From patchwork Wed May 17 15:04:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 95340 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1213766vqo; Wed, 17 May 2023 08:16:06 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ48oB0Ah+/fkwoG1LaTZf5TKH6Sr/b7EgaoBUpThVuBrnCPpDx+ge3ccFnH9pDJxUiRwWZU X-Received: by 2002:a17:90a:b292:b0:24d:fb21:3d7c with SMTP id c18-20020a17090ab29200b0024dfb213d7cmr40287545pjr.30.1684336565889; Wed, 17 May 2023 08:16:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684336565; cv=none; d=google.com; s=arc-20160816; b=AmXt71//ozjFlGrN26az1i2HPmxR5dhQV3wxnivuS/6Wcwb7B4u/8NTsBXFaiHavYd ZS2X7qAabCLHsQ0Y7aza7gGnK+pVYYFSlHgFWhS/ImusYOPjrIJLBE45GRO4NcxsE4yc M71Ib5mCCmtMp1LycinIXT444/Joj3k1k/evhWIMSfqX1E7POkTE+eMVh8h3ea6bW4Aw QKtLIG7WEWYdibG7ExnVWHzQeyC72mL0jGw4XxVJJnboX1FLFeubzuUCjwzIOA0pl5af 3FeSU321angyhUZRr6xNZg6gK52jcFzLGcSgAKr7IeHXAn9qBLa63oaL53FIZQ04Lpzq PV0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=HaRr2VysVRtVHt+rGQKM4e3kdIisd779PBbQpW9NRVl2qDoz4g9HyitXAYPZM3Tujg EelnxURBTgdicu/o+LGDWELnhmkyrbi6ss5awbNTl+BlBSc5MeLVGLeC9Ew1FGMTgbMv Cm/F+IQTiZjk6PpalqU2E1O6YQsvexSiq4F33SPODUQlYM3BvkZ2xdNbnq8Pwx7yi2ka AH1Os1Qy/12KuehyOFmvcgoK3VsAYStC7XBBVtiSXMZyWWPI7nzIMlpyVkoQhR6kqsAa z34xR1cuBVnsIh9mVXjaqdylkCNZfNgh4KG4AFXM84gqxCl4oNklWxriv0jEgSmIidcS nbsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AVvl6WpR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jj9-20020a170903048900b001a6d08dc834si19847803plb.22.2023.05.17.08.15.52; Wed, 17 May 2023 08:16:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AVvl6WpR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231989AbjEQPGw (ORCPT + 99 others); Wed, 17 May 2023 11:06:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231966AbjEQPG1 (ORCPT ); Wed, 17 May 2023 11:06:27 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BBF7A5D3 for ; Wed, 17 May 2023 08:05:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684335856; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=AVvl6WpRLnQ3H8wtsI401rmZ1NvYbvOboWkKsRRSx/wZy6WUDjiuGM6nNx1IqK0oDoCVql EfkIYHivwHkkc3Qe5ZwJgmhLxzDGt/tQOEJat4IsHwwWB0+opCwFVJQI/QxEurdLc+lOWq HOCMrCEA2WkoOBFR1mff3ZhX35C1TeE= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-192-xI2Sxs1qPwu4pWcRJCDoVg-1; Wed, 17 May 2023 11:04:14 -0400 X-MC-Unique: xI2Sxs1qPwu4pWcRJCDoVg-1 Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-74faf5008bbso3251585a.0 for ; Wed, 17 May 2023 08:04:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684335853; x=1686927853; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5R80nbUZwWFiHdR78rMDNlvBGteEPIxCifWqkv+jAN8=; b=JkfFNt00JO34QH8j0nTKbzmg+o9W9nhve2QkghLXaV2MRyTk3x+992q5bYjXeiQibx cpEMLoE8/o26DYs758qLFu2Rwyf2+hlV4Lx4SCIkpPwq24+7sER5n0ZW5iNWJhYINTAn MxrhTu8Q04yE8m6gDVuco3nLQyJM6hGfPl7q7nT/5AoYbRQAuorTnMYIV2dIPwMbb9s4 GmTosN2WaW4B44buK1XUQWie5EXlbj0RMzilII5R6qXDX3BDp2IRnhwM/CmGTdeLpgg2 Z9ZQfmBbt8guRCihUshtqkQ+HSZLDGS4f3tITfUkmVfjovHFTGyLOpQQzFZmt8wghQso sRXw== X-Gm-Message-State: AC+VfDzyBQDvlQR27xxC60OrDlNgfpEHAc/Iu6Bo11f6hde9hIy8dODl bQ/uLCe54/OeJ3S2IoCczVyh5zWr6FsUnc5ioRd/1Mb5hH6nOGMECG361Qvzcj9+nImWSyb2ZVL mw6gmDaZH8YDiKw4O6+X5AE0BbFgIQy+QIu1x/xhPuT+WEyB4KBNQif+cHT/H5Q2GhNilIyoruK XZKjEbQw== X-Received: by 2002:a05:6214:cc8:b0:623:5678:1285 with SMTP id 8-20020a0562140cc800b0062356781285mr5664678qvx.2.1684335852882; Wed, 17 May 2023 08:04:12 -0700 (PDT) X-Received: by 2002:a05:6214:cc8:b0:623:5678:1285 with SMTP id 8-20020a0562140cc800b0062356781285mr5664630qvx.2.1684335852517; Wed, 17 May 2023 08:04:12 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id u10-20020a05620a120a00b0074d4cf8f9fcsm661141qkj.107.2023.05.17.08.04.