From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EB944C3600C
	for <linux-mm@archiver.kernel.org>; Mon, 31 Mar 2025 15:32:08 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 04490280011; Mon, 31 Mar 2025 11:32:08 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id F0F64280005; Mon, 31 Mar 2025 11:32:07 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D8774280011; Mon, 31 Mar 2025 11:32:07 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id B4B3F280005
	for <linux-mm@kvack.org>; Mon, 31 Mar 2025 11:32:07 -0400 (EDT)
Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id DE7B6B9A11
	for <linux-mm@kvack.org>; Mon, 31 Mar 2025 15:32:07 +0000 (UTC)
X-FDA: 83282237094.04.EBCE4B0
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])
	by imf05.hostedemail.com (Postfix) with ESMTP id 8F316100017
	for <linux-mm@kvack.org>; Mon, 31 Mar 2025 15:32:05 +0000 (UTC)
Authentication-Results: imf05.hostedemail.com;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=PG1R0xZB;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=ZVSaERfW;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=PG1R0xZB;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=ZVSaERfW;
	spf=pass (imf05.hostedemail.com: domain of pfalcato@suse.de designates 195.135.223.131 as permitted sender) smtp.mailfrom=pfalcato@suse.de;
	dmarc=pass (policy=none) header.from=suse.de
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1743435125;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=HMmFCsqLjK22XQFPm+Ppg3nveLJ+YQdxYvvixpi6H1s=;
	b=MMoNAVsMeVFNpxk2EB2SjuXKdABgLZtHEF2d1fbXpJtOxJhu2S3Molq5s7gB6cCDK7qjSn
	g/jaLb6fAkcBTsZh0v+O4rQn2nAgO6kb7JcuhKULilzS7827zgC3CJ/NX2pDuRrpFlkpo3
	vVsYF8Vw50NeVWq5ZgXviOG8Ou31TTc=
ARC-Authentication-Results: i=1;
	imf05.hostedemail.com;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=PG1R0xZB;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=ZVSaERfW;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=PG1R0xZB;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=ZVSaERfW;
	spf=pass (imf05.hostedemail.com: domain of pfalcato@suse.de designates 195.135.223.131 as permitted sender) smtp.mailfrom=pfalcato@suse.de;
	dmarc=pass (policy=none) header.from=suse.de
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1743435125; a=rsa-sha256;
	cv=none;
	b=nXf56LaM+Y1u91Rc6ENFBRK3JNOh+MvS8rHk5HbyY2KxZhb55IudRJQNWOI+f7iPMQ1/Sl
	aNpmTFI0jlOQOgo/DsFI3p3nNb1VeStapEeTTYcAd+tT23KL8DYBeeWFnoIYcwrrYQ/w/8
	58WdeBaWqN7K4BoZXlDYtBUYLl2hNkg=
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id 900AD1F452;
	Mon, 31 Mar 2025 15:27:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1743434823; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=HMmFCsqLjK22XQFPm+Ppg3nveLJ+YQdxYvvixpi6H1s=;
	b=PG1R0xZB4srxpCoyuH2P41oVFOJsjMmPoaQPknpS8bJWB4wn8Qli+H9X+gSO/zmrk6TpnG
	gdxcxHlmpf5mER4nOUpiMFbcBgqY4/QJi8fKU2J2LKoVkP+qx3KzzPgE2e3+PBZmjs/SKy
	ccaeIZoGWxywORZOsbDM9fXt3cMrDg8=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1743434823;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=HMmFCsqLjK22XQFPm+Ppg3nveLJ+YQdxYvvixpi6H1s=;
	b=ZVSaERfW5JJCTJi7/qkZABWr/oHYliNOrFrxThZKR14OsGj5eZLKkMGqzP1GUzLNY0z1Kc
	Og+3SYCiVnwFHEAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1743434823; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=HMmFCsqLjK22XQFPm+Ppg3nveLJ+YQdxYvvixpi6H1s=;
