From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 59AA8CF11E1
	for <linux-mm@archiver.kernel.org>; Thu, 10 Oct 2024 12:21:23 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id DC23A6B0082; Thu, 10 Oct 2024 08:21:22 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D4ACE6B0083; Thu, 10 Oct 2024 08:21:22 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B9D216B0085; Thu, 10 Oct 2024 08:21:22 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 971E26B0082
	for <linux-mm@kvack.org>; Thu, 10 Oct 2024 08:21:22 -0400 (EDT)
Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 18D0614011A
	for <linux-mm@kvack.org>; Thu, 10 Oct 2024 12:21:19 +0000 (UTC)
X-FDA: 82657602804.15.FEEE29B
Received: from flow-a5-smtp.messagingengine.com (flow-a5-smtp.messagingengine.com [103.168.172.140])
	by imf29.hostedemail.com (Postfix) with ESMTP id CB9BA12001C
	for <linux-mm@kvack.org>; Thu, 10 Oct 2024 12:21:18 +0000 (UTC)
Authentication-Results: imf29.hostedemail.com;
	dkim=pass header.d=shutemov.name header.s=fm1 header.b="J tYFE4S";
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=DKvnZcY9;
	dmarc=none;
	spf=pass (imf29.hostedemail.com: domain of kirill@shutemov.name designates 103.168.172.140 as permitted sender) smtp.mailfrom=kirill@shutemov.name
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728562852; a=rsa-sha256;
	cv=none;
	b=YTlToFxpHpb+yp/OeiP+ppNEz7vR/3tC0IWqEzrhxSF3VGMNv3RHcYX4MwkCqqmhCZ8tyi
	w/6jHI6Dfrr35nh8cSaVza5G940nm1+MHv4LjYMlymmIF50k5q+0voynS/iFx9twsjYMdS
	RwCYJpbl7Z4Ro1i385j+9tmEQ55Z3+c=
ARC-Authentication-Results: i=1;
	imf29.hostedemail.com;
	dkim=pass header.d=shutemov.name header.s=fm1 header.b="J tYFE4S";
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=DKvnZcY9;
	dmarc=none;
	spf=pass (imf29.hostedemail.com: domain of kirill@shutemov.name designates 103.168.172.140 as permitted sender) smtp.mailfrom=kirill@shutemov.name
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1728562852;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=wBckN4g9HCrUa7WIs9G8yP0tJY8h3Lm/AXSNnRL5pU0=;
	b=2qqJbGwyYTndWI3v/VBvQ+k0vSFlg/m+lT8lM4AgYh0SVUN83QmzUeP+O2EYapgwFe3yB0
	GVc6TTSXmsrxxtQ25lFGZSjqULG6zIyn4FcG2G5QjpvXaUt8evbeyIDxB4VzNZNzN1Bqls
	GhbLYvwEMQZbchMrpUkCWprWj/dJffg=
Received: from phl-compute-07.internal (phl-compute-07.phl.internal [10.202.2.47])
	by mailflow.phl.internal (Postfix) with ESMTP id 400F9200344;
	Thu, 10 Oct 2024 08:21:19 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-07.internal (MEProxy); Thu, 10 Oct 2024 08:21:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name;
	 h=cc:cc:content-type:content-type:date:date:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to; s=fm1; t=1728562879; x=
