From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D466C5AD49 for ; Mon, 2 Jun 2025 19:20:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B35696B0288; Mon, 2 Jun 2025 15:20:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B0D5D6B031C; Mon, 2 Jun 2025 15:20:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9AFC26B0288; Mon, 2 Jun 2025 15:20:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 7D9536B031B for ; Mon, 2 Jun 2025 15:20:54 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 35A3E14110B for ; Mon, 2 Jun 2025 19:20:54 +0000 (UTC) X-FDA: 83511428028.23.7DE6A67 Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) by imf07.hostedemail.com (Postfix) with ESMTP id 5290E4000C for ; Mon, 2 Jun 2025 19:20:52 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=IW2vA8oK; spf=pass (imf07.hostedemail.com: domain of jannh@google.com designates 209.85.208.44 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748892052; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3gwRFlc/UyGQEBimT4kA+BZOQC0ntrU0C9Q22jAptBI=; b=yh5+Nvm4nhUcG84dvzSG5c2w7A+mPSrRoXHh2kN8EFXBFLhxFQhLyM5FMtXqkI3NJbp88h 0nfd2rmJgMNpS6GlMVojDKZ7arBnMuI+aye6j3xfyS9VQwvV+/7Optq67gmm4wtTGt+c4J ghQmTPQSx6tGDyazbi4MMWPpoavwNnY= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=IW2vA8oK; spf=pass (imf07.hostedemail.com: domain of jannh@google.com designates 209.85.208.44 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748892052; a=rsa-sha256; cv=none; b=n8L/p3XH60l/lPyyBlYaGvyQ/Vb0hZ/qmcP7Y6Jz7LOEp34/p9hMTnNToWi4FRUzrrkFap dD5DXboKjgJeGeM0knZXABAnjAAAXkkUo6p+vpjmdSGGXHNX9+1P05KzEEavUVlDLm8ChJ ZLSn/epGr00chh6L1S5p0KTzDSdeWQ4= Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5f438523d6fso2123a12.1 for ; Mon, 02 Jun 2025 12:20:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748892051; x=1749496851; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=3gwRFlc/UyGQEBimT4kA+BZOQC0ntrU0C9Q22jAptBI=; b=IW2vA8oK1UPb+HjCMcSTowMYObonBLQJpmry565ZhsgzBKxJk0zkcwbVUp7sdFIGjs U7oVbO60QvBi9wp4HHHl/B9ERcUW0h7/ATUNoIG/Dq15KxiggU3EuE2tE05ao/16dFXo KGW30sfG+NiL2VvqabDx2i4J0SsdA1E6i0VaQ7gphmvXDWS+OTBTXoCYOfNLX9Wt6xJe Rnd4E2yjtcg3iADrug55RlrJG8PZIUao1E2qOgz7ykP+aAzMo1NNYFu7csuDUIEyES6Q 1FKjJdhq/niO2PEAHk4sze6Ooc8sSVAD84WhLxg8/CumDPrae78pT9tnwcXNf4GH2Tir rYbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748892051; x=1749496851; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3gwRFlc/UyGQEBimT4kA+BZOQC0ntrU0C9Q22jAptBI=; b=X4ZehdJv7j4WfnqE5KAYnpbnpc38uMkRkwauZAG/01WhLmkF5fNcDa1P5TznLXcSlC RDjFDL9YddJ2YTRqoEkY5DlhHUfy+85CAyUJaDDPc3NH6AVbbfQgwQurO5WGjFaQfYSk kPamXI7eJMr7HVWaoeCjaxytnllQORMzBQHBBFr/dGtnv+ilurySp/+nXvyiXS0qZYPG xuGI9t9fuA1A3mPeBY2BMjb63ST4IOCAZFB+o6owr3O+RyuRo7EI9nZTaosPkTtghnhm SQFQkFa0pLEoRYu+fRp8mGoZ6c7/XzlvrIR6/n7WYZFbfUYnIw6juaVgala5PkhGhAf5 t5HA== X-Forwarded-Encrypted: i=1; AJvYcCXQiWfavV1/Y7iP7/meufyjUH5BFCdHVKXiDWDBYnrgTK2GnyGzP6ueNlwRE6uf05IdMVmKz0Mkxg==@kvack.org X-Gm-Message-State: AOJu0YxHhZbfPUQptMEXtlDlsmQdcsnDQCFkEF7W6waKHc+CIi7w926e 0fbOi5wPdsIulqyQobyTStzradjjxFLirGt2NEZkhxJpIcga0EsibRUJla4YnpO6xXn0yh+0Afw AKAxWlxOHfa4u4RuDTCkDIkBrmaMtYhhjTc/wvWrn X-Gm-Gg: ASbGncvY4/PtP7ytotF81zJOZSoxzumXtmX17D8wyraUm8ktXGHR5LaMB5noyU5TbCa 8z0y2OcZ/12xxsNbOkFtgHUxzL0fwyaAuHVO4d1CpTN4tOIQGQotYQySxCRB2ikpPSCOJRX8PBV