From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62A3FC5AD49 for ; Thu, 29 May 2025 15:10:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F31AB6B007B; Thu, 29 May 2025 11:10:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EE2106B0082; Thu, 29 May 2025 11:10:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DF7A96B0083; Thu, 29 May 2025 11:10:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id C17FE6B007B for ; Thu, 29 May 2025 11:10:01 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id AD3A21408C7 for ; Thu, 29 May 2025 15:10:00 +0000 (UTC) X-FDA: 83496280560.13.66165D0 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) by imf15.hostedemail.com (Postfix) with ESMTP id 7813FA001B for ; Thu, 29 May 2025 15:09:55 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=none; spf=pass (imf15.hostedemail.com: domain of pulehui@huaweicloud.com designates 45.249.212.51 as permitted sender) smtp.mailfrom=pulehui@huaweicloud.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748531398; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rNrLJdsRlLsKEewyTjcThVp17P3rRrDaquFPpmQHgyk=; b=2uJtQUysboH84sKkQJjBFM/g00OOBIvkjUFESdizqdVeaQrUEiLxojgbXxLBF8WC09kSKS X5JKGHmkRKA1+b5hmKH52B44QsqEBvrBKt8Mmh5U0CB0WEYens6jMpk0YrvSAe/BqX02+d 9Wn72zsb1S6Tq1s4znFS8VF9H7LB2I8= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=none; spf=pass (imf15.hostedemail.com: domain of pulehui@huaweicloud.com designates 45.249.212.51 as permitted sender) smtp.mailfrom=pulehui@huaweicloud.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748531398; a=rsa-sha256; cv=none; b=UkiN4DdQ4jYzukltzc5rb3c3a21FHpFdKYKfpxeEcKwlEnCIkJfcWVgRNkHtOfvtw5Dz4k mxb2YQykvqwVGrhmeMjQpmQYuxp3BJcMb1I50QgGSAVvzV2KFw+udfdxw+jUn1UyXkED4p D5rbt4tXIPSP7+CNZTuti96khnWTAv8= Received: from mail.maildlp.com (unknown [172.19.163.235]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTPS id 4b7VCd5vPQzYQv7k for ; Thu, 29 May 2025 23:09:49 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.75]) by mail.maildlp.com (Postfix) with ESMTP id E80501A0CCC for ; Thu, 29 May 2025 23:09:48 +0800 (CST) Received: from [10.67.109.184] (unknown [10.67.109.184]) by APP2 (Coremail) with SMTP id Syh0CgDHz2K7eDhoQlEcNw--.51209S2; Thu, 29 May 2025 23:09:48 +0800 (CST) Message-ID: <58d522f5-751a-44ff-9581-bc772c8d5c60@huaweicloud.com> Date: Thu, 29 May 2025 23:09:47 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH v2 1/2] mm/mremap: Fix uprobe anon page be overwritten when expanding vma during mremap Content-Language: en-US To: Oleg Nesterov , lorenzo.stoakes@oracle.com Cc: mhiramat@kernel.org, peterz@infradead.org, akpm@linux-foundation.org, Liam.Howlett@oracle.com, vbabka@suse.cz, jannh@google.com, pfalcato@suse.de, linux-mm@kvack.org, linux-kernel@vger.kernel.org, pulehui@huawei.com References: <20250527132351.2050820-1-pulehui@huaweicloud.com> <20250527132351.2050820-2-pulehui@huaweicloud.com> <20250527142314.GA8333@redhat.com> <20250527172018.GF8333@redhat.com> From: Pu Lehui In-Reply-To: <20250527172018.GF8333@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CM-TRANSID:Syh0CgDHz2K7eDhoQlEcNw--.51209S2 X-Coremail-Antispam: 1UD129KBjvJXoW7Ww1xWFyxCw43Kw18Ary5Jwb_yoW8Cr4Upa 1qqF15KF4Dtw4Ut3srX34kKFy0yFy3tr4UWry5G34furnIg3409Fy2gFZIkF9xZr4xX3WU ta13W34Iya4UZaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUv0b4IE77IF4wAFF20E14v26r4j6ryUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x 0267AKxVW0oVCq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG 6I80ewAv7VC0I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFV Cjc4AY6r1j6r4UM4x0Y48IcVAKI48JM4IIrI8v6xkF7I0E8cxan2IY04v7MxkF7I0En4kS 