From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE339CF11CA for ; Thu, 10 Oct 2024 10:24:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7CA1D6B0085; Thu, 10 Oct 2024 06:24:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 752276B0088; Thu, 10 Oct 2024 06:24:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5CBE66B0089; Thu, 10 Oct 2024 06:24:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 35A486B0085 for ; Thu, 10 Oct 2024 06:24:36 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id C9CE31408C9 for ; Thu, 10 Oct 2024 10:24:32 +0000 (UTC) X-FDA: 82657308510.26.EB0F7F4 Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by imf29.hostedemail.com (Postfix) with ESMTP id D4009120003 for ; Thu, 10 Oct 2024 10:24:32 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=GHRhk7oU; spf=pass (imf29.hostedemail.com: domain of tabba@google.com designates 209.85.128.45 as permitted sender) smtp.mailfrom=tabba@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728555692; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=OzRLepl01rBIXpKHqICQ+VG1MuVzX81celcTfUwqlgU=; b=B0S9VxYfT2cor4pnQ22+jAgiE1+uVatIxs8soFYRzmSfNpME9DqaxDCqfHmDlAIv3yQEZY HSoS4zteFpWIhqeuU4NE3JdsbIIx7CT0Mk8wCN/NJb4n/vO+qGTcgIBIa/YM6EFR/4YYFA ihcUl5kmRaBUSoG8oTmr35becu1o0n4= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=GHRhk7oU; spf=pass (imf29.hostedemail.com: domain of tabba@google.com designates 209.85.128.45 as permitted sender) smtp.mailfrom=tabba@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728555692; a=rsa-sha256; cv=none; b=Bnrw7g1AUj9VSQqD2sy7Y4PexGzA5oi3OFr28HZZzfnUaADxYVFvHR4n2b5GNdFN6xSrwA LDz/Q0v9OOoUaUs5SFJHl8iVDcGSrx6t8Hmfwmje81PxUOASzbjc1lFAAK3Y/DB25ncSa8 Rv4Wzavfe2m7HXW3xsPtl2ay2nZfY9w= Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-431157f7e80so158695e9.1 for ; Thu, 10 Oct 2024 03:24:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728555873; x=1729160673; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OzRLepl01rBIXpKHqICQ+VG1MuVzX81celcTfUwqlgU=; b=GHRhk7oU6GdHjK6kWS7Jv9Y/oqn4u+oEe1hwXSxGFz4hirWbaZNIN0zr6/DIqGdkfZ L28fMGts0gfH6LZyyeVB0uwOKIeSyHtOAsM/cXczAT6AyIFwHYPNvBCHT9HPhu897x3N pctceoLDcYGYG+DQi10NnmgV7Pirq3pnEpKsDRWLnaNXR8KmHspSS2HTGePZvhy+SvM7 dk4lgalMhRtWcTvg6ATPrzHIOdacsWqOLL+MDFKUF4bfy5WsyZWu3YUoAc9QUeP57Ali 4qns8+Mqqis3wKBRrxtf3W14fJY1khYou/YCkZtxxp0nShdv19KSaf85jcH6SCHuW5RL Gm6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728555873; x=1729160673; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OzRLepl01rBIXpKHqICQ+VG1MuVzX81celcTfUwqlgU=; b=S2A9faMMj+11zx8rOtVFteqVz+FCvrp6uBMQh9ESBZkyP5HEqDNqI09nfH7WHOPPxz bJcjNDnoOCRrE+uJg7FahEfFoEURJTF1Uvbu/eoSV8R92H48dKPyicE05S9rJ+1yEUwE 3cmdQvkFtzILKCjEHLnqyj1ZFW5Gqzws/DTtKj53JSZDQUtaCflVZnR1uPxe23ncZ4X6 IiyD+yO4bXZB4GBVpX5751zuy/vYmGMNwbOTNGK1YMIMVnHUhZPUF4DjLDcBofe6Quiq HWs7J5ugoUSO22uqQxu+kLdnEd0SoU9kBbbXBJJuizBxd9vwvnBE8F3XZhVtB8svCJ+M Ou2w== X-Forwarded-Encrypted: i=1; AJvYcCUDP3+maiVoNtYBffIqwYCRRyqU6t9RKM7KJUdF8i5fIqqpowyyVQdu7fjZ2spbpdMoW1PQKRhS/Q==@kvack.org X-Gm-Message-State: AOJu0YyzIjaxAt7d8isUVAYz2bDl7U+J2iBQ6KhUk1jq1aoNQAZ77ZZ8 pKjpi76+cJSmDv9oxsMIv+msw/EEw5aNlNrflsjH53YHGRDG1EAOY3I/iIra2OtOZ3siBN+VEB7 lS4nptkkv4pORWsDkRVD+3JG2Ivtygf6mT4uv X-Google-Smtp-Source: AGHT+IGFf0e8gomwA6a0slETrpo9MsW4kTd5EZtJLAbPns5yYHIued/ItYJ6plaUZhkrBipZGu+G9pNHAZZCl+u+1Kk= X-Received: by 2002:a05:600c:1e21:b0:42b:a8fc:3937 with SMTP id 5b1f17b1804b1-431161b4011mr3744105e9.4.1728555872435; Thu, 10 Oct 2024 03:24:32 -0700 (PDT) MIME-Version: 1.0 References: <20241010085930.1546800-1-tabba@google.com> <20241010085930.1546800-5-tabba@google.com> In-Reply-To: From: Fuad Tabba Date: Thu, 10 Oct 2024 11:23:55 +0100 Message-ID: Subject: Re: [PATCH v3 04/11] KVM: guest_memfd: Allow host to mmap guest_memfd() pages when shared To: "Kirill A. Shutemov" Cc: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org, pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: D4009120003 X-Stat-Signature: 5gj9it484sm69jmq46mud53rccikjzxm X-Rspam-User: X-HE-Tag: 1728555872-748596 X-HE-Meta: U2FsdGVkX19IkWqK6YXjJ33IJ8itfdQ4kzAyD3IG8kukjmq7FtE4wbj67cSU5IYNRQeusHcUGSQI3HFSNtQc6CKDwjf7lqXzfWMcg7q8TNt41G4JenvUibpNKqV04mGHnTOb0v8n84Tmz6vBCsbrhFCMk5qwb/dBbIe01X667fSyKEDlen9ifLPxDKYtxFkzf0RSHDyv50EZ+JCXR+k213JnBptfzhXXx/oi16YbxTRvc6rWHZyIFE2Tvv+uOQ54RIWQvzI6UH2hQTjHihFt+aQ8u1OUHO/IYIiy+FsbzXL/tQJtM8UZjfF9YddilhWRut/t5rq3de8sIHMx4pedD7HaenoK+aTweMQ5G637QKb7hkoJAUU5bs4ydeePVQn9UvvKh+X6nBVak6G77uhwfqgP+kXqCMNpz4KwzH6plOTbJsuyn3+8X8g93Jm/5wifM1k4ekKHV6dhQkNHzXvTFzSqEsri6o3QrBeaKYknnawX0eEv1VNewBGSHGbsw3CnbSwnXenIFXQwgERIfEfr4N2sv8OCCMxR8tpz67Plckt6Ez/tw0tFIv0Nmf2bX8u8ugHo6bze5BQCsJz6NqdHW6y8IJ4bM4pa2HbS6hWR1PZGHMT4PUd9li8vNSpYAwJZHGSe9/XP0QaOSCXz/fa3PDxQHalDh7G779iQfKIV7Gq2RT3brgPKtRbIazwK1oD9rLUtSH4Scnj+vmo8zcwKR9bNHGNZVzoOedBTHFa8DLJFsBkeeKAEMIAQEfgRDZRgF6RgiGX9AG+0tnrnKuDSkxwU/WU62/6guk72oTR0fhYqnElnC1zgczOuWUZAijWKKlH5HkeIUjyT41J4xIpepb7JwMysEflYD28mNlgTUk9IEpGpuzuDNWdlQBu8iEhizKNIiQ90gvbrgO2tvCmKlIFZulBv2y/DbSVStVVgVz5zxUJUzeOQc7d69HEmpr98zklm8KT6LYH0eY1CJl7 /PTyX3nu 3Px3PtpWmvvy347cCOyVvyvprTb9iLaJU7AdRi7avecMTw602Oyh66LLgaD5ScjKY29wqyLLafboQ87e557mLTUvh3PvVPQsF79SryYb8dipDY6DHSUa4ddBqwD3plb1KEqZrC8ix3EHYChhQLyB+fq5HAkWx2xQr1cT3Mx+u+C90m/8xfPlbVYiBQQ3kZI5778vGc43/U3nXBfvmRvZDlziGEr0Imjd6OHCyZbH5YdPRVjr6aFmusUkgy+9koXoOn+kCiB5JbCUNBcnZ1Q4CYAXzK3QGIxVtMR+dodfME5jfeHLyWh+EmNmwQw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.009094, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Kirill, On Thu, 10 Oct 2024 at 11:14, Kirill A. Shutemov wrote: > > On Thu, Oct 10, 2024 at 09:59:23AM +0100, Fuad Tabba wrote: > > +out: > > + if (ret != VM_FAULT_LOCKED) { > > + folio_put(folio); > > + folio_unlock(folio); > > Hm. Here and in few other places you return reference before unlocking. > > I think it is safe because nobody can (or can they?) remove the page from > pagecache while the page is locked so we have at least one refcount on the > folie, but it *looks* like a use-after-free bug. > > Please follow the usual pattern: _unlock() then _put(). That is deliberate, since these patches rely on the refcount to check whether the host has any mappings, and the folio lock in order not to race. It's not that it's not safe to decrement the refcount after unlocking, but by doing that i cannot rely on the folio lock to ensure that there aren't any races between the code added to check whether a folio is mappable, and the code that checks whether the refcount is safe. It's a tiny window, but it's there. What do you think? Thanks, /fuad > -- > Kiryl Shutsemau / Kirill A. Shutemov