* [PATCH 0/2] mm/uffd: Fix vma check
@ 2022-10-24 19:33 Peter Xu
2022-10-24 19:33 ` [PATCH 1/2] mm/uffd: Fix vma check on userfault for wp Peter Xu
2022-10-24 19:33 ` [PATCH 2/2] Revert "mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in" Peter Xu
0 siblings, 2 replies; 4+ messages in thread
From: Peter Xu @ 2022-10-24 19:33 UTC (permalink / raw)
To: linux-mm, linux-kernel
Cc: Axel Rasmussen, peterx, Andrew Morton, Andrea Arcangeli, Nadav Amit
I just got time to have a closer look on the uffd-wp triggering of the
warning here:
https://lore.kernel.org/all/YzeR+R6b4bwBlBHh@x1n/T/#u
It turns out to be a wrong check on vma, and with the fix attached we
should be able to remove the ugly macro checks. Sorry for the bothersome.
Please have a look, thanks.
Peter Xu (2):
mm/uffd: Fix vma check on userfault for wp
Revert "mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in"
include/linux/userfaultfd_k.h | 6 +++---
mm/hugetlb.c | 4 ----
mm/memory.c | 2 --
mm/mprotect.c | 2 --
4 files changed, 3 insertions(+), 11 deletions(-)
--
2.37.3
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] mm/uffd: Fix vma check on userfault for wp
2022-10-24 19:33 [PATCH 0/2] mm/uffd: Fix vma check Peter Xu
@ 2022-10-24 19:33 ` Peter Xu
2022-10-24 19:42 ` Peter Xu
2022-10-24 19:33 ` [PATCH 2/2] Revert "mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in" Peter Xu
1 sibling, 1 reply; 4+ messages in thread
From: Peter Xu @ 2022-10-24 19:33 UTC (permalink / raw)
To: linux-mm, linux-kernel
Cc: Axel Rasmussen, peterx, Andrew Morton, Andrea Arcangeli, Nadav Amit
We used to have a report that pte-marker code can be reached even when
uffd-wp is not compiled in for file memories, here:
https://lore.kernel.org/all/YzeR+R6b4bwBlBHh@x1n/T/#u
I just got time to revisit this and found that the root cause is we simply
messed up with the vma check, so that for !PTE_MARKER_UFFD_WP system, we
will allow UFFDIO_REGISTER of MINOR & WP upon shmem as the check was wrong:
if (vm_flags & VM_UFFD_MINOR)
return is_vm_hugetlb_page(vma) || vma_is_shmem(vma);
Where we'll allow anything to pass on shmem as long as minor mode is
requested.
Axel did it right when introducing minor mode but I messed it up in
b1f9e876862d when moving code around. Fix it.
Cc: Axel Rasmussen <axelrasmussen@google.com>
Fixes: b1f9e876862d ("mm/uffd: enable write protection for shmem & hugetlbfs")
Signed-off-by: Peter Xu <peterx@redhat.com>
---
include/linux/userfaultfd_k.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h
index f07e6998bb68..9df0b9a762cc 100644
--- a/include/linux/userfaultfd_k.h
+++ b/include/linux/userfaultfd_k.h
@@ -146,9 +146,9 @@ static inline bool userfaultfd_armed(struct vm_area_struct *vma)
static inline bool vma_can_userfault(struct vm_area_struct *vma,
unsigned long vm_flags)
{
- if (vm_flags & VM_UFFD_MINOR)
- return is_vm_hugetlb_page(vma) || vma_is_shmem(vma);
-
+ if ((vm_flags & VM_UFFD_MINOR) &&
+ (!is_vm_hugetlb_page(vma) && !vma_is_shmem(vma)))
+ return false;
#ifndef CONFIG_PTE_MARKER_UFFD_WP
/*
* If user requested uffd-wp but not enabled pte markers for
--
2.37.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] Revert "mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in"
2022-10-24 19:33 [PATCH 0/2] mm/uffd: Fix vma check Peter Xu
2022-10-24 19:33 ` [PATCH 1/2] mm/uffd: Fix vma check on userfault for wp Peter Xu
@ 2022-10-24 19:33 ` Peter Xu
1 sibling, 0 replies; 4+ messages in thread
From: Peter Xu @ 2022-10-24 19:33 UTC (permalink / raw)
To: linux-mm, linux-kernel
Cc: Axel Rasmussen, peterx, Andrew Morton, Andrea Arcangeli, Nadav Amit
With previous patch to fix the registration, we'll be safe to remove the
macro hacks now.
Signed-off-by: Peter Xu <peterx@redhat.com>
---
mm/hugetlb.c | 4 ----
mm/memory.c | 2 --
mm/mprotect.c | 2 --
3 files changed, 8 deletions(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 1a7dc7b2e16c..b2fcb27f268a 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5124,7 +5124,6 @@ static void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct
* unmapped and its refcount is dropped, so just clear pte here.
