From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0484CF11C6 for ; Thu, 10 Oct 2024 10:14:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 703406B0088; Thu, 10 Oct 2024 06:14:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6B2BA6B0089; Thu, 10 Oct 2024 06:14:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 52C846B008A; Thu, 10 Oct 2024 06:14:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2F5BF6B0088 for ; Thu, 10 Oct 2024 06:14:31 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 4CCDEABEAA for ; Thu, 10 Oct 2024 10:14:24 +0000 (UTC) X-FDA: 82657283100.11.8225F0C Received: from flow-a4-smtp.messagingengine.com (flow-a4-smtp.messagingengine.com [103.168.172.139]) by imf17.hostedemail.com (Postfix) with ESMTP id C0ACC40004 for ; Thu, 10 Oct 2024 10:14:27 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=shutemov.name header.s=fm1 header.b="d 6UDYk1"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=GTucPEDk; spf=pass (imf17.hostedemail.com: domain of kirill@shutemov.name designates 103.168.172.139 as permitted sender) smtp.mailfrom=kirill@shutemov.name; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728555132; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NXHWpk/5+EQAj4xJzSdQnJKqj7apSDgb8yWFmClPgYI=; b=fOFrgpAWUxuFgAvNux4rF3I+WfxhRDv408vAqPH5WqFIIH1YuxZFng8HZfPJz/JEmr6neZ d7w/f0OAjS8gO3+rUkDOaXGDlbQ6nyCgNZhqppWhP1+7E77HjSKF/iReV3X2wyU9emloES gq0DPyNzqHwd2R6oHJh8TDtN/TbELvc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728555132; a=rsa-sha256; cv=none; b=LC5VO9TRdDUNhL+q7QFRF4P78qoN0pUDCHUFo+2Wk/h/lv6N1eUpa2UQPxrAbd5IN2SWOU w1VncyekpNFDoDS9NyzFNQDP4JP/yoQMNQhT732HrrdeWDhvYTcWlqARFM/3FuoUDhFUrS BnhisxNsRNBOeBWJzkHgQERo5VlKz4M= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=shutemov.name header.s=fm1 header.b="d 6UDYk1"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=GTucPEDk; spf=pass (imf17.hostedemail.com: domain of kirill@shutemov.name designates 103.168.172.139 as permitted sender) smtp.mailfrom=kirill@shutemov.name; dmarc=none Received: from phl-compute-03.internal (phl-compute-03.phl.internal [10.202.2.43]) by mailflow.phl.internal (Postfix) with ESMTP id 1B9A5200A8D; Thu, 10 Oct 2024 06:14:28 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Thu, 10 Oct 2024 06:14:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1728555268; x= 1728562468; bh=NXHWpk/5+EQAj4xJzSdQnJKqj7apSDgb8yWFmClPgYI=; b=d 6UDYk1yz+a/v0elUD0ReW9J/h7naA0kWjZwY1SmcWd23AWrO27HUenUp3BCOVYKW Y5kPp7n7Xhaw/2Sdof5rHtNh5n6FgWET88Is8foFKHfSPrYCLyUZKbVJGx7X7i4Y WbvBRyVPUNokB3Xd2QySpCCGZf5GFzSqfPS3GSxGTUNtTblxPb/cIWJrs3mfmLVQ 61sRKuylLJypcU0aa9mTyKY/3I0BlRrHh0bx0yzy4eud736yMqxOx0DZE5I2sSu/ fxGw95L6riD8ClxHUKVAOyfrJHDb5AkRRrUpCJ2yO7XD0EeJm1aRgjU2jM9qLf4g 6aMJdEAZ9PO3QxCNCH3TQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1728555268; x=1728562468; bh=NXHWpk/5+EQAj4xJzSdQnJKqj7ap SDgb8yWFmClPgYI=; b=GTucPEDkbbaL9wcHDUrx+QDdHlrrQx9GJxTx/JRgyh7y gzth01EghcsdF2lpsLBy2eZA88mMZWclDNG6pcN9F4Pp2PTjFleW0kY+Mv+QSzGo CZW97jdGXZEu6cuKgj87Hay8yRCdf4n1RUQL5aolbJJd5dAzpzvGWcZprbOrv7pG 3XUSZ3C2E2fGPM1Svt0wu9WGL7pDk3jOGm2EceC1um4mHtfzmxLbWxcEgUurJTzf pVs75J1pg5/cg7/eoq0BiMkXRApI1Hcd1p9Uqkl+8hWBUrvEvr8Z4cgSCt6Zy2R0 9gEg0zxboWudIufgDw3Q5mYvHkkSAAyoFr7goiHMfQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdefhedgvdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepfffhvfevuffkfhggtggujgesthdtsfdttddtvden ucfhrhhomhepfdfmihhrihhllhcutedrucfuhhhuthgvmhhovhdfuceokhhirhhilhhlse hshhhuthgvmhhovhdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeffvdevueetudfhhfff veelhfetfeevveekleevjeduudevvdduvdelteduvefhkeenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehkihhrihhllhesshhhuhhtvghmohhv rdhnrghmvgdpnhgspghrtghpthhtohepiedupdhmohguvgepshhmthhpohhuthdprhgtph htthhopehtrggssggrsehgohhoghhlvgdrtghomhdprhgtphhtthhopehkvhhmsehvghgv rhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidqrghrmhdqmhhsmhesvh hgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehlihhnuhigqdhmmheskhhvrggt khdrohhrghdprhgtphhtthhopehpsghonhiiihhnihesrhgvughhrghtrdgtohhmpdhrtg hpthhtoheptghhvghnhhhurggtrghisehkvghrnhgvlhdrohhrghdprhgtphhtthhopehm phgvsegvlhhlvghrmhgrnhdrihgurdgruhdprhgtphhtthhopegrnhhuphessghrrghinh hfrghulhhtrdhorhhgpdhrtghpthhtohepphgruhhlrdifrghlmhhslhgvhiesshhifhhi vhgvrdgtohhm X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 10 Oct 2024 06:14:08 -0400 (EDT) Date: Thu, 10 Oct 2024 13:14:03 +0300 From: "Kirill A. Shutemov" To: Fuad Tabba Cc: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org, pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com Subject: Re: [PATCH v3 04/11] KVM: guest_memfd: Allow host to mmap guest_memfd() pages when shared Message-ID: References: <20241010085930.1546800-1-tabba@google.com> <20241010085930.1546800-5-tabba@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241010085930.1546800-5-tabba@google.com> X-Rspamd-Queue-Id: C0ACC40004 X-Stat-Signature: twypehakswpf7pyy35qhdm15sdneqb8x X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1728555267-246868 X-HE-Meta: U2FsdGVkX19BZ+Ha+gRbRjnt6qpl6gudy4dOaLGOtjJLuzs26uNfTTSAANB1KK9A5imvRUM+TTC33tdnZjm6PCXoYkXAQ1G1V1NzBwRKxia6QsVM4ignTTqI2GCEaLR3BegeHDyMo6T9sTl/CLBYhVLXNGvO/AGV6KiMiO1xuQvwG3hvNCgSJypLPrW/5DZkcSkEvpPe2ePHywu4V8hpXfWlne3AIjj7waCr43lcBNwye4YFpJBBEgfsppJG3xb39ySdItKEsjLyXm1L4n2EdcSCz81+HgqLXcjTEwGSK85r51mpugNhtTIo4wAEeC02s+J2vdgXyra9P7GomI8nwketQ/xgFAjLxrKnYPky4IgTthKsg5fzsTGvGC1cuwMwDz4UD9jUEaqMwBRDK/zJi4n0q01i/bJL6p5XOMHcKGEHIKy+o8JzFAEtTzjsECqnksx3YSTTgMnbHHb1VKtu7srbN2EMvcinI6MSw9DVrxaPHYHbV79ZekbgGLtPxrp7mkfUKJRlLfeAn/uAoGqS0es1Fm7Ka+4NX3cequVU8xWacVyKhCdW/VldE6iIbuORn8iMFQucFxHPiOZA757bydyoojkF/FEeoFJJXGJC5EZzveIlw/9g41ApW2pc1FYZTNgNVkerR4scWjNnRxvIc/9thGbl3TcWJQuQJToWTH8r/44o8sE9EkPH7cibR6LgFO3HwcdoCTaVituVZY69FXHQXEu9snxexrAIjccC4bPlTEH3dUnnzcPmpWB/4/aK/lDfnkw960eSsDMaitfQrX7fOm/uzu4rz7OyY6D/qUHOXvaqrwNNDZNpitx5PwhU/bRtTJJFWERSDEwvmYpLVsLvuImJ2a7pFH3dVcpa6oYJD3AOlrUaqdft8PbRz9aTHHxqdsgslaPvLUmA3Qmr7f1suLd9Ht8CnJvfjLyUOzuEHWA94KjMNLPrZk+wRsW+DqCPXdwsvikjXHf2UcP kWX94YmQ 3CAdap7cpGbJdud7yWKpuNlDAIj1sEaHI/p0T4WwEetUGedlALuKD2pQp0ovol88XcWqMUXsuKYrSVcT2a+PjDEeiRCFDHQ8zZCabWpTDYomyzT2H0F/CZIdbbJNcj3H5SJz5aoe1tMNsO7vwfiLcnV2bOGh1vXpCLISqaMSLXyxgTzkJ86SU+jB0od7iFaty1cLbCu6kRF9TEnDDzDC592evPiQF5cMmsYRbC/x2Z0pDH5+HJyOQHi1798LNvy0WECg9ymYNojo60koEuIZvaHsWFPwblRUev2UMvh9K3VfxwJM1tvq2ioI284ltArdCtQeHY7a1Cn/4tVdqyMsqnbfY7zBC/xeZIGkE+qNWiD5pE6mEyAb5Oad5ZSF4FUZoP1BgNMv2JTqoD6hUwvTIUv4VRWnSozijKFUFZ32cRXkkQm3VToibXG5+7LYM2kAadDMLPChOsdkZs+hAG7DnG5AfRoo0nok1TEJjUrCM4/DnvUBK6hBchspQdPM31Wtnri62qWVeOZ64AitTelgq6wDk4ewEsSv/594aux99M2XVbeA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Oct 10, 2024 at 09:59:23AM +0100, Fuad Tabba wrote: > +out: > + if (ret != VM_FAULT_LOCKED) { > + folio_put(folio); > + folio_unlock(folio); Hm. Here and in few other places you return reference before unlocking. I think it is safe because nobody can (or can they?) remove the page from pagecache while the page is locked so we have at least one refcount on the folie, but it *looks* like a use-after-free bug. Please follow the usual pattern: _unlock() then _put(). -- Kiryl Shutsemau / Kirill A. Shutemov