From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35F36C54FB3 for ; Thu, 29 May 2025 16:07:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9F9916B007B; Thu, 29 May 2025 12:07:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9AA8C6B0082; Thu, 29 May 2025 12:07:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 89ADE6B0083; Thu, 29 May 2025 12:07:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 68DEA6B007B for ; Thu, 29 May 2025 12:07:38 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 6ED4A120B58 for ; Thu, 29 May 2025 16:07:37 +0000 (UTC) X-FDA: 83496425754.30.0B584BC Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) by imf08.hostedemail.com (Postfix) with ESMTP id D0058160017 for ; Thu, 29 May 2025 16:07:31 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=none; spf=pass (imf08.hostedemail.com: domain of pulehui@huaweicloud.com designates 45.249.212.56 as permitted sender) smtp.mailfrom=pulehui@huaweicloud.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748534855; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/SFK3xo9+Z8atxyxYL3eaAUDBIT0DxWf/ZIrZtWfsd8=; b=xifh3CD+7ZANXKQsp7UWVAv/5CMz5avL0CrbJ/docDPsartkp2NPZKwS8iDbK+GJomXRNs UeQc0jSfwHZ7QYfXslhMP1qnhIh8c97BuLgjjcJmidSnnn+YVEh4PFuqzvkTEZoM2UebsA vMU9cFhhYioT8c+r0J73LTYJlm70/N4= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=none; spf=pass (imf08.hostedemail.com: domain of pulehui@huaweicloud.com designates 45.249.212.56 as permitted sender) smtp.mailfrom=pulehui@huaweicloud.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748534855; a=rsa-sha256; cv=none; b=UYKtwu1+zob+I807fTFUMnU13TfPebvmjBDjABMawV5jN46bCaumtN5sA6705FEXpxxAjK 8CXhTfu0x0yCBPebywpkrKFJoXz7RqwQ+xLfGYQhe/DVRFRFvddKj+xJDe8oqX+7jBLSV2 pdom1+m+BaD8fj67Z0v9f1DhwFQ/8Go= Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTPS id 4b7WV82rDnzKHMmh for ; Fri, 30 May 2025 00:07:28 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.112]) by mail.maildlp.com (Postfix) with ESMTP id C9BEB1A0EC2 for ; Fri, 30 May 2025 00:07:26 +0800 (CST) Received: from [10.67.109.184] (unknown [10.67.109.184]) by APP1 (Coremail) with SMTP id cCh0CgBXuno9hjho1UqsNg--.34312S2; Fri, 30 May 2025 00:07:26 +0800 (CST) Message-ID: <956124be-c73c-4023-9edd-25372f3f865a@huaweicloud.com> Date: Fri, 30 May 2025 00:07:25 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH] mm/mmap: Fix uprobe anon page be overwritten when expanding vma during mremap Content-Language: en-US To: David Hildenbrand , Oleg Nesterov Cc: lorenzo.stoakes@oracle.com, mhiramat@kernel.org, peterz@infradead.org, Liam.Howlett@oracle.com, akpm@linux-foundation.org, vbabka@suse.cz, jannh@google.com, pfalcato@suse.de, linux-mm@kvack.org, linux-kernel@vger.kernel.org, pulehui@huawei.com References: <20250521092503.3116340-1-pulehui@huaweicloud.com> <62b5ccf5-f1cd-43c2-b0bc-f542f40c5bdf@redhat.com> <13c5fe73-9e11-4465-b401-fc96a22dc5d1@redhat.com> <4cbc1e43-ea46-44de-9e2b-1c62dcd2b6d5@huaweicloud.com> <20250526154850.GA4156@redhat.com> <06bd94c0-fefe-4bdc-8483-2d9b6703c3d6@redhat.com> <57533126-eb30-4b56-bc4d-2f27514ae5ad@huaweicloud.com> From: Pu Lehui In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CM-TRANSID:cCh0CgBXuno9hjho1UqsNg--.34312S2 X-Coremail-Antispam: 1UD129KBjvJXoW7CF1DZFWUJrWfKFy7XF4fXwb_yoW8Kw4fpa 48ta4UJFy5Jr18Jr1DtF1jqry8tr1UJw1UXr1rXFy3Jwn8tr1jqr4UXFWYgr15XrWktr1U Xr4Utr9xuFW7ArDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvFb4IE77IF4wAFF20E14v26r4j6ryUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIE14v26r4j6F4UM28EF7xvwVC2z280aVCY1x 0267AKxVW8JVW8Jr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8C rVC2j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4 IE7xkEbVWUJVW8JwACjcxG0xvEwIxGrwACI402YVCY1x02628vn2kIc2xKxwCY1x0262kK e7AKxVWUtVW8ZwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c 02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_ GFylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUCVW8JwCI42IY6xIIjxv20xvEc7 CjxVAFwI0_Cr0_Gr1UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AK xVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvj xUF1v3UUUUU X-CM-SenderInfo: psxovxtxl6x35dzhxuhorxvhhfrp/ X-Rspamd-Queue-Id: D0058160017 X-Stat-Signature: 7q1pn61m3ta9efwsjms6ksaxbf6dygru X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1748534851-821416 X-HE-Meta: U2FsdGVkX1+4wteGWIF1jXhLB6z3mjBmsHUJ/IHT6loo4lMKHs/GpIFZ8KodFBAco5nXrP0bK7GAQtopEdlq94WOuKMd2FPsJyjwGj4Vf4sGwGa+lz+2vj4rA7kmGRj1cFpzMilBlxto9OLhfYHdM+ZUYUw+f5TfhPj+lyrBRmjyMwGMVMtl0lDgnFGdN3HM95YRvTxlOqoclM2GmrhE/UI8GlG5Wv+/NL3qmdTtwYVS5GUDfydO5Bddp9+SXQFeItO7IjKPLwp3N2MpTwaggGktjoBsL6LWnRjTYEz3L4R6YLUJpylHMJ4Xtk6aHz+EJaeh44pMxMxSaR6ODj6m4qkm8wm+zgI/5An3WScnuNdvxyWUwYHvxFJ1XhtQx8MTtMP0E1xviSQ8z4ECgYuMfH5r2qHqga+LzXcJgT9l4uR1BCokbtkLj/HgHG6ozs9YzLeZlnu08xe7vMx87/0/3YW1pdijSh11pmj6WOp0k6yNhwzLc0ULd8FbmU/VZsBslHuO4zvZdLf1W4Kk+tdj5UZQnLTAIfvsk6lBul58KuL1IILPpuX32c/q30hXGqNKRPDX9JvXz8Fypv8QL1bi3vFU24SEWna6Yoge8tiubGlMr9ZK2i0Irxyc9Ky8qLgh/xZVC59sXBgZkcbq1CBLEuNzcsAblE+hNZJiBJFJySaodIj1zRt/8xAOK6iR3nsglNgXEYE31gRtQZsFFvwrLuW3DAW8JnovGmR9Cj5A0fMFLJG0bCaaKXXgj5Up9EhwaJrNcGfceeONscAY1KDGl9VARa0tG+HM2d48KlfJvQq2d+bySBTKZijPTdmEYceIY1yfVlEWs5DL14IdqSOJOc7V9ZnpQNMKyzyZ40+Q3JsUgj2NPD3XEJv45V2vix3COc0MGjIhvopGSnCkng2r25t6ml98j0nadsI4h91Gs7dCepdDy0oE0igr+ji0ZuCCCFMvOEaufqaGn2Ta1U4 Bfp7hsg7 HRioHV9ZmsyNpTXFAeligrWs5ndZTDdhxOs6JMK14Hx2FYv1DY6J2nWZNKrbcum8tkUIpIJ9eToXtZ2MxYpEbJUbq53WHIMPzJOF/KjqdAZultEhnEbOf8wKuzbl0lBpjHYL/DCu1sdzn7wrZoFMA3a4fR2o58RVhnWPgOtVj7/icExcWUjohyt0Jbg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2025/5/28 17:03, David Hildenbrand wrote: > On 27.05.25 15:38, Pu Lehui wrote: >> Hi David, >> >> On 2025/5/27 2:46, David Hildenbrand wrote: >>> On 26.05.25 17:48, Oleg Nesterov wrote: >>>> Hi Lehui, >>>> >>>> As I said, I don't understand mm/, so can't comment, but... >>>> >>>> On 05/26, Pu Lehui wrote: >>>>> >>>>> To make things simpler, perhaps we could try post-processing, that is: >>>>> >>>>> diff --git a/mm/mremap.c b/mm/mremap.c >>>>> index 83e359754961..46a757fd26dc 100644 >>>>> --- a/mm/mremap.c >>>>> +++ b/mm/mremap.c >>>>> @@ -240,6 +240,11 @@ static int move_ptes(struct >>>>> pagetable_move_control >>>>> *pmc, >>>>>                   if (pte_none(ptep_get(old_pte))) >>>>>                           continue; >>>>> >>>>> +               /* skip move pte when expanded range has uprobe */ >>>>> +               if (unlikely(pte_present(*new_pte) && >>>>> +                            vma_has_uprobes(pmc->new, new_addr, >>>>> new_addr + >>>>> PAGE_SIZE))) >>>>> +                       continue; >>>>> + >>>> >>>> I was thinking about >>>> >>>>      WARN_ON(!pte_none(*new_pte)) >>>> >>>> at the start of the main loop. >>>> >>>> Obviously not to fix the problem, but rather to make it more explicit. >>> >>> Yeah, WARN_ON_ONCE(). >>> >>> We really should fix the code to not install uprobes into the area we >>> are moving. >> Alright, so let's try this direction. >> >>> >>> Likely, the correct fix will be to pass the range as well to >>> uprobe_mmap(), and passing that range to build_probe_list(). >> >> It will be great. But IIUC, the range we expand to is already included >> when entering uprobe_mmap and also build_probe_list. > > Right, you'd have to communicate that information through all layers > (expanded range). > > As an alternative, maybe we can really call handle_vma_uprobe() after > moving the pages. Hi David, Not sure if this is possible, but I think it would be appropriate to not handle this uprobe_mmap at the source, and maybe we should make it clear that new_pte must be NULL when move_ptes, otherwise it should be an exception? > > uprobe_write_opcode() should detect that the uprobe is already installed > (verify_opcode() will return 0) and just return. >