*/
if (unlikely(!pte_present(pte))) {
-#ifdef CONFIG_PTE_MARKER_UFFD_WP
/*
* If the pte was wr-protected by uffd-wp in any of the
* swap forms, meanwhile the caller does not want to
@@ -5136,7 +5135,6 @@ static void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct
set_huge_pte_at(mm, address, ptep,
make_pte_marker(PTE_MARKER_UFFD_WP));
else
-#endif
huge_pte_clear(mm, address, ptep, sz);
spin_unlock(ptl);
continue;
@@ -5165,13 +5163,11 @@ static void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct
tlb_remove_huge_tlb_entry(h, tlb, ptep, address);
if (huge_pte_dirty(pte))
set_page_dirty(page);
-#ifdef CONFIG_PTE_MARKER_UFFD_WP
/* Leave a uffd-wp pte marker if needed */
if (huge_pte_uffd_wp(pte) &&
!(zap_flags & ZAP_FLAG_DROP_MARKER))
set_huge_pte_at(mm, address, ptep,
make_pte_marker(PTE_MARKER_UFFD_WP));
-#endif
hugetlb_count_sub(pages_per_huge_page(h), mm);
page_remove_rmap(page, vma, true);
diff --git a/mm/memory.c b/mm/memory.c
index 8e72f703ed99..25b12d1a7db0 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1393,12 +1393,10 @@ zap_install_uffd_wp_if_needed(struct vm_area_struct *vma,
unsigned long addr, pte_t *pte,
struct zap_details *details, pte_t pteval)
{
-#ifdef CONFIG_PTE_MARKER_UFFD_WP
if (zap_drop_file_uffd_wp(details))
return;
pte_install_uffd_wp_if_needed(vma, addr, pte, pteval);
-#endif
}
static unsigned long zap_pte_range(struct mmu_gather *tlb,
diff --git a/mm/mprotect.c b/mm/mprotect.c
index 99762403cc8f..8d770855b591 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -267,7 +267,6 @@ static unsigned long change_pte_range(struct mmu_gather *tlb,
} else {
/* It must be an none page, or what else?.. */
WARN_ON_ONCE(!pte_none(oldpte));
-#ifdef CONFIG_PTE_MARKER_UFFD_WP
if (unlikely(uffd_wp && !vma_is_anonymous(vma))) {
/*
* For file-backed mem, we need to be able to
@@ -279,7 +278,6 @@ static unsigned long change_pte_range(struct mmu_gather *tlb,
make_pte_marker(PTE_MARKER_UFFD_WP));
pages++;
}
-#endif
}
} while (pte++, addr += PAGE_SIZE, addr != end);
arch_leave_lazy_mmu_mode();
--
2.37.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] mm/uffd: Fix vma check on userfault for wp
2022-10-24 19:33 ` [PATCH 1/2] mm/uffd: Fix vma check on userfault for wp Peter Xu
@ 2022-10-24 19:42 ` Peter Xu
0 siblings, 0 replies; 4+ messages in thread
From: Peter Xu @ 2022-10-24 19:42 UTC (permalink / raw)
To: linux-mm, linux-kernel
Cc: Axel Rasmussen, Andrew Morton, Andrea Arcangeli, Nadav Amit
On Mon, Oct 24, 2022 at 03:33:35PM -0400, Peter Xu wrote:
> We used to have a report that pte-marker code can be reached even when
> uffd-wp is not compiled in for file memories, here:
>
> https://lore.kernel.org/all/YzeR+R6b4bwBlBHh@x1n/T/#u
>
> I just got time to revisit this and found that the root cause is we simply
> messed up with the vma check, so that for !PTE_MARKER_UFFD_WP system, we
> will allow UFFDIO_REGISTER of MINOR & WP upon shmem as the check was wrong:
>
> if (vm_flags & VM_UFFD_MINOR)
> return is_vm_hugetlb_page(vma) || vma_is_shmem(vma);
>
> Where we'll allow anything to pass on shmem as long as minor mode is
> requested.
>
> Axel did it right when introducing minor mode but I messed it up in
> b1f9e876862d when moving code around. Fix it.
>
> Cc: Axel Rasmussen <axelrasmussen@google.com>
> Fixes: b1f9e876862d ("mm/uffd: enable write protection for shmem & hugetlbfs")
Should also have had:
Cc: stable@vger.kernel.org
> Signed-off-by: Peter Xu <peterx@redhat.com>
--
Peter Xu
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-10-24 23:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-24 19:33 [PATCH 0/2] mm/uffd: Fix vma check Peter Xu
2022-10-24 19:33 ` [PATCH 1/2] mm/uffd: Fix vma check on userfault for wp Peter Xu
2022-10-24 19:42 ` Peter Xu
2022-10-24 19:33 ` [PATCH 2/2] Revert "mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in" Peter Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).