From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74616C54ED1 for ; Tue, 27 May 2025 13:38:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 15F636B0099; Tue, 27 May 2025 09:38:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 136EE6B009A; Tue, 27 May 2025 09:38:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 04CF16B009B; Tue, 27 May 2025 09:38:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E0DE96B0099 for ; Tue, 27 May 2025 09:38:15 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 5689CBE0AA for ; Tue, 27 May 2025 13:38:15 +0000 (UTC) X-FDA: 83488791750.05.CC7B8D7 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) by imf29.hostedemail.com (Postfix) with ESMTP id 7C513120013 for ; Tue, 27 May 2025 13:38:10 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=none; spf=pass (imf29.hostedemail.com: domain of pulehui@huaweicloud.com designates 45.249.212.51 as permitted sender) smtp.mailfrom=pulehui@huaweicloud.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748353093; a=rsa-sha256; cv=none; b=A22oXsAHs42xej9tE1BkIaHjMdsLEi8UDShOhamds5rISgwSV5VVfFurm07Owq7XuYA4qc BUjn6LBFCU4TDlXTU40Nk5WPL+EPX3HnsNiFTFSxuJLySSXImB/2xkaedh19NijiG2q0un dKP9wo0N9CTjuTjbSj+sbQ3BVT45fOQ= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=none; spf=pass (imf29.hostedemail.com: domain of pulehui@huaweicloud.com designates 45.249.212.51 as permitted sender) smtp.mailfrom=pulehui@huaweicloud.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748353093; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6+uGuYmhK2hiMgevW2s8wT4l+ChYBDHN/X2hfCrJ/YE=; b=XiDgxDpoAFFo3zzq7l0RngB6+NsmNFI/deOfMwNtLkQt9kOYDcSpJhl5S1ocF8S6cKi5IJ 5mUPwnuUfDgQLhvXsqmfU0TKe0Lr2tJBQu7Bgb163EsCyKkDIeDED0BBCnkgfncR7xlIiv Xa7FjFOCL2aBeUCnLWc/Ox80zFrYRHA= Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4b6DGB07Hdz4f3lCm for ; Tue, 27 May 2025 21:37:38 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.112]) by mail.maildlp.com (Postfix) with ESMTP id C57C21A07C0 for ; Tue, 27 May 2025 21:38:04 +0800 (CST) Received: from [10.67.109.184] (unknown [10.67.109.184]) by APP1 (Coremail) with SMTP id cCh0CgCX_Hw7wDVo7Z3VNQ--.8983S2; Tue, 27 May 2025 21:38:04 +0800 (CST) Message-ID: <57533126-eb30-4b56-bc4d-2f27514ae5ad@huaweicloud.com> Date: Tue, 27 May 2025 21:38:03 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH] mm/mmap: Fix uprobe anon page be overwritten when expanding vma during mremap Content-Language: en-US To: David Hildenbrand , Oleg Nesterov Cc: lorenzo.stoakes@oracle.com, mhiramat@kernel.org, peterz@infradead.org, Liam.Howlett@oracle.com, akpm@linux-foundation.org, vbabka@suse.cz, jannh@google.com, pfalcato@suse.de, linux-mm@kvack.org, linux-kernel@vger.kernel.org, pulehui@huawei.com References: <20250521092503.3116340-1-pulehui@huaweicloud.com> <62b5ccf5-f1cd-43c2-b0bc-f542f40c5bdf@redhat.com> <13c5fe73-9e11-4465-b401-fc96a22dc5d1@redhat.com> <4cbc1e43-ea46-44de-9e2b-1c62dcd2b6d5@huaweicloud.com> <20250526154850.GA4156@redhat.com> <06bd94c0-fefe-4bdc-8483-2d9b6703c3d6@redhat.com> From: Pu Lehui In-Reply-To: <06bd94c0-fefe-4bdc-8483-2d9b6703c3d6@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CM-TRANSID:cCh0CgCX_Hw7wDVo7Z3VNQ--.8983S2 X-Coremail-Antispam: 1UD129KBjvJXoW7CFyrKFWDAFW8tw13uF1UAwb_yoW8ZFy8pa 48ta45JFyUJry8Jr1DJF1Utry0qr1Utw4UJr1rXFy5Awn8tr1jqFWYqFZ0gry5JrWktw15 Jr1UXwnruay7JFDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvjb4IE77IF4wAFF20E14v26r4j6ryUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Xr0_Ar1l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Cr0_Gr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I 0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40E