	1728570079; bh=wBckN4g9HCrUa7WIs9G8yP0tJY8h3Lm/AXSNnRL5pU0=; b=J
	tYFE4SIib1Wgi59JR0TJx16z4KCxUGv8ED194GZ/bd/zc21RY01WRu8Hes8lVQQI
	xnQx83Ucf7ipDPIM0OmHF3LbqDqGWFOSwKgKYdQVGdVmBSFFtjbB5s13hrb6MKS5
	u31uPGTkaK7CjBpI9+yp712FK6vTc9VPqH/mq7sZg6Obtnc1DEqFA0epyN3sQBCb
	VS5HKIHdpfPkjS28WdPO1xjE6nCD0errkAtyA2QJLdWUIHeF/13nMpSa5xbvc4Dj
	j7vUc+HkZBjCr9r90oqsA4cRDxb4M76rHfyZP6i42l+8526FSRbIC475ApLM9mHq
	Zg44s+2VZoqyoRC+MjkWw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm2; t=1728562879; x=1728570079; bh=wBckN4g9HCrUa7WIs9G8yP0tJY8h
	3Lm/AXSNnRL5pU0=; b=DKvnZcY9lUUcq0YBc2xyE4Mn+W5dbwkEZq4fiiWEpLKt
	JOG3CTFHsFK4O45kw3Vbtt28gKdvK1yiNQzyq1AnM+Z5XYZSF2akc3ByPnla3fyz
	0vEJ3I/wiwtM9VSZF+whYTOlRpvW5icM2fHtTf/CKOaEDxU36kcH8NOPsrvfAFlh
	YVPIkL9OMJRTbmUznl09OSEMHsH+Vl4qQ4WrXd2AlGP//CgNucg+Zr3MVgnfT0v5
	c3ia3a+UMkYHSQgtxCF/Cp1AMGJtOrdpv1vncU9GU7t0AnmXGa0Or5WtGJNDidXY
	KirW0xxd+pqhIlnG/tpJI1fiwIDKwY32MUxW/lPANQ==
X-ME-Sender: <xms:vMYHZ0eMMUqF-wmBR4gJMJyp1WZOpeYn8aABwkbZmqMJ_yuESyo_wg>
    <xme:vMYHZ2OgikZs-NvZ_N50OU3D0u8wiyDJKoKycrrZrfvs0OUMv7M_6xDAVoBSC2acN
    J3x_QlM6m6k7V7hE9o>
X-ME-Received: <xmr:vMYHZ1iUw0HJRJ2U6rch5NgWDzWAoFSUGfcQ3elSIvNFOVe9hRCioEy5gX_o92JmhNl18Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdefhedghedvucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
    rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh
    htshculddquddttddmnecujfgurhepfffhvfevuffkfhggtggujgesthdtsfdttddtvden
    ucfhrhhomhepfdfmihhrihhllhcutedrucfuhhhuthgvmhhovhdfuceokhhirhhilhhlse
    hshhhuthgvmhhovhdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeffvdevueetudfhhfff
    veelhfetfeevveekleevjeduudevvdduvdelteduvefhkeenucevlhhushhtvghrufhiii
    gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehkihhrihhllhesshhhuhhtvghmohhv
    rdhnrghmvgdpnhgspghrtghpthhtohepiedupdhmohguvgepshhmthhpohhuthdprhgtph
    htthhopehtrggssggrsehgohhoghhlvgdrtghomhdprhgtphhtthhopehkvhhmsehvghgv
    rhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidqrghrmhdqmhhsmhesvh
    hgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehlihhnuhigqdhmmheskhhvrggt
    khdrohhrghdprhgtphhtthhopehpsghonhiiihhnihesrhgvughhrghtrdgtohhmpdhrtg
    hpthhtoheptghhvghnhhhurggtrghisehkvghrnhgvlhdrohhrghdprhgtphhtthhopehm
    phgvsegvlhhlvghrmhgrnhdrihgurdgruhdprhgtphhtthhopegrnhhuphessghrrghinh
    hfrghulhhtrdhorhhgpdhrtghpthhtohepphgruhhlrdifrghlmhhslhgvhiesshhifhhi
    vhgvrdgtohhm
X-ME-Proxy: <xmx:vMYHZ5-lkA3vh2yNayyw8_e3gh4yUdU_fRa1xGomjMjBe5aIQxJGxQ>
    <xmx:vMYHZwsjO4jusl4thJ5ewRHLNkPSygIqYWvIYfYAPtPgjbrq9onAkg>
    <xmx:vMYHZwFqtHuqZlLfJ_E48fqrqwmPAT_BbPKawyWkx4OIUKGeqa8DrA>
    <xmx:vMYHZ_OZl8yFn4ftINnwWCBb_pdG5D9BBp171_aRkS-kwOJajveR1w>