	b=PG1R0xZB4srxpCoyuH2P41oVFOJsjMmPoaQPknpS8bJWB4wn8Qli+H9X+gSO/zmrk6TpnG
	gdxcxHlmpf5mER4nOUpiMFbcBgqY4/QJi8fKU2J2LKoVkP+qx3KzzPgE2e3+PBZmjs/SKy
	ccaeIZoGWxywORZOsbDM9fXt3cMrDg8=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1743434823;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=HMmFCsqLjK22XQFPm+Ppg3nveLJ+YQdxYvvixpi6H1s=;
	b=ZVSaERfW5JJCTJi7/qkZABWr/oHYliNOrFrxThZKR14OsGj5eZLKkMGqzP1GUzLNY0z1Kc
	Og+3SYCiVnwFHEAA==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 11AC513A1F;
	Mon, 31 Mar 2025 15:27:03 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id kmiKAEe06mc7SwAAD6G6ig
	(envelope-from <pfalcato@suse.de>); Mon, 31 Mar 2025 15:27:03 +0000
Date: Mon, 31 Mar 2025 16:26:56 +0100
From: Pedro Falcato <pfalcato@suse.de>
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>, 
	Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>, 
	"Liam R . Howlett" <Liam.Howlett@oracle.com>, linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 6.15] mm/vma: add give_up_on_oom option on modify/merge,
 use in uffd release
Message-ID: <sniaixyko3mirqm3hdnyrm56sge6bzuhyyq2o4dtmwxykifs7k@dqwlk6qlj2d7>
References: <20250321100937.46634-1-lorenzo.stoakes@oracle.com>
 <1f9436a5-65e4-4027-a22d-9e5500e34dba@lucifer.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1f9436a5-65e4-4027-a22d-9e5500e34dba@lucifer.local>
X-Rspamd-Action: no action
X-Rspamd-Queue-Id: 8F316100017
X-Rspamd-Server: rspam05
X-Rspam-User: 
X-Stat-Signature: mcb19ps3mbmjdbe5fxj9u5dg69xus4s5
X-HE-Tag: 1743435125-551525
X-HE-Meta: U2FsdGVkX18HkAk6qaF7a4rxT+1GKIAZ59wTeu6bsAX+SjqWW1jC9txF03ij4GUeZtBL84yK5DkxkayTzqKgu7LCQ+NKdNQ5MKXtbY+jnNmr99wOP/acEpOZil3/QqpQ/9XO6X6P5PrtBoR/oPiCBeshacDxAwWRvw3BHx78h8+CpdnMtos6U7HxwxQIrho0q1jFG6dMsH341zNaur3+TN9D+4KEj1hdP3dv/R4R1ywYFR3l8U8o6n6d/W86bOWVVDSqz+39Mx3Zctw63GOiethFUBkSLYzdYdTKK3zRfREn/o9M/NnmJr3FCYSPW0tyHOJz2v+iQmPPKBW7UrJ0DcfSQAB1qQxMXWtG8NR9MVe3uwrwUqfl99HAjjb9lxEN0Xi7yFsdMZKjrIeiKVJg/KO82+LUUEClfIS5+4Tn/hoH4N03imjCHtAsfxfsj8hU198lrtrD7OtAfbAmpmnxV2ffHtFAtEc9blyRKu0eoNUlWavvx92MZ3VG+/erXU5CZBX7bJnGcNGEU5/giXLX/Ny0rZ7Oz8WOeg6+VMmltDTg8THnbndoolO6sczYr7381vvGH2NYN7fuwp9nrVVtmD+JoFssvhHd+1KiQ0c04pZnTINv6KZfQLOnUOr4EHOOaeaiyWou/sCA/FuuXk5RNSZ/mYhMrNd1IXvb47RsjHgTXmcRphYmPJejNA3FlnA23M1J0Hpa8jrnN0gcP+mFBLsV9c/lplX5eGXfZPgHa1ze8ilgyTx6p/dUPsKGEi18Qq4cJApXIt0N6wAAFuMuPI/rvijN8zBLBFD0/Pmym8KmgAEZg7NGQ+aMUgW+ZvdXHjinxVnRL4PfgRQSNdutnE0on8Fdt+dzXdIigTgEZbCwJE5ep32rnK9YfIpqwaxdUAVExv4YFzWG22b8QRo+yKJGhWy96inHrt6UDnm0VfR0082nVld2Xo8Td0xENUIGva+iu6t4iLEps/+zHUW
 kLmlXl8b
 akroP+narN7eLMioyGfinOGcPjzIO27cRRLXisnh6pIRcFr/C42vWRIacrPgcq5iUfT9SYKj9U8CnxUfbglPBhZTL6HT3zcxZsKiyEt6OT4IJlU01lLBROZou4Rl+csrIn2AlcEWL8CtGZmZVkw25CdmTyb+jZu4gNuhSJB4t4TWwwpJ6dTVQp8eLEJKSM8rkaxlxxNMY12WQ+PuXQacJBpzhk+JMwbIX1hUqT7KAZQ52yEbCa+JhIXfHglipeaBtCoLxA4ucSA4GCEHbSEHrcRwGdopStKRXaiMrIaTN+7a/4PidwcjhoI/CkaCBxbnFyQHY0NmAdNKWdXRUsNVFlH0vn4r4G08AIvCvixjHC5qM/k5YNYMlmJc0L1OnEkzq3YekXyReP0NrIIkJeH93Hfj1pxAasDHMZjUJb40DKYGlijAj/x1F9cO15+Geituah85SDHZlMxEH+2q+P8jOXT423USjSC8tuV3f
X-Bogosity: Ham, tests=bogofilter, spamicity=0.001027, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Mon, Mar 31, 2025 at 04:10:41PM +0100, Lorenzo Stoakes wrote:
> I know that none of us love this, but seemed to be consensus that this was
> a viable, if semi-vom-inducing solution - can we go ahead with this?

