| Message ID | 20230417195317.898696-3-peterx@redhat.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp2377613vqo;
Mon, 17 Apr 2023 13:14:16 -0700 (PDT)
X-Google-Smtp-Source:
AKy350bpp3O9OXg8pSu/sGk1tcHHxCJjzY0Q4Hg9lOVb8KiBrEZiyJ1AVQjAlroAYG75xjR9ZGK3
X-Received: by 2002:a17:903:2596:b0:1a6:5274:c1b0 with SMTP id
jb22-20020a170903259600b001a65274c1b0mr66534plb.60.1681762456265;
Mon, 17 Apr 2023 13:14:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1681762456; cv=none;
d=google.com; s=arc-20160816;
b=J3CT8cJFfqRURQzZjdgaj9r2fDm/xpQLIz2Q1kMBqFX6CEoHIY8VGX0QszKhyFkCYF
tq2bVJOEKr9ewFN4euTIfljSO7bYGXn0XatVdDumIOoVsQaZ5eMiBx/fBFmvjaElmQlW
vWpYYD3rYknXIs6dpwfwNbqST+Atzl852UYpHCRXhqknWAjAYJJl348nB2ByATVnYsw4
XrtkHzE16n/C/ztQPc10dccrvNCtOQI7i0veTV3EQyK1pEz3XIfLbcSPoeQ2VsGRnUsP
TH0r7I3DWxaMjZTdiXthUk8Bjx2JG+n1o1SGUKAZVJnfRjnFov1rfpJyamef+9HD6mV7
mzuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=ZZajLRXbE1gHSG0/rWcJydl4VAkwntQbZfH27HHj2cI=;
b=bnA6Ia9j7m/xYNR3VHCEHzwl0KIYolG9gx24+aPa8c9PbRCILU6JOQyifoVNSAQHMq
p8treythwXnujsW84oof41QjwIxJYM9Q2KzbMi/+/dNlN8imxEirbKAAeAnjcBZHA3cI
OjoXwC8E65BRrn7i7TNVjRTpYuDBWPqhOiulQboEzJi2X/UGgucdMBSW0lLOYFujB6jB
g3o0II7wYwCaoij9XBzWkvwHutt3PQ07LpaJ5VQ1Qs3RA8WPd0INZXBLOA1F/QBMPGCg
/Exwyb5HmnI4AyVeDOqUtYqaFaX4O8/4gBU5Q40SnB/Gnrp8DJ5i/Re2RRU14xWcbHT+
HbXQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=UERaqskK;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
e3-20020a17090301c300b001a6a18a5a27si9916276plh.79.2023.04.17.13.14.03;
Mon, 17 Apr 2023 13:14:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=UERaqskK;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230121AbjDQTyd (ORCPT <rfc822;leviz.kernel.dev@gmail.com>
+ 99 others); Mon, 17 Apr 2023 15:54:33 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33252 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229738AbjDQTy3 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 17 Apr 2023 15:54:29 -0400
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73FD4E6
for <linux-kernel@vger.kernel.org>;
Mon, 17 Apr 2023 12:53:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1681761206;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=ZZajLRXbE1gHSG0/rWcJydl4VAkwntQbZfH27HHj2cI=;
b=UERaqskK3tXv/LdQiirxN4czmv8yGqF3TI6D2EFVZHjOnUfZqY4oLMb9TYlCkxFVu3B16b
VvF3rQL4NGcNUE7LvuBbtSlVkQ4+rBVF0tM2RJNxbu12VD7w1pNHqcGEXN4Zs3pwVd3ysi
n54kKzWAELzAIITExzh8MVQhe3jKEWg=
Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com
[209.85.160.197]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
us-mta-399-pYY-GGELN5-Ng1fR-ZQUXQ-1; Mon, 17 Apr 2023 15:53:25 -0400
X-MC-Unique: pYY-GGELN5-Ng1fR-ZQUXQ-1
Received: by mail-qt1-f197.google.com with SMTP id
d75a77b69052e-3ed767b30easo1904911cf.1
for <linux-kernel@vger.kernel.org>;
Mon, 17 Apr 2023 12:53:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1681761204; x=1684353204;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=ZZajLRXbE1gHSG0/rWcJydl4VAkwntQbZfH27HHj2cI=;
b=NWBMYm5aHIsxlBp8ondzM8isHbwfygMoEuFJoBCXJIQP5vOamVzxImXe0fNcao6JiO
eGKycxrGE2h2fWk+M3c9ylu2rpiyHwJZ91b6SkW9gq8raCQmPTRCqtdiHw+QJj5IdomV
OxRFxkLKmS+FG+4ZdsQcGXWyorEPgm4LYEQuL5oCEpJclMsywLUN1Jm7focSC2Ce75UC
AjrHvKlIlRICUX9wVf0g1LUVNN3+7vhOy1fQexnKhXhvJnqbEzr96JErqFC35N8tqR15
Y/pUKByWkQu4aVnSTnS8kM+DKcKrdkX2mSA7lioM4IbZt7PJ3qnP70eMCXlnLzbvWBBr
lJEw==
X-Gm-Message-State: AAQBX9c8iTF+bYI72lGcMjUHzRN2lLsG0JXx/mU8hWEus9Fza7BrCyAC
ZUPxJVlevVBC8mOZUQrZ+J3Bt4GhD/aMs9tqnm+kH/GaTZT0KJx80Rdb1zJV0CRj6XXEJ3jYflc
14REu41e6BbGNqZU0dQURRh7D4LlrO0hxgwwON+no6W8XXRffY+CaRaQre5U5YX2QOUB/rTlLG8
wTPawbjA==
X-Received: by 2002:a05:622a:1a9b:b0:3ea:ef5:5b8c with SMTP id
s27-20020a05622a1a9b00b003ea0ef55b8cmr19155691qtc.3.1681761204345;
Mon, 17 Apr 2023 12:53:24 -0700 (PDT)
X-Received: by 2002:a05:622a:1a9b:b0:3ea:ef5:5b8c with SMTP id
s27-20020a05622a1a9b00b003ea0ef55b8cmr19155663qtc.3.1681761204064;
Mon, 17 Apr 2023 12:53:24 -0700 (PDT)
Received: from x1n.redhat.com
(bras-base-aurron9127w-grc-40-70-52-229-124.dsl.bell.ca. [70.52.229.124])
by smtp.gmail.com with ESMTPSA id
r17-20020ac87ef1000000b003edfb5d7637sm1731278qtc.73.2023.04.17.12.53.21
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 17 Apr 2023 12:53:23 -0700 (PDT)
From: Peter Xu <peterx@redhat.com>
To: linux-kernel@vger.kernel.org, linux-mm@kvack.org
Cc: Mike Kravetz <mike.kravetz@oracle.com>,
Andrea Arcangeli <aarcange@redhat.com>,
=?utf-8?q?Mika_Penttil=C3=A4?= <mpenttil@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>, peterx@redhat.com,
Axel Rasmussen <axelrasmussen@google.com>, Nadav Amit <nadav.amit@gmail.com>,
David Hildenbrand <david@redhat.com>, linux-stable <stable@vger.kernel.org>
Subject: [PATCH v2 2/6] mm/hugetlb: Fix uffd-wp bit lost when unsharing
happens
Date: Mon, 17 Apr 2023 15:53:13 -0400
Message-Id: <20230417195317.898696-3-peterx@redhat.com>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230417195317.898696-1-peterx@redhat.com>
References: <20230417195317.898696-1-peterx@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1763455749239349983?=
X-GMAIL-MSGID: =?utf-8?q?1763455749239349983?=
|
| Series |
mm/hugetlb: More fixes around uffd-wp vs fork() / RO pins
|
|
Commit Message
Peter Xu
April 17, 2023, 7:53 p.m. UTC
When we try to unshare a pinned page for a private hugetlb, uffd-wp bit can
get lost during unsharing. Fix it by carrying it over.
This should be very rare, only if an unsharing happened on a private
hugetlb page with uffd-wp protected (e.g. in a child which shares the same
page with parent with UFFD_FEATURE_EVENT_FORK enabled).