    <xmx:v8YHZ4KOXHr4xzJQCBXhaAuTTUirDRhHlXj9ChjTFusAtIrgjTdfQk_S>
Feedback-ID: ie3994620:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 10 Oct 2024 08:21:00 -0400 (EDT)
Date: Thu, 10 Oct 2024 15:20:55 +0300
From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: Fuad Tabba <tabba@google.com>
Cc: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org,
 	pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au,
 anup@brainfault.org, 	paul.walmsley@sifive.com, palmer@dabbelt.com,
 aou@eecs.berkeley.edu, seanjc@google.com, 	viro@zeniv.linux.org.uk,
 brauner@kernel.org, willy@infradead.org, 	akpm@linux-foundation.org,
 xiaoyao.li@intel.com, yilun.xu@intel.com, 	chao.p.peng@linux.intel.com,
 jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com,
 	yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net,
 vbabka@suse.cz, 	vannapurve@google.com, ackerleytng@google.com,
 mail@maciej.szmigiero.name, 	david@redhat.com, michael.roth@amd.com,
 wei.w.wang@intel.com, 	liam.merwick@oracle.com, isaku.yamahata@gmail.com,
 kirill.shutemov@linux.intel.com, 	suzuki.poulose@arm.com,
 steven.price@arm.com, quic_eberman@quicinc.com,
 	quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com,
 quic_svaddagi@quicinc.com, 	quic_cvanscha@quicinc.com,
 quic_pderrin@quicinc.com, quic_pheragu@quicinc.com,
 	catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com,
 	oliver.upton@linux.dev, maz@kernel.org, will@kernel.org,
 qperret@google.com, 	keirf@google.com, roypat@amazon.co.uk,
 shuah@kernel.org, hch@infradead.org, 	jgg@nvidia.com,
 rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com,
 	hughd@google.com, jthoughton@google.com
Subject: Re: [PATCH v3 04/11] KVM: guest_memfd: Allow host to mmap
 guest_memfd() pages when shared
Message-ID: <mr26r6uvvvdevwqz6flhnzbqjwkf7ucictnjhk3xsuktwsujh5@ncf57r3v6w6p>
References: <20241010085930.1546800-1-tabba@google.com>
 <20241010085930.1546800-5-tabba@google.com>
 <i44qkun5ddu3vwli7dxh27je72ywlrb7m5ercjhvprhleapv6x@52dwi3kwp2zx>
 <CA+EHjTwOsbNRN=6ZQ4rAJLhpVNifrtmLLs84q4_kOixghaSHBg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+EHjTwOsbNRN=6ZQ4rAJLhpVNifrtmLLs84q4_kOixghaSHBg@mail.gmail.com>
X-Rspam-User: 
X-Stat-Signature: 4ukz9kmeqcgbggoek1dq84f1rh8e8yzi
X-Rspamd-Queue-Id: CB9BA12001C
X-Rspamd-Server: rspam02
X-HE-Tag: 1728562878-75889