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 08:04:11 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Lorenzo Stoakes , Andrew Morton , "Liam R . Howlett" , Mark Rutland , Andrea Arcangeli , Mike Rapoport , peterx@redhat.com, Alexander Viro , linux-stable Subject: [PATCH 1/2] mm/uffd: Fix vma operation where start addr cuts part of vma Date: Wed, 17 May 2023 11:04:07 -0400 Message-Id: <20230517150408.3411044-2-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517150408.3411044-1-peterx@redhat.com> References: <20230517150408.3411044-1-peterx@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766154898817500421?= X-GMAIL-MSGID: =?utf-8?q?1766154898817500421?= It seems vma merging with uffd paths is broken with either register/unregister, where right now we can feed wrong parameters to vma_merge() and it's found by recent patch which moved asserts upwards in vma_merge() by Lorenzo Stoakes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ The problem is in the current code base we didn't fixup "prev" for the case where "start" address can be within the "prev" vma section. In that case we should have "prev" points to the current vma rather than the previous one when feeding to vma_merge(). This patch will eliminate the report and make sure vma_merge() calls will become legal again. One thing to mention is that the "Fixes: 29417d292bd0" below is there only to help explain where the warning can start to trigger, the real commit to fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the issue, but unfortunately we may want to keep it in Fixes too just to ease kernel backporters for easier tracking. Cc: Lorenzo Stoakes Cc: Mike Rapoport (IBM) Cc: Liam R. Howlett Reported-by: Mark Rutland Fixes: 29417d292bd0 ("mm/mmap/vma_merge: always check invariants") Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs") Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ Cc: linux-stable Signed-off-by: Peter Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- fs/userfaultfd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0fd96d6e39ce..17c8c345dac4 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1459,6 +1459,8 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; ret = 0; for_each_vma_range(vmi, vma, end) { @@ -1625,6 +1627,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; + ret = 0; for_each_vma_range(vmi, vma, end) { cond_resched(); From patchwork Wed May 17 15:04:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 95350 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:6358:3046:b0:115:7a1d:dabb with SMTP id p6csp1102046rwl; Wed, 17 May 2023 08:29:34 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4xjFjTuPkj3Ets6wgesqO4JVPoBJs7oWaU+KRv78q4hUsPICZbSDM3Sk8LszETk75zFLbT X-Received: by 2002:a05:6a00:1791:b0:63b:5501:6795 with SMTP id s17-20020a056a00179100b0063b55016795mr1823879pfg.24.1684337374302; Wed, 17 May 2023 