[PATCH v2] userfaultfd: allow registration of ranges below mmap_min

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
@ 2026-04-09 10:33 Denis M. Karpov
  2026-04-09 10:43 ` Lorenzo Stoakes
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Denis M. Karpov @ 2026-04-09 10:33 UTC (permalink / raw)
  To: harry, rppt, akpm, Liam.Howlett, ljs
  Cc: vbabka, jannh, peterx, pfalcato, brauner, viro, jack, linux-mm,
	linux-fsdevel, linux-kernel, usama.arif, Denis M. Karpov

The current implementation of validate_range() in fs/userfaultfd.c
performs a hard check against mmap_min_addr. This is redundant because
UFFDIO_REGISTER operates on memory ranges that must already be backed
by a VMA.

Enforcing mmap_min_addr or capability checks again in userfaultfd is
unnecessary and prevents applications like binary compilers from
using UFFD for valid memory regions mapped by application.

Remove the redundant check for mmap_min_addr.

Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
Signed-off-by: Denis M. Karpov <komlomal@gmail.com>
---
v2:
- Remove the check entirely rather than replacing it, as suggested by
  Harry Yoo and Lorenzo Stoakes.
- Added Fixes tag.
- Link to v1: https://lore.kernel.org/r/20260407081442.6256-1-komlomal@gmail.com
---
 fs/userfaultfd.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index bdc84e521..4b53dc4a3 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1238,8 +1238,6 @@ static __always_inline int validate_unaligned_range(
 		return -EINVAL;
 	if (!len)
 		return -EINVAL;
-	if (start < mmap_min_addr)
-		return -EINVAL;
 	if (start >= task_size)
 		return -EINVAL;
 	if (len > task_size - start)
-- 
2.43.0



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
  2026-04-09 10:33 [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr Denis M. Karpov
@ 2026-04-09 10:43 ` Lorenzo Stoakes
  2026-04-09 11:56 ` Harry Yoo (Oracle)
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 7+ messages in thread
From: Lorenzo Stoakes @ 2026-04-09 10:43 UTC (permalink / raw)
  To: Denis M. Karpov
  Cc: harry, rppt, akpm, Liam.Howlett, vbabka, jannh, peterx, pfalcato,
	brauner, viro, jack, linux-mm, linux-fsdevel, linux-kernel,
	usama.arif

On Thu, Apr 09, 2026 at 01:33:45PM +0300, Denis M. Karpov wrote:
> The current implementation of validate_range() in fs/userfaultfd.c
> performs a hard check against mmap_min_addr. This is redundant because
> UFFDIO_REGISTER operates on memory ranges that must already be backed
> by a VMA.
>
> Enforcing mmap_min_addr or capability checks again in userfaultfd is
> unnecessary and prevents applications like binary compilers from
> using UFFD for valid memory regions mapped by application.
>
> Remove the redundant check for mmap_min_addr.
>
> Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
> Signed-off-by: Denis M. Karpov <komlomal@gmail.com>

LGTM, so:

Reviewed-by: Lorenzo Stoakes <ljs@kernel.org>

> ---
> v2:
> - Remove the check entirely rather than replacing it, as suggested by
>   Harry Yoo and Lorenzo Stoakes.
> - Added Fixes tag.
> - Link to v1: https://lore.kernel.org/r/20260407081442.6256-1-komlomal@gmail.com
> ---
>  fs/userfaultfd.c | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index bdc84e521..4b53dc4a3 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -1238,8 +1238,6 @@ static __always_inline int validate_unaligned_range(
>  		return -EINVAL;
>  	if (!len)
>  		return -EINVAL;
> -	if (start < mmap_min_addr)
> -		return -EINVAL;
>  	if (start >= task_size)
>  		return -EINVAL;
>  	if (len > task_size - start)
> --
> 2.43.0
>


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
  2026-04-09 10:33 [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr Denis M. Karpov
  2026-04-09 10:43 ` Lorenzo Stoakes
@ 2026-04-09 11:56 ` Harry Yoo (Oracle)
  2026-04-09 12:30 ` Pedro Falcato
  2026-04-09 15:13 ` Mike Rapoport
  3 siblings, 0 replies; 7+ messages in thread
From: Harry Yoo (Oracle) @ 2026-04-09 11:56 UTC (permalink / raw)
  To: Denis M. Karpov
  Cc: rppt, akpm, Liam.Howlett, ljs, vbabka, jannh, peterx, pfalcato,
	brauner, viro, jack, linux-mm, linux-fsdevel, linux-kernel,
	usama.arif