X-HE-Meta: U2FsdGVkX18t6ixfX87I8txWcZ0T5WXLHKt8rD4m6ORh9IrPJQH9cJUIeZ/bZom9R23C53/HiZ81aX7YpYBABdC66S3fPHDTNplG/Sa94lgvpnTzUnnuGmDYzuIFp881yqKjgt961JHmyDJLkfxdgDlmxC83d5BqgJwJDUYVCeGrM99HsAIj+Awxq8CePv4hePagZItsh5R05APgpIuX/2GUJv8Ju7vJKLm5wUi6TXSSJveDeDeO9unFj5NV7w656mjnXwgJyEdmh50apyohpMd/4UI2Ex5y8fjY5aOZYuwCaoxXEcBKFDUDQ26+huoTmov2906PN66Hfp+NBZLvQUsq19bOBGqrYVkM4yMcujweeWDspzKR7/2dYysLH2fSLSVBoO8vxKf4+cJqUwjk62/crFOljEmqX/q3CLkH/7akyv5j7VjsmCHAI+lyc4kPMISB+pnOY37rAJSQeOAc8LX3GfnWcWtYwu6ZqPIBjYGa/yvmYRA5yFJc2mcYNXklLRrjEVAnEaa/37RSttt3KfYFAuU0JXakCN6EJI4cCzChdXJ9nPEZS7kpXjUpHejKXCT6J0od058IXs01MvU1aNYmP72AEg4dlcIR6pmZn4I2mRdTyTTu7Gu+E/SnbgaTQ4q/tU7eCuDEvRviAzT0+ktZlAy5pfeM9cJdzNYoMfXiAHxlYdxVC/ceJoTupm4o6lf1iZJbBktX7TxF4WgLTT+iGNvHND9r3Kojqtk2IgcLhyVo+VgVuOMaSCm8Skgd5p0pOEM4Ur4CdxEoPpP0YQSPtob61Jyg5mcSPq7RsGWCDB/JoDaWUaoSjpgU9u95ii06zLVNaH/Ml4jZrfMhVtd0oNGOdyDtrNFsN+z9ERrGRsouKcMhClGtjIrD5lUl5+MGE4QH9aNx12OPBZY8pVIVkauux+4fGDAjX1r0QaOsVcJzMdlWMZ8PQYOO4FR97cnveek4uHY57Aj+PTq
 mYmqipUO
 Zk02dQHDCTePX/C9QFZGin5bK2Ka+w0fIpu18c0Ih4a+OvjB5hrW3BWZ1571KQbvonZd3UtTbegi/2+QaRW44Zai/VLk6xCFIoGQOgLrDy7cdDE40D/0/ruiAPusF1jgloZvnZInpd1c2k3PDTHD5Ns7Qpdhmtsp8ZGQ/pIkwQgoojMsnYuc/+hr/yKNvAQSApO0Rpz8Y7dWlCtEvq8a/LiJgaLTuEUfJ62fSO2Je7R+ecllFEfR9skLEdDRSPF49r7HR5Oqi2sKRo58NbMLWsprV3ms4MlDWBClPrjivkhIo1pnyOU0VtbK9DmYWkAn25f/p9GfMPXYcIX85tnEavZ1FYtNlcVKLhPQISBfX+d3yir3DkYRt4sXz+c+JGkjtbeh+CtUnQsYdOmaiW3Vr71W3QCpdDsLufN03ziK/Zf8Wo/0btmuVFKN+y8J/g1GizwAAI2VHlKuQ0hApHowzWUW5cMlKNz6hnlowaGdegWDqv+QntvmvSeOds6fhjjY/bAWPdc2KiRuPPY2SiG6bPiMEtw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Thu, Oct 10, 2024 at 11:23:55AM +0100, Fuad Tabba wrote:
> Hi Kirill,
> 
> On Thu, 10 Oct 2024 at 11:14, Kirill A. Shutemov <kirill@shutemov.name> wrote:
> >
> > On Thu, Oct 10, 2024 at 09:59:23AM +0100, Fuad Tabba wrote:
> > > +out:
> > > +     if (ret != VM_FAULT_LOCKED) {
> > > +             folio_put(folio);
> > > +             folio_unlock(folio);
> >
> > Hm. Here and in few other places you return reference before unlocking.
> >
> > I think it is safe because nobody can (or can they?) remove the page from
> > pagecache while the page is locked so we have at least one refcount on the
> > folie, but it *looks* like a use-after-free bug.
> >
> > Please follow the usual pattern: _unlock() then _put().
> 
> That is deliberate, since these patches rely on the refcount to check
> whether the host has any mappings, and the folio lock in order not to
> race. It's not that it's not safe to decrement the refcount after
> unlocking, but by doing that i cannot rely on the folio lock to ensure
> that there aren't any races between the code added to check whether a
> folio is mappable, and the code that checks whether the refcount is
> safe. It's a tiny window, but it's there.
> 
> What do you think?

I don't think your scheme is race-free either. gmem_clear_mappable() is
going to fail with -EPERM if there's any transient pin on the page. For
instance from any physical memory scanner.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov