From patchwork Wed May 17 19:09:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 95500 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1362828vqo; Wed, 17 May 2023 12:12:52 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4n2U/qREBg3ide5Yt/FeFRV1zGMHR05xo0DPum/hoEQjr2HgNo8edOsGrtmyA4oLjLSh1c X-Received: by 2002:a17:90a:68c1:b0:24d:fba9:80e9 with SMTP id q1-20020a17090a68c100b0024dfba980e9mr733503pjj.23.1684350772031; Wed, 17 May 2023 12:12:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684350772; cv=none; d=google.com; s=arc-20160816; b=zgRfcpHEf+p2NRC8x8zs4lD2uStScceC/QqEAVMrCRyyKpTi4xmGi85xw2qzm+A+e9 pLYktwlWDg6g4t/IOrCaUAe5NCeZGsFz+T1Us3PLaWEont2+00DmcJ6ZBMF7Iz9nOKu6 Rje6T9YB3OE8M3UtQsOS5VibuUMjE7HbirS9R+96GroSVs/6fhhBTfnSjfTAoDE2k8C7 gPDbVXDhDnB8NJmriEIE6XodGKBIXgCdINE/94MjhZjIxnPBrcBS8wOt5JdufGp4y8Le dB1dqC+gpkWuV9AIJUmc7cOF8XOi8zBDcT/HqP7VNBYaeWtEeteAXTleKmJueIQpDuYD 2daQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=qb1JMWaoJBAkhuVK83wVNSVsJTNnl2ZbaNH5IL/Yhx/+pJ256JRYNLYqcGPMBId0QZ gBGTD5dr4nWTSEQxGWEeAZRwaogGZVnzmPv9sQyCG+IRPOYGHMZA4rsg2830AKd+/1e0 cq29D/Jghtc5YowrwYSXUKmmPfDJReZgkaA4/kQWd/VvgtHMbymbiNuO9nUaN1fvlUqc wQOMYlXUdIHSo2/Zi26/wVFh0zP0I8ozAo0WvI2UmsFLgg9OnQ2hXjSolGthip/uEBPh ffaio/d/tN5h5JsrL5QNxMqe0yJGiI0kvCjOqjLjGLw+PF0PKGUd6yGEDCFDA67s3K7f KZkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Gtrr0Hq0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o8-20020a639208000000b005342404c2c7si7908926pgd.658.2023.05.17.12.12.39; Wed, 17 May 2023 12:12:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Gtrr0Hq0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229780AbjEQTKX (ORCPT + 99 others); Wed, 17 May 2023 15:10:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229574AbjEQTKV (ORCPT ); Wed, 17 May 2023 15:10:21 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44FE083C5 for ; Wed, 17 May 2023 12:09:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684350564; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=Gtrr0Hq0NXrkjSbKP/wTRsx6tfagXDJJbOT3+j/N+0SnV+jXf3ZfSCW4HIVILMDvU7fj5i aMZEq8nYLbygoH4LZAy22bm0vehxisHAN1sNPlAdgQxx4pJa83A25cnvrLr4Emlkr2O9UJ i5FdH7Ft/PYGD5N1ogqgQc/A/aCfK5M= Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-138-hrZzoHSVOR-v2Cbqz3SdWA-1; Wed, 17 May 2023 15:09:23 -0400 X-MC-Unique: hrZzoHSVOR-v2Cbqz3SdWA-1 Received: by mail-qt1-f197.google.com with SMTP id d75a77b69052e-3f39195e7e5so2360161cf.0 for ; Wed, 17 May 2023 12:09:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684350562; x=1686942562; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X0vLIGQ76sSG5EGgMh6kBM7wgWyPxuvXNfJPYChH6HQ=; b=LV9waJnguUZoLSNzcwjaC+VVd3bjuIJkm7S4qW6OWgqbjbB+uIQ3AKbdSaPbky913y 6pqBYPBxzNIfboUlbyFc8VS7aKOBi2bSMulFAcj1w6zG7IRyUhRIasLgDwWbazOiwj2m RTw+EP3Ry/FGxmkxjjXtKk4PupCHQTBh0cVmeDSzJ+WMAhQorbIbAtQtyk2fNVXzMQOV vkf9+xK431nucZP8sH7QpBhRBVIOMX4XOinqWU0ra9pvej/r6DCD1uFSy6QvKlpf2wJ2 C1TrOvXFjBiTemiU1qtKaPCWRmiDqlCRYnsElZH+TH6acHSPuUhOl0aGPWrG1DFqZi3L WMSQ== X-Gm-Message-State: AC+VfDzf/WPlQRBwrWdF4D97fjuEdENEPbCdwxUunKI7MBc0r+b4x1ue P8r4NfxLaBFPycoq9Mf1y4HzzCtGyVycGhyaHbMwvhMyiCSazjgbq95Pkt95bop9W7Flt4uyA3G adfUCxy42Va4+4efXdrDVnmI6ICJ6U7wNvUFKNTd654QdhZk4ibkVN0xXDR1LPb5cLbFix7L4FQ hDgpFqGg== X-Received: by 2002:a05:622a:2cd:b0:3ef:4614:d0de with SMTP id a13-20020a05622a02cd00b003ef4614d0demr6995421qtx.4.1684350561922; Wed, 17 May 2023 12:09:21 -0700 (PDT) X-Received: by 2002:a05:622a:2cd:b0:3ef:4614:d0de with SMTP id a13-20020a05622a02cd00b003ef4614d0demr6995376qtx.4.1684350561541; Wed, 17 May 2023 12:09:21 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id k21-20020a05620a143500b0075954005b46sm833464qkj.48.2023.05.17.12.09.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 12:09:20 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Mike Rapoport , peterx@redhat.com, Alexander Viro , Andrew Morton , "Liam R . Howlett" , Andrea Arcangeli , Mark Rutland , Lorenzo Stoakes , linux-stable Subject: [PATCH v2 1/2] mm/uffd: Fix vma operation where start addr cuts part of vma Date: Wed, 17 May 2023 15:09:15 -0400 Message-Id: <20230517190916.3429499-2-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517190916.3429499-1-peterx@redhat.com> References: <20230517190916.3429499-1-peterx@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766169795209714380?