08:29:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684337374; cv=none; d=google.com; s=arc-20160816; b=n+Uliyx4w4BAcvW16k1MmW5/lAFBarUAHzfldR1Xyc0MgXTdb1G6Ai0Is+uS5Ydxij oJJvo5Udl7yONnYR5eGwaV1NMQYpT6Kb5WqrvRg5rcPHAeNOKvGuXzm+XMVJR9ir6FDz B7EWs91U3tzHlAMVsBJqAoj1F1A2iScDClN3GKbkrHx9YIkb0sRbQwpH1E15b7K2q/7U 2x2ocTUEHKU/jGRSWfp53h+rs1BjEM9QxATvoKPGC/ZN9fV86LZq6LvO41nQzCnNwehW +6YH6gn+jI6dQAxbhDcn5Hhvv9/Uy02ZUWmnaKYkhfSVW5Nsw/5luErLUggfNnaoeLkp Xb/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ms+Yw6xLDbHeWgltH2GeZ/mYx1EXxuQy0fD+zKwpp0k=; b=ONd55KPcEdgLLUdSfYo985GNk3vSPvoxHiPWSK2blXurW6i9kQlTd7FJtkRyg5xT7y oEJ7q1Q2Pn6aOLKgWd6yftBcfNpYHdLB1/xAgqlnI69IUILiOdhE+9u+FXIVuHXmg7L2 2kaTfHVWZT6Sw9+AY56jXFKNepNgVEcSy+FBh0dZs93AwZ9gF8ouPO0XUg2YqLCYjd7J lJ9stXAvvlHNE0xBMlfU0Z36s+1HS70eO2hN1Rdo8PQ+tRm0rLF8ete3ZIDNCkdnKbAn UiZZwMjXvk/VliK9uqq5gUHA0h7PqXYrQi9/KkbEGtfnxzhhLdSK6h3JDfnlYJ2UBThX ZBxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gUgCtHWV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b201-20020a621bd2000000b00643a695e976si21984107pfb.291.2023.05.17.08.29.22; Wed, 17 May 2023 08:29:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gUgCtHWV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231756AbjEQPGn (ORCPT + 99 others); Wed, 17 May 2023 11:06:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32780 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231769AbjEQPG0 (ORCPT ); Wed, 17 May 2023 11:06:26 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95B31A5C4 for ; Wed, 17 May 2023 08:05:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684335885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ms+Yw6xLDbHeWgltH2GeZ/mYx1EXxuQy0fD+zKwpp0k=; b=gUgCtHWV+6U//UcbdmPRdwiZR/+CfGY0UyX4Om2P0oIJo79KwiEcZ6h5uNfNjuA/An4BjL 5sOfBD6ZK6+KFJtTHZsjIKL3RAdjCoBoP5rL+djO7GPAkPKZHf+2dZPw3Fphd8xkYsDtDc LdpgNvc2X219neQkSA1tgoWAbDEPSaU= Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-422-bG2_vudaOT2Z1n_fYIu0ig-1; Wed, 17 May 2023 11:04:18 -0400 X-MC-Unique: bG2_vudaOT2Z1n_fYIu0ig-1 Received: by mail-qt1-f198.google.com with SMTP id d75a77b69052e-3f387d3b41eso1457741cf.1 for ; Wed, 17 May 2023 08:04:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684335855; x=1686927855; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ms+Yw6xLDbHeWgltH2GeZ/mYx1EXxuQy0fD+zKwpp0k=; b=Z8x4v8ItF51IY3uqkJx76/gn2tIKXYt1+mkxJefHqDAQa35xR4xiJrk6CkhgwOSn4B s4kM6uR/GEDmukE3vsZwWy6BLBJyVUIZLeFV12tDbdduRJ9aErm3Q2TSwyZ2RlwHiEjR uK0i4qBkBxfQrCimxZ5CYsdQjeheOZcp/bCAq0tufZVVbEy/qoKgVV4m6CMQ5J3hL7MR bt+JAZVxcjNG4165X83DrEETVbEaN5bOEcigJIPkU7tqWuq6znbZiLuMRGEV+7BR5Vsm /6GC6FHHN2qCjOfJrvB3fTDEYzg0x5CweId6Hu9V3NTn14ll9vwMgRlrWfopyGvqaRXN tn0w== X-Gm-Message-State: AC+VfDwZGC5Y53vIL9lKEaU9ebpDZH10HmyGfF8SN1cbE4lfKiHtpGZt 10BPU9ouR9/woUC/imWrQkt7yedGIY5U+jWxsSZfKxzBRsgNOmMWZExqeDwgwCh0IU2tXF89fz8 pUKbaKh4FiSWw40G4RSutZJa0AXOLbkaoCiQOFzwPK9rMVpxOYlwIWt47Gqxayy4IXzB1pSgCVh h0EAgQ3w== X-Received: by 2002:a05:622a:1a9e:b0:3f4:e9bc:22e with SMTP id s30-20020a05622a1a9e00b003f4e9bc022emr5674309qtc.6.1684335854967; Wed, 17 May 2023 08:04:14 -0700 (PDT) X-Received: by 2002:a05:622a:1a9e:b0:3f4:e9bc:22e with SMTP id s30-20020a05622a1a9e00b003f4e9bc022emr5674272qtc.6.1684335854592; Wed, 17 May 2023 08:04:14 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id u10-20020a05620a120a00b0074d4cf8f9fcsm661141qkj.107.2023.05.17.08.04.