From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3B9FD1D88B for ; Tue, 15 Oct 2024 17:57:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 50C3B6B00A5; Tue, 15 Oct 2024 13:57:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4BCE76B00A6; Tue, 15 Oct 2024 13:57:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 35CF46B00A7; Tue, 15 Oct 2024 13:57:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 177C46B00A5 for ; Tue, 15 Oct 2024 13:57:21 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id E5B1DAC78F for ; Tue, 15 Oct 2024 17:57:02 +0000 (UTC) X-FDA: 82676593230.21.B7B4633 Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) by imf04.hostedemail.com (Postfix) with ESMTP id E771340004 for ; Tue, 15 Oct 2024 17:57:08 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=gdNEUO3F; spf=pass (imf04.hostedemail.com: domain of jannh@google.com designates 209.85.208.45 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1729014966; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oy6hku2nGywb7rejUWih8IdQfUCvfFupUIO4ZBdAV6c=; b=8SXhp2f+8bl1MIpdEcE6OIXL14klbc7Rt9cbcKK0HzqKr/Y8IxVvBMFXzg9DrvkYKah7TG aRqAZapG0pBqVY+WiEp4UZUK7E1y9ri4vb3YgtgrJ5zAhBywsmUmfApDnDnT+sfzGpjYeD 6ULrwH+UA+5NZYEsDV7L00uzmU2dALU= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=gdNEUO3F; spf=pass (imf04.hostedemail.com: domain of jannh@google.com designates 209.85.208.45 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729014966; a=rsa-sha256; cv=none; b=o4JfrtGmrYHmweYzERu+JYEknM4DpbJTjpcI1HIaA4bKhnTymsDOQ6rpwjJOu5hCXZ66Wt UMOpYj1MM9QY4R6gpDrOSdmQF9NYWOnNjwVQ3r/cEvnRkHgNPquBsD5kci89jUZlhFxsd8 MkGf9tUvSnOrNINBpDAN/ZKE7XYz3lE= Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5c93e9e701fso52025a12.1 for ; Tue, 15 Oct 2024 10:57:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729015037; x=1729619837; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=oy6hku2nGywb7rejUWih8IdQfUCvfFupUIO4ZBdAV6c=; b=gdNEUO3F9fnYAL/lUC6Tz2kTwlpIp2RL4c5EEa1FDqOYEbzF6yE5w4lcfQjPuKsYQg eTifgYqHHy+fsMKZ06muVOrYr0KHZXqsa3ZJyWUZKfJ6gQIJZmFZAA5w7W6e5DUS/zFg RxSprDkvxo0ccL9g6zny437xyknxWzZr/mDc+qTtq9MR/VZP1IGi6XRkWsn9ZnqWX1pB kwIeI1NM6o68S7IaBO2ZPUNKO9Qnz3bllid1Cn6VKwLSzJ8ETR0VJCPzxd1QvuTaLkld rwh7dxJL238oRluDLHPV5vX0nR5INqTKwdYVMt2+m3NufFAEpkBeWIdlEFMTynGhW4GN 15vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729015037; x=1729619837; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oy6hku2nGywb7rejUWih8IdQfUCvfFupUIO4ZBdAV6c=; b=PnOODlM8Sxtp53yy/8CWcRa0uUnGZCEX+xN9QyS5hKIIkjTyc57HFE+qayVBkGiXgW bW5vJ68kPAa/1CGSuLnmQ5xV+lUUYEUK9L5aTAUNMPmTBXn8myWNjnLBvdgcST7Um6I5 BBdBbfA7+5+VpLR1AqIn5+mRxAHoVNikfXfWj3iRecvl6/65rCG7Zof1arc3s6bsXLQP pg8+QSeGxqL7Fx/20DM1pElFFQ0oA6l3wLumo0i/EGCS+D6EJ42gumKSiW84o8R2gBsw ekllMcmAk79jP06rn2BdQxLGZgOZLczqYOY4R8oxQ2v/pU5XeMRUVlGFG53yh5nGbEPk ziRg== X-Forwarded-Encrypted: i=1; AJvYcCWMdLkh0EUR7/XZaMNltixbtWOpSdiS1t56gt7NZDEklXlxITLT+5Ut3kNOzwzgM8NMTJT0v3CBfg==@kvack.org X-Gm-Message-State: AOJu0YwWUyXMNhl0E6XehHNxYfeu9Wexn+082KnZLABhUY6lryqNBB6E w3AIofTZyGRqLpJ69lcXY3w2j9DNebQT9wMpIa1206qdDTAg37AyviDPLvuxwN8eEjSLAg0Vc9u 9oGk+HoixXnyd//nguIPAm7KCD7A0RBYeWRDPntKLnNt4uxuDqOZt X-Google-Smtp-Source: AGHT+IHpC4Z2Brqidic9WYS1qahXmtTOICOECUsGWQtcS9MEDbuqtCQisOH/f0cbki1zFlHmf2Q4Vg+LPf0Vmm3cyu8= X-Received: by 2002:a05:6402:234a:b0:5c8:a0fd:64f0 with SMTP