On Thu, Apr 09, 2026 at 01:33:45PM +0300, Denis M. Karpov wrote:
> The current implementation of validate_range() in fs/userfaultfd.c
> performs a hard check against mmap_min_addr. This is redundant because
> UFFDIO_REGISTER operates on memory ranges that must already be backed
> by a VMA.
>
> Enforcing mmap_min_addr or capability checks again in userfaultfd is
> unnecessary and prevents applications like binary compilers from
> using UFFD for valid memory regions mapped by application.
> 
> Remove the redundant check for mmap_min_addr.
> 
> Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
> Signed-off-by: Denis M. Karpov <komlomal@gmail.com>
> ---
> v2:
> - Remove the check entirely rather than replacing it, as suggested by
>   Harry Yoo and Lorenzo Stoakes.
> - Added Fixes tag.
> - Link to v1: https://lore.kernel.org/r/20260407081442.6256-1-komlomal@gmail.com
> ---

Looks good to me,
Acked-by: Harry Yoo (Oracle) <harry@kernel.org>

-- 
Cheers,
Harry / Hyeonggon


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
  2026-04-09 10:33 [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr Denis M. Karpov
  2026-04-09 10:43 ` Lorenzo Stoakes
  2026-04-09 11:56 ` Harry Yoo (Oracle)
@ 2026-04-09 12:30 ` Pedro Falcato
  2026-04-09 15:17   ` Mike Rapoport
  2026-04-09 15:13 ` Mike Rapoport
  3 siblings, 1 reply; 7+ messages in thread
From: Pedro Falcato @ 2026-04-09 12:30 UTC (permalink / raw)
  To: Denis M. Karpov
  Cc: harry, rppt, akpm, Liam.Howlett, ljs, vbabka, jannh, peterx,
	brauner, viro, jack, linux-mm, linux-fsdevel, linux-kernel,
	usama.arif

On Thu, Apr 09, 2026 at 01:33:45PM +0300, Denis M. Karpov wrote:
> The current implementation of validate_range() in fs/userfaultfd.c
> performs a hard check against mmap_min_addr. This is redundant because
> UFFDIO_REGISTER operates on memory ranges that must already be backed
> by a VMA.
> 
> Enforcing mmap_min_addr or capability checks again in userfaultfd is
> unnecessary and prevents applications like binary compilers from
> using UFFD for valid memory regions mapped by application.
> 
> Remove the redundant check for mmap_min_addr.
> 
> Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
> Signed-off-by: Denis M. Karpov <komlomal@gmail.com>

Reviewed-by: Pedro Falcato <pfalcato@suse.de>

This looks relatively safe. However, I'm not sure if we want this in stable.
This has been broken for 11 years now, with no complaints.

-- 
Pedro


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
  2026-04-09 10:33 [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr Denis M. Karpov
                   ` (2 preceding siblings ...)
  2026-04-09 12:30 ` Pedro Falcato
@ 2026-04-09 15:13 ` Mike Rapoport
  3 siblings, 0 replies; 7+ messages in thread
From: Mike Rapoport @ 2026-04-09 15:13 UTC (permalink / raw)
  To: Denis M. Karpov
  Cc: harry, akpm, Liam.Howlett, ljs, vbabka, jannh, peterx, pfalcato,
	brauner, viro, jack, linux-mm, linux-fsdevel, linux-kernel,
	usama.arif

On Thu, Apr 09, 2026 at 01:33:45PM +0300, Denis M. Karpov wrote:
> The current implementation of validate_range() in fs/userfaultfd.c
> performs a hard check against mmap_min_addr. This is redundant because
> UFFDIO_REGISTER operates on memory ranges that must already be backed
> by a VMA.
> 
> Enforcing mmap_min_addr or capability checks again in userfaultfd is
> unnecessary and prevents applications like binary compilers from
> using UFFD for valid memory regions mapped by application.
> 
> Remove the redundant check for mmap_min_addr.
> 
> Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
> Signed-off-by: Denis M. Karpov <komlomal@gmail.com>

Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>

> ---
> v2:
> - Remove the check entirely rather than replacing it, as suggested by
>   Harry Yoo and Lorenzo Stoakes.
> - Added Fixes tag.
> - Link to v1: https://lore.kernel.org/r/20260407081442.6256-1-komlomal@gmail.com
> ---
>  fs/userfaultfd.c | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index bdc84e521..4b53dc4a3 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -1238,8 +1238,6 @@ static __always_inline int validate_unaligned_range(
>  		return -EINVAL;
>  	if (!len)
>  		return -EINVAL;
> -	if (start < mmap_min_addr)
> -		return -EINVAL;
>  	if (start >= task_size)
>  		return -EINVAL;
>  	if (len > task_size - start)
> -- 
> 2.43.0
> 

-- 
Sincerely yours,
Mike.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
  2026-04-09 12:30 ` Pedro Falcato
@ 2026-04-09 15:17   ` Mike Rapoport
  2026-04-09 15:54     ` Denis M. Karpov
  0 siblings, 1 reply; 7+ messages in thread
From: Mike Rapoport @ 2026-04-09 15:17 UTC (permalink / raw)
  To: Pedro Falcato
  Cc: Denis M. Karpov, harry, akpm, Liam.Howlett, ljs, vbabka, jannh,
	peterx, brauner, viro, jack, linux-mm, linux-fsdevel,
	linux-kernel, usama.arif

On Thu, Apr 09, 2026 at 01:30:07PM +0100, Pedro Falcato wrote:
> On Thu, Apr 09, 2026 at 01:33:45PM +0300, Denis M. Karpov wrote:
> > The current implementation of validate_range() in fs/userfaultfd.c
> > performs a hard check against mmap_min_addr. This is redundant because
> > UFFDIO_REGISTER operates on memory ranges that must already be backed
> > by a VMA.
> > 
> > Enforcing mmap_min_addr or capability checks again in userfaultfd is
> > unnecessary and prevents applications like binary compilers from
> > using UFFD for valid memory regions mapped by application.
> > 
> > Remove the redundant check for mmap_min_addr.
> > 
> > Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
> > Signed-off-by: Denis M. Karpov <komlomal@gmail.com>
> 
> Reviewed-by: Pedro Falcato <pfalcato@suse.de>
> 
> This looks relatively safe. However, I'm not sure if we want this in stable.
> This has been broken for 11 years now, with no complaints.

I believe Denis has a new usecase that wasn't there for those 11 years :)

Denis, can you share more details about your usecase for us to better
understand importance of backporting this to stable?
 
> -- 
> Pedro

-- 
Sincerely yours,
Mike.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
  2026-04-09 15:17   ` Mike Rapoport
@ 2026-04-09 15:54     ` Denis M. Karpov
  0 siblings, 0 replies; 7+ messages in thread
From: Denis M. Karpov @ 2026-04-09 15:54 UTC (permalink / raw)
  To: Mike Rapoport
  Cc: Pedro Falcato, harry, akpm, Liam.Howlett, ljs, vbabka, jannh,
	peterx, brauner, viro, jack, linux-mm, linux-fsdevel,
	linux-kernel, usama.arif

On Thu, Apr 9, 2026 at 6:17 PM Mike Rapoport <rppt@kernel.org> wrote:
> On Thu, Apr 09, 2026 at 01:30:07PM +0100, Pedro Falcato wrote:
> > This looks relatively safe. However, I'm not sure if we want this in stable.
> > This has been broken for 11 years now, with no complaints.
>
> I believe Denis has a new usecase that wasn't there for those 11 years :)
>
> Denis, can you share more details about your usecase for us to better
> understand importance of backporting this to stable?
Hello Mike.
Actually, there is nothing new about the use case. We simply started using
UFFD instead of the classic mprotect approach in the binary translator to
track application writes. During development, we encountered this bug.
The translator cannot control where the translated application chooses
to map its
memory and if the app requires a low-address area, UFFD fails, whereas
mprotect would work just fine. I believe this is a genuine logic bug rather than
an improvement, and I would appreciate including the fix in stable.


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2026-04-09 15:54 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-09 10:33 [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr Denis M. Karpov
2026-04-09 10:43 ` Lorenzo Stoakes
2026-04-09 11:56 ` Harry Yoo (Oracle)
2026-04-09 12:30 ` Pedro Falcato
2026-04-09 15:17   ` Mike Rapoport
2026-04-09 15:54     ` Denis M. Karpov
2026-04-09 15:13 ` Mike Rapoport

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox