From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 259C9C52D71 for ; Tue, 6 Aug 2024 16:21:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A0B466B0085; Tue, 6 Aug 2024 12:20:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9953E6B0088; Tue, 6 Aug 2024 12:20:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 836616B0089; Tue, 6 Aug 2024 12:20:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 644DE6B0085 for ; Tue, 6 Aug 2024 12:20:59 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 03DCF1403BD for ; Tue, 6 Aug 2024 16:20:58 +0000 (UTC) X-FDA: 82422334638.17.6A19825 Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) by imf16.hostedemail.com (Postfix) with ESMTP id 0712118002B for ; Tue, 6 Aug 2024 16:20:56 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=mjlTsz+N; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf16.hostedemail.com: domain of jannh@google.com designates 209.85.208.52 as permitted sender) smtp.mailfrom=jannh@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722961187; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1kevowYnPlHYLYU8u9TCipQQgHw367Fz6gkjoqEgEpY=; b=UL23jqNVB+DhWzYGY4NiWc2WLJgU0orjQ/NBk3+rpaLFdQcjTlMoQidl3srIWADxDqW56u 5g7b2jtZNi7tuemp/bdx3hPSh50TliIcdxU66Vh9yfFJv9suT9sx5J2tobot6X9rcyQ8D4 X5ug7bZlysMtcAQjCGlSF8Hg/VsUPO0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722961187; a=rsa-sha256; cv=none; b=hL4rnlTDo+PfihA4/d8MO2GKbdkrrjbWb1vNp+pUgU9A6WGZ/7M76jWwq5pO8Sm+6m8HZj jsTVDh9vh+iMt/phADwb08Qw9jn3f0lM5gTG6f2C0iJ6jDoz7HiTxr02qqCQ3n4UDeEFnr 03ZVk2tvFBQVKszZ6b1oqvWnF9/rTXI= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=mjlTsz+N; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf16.hostedemail.com: domain of jannh@google.com designates 209.85.208.52 as permitted sender) smtp.mailfrom=jannh@google.com Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-5a1b073d7cdso18907a12.0 for ; Tue, 06 Aug 2024 09:20:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722961255; x=1723566055; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=1kevowYnPlHYLYU8u9TCipQQgHw367Fz6gkjoqEgEpY=; b=mjlTsz+NMGxUBwLbwTf4x1/wlslqvbAGOoNj18Dmw7REi6NFaC3N8TB79HO1wIB3kw VWzpmEf8n6chOTR+YKTq4eTgGwtnFwxCwFHMOFIv3tsOHcAqD3UzxoYP8YKSU2OyfEhb 0T931b7k0HVTBY0Z1ZrGTWNQX8WbaFlji7iUwDqkcgnLZqfqYxYhaBJTTNssUBTn8gIO fCClIywqKUzzyG/HYHvLMvniAFD7+Vs5/RgB1GugL0/2cFMS6Ht8lBbm92shl9FkFLxL VopdycTyliCg4saO3HUjlfkpLpb+LlVgKVrZjMUYJwNvfVpNuXl2sXSzMi4zoUpzJ9Rs vIYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722961255; x=1723566055; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1kevowYnPlHYLYU8u9TCipQQgHw367Fz6gkjoqEgEpY=; b=UpDD/0KcyROla5Egrozc8DFHCarncWlHCy877TbGW6wYoPpOHwdY+Vf3eE96VO1xYi pxW8xaRBWzA7aCYlj+NvztzPJPFXjCs47wt4lh3OFuJ9RYIbh3akfaFlHcZullGnhQM3 OUBQgLFdqbetghPaakcLYcgn5hlQwTs+PFT7m/zDovDw1f+IcN/OdvQJ/NATR4GzWkk4 ivYhjISFNp282YjWmK0Fa3gLRem6+iI8hqFgaGJZiZ1g7WcEiG9SkEFbJxr46L9R4gKM sUGvDJtJEix1nskbhiX78y80KLpx5mk5sxberzZsygpKhHFqsJ4YA8P9kB+48EDh4spB aC6A== X-Forwarded-Encrypted: i=1; AJvYcCVOYp1yQsbfu/D7tcPVD7LoHMzuGEmXv5xS3ZZshZus006q91dHDCK9xdULLr1m0DijuY5YlkpNussk1yO37VoGTcE= X-Gm-Message-State: AOJu0YxmxOsCoaopBUnPtfuWC9B3engC73GDnZXoXPw7GDe3fpo9D7y0 qpjiruSpdiCZzwRcH9B12NT53xVbogPVSe0ALJxpbw6qjBryE3ofzuzaYbbAnZXDwsUCeQEdR19 Hac5U316CkSh/gM4eCDKHeIblbPje06hapLLa X-Google-Smtp-Source: AGHT+IH9G1E4wUnFeOAD1wxpsFYmk4ANzDs4lKz5smbj4toDx2xB59clHn1VriJU+dFfw94NX90xpdvmWwuNsfjqBPM= X-Received: by 2002:a05:6402:268c:b0:58b:93:b624 