From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33690C4332F for ; Mon, 7 Nov 2022 21:14:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A96906B0071; Mon, 7 Nov 2022 16:14:05 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A46BE6B0073; Mon, 7 Nov 2022 16:14:05 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 90E2D6B0074; Mon, 7 Nov 2022 16:14:05 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 7EBCC6B0071 for ; Mon, 7 Nov 2022 16:14:05 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 4D637A0D29 for ; Mon, 7 Nov 2022 21:14:05 +0000 (UTC) X-FDA: 80107898850.06.C8B2BFD Received: from mail-qv1-f49.google.com (mail-qv1-f49.google.com [209.85.219.49]) by imf28.hostedemail.com (Postfix) with ESMTP id D7327C0007 for ; Mon, 7 Nov 2022 21:14:03 +0000 (UTC) Received: by mail-qv1-f49.google.com with SMTP id lf15so8568131qvb.9 for ; Mon, 07 Nov 2022 13:14:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=MqVAPqJxeEU3XG1tVaA5GAHZj3yx6NNtyPNlyitFnVI=; b=YiLW1T4XyIWN1qVhwLtQX88HQWgwsa0OdUf3VXSJi/vNV84RC7jSzne5LJ15gEFDz8 RdalHSfxOGgBeq0PKLFZ8YCgrT4UbCVlmXqcoG4WTMby5mTqowDCqkB5Z3sYZ7zpbVC5 o32yALAgP7Pi+If0ZFf5Z/YIIdTlB8wJ8+/Do= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MqVAPqJxeEU3XG1tVaA5GAHZj3yx6NNtyPNlyitFnVI=; b=kcxbdSPdBC71WkPQLof3uMDImSOKwZA9aZcR6pwUKDfnqbf2jGT5hSA+kAXOqcWf4J ugmhnOGCsc64XT5wt9FxiMvuol00UljP4XHteACB6t9QMpJ7IdK/r9D2nFCW88oU+rbh nA3iCbThC6l2vDzB3eUOb56hf31M2IOuSEagtBYXzmw5nOtVQFbklt1bMZjXBLOOHf5q W0DoCaaWucsS94DFZ4iiu4xnhQLPl6XJLv1Ma6f1i8YPj33RbrgfRulFddj0T+OzeBLz jONWlH6BAh2VEJi8Ahnokhrmi/Lb5kwi0YLrPkvqLs/7wN1NLwX0dcO/a9tyy4NrojNe ZQ+A== X-Gm-Message-State: ACrzQf1EsfDhbbchHpTHhG+DW5i3G/LUST13L4CLsn9wtKNM+fWTgRWa xor8u48mfb8UHZgIVcuAydnLJT4UJKLQug== X-Google-Smtp-Source: AMsMyM6o7/PruSXatkRz6Dz7SuM/KDMIQgh5Nfbi4uPzWUF0tff40gVclKlP7xhYCHB7g86dfGLgnw== X-Received: by 2002:a05:6214:c47:b0:4bb:85b4:fd8e with SMTP id r7-20020a0562140c4700b004bb85b4fd8emr46263978qvj.25.1667855642864; Mon, 07 Nov 2022 13:14:02 -0800 (PST) Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com. [209.85.219.177]) by smtp.gmail.com with ESMTPSA id bk37-20020a05620a1a2500b006ee77f1ecc3sm7645864qkb.31.2022.11.07.13.13.59 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 07 Nov 2022 13:14:00 -0800 (PST) Received: by mail-yb1-f177.google.com with SMTP id k13so11315062ybk.2 for ; Mon, 07 Nov 2022 13:13:59 -0800 (PST) X-Received: by 2002:a05:6902:124f:b0:66e:e3da:487e with SMTP id t15-20020a056902124f00b0066ee3da487emr53022688ybu.310.1667855639442; Mon, 07 Nov 2022 13:13:59 -0800 (PST) MIME-Version: 1.0 References: <20221107201121.1169273-1-Liam.Howlett@oracle.com> In-Reply-To: <20221107201121.1169273-1-Liam.Howlett@oracle.com> From: Linus Torvalds Date: Mon, 7 Nov 2022 13:13:43 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() To: Liam Howlett Cc: "maple-tree@lists.infradead.org" , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , Andrew Morton , "syzbot+0d2014e4da2ccced5b41@syzkaller.appspotmail.com" Content-Type: text/plain; charset="UTF-8" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1667855643; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MqVAPqJxeEU3XG1tVaA5GAHZj3yx6NNtyPNlyitFnVI=; b=YHCXe+/GfeaIvumIHFM8uIDWz2ZuAAVw/X7O849phJcJsW6qhO5Lile3NTl0fzWwQr2R0R lorSasMmZPXs9p+5uuRuQHDxnbO2Vjd6uMP49t6R083aVDUuX1smrXkZjtKSnjv6hl5rgs qmwi+FaeijViBaCBc+EbB9CQTkmObPA= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=google header.b=YiLW1T4X; spf=pass (imf28.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.219.49 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=pass (policy=none) header.from=linuxfoundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1667855643; a=rsa-sha256; cv=none; b=aqom0fT//XZm6WdVxkIeyQ0CctHbMdEgIb2q40ttZpcismaEgRi9kcad4wsrIctfRisqr9 Fy8plZRDOBFOIa3RZjqRwEHKPwm/0Ql2xAKb4Ic6ymVJ7rmZJnTxMRq3oZvGZEg4SPOHjs 27CFyaImHhAzxPVBvQp7I6QNaSzkVsg= X-Rspamd-Queue-Id: D7327C0007 Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=google header.b=YiLW1T4X; spf=pass (imf28.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.219.49 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=pass (policy=none) header.from=linuxfoundation.org X-Rspamd-Server: rspam10 X-Rspam-User: X-Stat-Signature: imxu3b47da7o59manm6azn4iidb3f94b X-HE-Tag: 1667855643-572836 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Nov 7, 2022 at 12:12 PM Liam Howlett wrote: > > When iterating the VMAs, the maple state needs to be invalidated if the > tree is modified by a split or merge to ensure the maple tree node > contained in the maple state is still valid. These invalidations were > missed, so add them to the paths which alter the tree. I have applied this as an obvious fix, but I would *really* want to also see longer-term - I'd really like the 'mas' operations to have 'vma' specializations that get the type safety right - that mas_pause() name is horrible, please let's just fix it to something sensible in this context - moving the iterator invalidation into split_vma() and vma_merge() or at least have some other means of not having these mistakes >From what I can tell, things like mprotect() and mlock() - end up not using the iterator at all because of this issue. Instead they seem to just do vma = find_vma(current->mm, prev->vm_end); despite having actually started out with the whole iterator state. Except for 'apply_mlockall_flags()' that randomly does end up usign the iterator (and has that mas_pause() as a result). So it would make *sense* to have "mlock_fixup()" take a MA_STATE instead of "vma, &prev" as arguments, but it doesn't. I dunno. Maybe there's some other reason for this very non-intuitive mix of "sometimes iterators, sometimes not, and always horrible naming". Linus