KASO/qxYUH8eT533zbZ0bXmKbJCDfIB2wEKkXl/kmWEqST7TM3D7WN4TjZy42wk4vLccyVqtIrQ EVrpuEdTmg= X-Google-Smtp-Source: AGHT+IFYV0PX95qdO7NRqTq5XfLrQw/yUYV2ENfg4voiHjm1KfmtxIh7AJ0OAeerlVk4m1cTPjKz7p5WqQWRPgtyMgg= X-Received: by 2002:a50:9fcd:0:b0:604:58e9:516c with SMTP id 4fb4d7f45d1cf-606a9c51bf5mr13611a12.5.1748892050318; Mon, 02 Jun 2025 12:20:50 -0700 (PDT) MIME-Version: 1.0 References: <20250602174926.1074-1-sj@kernel.org> In-Reply-To: <20250602174926.1074-1-sj@kernel.org> From: Jann Horn Date: Mon, 2 Jun 2025 21:20:14 +0200 X-Gm-Features: AX0GCFtKpt8eeRNfSX98xljzde8cTOfEt7rbGQpQQpaLjCjbYAWojg23HDCM9Mc Message-ID: Subject: Re: [PATCH] mm/madvise: handle madvise_lock() failure during race unwinding To: SeongJae Park Cc: Andrew Morton , "Liam R. Howlett" , David Hildenbrand , Lorenzo Stoakes , Shakeel Butt , Vlastimil Babka , linux-kernel@vger.kernel.org, linux-mm@kvack.org, stable@kernel.org, Barry Song <21cnbao@gmail.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 5290E4000C X-Stat-Signature: 5bdcn7mxxojmpr3ezjenz5jmqun18kzq X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1748892052-553154 X-HE-Meta: U2FsdGVkX1/uV6/51HoWOPgOhpQWQyzLl2EkKDOA/6JiMeaWu0rS9Llh5HgTmJmRw4e3/TBjfnuHu9wl0RTJe3IE0JGIqJK/eHoiwMl1Fftvnj5wzXoyn7qIQF4SZxBFLjZHKvqG3EUZNYj03ms8bL5Ad3A5I/deUo6RkrHStFCPyAcGJMq3WruGklZVS8F+BXAZj2lFPHX+dCRPVkrLo3a8U77xGG1aS2BmYTNCgfFk0ccpW2yWJ0pmjvOB0dRzvlKTlftUdO0hScVjDWXtl29q7IVqhUMuGZhnbO4Dn6eLZRoKcc4QyxYj1nlS8JXbOpACOOfrYd+FsOMVeNYeFRhTWeK2AiyKTnVOM46uSOOilSbTBosJAPlSfjVHEJOk6gILPsXv7kKWXNDAwxDcK65tWEgoZb7QW/74bFbJ+KdnGUMu1xp2kqJ5rIYPNd6Wksbj2J/JzkCOjywa4JMQecFDPoKjCpW6bOcZzN/SRbJU9pPzZjiTYjs+zYSih72vXrUP450Fq6UA0SxkVXLc1IWZmebiuUSUT6O10ByyqKdPruhvVrsRsfA3R7BVoxlqeKL61xP46WSE0NedMCFJ52UyCe+iZ5DMmteK8ynyyQYGJq8TnOiZzz2WUl96oojOf2Lo/PQ5T9O8LeTu7Tj4JXyrpXmysd/A0CpvJ9ZGn6KVBEmX3aiOjUviRCdxJcfCJFtb9IyfwoAgqsTI3HJgaRjuLazUw4DDk6X5a5p1J0acvzEJcBfnn/ESzkpWWYm1UZqgZBEN2IMfa2kMRnrdLGWsKyRt+3kJ2yFNIgpOUB5Km7ukE6FG+hm2DCnyYL7570Dn9Cb3QAwrmviQTJ6O5bW8FOUji2GMJmM4DZPjpZWUqvS6w7e18AcF05Wilnwv8yGQ+qaYZYRsjPl7csu1MfHaahNv3nZeov3FydzbqBAMAQCxHZvzoMY4KioKDbucwSDt8xwUm9tQrfACIWy AYQgPXhb aWRteWE0m6/rdlwAtBcJmJ8y/2QZj44G+X6I6Ni3j9Q65Z+USChC0ROMN4ptweAdboAtGQRNOHs/Qd6SHaIzr4jOE0NO8W8+fJ4AvKaNV9kFATv1c87udzxWyhiAG/lw61MvqNMPHkjYLMQe4WR6MsMGnyZhCwkIMZifqf7FCzm/eZtmnWa1Bp2nPilgskNA8afMFZRtrXXwrEXGkxhqrLDj7Y9PFhIgJcRIVZKuxQy4fMpaFqHJEGtMtKIYuc33HtwyfmZsDV7f343HbS3oV8m591iRBztvVwTMxsYReUP6zKWOSkvX4Dsiy+j9YA5p8m1viUwUD6E9zVhQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: @akpm FYI, this looks like it fixes a security bug in 6.15 (probably leads to UAF of VMA structs and page tables by racing madvise(..., MADV_GUARD_INSTALL) with concurrent faults) On Mon, Jun 2, 2025 at 7:49=E2=80=AFPM SeongJae Park wrote: > When unwinding race on -ERESTARTNOINTR handling of process_madvise(), > madvise_lock() failure is ignored. Check the failure and abort > remaining works in the case. > > Fixes: 4000e3d0a367 ("mm/madvise: remove redundant mmap_lock operations f= rom process_madvise()") > Cc: stable@kernel.org > Reported-by: Barry Song <21cnbao@gmail.com> > Closes: https://lore.kernel.org/CAGsJ_4xJXXO0G+4BizhohSZ4yDteziPw43_uF8nP= XPWxUVChzw@mail.gmail.com > Signed-off-by: SeongJae Park Reviewed-by: Jann Horn