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 08:04:13 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Lorenzo Stoakes , Andrew Morton , "Liam R . Howlett" , Mark Rutland , Andrea Arcangeli , Mike Rapoport , peterx@redhat.com, Alexander Viro , linux-stable Subject: [PATCH 2/2] mm/uffd: Allow vma to merge as much as possible Date: Wed, 17 May 2023 11:04:08 -0400 Message-Id: <20230517150408.3411044-3-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517150408.3411044-1-peterx@redhat.com> References: <20230517150408.3411044-1-peterx@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766155746529533398?= X-GMAIL-MSGID: =?utf-8?q?1766155746529533398?= We used to not pass in the pgoff correctly when register/unregister uffd regions, it caused incorrect behavior on vma merging and can cause mergeable vmas being separate after ioctls return. For example, when we have: vma1(range 0-9, with uffd), vma2(range 10-19, no uffd) Then someone unregisters uffd on range (5-9), it should logically become: vma1(range 0-4, with uffd), vma2(range 5-19, no uffd) But with current code we'll have: vma1(range 0-4, with uffd), vma3(range 5-9, no uffd), vma2(range 10-19, no uffd) This patch allows such merge to happen correctly before ioctl returns. This behavior seems to have existed since the 1st day of uffd. Since pgoff for vma_merge() is only used to identify the possibility of vma merging, meanwhile here what we did was always passing in a pgoff smaller than what we should, so there should have no other side effect besides not merging it. Let's still tentatively copy stable for this, even though I don't see anything will go wrong besides vma being split (which is mostly not user visible). Cc: Andrea Arcangeli Cc: Mike Rapoport (IBM) Cc: linux-stable Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization") Signed-off-by: Peter Xu Acked-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- fs/userfaultfd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 17c8c345dac4..4e800bb7d2ab 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1332,6 +1332,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, bool basic_ioctls; unsigned long start, end, vma_end; struct vma_iterator vmi; + pgoff_t pgoff; user_uffdio_register = (struct uffdio_register __user *) arg; @@ -1484,8 +1485,9 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_end = min(end, vma->vm_end); new_flags = (vma->vm_flags & ~__VM_UFFD_FLAGS) | vm_flags; + pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags, - vma->anon_vma, vma->vm_file, vma->vm_pgoff, + vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), ((struct vm_userfaultfd_ctx){ ctx }), anon_vma_name(vma)); @@ -1565,6 +1567,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, unsigned long start, end, vma_end; const void __user *buf = (void __user *)arg; struct vma_iterator vmi; + pgoff_t pgoff; ret = -EFAULT; if (copy_from_user(&uffdio_unregister, buf, sizeof(uffdio_unregister))) @@ -1667,8 +1670,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, uffd_wp_range(vma, start, vma_end - start, false); new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS; + pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags, - vma->anon_vma, vma->vm_file, vma->vm_pgoff, + vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), NULL_VM_UFFD_CTX, anon_vma_name(vma)); if (prev) {