id 4fb4d7f45d1cf-5c9979d0b81mr8625a12.2.1729015036909; Tue, 15 Oct 2024 10:57:16 -0700 (PDT) MIME-Version: 1.0 References: <20241015161135.2133951-1-Liam.Howlett@oracle.com> In-Reply-To: <20241015161135.2133951-1-Liam.Howlett@oracle.com> From: Jann Horn Date: Tue, 15 Oct 2024 19:56:39 +0200 Message-ID: Subject: Re: [PATCH] mm/mmap: Fix race in mmap_region() with ftrucate() To: "Liam R. Howlett" Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Lorenzo Stoakes , Vlastimil Babka , Matthew Wilcox , David Hildenbrand Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: E771340004 X-Stat-Signature: nsa5sxbmdha6dwq7ocfbmmhj8h1ot1qp X-HE-Tag: 1729015028-478519 X-HE-Meta: U2FsdGVkX18aSQF6UwarewoFfSpVZE/mHjWll4XsrgvWLwJBa1+W0QFjp3BDjNukG3QxIxrzYGEllIw2l+EAlP/AWfd4N2uihVprJWKh35B5mLGN2w53AeaU7cHeusLuHaVxLb2rLKSdf/oFHeC4JAkMIXlX+B0NvuF85kUsGy2ySDM1lETMjt7cl6TxW+1SFDND7co0zmmvY5KtVsuNxmA8mtgXPJ3nSSG3a/fgAK6T2jE7YZnPR4TuSLnRa9q1nSG6UO/Scx3gRFctnFWAmxJdF7VY/Sme6bmEm10JSr8A1GeWIMJgtBNE8gLoUlM95UHRgP0Rb3u6tNOuyVq+4Rw9kbhlYz8AGnoL4NPiQXSWKDlgbj6P5L7f37JHp+ZSTqYCjzbrxa5hW6/EDb4ZG7PHLm7yyM0f27rt0q4MOzJMLQwkqLgGmAU224PTRVYVIGbVXbL56v0pcx7Q/4DdbqVKrAFYMUp0kCW4l+FQC0ApcL2xZmUOQDCxt4uoIwCo+4VAmrx4y4c1wJPmwIj70zmCSZwibFdiz1YSggmngAenKsifTAvxCNiSkR/BtpzgMsYdoxlo3Vb8F02qo1y39wytTa7sFW7E1DwIlPx+Zyf7Bk9b+6iV2gvIuwb+2HeclXHwrCuXG2b/G8f5g246oYacwjYdhMcodK8jL+NU0txCjmSsQDLHmLjNuv3/XSY7DNpYJSF9vzBQglbLpD0OWGPoZvOM0fjMs9+ZMxBmGG3rHy5/dUZf/deDbAtt4bITUAbHJKRxox+FXJ54aMnge/ZWUqpO/fZ/SGDZiR9yUpe6U8B4tahzjVSlt+qL/zZsQzQiMyCSMHOpGebKgHAnM/Sahj9DMPXzhCNpExKqMGR/01pcxpLn37bMAekx08JBucr+XJesvooxBdUHjnKKslo1jKgptqsSVvdQV9GIwHCez1coAydPTEMmhYNrzI0+95Me9iNbphDAeLPuaO5 BMyJpfCk 6M2zsOoniOVjFQnHKOfW3kPP+wAZRHPq7pmY2RWDcT8XUXT/XcF6/G8e2iWGOVejaCI2hZrW66je9WqVz8kvI1ieekkTCEsFGVA3aHfnpQ7e8JLUXVvnhu36ZB/F4aX6z2mq+L9m9DYsbm88zEsgsg/mLI2DmY+gqZbyTtQlCZfxkCFXq4MORhnZPQUpo97eJL43xlcy6sJW+R4Q4hmzyCt1kpWDQOQpMhCVCF+dXLAC9biBJHYZ4vAWTyFCy8ueER5jTFzAcRaqLU9OCAbMxelxQ8DJ9WmRhZt2sBxfEfO1CgcqWGE8SntZRk6SH/7/qr8sh3336dhILFWlkLYQhyHWAuNB6mkZ5Vk2vA42eCRGmQJkGBrof/YWB17xzXvjjXgHHSmNLqMhH+3ERiqcj94gEHNmx1LmD/v8A X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Oct 15, 2024 at 6:12=E2=80=AFPM Liam R. Howlett wrote: > Avoiding the zeroing of the vma tree in mmap_region() introduced a race > with truncate in the page table walk. To avoid any races, create a hole > in the rmap during the operation by clearing the pagetable entries > earlier under the mmap write lock and (critically) before the new vma is > installed into the vma tree. The result is that the old vma is still in > the vma tree, but the page tables are cleared while holding the > i_mmap_rwsem. > > This change extends the fix required for hugetblfs and the call_mmap() > function by moving the cleanup higher in the function and running it > unconditionally. > > Cc: Jann Horn > Cc: Lorenzo Stoakes > Cc: Vlastimil Babka > Cc: Matthew Wilcox > Cc: David Hildenbrand > Fixes: f8d112a4e657 ("mm/mmap: avoid zeroing vma tree in mmap_region()") > Reported-by: Jann Horn > Closes: https://lore.kernel.org/all/CAG48ez0ZpGzxi=3D-5O_uGQ0xKXOmbjeQ0Lj= ZsRJ1Qtf2X5eOr1w@mail.gmail.com/ > Link: https://lore.kernel.org/all/CAG48ez0ZpGzxi=3D-5O_uGQ0xKXOmbjeQ0LjZs= RJ1Qtf2X5eOr1w@mail.gmail.com/ > Signed-off-by: Liam R. Howlett Thanks, this looks good to me. Reviewed-by: Jann Horn