Cc: linux-stable <stable@vger.kernel.org>
Fixes: 166f3ecc0daf ("mm/hugetlb: hook page faults for uffd write protection")
Reported-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
---
mm/hugetlb.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
Comments
On Mon, 17 Apr 2023 15:53:13 -0400 Peter Xu <peterx@redhat.com> wrote: > When we try to unshare a pinned page for a private hugetlb, uffd-wp bit can > get lost during unsharing. Fix it by carrying it over. > > This should be very rare, only if an unsharing happened on a private > hugetlb page with uffd-wp protected (e.g. in a child which shares the same > page with parent with UFFD_FEATURE_EVENT_FORK enabled). What are the user-visible consequences of the bug? > Cc: linux-stable <stable@vger.kernel.org> When proposing a backport, it's better to present the patch as a standalone thing, against current -linus. I'll then queue it in mm-hotfixes and shall send it upstream during this -rc cycle. As presented, this patch won't go upstream until after 6.3 is released, and as it comes later in time, more backporting effort might be needed. I can rework things if this fix is reasonably urgent (the "user-visible consequences" info is the guide). If not urgent, we can leave things as they are.
Hi, Andrew, On Mon, Apr 17, 2023 at 04:48:22PM -0700, Andrew Morton wrote: > On Mon, 17 Apr 2023 15:53:13 -0400 Peter Xu <peterx@redhat.com> wrote: > > > When we try to unshare a pinned page for a private hugetlb, uffd-wp bit can > > get lost during unsharing. Fix it by carrying it over. > > > > This should be very rare, only if an unsharing happened on a private > > hugetlb page with uffd-wp protected (e.g. in a child which shares the same > > page with parent with UFFD_FEATURE_EVENT_FORK enabled). > > What are the user-visible consequences of the bug? When above condition met, one can lose uffd-wp bit on the privately mapped hugetlb page. It allows the page to be writable even if it should still be wr-protected. I assume it can mean data loss. However it's very hard to trigger. When I wrote the reproducer (provided in the last patch) I needed to use the newest gup_test cmd introduced by David to trigger it because I don't even know another way to do a proper RO longerm pin. Besides that, it needs a bunch of other conditions all met: (1) hugetlb being mapped privately, (2) userfaultfd registered with WP and EVENT_FORK, (3) the user app fork()s, then, (4) RO longterm pin onto a wr-protected anonymous page. If it's not impossible to hit in production I'd say extremely rare. > > > Cc: linux-stable <stable@vger.kernel.org> > > When proposing a backport, it's better to present the patch as a > standalone thing, against current -linus. I'll then queue it in > mm-hotfixes and shall send it upstream during this -rc cycle. > > As presented, this patch won't go upstream until after 6.3 is released, > and as it comes later in time, more backporting effort might be needed. > > I can rework things if this fix is reasonably urgent (the "user-visible > consequences" info is the guide). If not urgent, we can leave things > as they are. IMHO it's not urgent so suitable for mm-unstable (current base of this set; sorry if I forgot to mention it explicitly). I'll post (and remember to post) patches on top of mm-stable if they're urgent, or e.g. bugs introduced in current release. I copied stable for the pure logic of fixing a bug in old kernels. The consequence of hitting the bug is very bad but chance to hit is very low. Thanks,
diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 0213efaf31be..cd3a9d8f4b70 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5637,13 +5637,16 @@ static vm_fault_t hugetlb_wp(struct mm_struct *mm, struct vm_area_struct *vma, spin_lock(ptl); ptep = hugetlb_walk(vma, haddr, huge_page_size(h)); if (likely(ptep && pte_same(huge_ptep_get(ptep), pte))) { + pte_t newpte = make_huge_pte(vma, &new_folio->page, !unshare); + /* Break COW or unshare */ huge_ptep_clear_flush(vma, haddr, ptep); mmu_notifier_invalidate_range(mm, range.start, range.end); page_remove_rmap(old_page, vma, true); hugepage_add_new_anon_rmap(new_folio, vma, haddr); - set_huge_pte_at(mm, haddr, ptep, - make_huge_pte(vma, &new_folio->page, !unshare)); + if (huge_pte_uffd_wp(pte)) + newpte = huge_pte_mkuffd_wp(newpte); + set_huge_pte_at(mm, haddr, ptep, newpte); folio_set_hugetlb_migratable(new_folio); /* Make the old page be freed below */ new_folio = page_folio(old_page);