14v26r1q6r43MxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I 8CrVAFwI0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUtVW8 ZwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x 0267AKxVW8JVWxJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_ Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7IU1 7KsUUUUUU== X-CM-SenderInfo: psxovxtxl6x35dzhxuhorxvhhfrp/ X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 7813FA001B X-Stat-Signature: a9r8kz7ucbbkq9qkm7rafaj5sj6tpz3d X-Rspam-User: X-HE-Tag: 1748531395-296347 X-HE-Meta: U2FsdGVkX18lWyecI1/xGb7vrWPvL1U0Tl8ppHJe5lUxwY9vFeKdB3SxDHjID6oIcRtX9MMQ+LPf7X6qB+ghLHDX5S2kWmN1koDRq9mYUk7X3ZayGAppOuc7Gt/vDMMWyxneOvwByh0SuLvq/9Ki9G5y5NnZkxpPp8xAuHKPfykSJMkE6W/nPDPnsSSMEKJGieOty0kVbBOyxeBJkNN0AfD6OiahE7i7I2PHg8n1pB8tvhMAcpdOxy/vtnYvaAe6SsLd1TipvJP2muLXYm5VjldMwZnKnKqsI6AEqr9m4MaJxJgcbYsOjGFMkz4pN3Cp8EjqAbs9r+a+hh9ib7ooEpe4l3JS8xOsQRsJmkz5Cop+Qp7xZpDLti0B6tdPF4fP3kJZS18ygd6qET1z4xdeiSv+KjBCVyHxCi3uoG1RjfxOAVHv0uui3sF9cCuVCzWfORoFNi6XjoM5c84x0rPIxqwtr0ikFeCoihihPHLMtz232T6dPLrG0oqX6pfikeZ72bh7qO56QrQlGWYp4XkHfpB+DhWnxNn+NBEBGDsjNBO4ib0NpE0DXMa5lbHQWri/PpR1uF9+R7hwcNakur/GPbn4/2LSwjAtxU8BA6Jq+e7W3Phj5sKqHTdLySnBtP4bHgLIdGP6bsGCM3xIQPjo50hjaPmu44pYJxaMz5ysLRW3fbCpe3rY0lIXKxqv8QToqs4jnQ3NXi/W1go091PpdJuQiFvlMocnj9Q/d3lT0SKJJVGaGgNAb7Gzrlx+S89S4aS8Sz0JUrXqPLK1I6cTflFqho3cpkkDTDWkfssjYCmDB/6MAQ815I3QC11MW5Glra9Wz8p2wD0SYDYihvDqmn387lte2dCG3GTlZhzhLEtp4Y8hVZuaaJj0bLQSyC9DLjD78FUKBwVn12379PqEhwPGyI6XADFiiv/binjmKfyNxmg0HmQ8Op3h5FROYBspXkraYElyOY/w/9bhEAI i6mbuRCA 7MS5p1eBwWEMlhKpbTM7e2M7HRSe9bzfarwUIAbw53zLAJ0JsHUDa9co9A24tpA4+q3eDclKAVOxAaue6QU+dPK44U5+e+6/c8SE6lmH8D+PxjStNx0GdAd4v8wtNj9xXUEmTOYU2928nDuoHKliKmakjTPG9XVdWfnvGxgk8z6baKwsUJ/wtbjqAZA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2025/5/28 1:20, Oleg Nesterov wrote: > Hi Lehui, > > On 05/28, Pu Lehui wrote: >> >> On 2025/5/27 22:23, Oleg Nesterov wrote: >>> Well, I leave this to you / Lorenzo / David, but... >>> >>> On 05/27, Pu Lehui wrote: >>>> >>>> Fixes: 78a320542e6c ("uprobes: Change valid_vma() to demand VM_MAYEXEC rather than VM_EXEC") >>> >>> I don't think that commit could cause this problem. >> >> Hi Oleg, >> >> Me too! I was test that before and after commit 78a320542e6c, so call it the >> `directly related commit`. > > I feel I am totally confused... > > but _may be_ you have used the initial reproducer which used PROT_NONE in > > void *addr2 = mmap(NULL, 2 * 4096, PROT_NONE, MAP_PRIVATE, fd, 0); > > ? > > If yes. I _think_ we should have the same problem with or without 78a320542e6c, > just you need to s/PROT_NONE/PROT_EXEC/. > >> In fact, I think the issue was introduced in the >> original commit 2b1444983508 ("uprobes, mm, x86: Add the ability to install >> and remove uprobes breakpoints") # v3.5-rc1. > > probably yes... Damn I don't know ;) > > Oleg. Hi Oleg, Lorenzo, Upon verification, the issue was first introduced by the commit 2b1444983508 ("uprobes, mm, x86: Add the ability to install and remove uprobes breakpoints"). Uprobe only became available for user use after commit f3f096cfedf8 ("tracing: Provide trace events interface for uprobes"), but at that time, the issue was obscured by another problem—specifically, the always failure of uprobe_mmap processing for the newly allocated new_vma during copy_vma. After commit 6dab3cc078e3 ("uprobes: Remove copy_vma()->uprobe_mmap()") addressed that, the original issue was exposed. Therefore, I believe the Fixes tag should best reference commit 2b1444983508 ("uprobes, mm, x86: Add the ability to install and remove uprobes breakpoints").