range(vmi, vma, end) { cond_resched(); - BUG_ON(!vma_can_userfault(vma, vma->vm_flags, wp_async)); - - /* - * Nothing to do: this vma is already registered into this - * userfaultfd and with the right tracking mode too. - */ + /* VMA not registered with userfaultfd. */ if (!vma->vm_userfaultfd_ctx.ctx) goto skip; + VM_WARN_ON_ONCE(vma->vm_userfaultfd_ctx.ctx != ctx); + VM_WARN_ON_ONCE(!vma_can_userfault(vma, vma->vm_flags, wp_async)); WARN_ON(!(vma->vm_flags & VM_MAYWRITE)); if (vma->vm_start > start) -- 2.39.5