From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09FB9C28B25 for ; Fri, 7 Mar 2025 22:42:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AB5A26B0083; Fri, 7 Mar 2025 17:42:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A164C6B0085; Fri, 7 Mar 2025 17:42:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 867126B0088; Fri, 7 Mar 2025 17:42:07 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 640F96B0083 for ; Fri, 7 Mar 2025 17:42:07 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id DB278A99D2 for ; Fri, 7 Mar 2025 22:42:07 +0000 (UTC) X-FDA: 83196229494.19.55BA15A Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf01.hostedemail.com (Postfix) with ESMTP id 60CE440009 for ; Fri, 7 Mar 2025 22:42:05 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Cw+7BQBe; spf=pass (imf01.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1741387325; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lDGwdwGPb9qTBerw8cjE5pk2Lbp1bTzvxl+acBBp6AM=; b=26G2iEpETa3SvTTx8faZXM6og8GZDKtWAxrUS4Wo6ElRL1PFeLrH+IH6XZJqqPYIZL/QX9 vKbckCPj2c3ksG7xqNwv97WIktWncAjimMFQSwvJMfIRnoN9Lato83XCehGV7qugtYj+kY AUE7wZx3UJRLeXKPIPqECSO2jeA4iB8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741387325; a=rsa-sha256; cv=none; b=pmV1NOJwNEv3le5S07qTxN44t6PA9fvTEphLDXiWLK9tUEbOxjwvLAyIXnkE/mhbU7yFxT kUN7CaW7N/qqedqcEsb5FAZi6qHGei4gw1aqhHI6O1mQf3lkpk75M/qw+h0ZoR9FLMhZ6w 4iwCPu/7uLpR7gjmSaB0p/Clj/VNer4= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Cw+7BQBe; spf=pass (imf01.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1741387324; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=lDGwdwGPb9qTBerw8cjE5pk2Lbp1bTzvxl+acBBp6AM=; b=Cw+7BQBeIRV6hSU9SJNp3frQqIp9mToKd4KCasYHetCaBzKvLDigFzTTHXKCB1NSBWmQXR qZuNJON8Ly4vHfEJfWFWkWOj2wyJXRsz1TDDUtp3tUrO7zUDyeZaxCJbiNl1WVavEMIrEe K0jVHnd+3JA1DD0oBbdFr0aZA0SLDQk= Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-131-DxrQdIDaPa-xf1U5O3BqGg-1; Fri, 07 Mar 2025 17:42:03 -0500 X-MC-Unique: DxrQdIDaPa-xf1U5O3BqGg-1 X-Mimecast-MFC-AGG-ID: DxrQdIDaPa-xf1U5O3BqGg_1741387323 Received: by mail-qt1-f197.google.com with SMTP id d75a77b69052e-475218df28cso45580631cf.2 for ; Fri, 07 Mar 2025 14:42:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741387323; x=1741992123; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=lDGwdwGPb9qTBerw8cjE5pk2Lbp1bTzvxl+acBBp6AM=; b=Zsfi+jEvsJyD8nmgekmLHdLCZwbpzYyYPI6yEDGX1IXr9lQVEolquEjlVCQfmDxmZR WAUgyPLlcDBwWlUxN/uK0m+Kcfj+aj9rAbol0UHpFRUpesZo2NJoRqomi+PtNB57gfW0 