/me barfs

> Would appreciate ack's (even if queasy) if so, so this doesn't get
> stalled. We can always revisit this (in fact, it's on my list...).
> 
> On Fri, Mar 21, 2025 at 10:09:37AM +0000, Lorenzo Stoakes wrote:
> > Currently, if a VMA merge fails due to an OOM condition arising on commit
> > merge or a failure to duplicate anon_vma's, we report this so the caller
> > can handle it.
> >
> > However there are cases where the caller is only ostensibly trying a
> > merge, and doesn't mind if it fails due to this condition.
> >
> > Since we do not want to introduce an implicit assumption that we only
> > actually modify VMAs after OOM conditions might arise, add a 'give up on
> > oom' option and make an explicit contract that, should this flag be set, we
> > absolutely will not modify any VMAs should OOM arise and just bail out.
> >
> > Since it'd be very unusual for a user to try to vma_modify() with this flag
> > set but be specifying a range within a VMA which ends up being split (which
> > can fail due to rlimit issues, not only OOM), we add a debug warning for
> > this condition.
> >
> > The motivating reason for this is uffd release - syzkaller (and Pedro
> > Falcato's VERY astute analysis) found a way in which an injected fault on
> > allocation, triggering an OOM condition on commit merge, would result in
> > uffd code becoming confused and treating an error value as if it were a VMA
> > pointer.
> >
> > To avoid this, we make use of this new VMG flag to ensure that this never
> > occurs, utilising the fact that, should we be clearing entire VMAs, we do
> > not wish an OOM event to be reported to us.
> >
> > Many thanks to Pedro Falcato for his excellent analysis and Jann Horn for
> > his insightful and intelligent analysis of the situation, both of whom were
> > instrumental in this fix.
> >
> > Reported-by: syzbot+20ed41006cf9d842c2b5@syzkaller.appspotmail.com
> > Closes: https://lore.kernel.org/all/67dc67f0.050a0220.25ae54.001e.GAE@google.com/
> > Fixes: 47b16d0462a4 ("mm: abort vma_modify() on merge out of memory failure")
> > Suggested-by: Pedro Falcato <pfalcato@suse.de>
> > Suggested-by: Jann Horn <jannh@google.com>
> > Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>

Alright, I'm not a huge fan of the solution, but if you feel like it's the best course of action,
I'll trust your instincts. The patch itself LGTM.

Reviewed-by: Pedro Falcato <pfalcato@suse.de>

> >  	if (vma->vm_start < start) {
> >  		int err = split_vma(vmg->vmi, vma, start, 1);
> > @@ -1602,12 +1642,15 @@ struct vm_area_struct
> >  		       struct vm_area_struct *vma,
> >  		       unsigned long start, unsigned long end,
> >  		       unsigned long new_flags,
> > -		       struct vm_userfaultfd_ctx new_ctx)
> > +		       struct vm_userfaultfd_ctx new_ctx,
> > +		       bool give_up_on_oom)
> >  {
> >  	VMG_VMA_STATE(vmg, vmi, prev, vma, start, end);
> >
> >  	vmg.flags = new_flags;
> >  	vmg.uffd_ctx = new_ctx;
> > +	if (give_up_on_oom)
> > +		vmg.give_up_on_oom = true;

Why not just
	vmg.give_up_on_oom = give_up_on_oom;
with no if?

--
Pedro