x7xfMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x 0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1lc7CjxVAaw2AF wI0_Jw0_GFyl42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4 xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1q6r43 MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I 0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWU JVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjxUF1 v3UUUUU X-CM-SenderInfo: psxovxtxl6x35dzhxuhorxvhhfrp/ X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 7C513120013 X-Stat-Signature: s6gk679todbd8t1fkqimtj3hd1tnqgdk X-Rspam-User: X-HE-Tag: 1748353090-97692 X-HE-Meta: U2FsdGVkX18aM7iI3fTuq7ZrcQREad4M989zEmVI2R9nJkZ+mg/MG0LuXvbiBRonHpky9KyNOJsmLAJLfT54NC44HNnJjxQd6gcRTUTrI1ruY/EjXlWquvUc/cPq+tI08mBGPI/n3YM21rxDN7QeVS/Q2KEslNfEw8FvKhXyQpQTArcXphNRBGUqc49lUvqexkXkbPAuI4t8owNcnXcNarsP4V7bkY9x6bGDMT/vGkLjz7Z3h34HymRTkBidP6RS9TWEBtS9EIZwGvzz+KUcT31jahIUHzRi1NMVxxOIt5lMz59Oe7OY7hts1vkvZAgKry+Q+4dd2gldE6tc5fZigv2DvJZEEproxjnhtLXcNl21NBV8WXHkniy2Otu6yLJDKrRaZ9k3sqHwhl7yHV+/fZmLJbD+hZaGh+pvXRYno/wKka7VNYz0ZNhmC/ZNKYpczYa6eB/JWUHxbhUWNVfgxPaR1+uQ4zBQtbe44ry5Qp02DyREZrM6ssdo4w9+L11d6NcLC6iMbAdICfAHag+EMMS5t9IQeXy1xwqq8yaMVbPgOlNC6MEnchB0DXjxXFE7ibHazCTp3L1g8H64rr9sFhOKEP48exfnOR4ADAy04sbecQfECXt6dIxwAFVOhDi5UIS4ddYPTy9h9QhYSL7GNB5QaEl1zCuoI2TCD0lYkWdmh+hEsCGyksb4gHHERFCRzEMXz2vQyGa/zUhjeJ0tMIIplIY/4QSQ5/cMx0SePGbBsBivNhmnYQ1e8vM9zpq00/aDPmteHI9rgRlzRV+XJZSky2u7xKUjfyrH3ILDgX0UCs/Wh/LDc7EOFcq91K+MZMdHo3nPmwNBoBEIERln+S9ZWchOrpdG5k6X5uHHgOhUgoAbgXPlXSEZqtBjBTgyBVKGAyDdPdFDLoNPr4mtlcvuCyfSRTJ7SMMq59+UYLhig2A05feFz21oAnNI0JQv5kjM3bzEWXSq76mFPgY JwYKoCmD 98YoiO/DybQyQjdLb38YdGhUIlQ29V4H17CGbp3lSkyJY9RiBbjob35V3NbZ3eIKdh7PiRpkqFSUR9j5gMMGPZ/ermKC8B79cfGJeHeuwv5K113nehD8hMeSIF8Di3pDvpmFxH4kgVf8JvwJf3Pp9ojcbfaR4cZ/qiKx1qhnVS0He8FtK5pMTLP/D5Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi David, On 2025/5/27 2:46, David Hildenbrand wrote: > On 26.05.25 17:48, Oleg Nesterov wrote: >> Hi Lehui, >> >> As I said, I don't understand mm/, so can't comment, but... >> >> On 05/26, Pu Lehui wrote: >>> >>> To make things simpler, perhaps we could try post-processing, that is: >>> >>> diff --git a/mm/mremap.c b/mm/mremap.c >>> index 83e359754961..46a757fd26dc 100644 >>> --- a/mm/mremap.c >>> +++ b/mm/mremap.c >>> @@ -240,6 +240,11 @@ static int move_ptes(struct pagetable_move_control >>> *pmc, >>>                  if (pte_none(ptep_get(old_pte))) >>>                          continue; >>> >>> +               /* skip move pte when expanded range has uprobe */ >>> +               if (unlikely(pte_present(*new_pte) && >>> +                            vma_has_uprobes(pmc->new, new_addr, >>> new_addr + >>> PAGE_SIZE))) >>> +                       continue; >>> + >> >> I was thinking about >> >>     WARN_ON(!pte_none(*new_pte)) >> >> at the start of the main loop. >> >> Obviously not to fix the problem, but rather to make it more explicit. > > Yeah, WARN_ON_ONCE(). > > We really should fix the code to not install uprobes into the area we > are moving. Alright, so let's try this direction. > > Likely, the correct fix will be to pass the range as well to > uprobe_mmap(), and passing that range to build_probe_list(). It will be great. But IIUC, the range we expand to is already included when entering uprobe_mmap and also build_probe_list. copy_vma vma_merge_new_range vma_expand commit_merge vma_set_range(vma, vmg->start, vmg->end, vmg->pgoff); vmg_adjust_set_range(vmg); <-- adjust with new range vma_complete uprobe_mmap move_page_tables move_ptes set_pte_at(mm, new_addr, new_pte, pte); > > Only when growing using mremap(), we want to call it on the extended > range only. >