4iDmaYUre9IXLG6lIg0ioMHF99eI4JCO0118H2YmxFtNdcPO6jCT+4gsYmxKUxMbJAPD DsdURpL+4HlwramHtOFH4V7GxU2JfjFW724KAS5DytXuoH3a4udCyC+M8q8GQPo3erjT 7peCZBZ1KPZUNx8aT8EaMcO37UQ0rb8LAqm+aHFZKUxaQs31vf9nvDcv3weEg4pL+5W7 4qzA== X-Forwarded-Encrypted: i=1; AJvYcCVGcW+pYvAIjIffTvlI3Xe4oiuWM9xA2tHABnGA1mCy/3LAXjkoQcOhjiCgPjXf6hQdeON1JtUDpg==@kvack.org X-Gm-Message-State: AOJu0Yxl0ehfniarWA2bjbXdsJVZMTjmE7XYAuUACu3sjhQK08J20zE7 YwvcyzU+IqahVWssF4F43yG39vLtWwOQJL4FeDoDWBSZDv620S4zOC0faMMmr0BKe6DnhvAxPQ0 4DiTtoPbCZ1UDiUwx/ewL+F6dCU0tcmjcibNp6/qFu0K4XAku X-Gm-Gg: ASbGncu0V916/67yOphHvxTPG/JchBW/N4krCH+OlPj9UMCH9MUQ6OLOOnrcJzuyb1t oppUgjbaT2DTo4Xt0mlIlsrvSyGBHr34KHM/1lnEqywC0wQ57NcRD1ZP8bmYWkCAbKVcjQDuDIV Uv5LKG/o8G4Z5Y3XIO4IF5EwzhCQX/FYaH3jVQy0c/cEeozx9ZG4Uu/eyZ3TcfFRRBxbB2u/58P bxGgxYzxnoYyqQwk2TbC9LYNqASaonpa5OOnEkQ03fH3ncd8jO9JDx6/PM0PHg6+vi5saJLJqxY dStNLGI= X-Received: by 2002:a05:622a:5e8b:b0:476:6215:eafc with SMTP id d75a77b69052e-476621612ecmr15952161cf.22.1741387322985; Fri, 07 Mar 2025 14:42:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IGR8lVl/s+4EWWT/wvvD3qNU2PvGL5/xU3ZWoqR1iKynkdv5g8/8qA4/93Pss+bseIKro2zWw== X-Received: by 2002:a05:622a:5e8b:b0:476:6215:eafc with SMTP id d75a77b69052e-476621612ecmr15952001cf.22.1741387322707; Fri, 07 Mar 2025 14:42:02 -0800 (PST) Received: from x1.local ([85.131.185.92]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4751d96f525sm25205451cf.21.2025.03.07.14.42.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Mar 2025 14:42:01 -0800 (PST) Date: Fri, 7 Mar 2025 17:41:58 -0500 From: Peter Xu To: jimsiak Cc: Jinjiang Tu , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk, linux-mm@kvack.org, wangkefeng.wang@huawei.com Subject: Re: Using userfaultfd with KVM's async page fault handling causes processes to hung waiting for mmap_lock to be released Message-ID: References: <79375b71-db2e-3e66-346b-254c90d915e2@cslab.ece.ntua.gr> <20250307072133.3522652-1-tujinjiang@huawei.com> <46ac83f7-d3e0-b667-7352-d853938c9fc9@huawei.com> MIME-Version: 1.0 In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: rdYoUip-5sJxn2v37pqQ-duHE0szMeOKbkf5QALzIG0_1741387323 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Rspam-User: X-Rspamd-Queue-Id: 60CE440009 X-Stat-Signature: xaqqp838hr6wotfbo6pcfmmnxkciwjr8 X-Rspamd-Server: rspam10 X-HE-Tag: 1741387325-17772 X-HE-Meta: U2FsdGVkX1/5zWbPMpFWPTEpWP6JsqzYHYvVd049q9Zen6l4QpjPRIoD2h21B8Uyq7JKuHLkT0kxqCPd2qwggAGZa3F7SJKQ4/eUzkxawwugdoVp7rPa3BlbtEqfRJukzoQbCrQFipBXS/bXYJ6AglRgl85Fc/dCIOoD/iVaK6rnHoieOQql7gB2wP7P9ftJJGcW/mJZtx1440MLd7CbfzosyCP924KmodYB3hayGTvoaZH+lMbB+kzILuhzLyf3tZVgk5QI4LNcB5jP5B4FkzHtmif1XA+tWG7RpNCfyB6KALKDicQbSw7PzlLP1EBeU3KFcLc0cOeazZigx8TXm9ifoPbpXzpEwQ0Kr+6AYwgjGTvYJ097Vd6m6RN/zUEV4D7dAD4sebQsVLiBxCl+431beVCks51/HcM/WwQpJnyDGqdLYWmcOV2QvferJK4olNmD/E9zuQ7i9GeX7GyUEvnA7kgUfGZZWbwo7/EvTD7l4w/IpQsatFMr7KEiQDZqEs6FqRWzaKO5/c2Oyl2ymg6c+Y68zV3cukld3+cDIFhB64j7zlbuXBfU9kIFQVNW1IMEowQNqWgQic9Yo4A8LcBpvrkmk59WIKihUNB8ZVfyOEXNjIWEn9JU+Hjd+jVN7hwxk7geIX5avA+0bH0wgHgtxyUyn20BiM6VRpuGDahNOsxw3039GdPEytnG0/lYjsrUewPF60WeUbEoamT3qYeGpsnv9pvOW9M2yGSx2RpXCCMHwcLgo7MmJeh87fjtPP6DK16VeVRUmy9M08qmtOJkZCWvbhmJl0IBkjiE6ozL51sri9BMUcvasLIghSkMY5rbniXKcdAoXn2P239jFXCRcLIvv3+PstVQQ4WDg1VvvVC+Th5AN7rEV7GUp7rIbK4NluLl36pBZ2ZECnxo2l3qDIYO906Ahx5HNTDdcLhD3fS96gm3sC1X85PF4tdav6sTwQB9I3VFJ7HdB+u U7JDJXne Q7ckNbIshh8S5hBhJjrssuRN6rfb2wHjvaqcLCox1ATaLrXXzjjuFZL60Ep6DPEI3r60F4Ocaua0eXPq4c9xSZEBDDMpyZQwa3nhXi/0ySCmIHnLxTzc4Ni9j5Cwht0elK7MLIbzT9FfJn9LZomFkAjqZQTmDDV3+k20y0w0ac3dWXbwGw3Mxde5Xd5w+SyGGVauu5U3rP9dPjryabLkPdUAO3Y20TqAPSpfKkF1mAze/bIqqw6ftu6P/YZ9GL2VyWJ5Iz5ltKq8Oxigu8dh7B9WQ49WWgrBwdkA/65AwurT1xYJL4lc6VrpBTEjpI0mIJ8sCPl7KV0PRtBIrsplHB/V/0/5fxviJnEfPqlwqx7yyWkB9mDw8mpyKaqNdHivv7JwGYs5GFgF0hfZIrobPoXdSkG9u+yFpjQDCgLICbhlGagD9SI3UzW6gQC5qycJdr0SbxwFSMqLrWTg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.054768, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Mar 07, 2025 at 03:11:09PM +0200, jimsiak wrote: > Hi, > > From my side, I managed to avoid the freezing of processes with the > following change in function userfaultfd_release() in file fs/userfaultfd.c > (https://elixir.bootlin.com/linux/v5.13/source/fs/userfaultfd.c#L842): > > I moved the following command from line 851: > WRITE_ONCE(ctx->released, true); > (https://elixir.bootlin.com/linux/v5.13/source/fs/userfaultfd.c#L851) > > to line 905, that is exactly before the functions returns 0. > > That simple workaround worked for my use case but I am far from sure that is > a correct/sufficient fix for the problem at hand. Updating the field after userfaultfd_ctx_put() might mean UAF, afaict. Maybe it's possible to remove ctx->released but only rely on the mmap write lock. However that'll need some closer look and more thoughts. To me, the more straightforward way to fix it is to use the patch I mentioned in the other email: https://lore.kernel.org/all/ZLmT3BfcmltfFvbq@x1n/ Or does it mean it didn't work at all? Thanks, -- Peter Xu