with SMTP id 4fb4d7f45d1cf-5bb991dd751mr151177a12.1.1722961254788; Tue, 06 Aug 2024 09:20:54 -0700 (PDT) MIME-Version: 1.0 References: <20240805-fix-vma-lock-type-confusion-v1-1-9f25443a9a71@google.com> In-Reply-To: From: Jann Horn Date: Tue, 6 Aug 2024 18:20:17 +0200 Message-ID: Subject: Re: [PATCH] mm: fix (harmless) type confusion in lock_vma_under_rcu() To: Suren Baghdasaryan Cc: Andrew Morton , Matthew Wilcox , linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 0712118002B X-Stat-Signature: 8ch4xa58h8qhjx7oz35ax7rq3uxfyc45 X-Rspam-User: X-HE-Tag: 1722961256-722342 X-HE-Meta: U2FsdGVkX1+kuayGRQ+K/+pYHrC9QrSUtUxKGuNLd1COLcTwabLqXEtlms5/gf5VDrqmQvYnKzt0eoeUXv28jW3o3fK2MHe5tGa9odRdzIbeDpCeDfsGNJ73Bla0YKv9oQaRbfd4YtYK25C297h5s5uPv3a1E5nvME9Dft82UeQZlWyFXhhz2g2W/Fry4Ob5aY+3JcnqPwiMTfcet4BoAYKWWVTscfY8RgM7ZkdA1pmoZnXtoxAbp0Tt8iP3OFmMzJx0SyV3fuVqj4awxqhpuornmG7E4CFpZp3loCsCMFvuzIDD9XCRiKOcAvwJ4j8AzPx+X6y/OowzcmImiIohqO6p+Rc+uAA2scey8uh58vtk9i9X7a9f0HsYVB8A5aQsI98KkCO8gP6v7qDkF88nOI8A1BQRKpiEFZAscf/xe09oOer+nnFru0qNq13KX9crebJfdIOZOitX8znctLP7pnXVDgXil0iHlal6zsa6Nr88y21kzi4rRN9/kW7NqsS/j7Cppu2z/YOU3BYoXnSiPZcFP+lBWzfR1eMNr0nDZGPv5Tnq6CNFW7gtqknhqLO5T8jXDViFTjGJYf55O6goiEUFJgF47YtFnmhaOye5tm6Mc/mLOScLVRPxYdAsrsTVZD9Rbk3LxUIKY9a8DBdXEVfUOy/2YmbH9mfysmGa3zbtEW+J76gK5DlJ5Bg5mUNzi5en3A8KLlVyMQ3mlU2ycXyJjSGVYHJZKZVCMFXC+TliABqlwpaHy2l46lh0ksxj2YRi+dSk9F09F+Rh9hCnrsEzyrkI5Fun4/n/jvXgCB6ZYiGj+FK0baqq+oQKai5493mFEN5NtnL0aaq09aEd7zFFeI1WKN/sk6QrzPCP9/NZ9M8AK2AjiIWw7MxeL6TAC/H/R+fSMAx97rM5OZ0mXPrA0ZQmNVXUPE+deouX0k2D5y42KAJlzqCNJhPXxjHoHWTfXoE68ZV1j7Orr2Z fc/DbEBC 2N71ei0ITiL+A6bDzXoes707zKJb5OX1vnLhO7zuiBN3Z41A4PnOrE0s95r9x8J3/l13wcFCDTdwNhA71Gr5m0OCrB6RKmA9mT1D+gfsk1OIr3tBFpTPA3oqKEVW0yI8DTpeEmS0aZ8Ahs6a6V3D8QuHr2brynYmJZPldLdZPkP4uO8WZRRDr/YT3jvIE3xRk91JGmizM0VkHnWl3pOKNRlSTq0ReUJkgVOUOdx8fw+bDyNOOXXQctc01SGr8YJp/ckfK/7cC4PQ89qbWYjkxqgDouQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.006866, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Aug 6, 2024 at 6:14=E2=80=AFPM Suren Baghdasaryan wrote: > On Mon, Aug 5, 2024 at 5:52=E2=80=AFAM Jann Horn wrote= : > > > > There is a (harmless) type confusion in lock_vma_under_rcu(): > > After vma_start_read(), we have taken the VMA lock but don't know yet > > whether the VMA has already been detached and scheduled for RCU freeing= . > > At this point, ->vm_start and ->vm_end are accessed. > > > > vm_area_struct contains a union such that ->vm_rcu uses the same memory= as > > ->vm_start and ->vm_end; so accessing ->vm_start and ->vm_end of a deta= ched > > VMA is illegal and leads to type confusion between union members. > > > > Fix it by reordering the vma->detached check above the address checks, = and > > document the rules for RCU readers accessing VMAs. > > > > This will probably change the number of observed VMA_LOCK_MISS events > > (since previously, trying to access a detached VMA whose ->vm_rcu has b= een > > scheduled would bail out when checking the fault address against the > > rcu_head members reinterpreted as VMA bounds). > > > > Fixes: 50ee32537206 ("mm: introduce lock_vma_under_rcu to be used from = arch-specific code") > > Signed-off-by: Jann Horn > > Thanks for fixing this subtle issue and clearly documenting the rules! > Not sure if we should CC stable? It is harmless but it's still a bug... Yeah, I'm not sure - I guess it kinda depends on how much we care about VMA_LOCK_MISS being accurate? > Acked-by: Suren Baghdasaryan Thanks!