= X-GMAIL-MSGID: =?utf-8?q?1766169795209714380?= It seems vma merging with uffd paths is broken with either register/unregister, where right now we can feed wrong parameters to vma_merge() and it's found by recent patch which moved asserts upwards in vma_merge() by Lorenzo Stoakes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ It's possible that "start" is contained within vma but not clamped to its start. We need to convert this into either "cannot merge" case or "can merge" case 4 which permits subdivision of prev by assigning vma to prev. As we loop, each subsequent VMA will be clamped to the start. This patch will eliminate the report and make sure vma_merge() calls will become legal again. One thing to mention is that the "Fixes: 29417d292bd0" below is there only to help explain where the warning can start to trigger, the real commit to fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the issue, but unfortunately we may want to keep it in Fixes too just to ease kernel backporters for easier tracking. Cc: Lorenzo Stoakes Cc: Mike Rapoport (IBM) Cc: Liam R. Howlett Reported-by: Mark Rutland Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Fixes: 29417d292bd0 ("mm/mmap/vma_merge: always check invariants") Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs") Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ Cc: linux-stable Signed-off-by: Peter Xu --- fs/userfaultfd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0fd96d6e39ce..17c8c345dac4 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1459,6 +1459,8 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; ret = 0; for_each_vma_range(vmi, vma, end) { @@ -1625,6 +1627,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, vma_iter_set(&vmi, start); prev = vma_prev(&vmi); + if (vma->vm_start < start) + prev = vma; + ret = 0; for_each_vma_range(vmi, vma, end) { cond_resched(); From patchwork Wed May 17 19:09:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 95503 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp2331vqo; Wed, 17 May 2023 12:26:52 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6fmxrvpSUbipZawO3yA4wGg0jjQIon4opdV6NngwMkfbMGSfBVJKj1zRWIkpsz/2Wk1VU6 X-Received: by 2002:a17:902:ea0c:b0:1ad:d542:6e14 with SMTP id s12-20020a170902ea0c00b001add5426e14mr3899056plg.12.1684351611984; Wed, 17 May 2023 12:26:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684351611; cv=none; d=google.com; s=arc-20160816; b=0Gl+vdQuEoXJ/2IKEb1zjqhWiAe9sdX6U/fwBXCrafDLBgOCZZiG2wGadTZdsBdaEb YdjkWZE74nQYQNBlrvnNv7B9Z76PIBAd0fWDzsPLcqFsiwpXQBTSNsSaAwqCkS2svFCr xJCHxcuTBtFwJGyczHGRjrKEqTy+WKdzPr7afO4LL6g0atUakhngp4kfRgbxxQwNU3y5 6bpLxRQl4J6UNPH43cg7dfSNLJ+E69Gobz+R5+VtoEjvElfdj6IY8UtJBo3AzwTN+mav UqGJJ1GF9ZaVdvQRAzoYrq41Q7xS2fWj2Qwg8rrNylTknegP80gwsCpRF5n+p1eMPPVT 3Kuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=iN+jv8msY1qYvEsq3XmStz9lSIVf2EzEiCXgZiX6HJw=; b=ICa0TNV7EDIAZePnNx9AZ19P7ZuU48oR6zlT8ZFyqiPPytunsX2AGSl7OHOf66pjME fqJw3jXrm0nDAb7mIMQatHhDv+zV/PHYGhI28S3vdhekwjm/M6Ob5xRvkCpKDHy6sPHm a2DQYwd0rvYylllje+sUVDB0+xwdJk8BXJMlziUPI2M65l4YtTvmIvoT6dlRwBHl6db5 Njputwn7F1LETFxB8WpLxV+UYXk6AkupWDe6bY6H5loBi3184JSqwNItu8LRM65szqed l25cT2RHpCFgDuBo0ZZ7TRHF50s9mfv9XzOn4h7XHlvJ5lZAxDQq2qTK8XrzsOtgFbay +FhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KgLxnzeZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a6-20020a170902900600b001ab039a411csi20782053plp.17.2023.05.17.12.26.38; Wed, 17 May 2023 12:26:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KgLxnzeZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229937AbjEQTKe (ORCPT + 99 others); Wed, 17 May 2023 15:10:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229905AbjEQTK2 (ORCPT ); Wed, 17 May 2023 15:10:28 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6B1993CA for ; Wed, 17 May 2023 12:09:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684350566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iN+jv8msY1qYvEsq3XmStz9lSIVf2EzEiCXgZiX6HJw=; b=KgLxnzeZY+W5HaBEm/0wzPd2ALK2artPQSTq6KYZxa/2koPZi8vJEdNyrJsM7R+X4vCdoo vp9UqFtGYYRwPkW2Pto3cdFbYEaQG2oRv6Kg8VsPxBf74/TW6eu542lpxvZi+hGt+QiLn6 KfzBb3Mom66d749nwDBeaQUL71sEHMI= Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-619-46-WjkqdNkC8wi2jzFmZ7Q-1; Wed, 17 May 2023 15:09:25 -0400 X-MC-Unique: 46-WjkqdNkC8wi2jzFmZ7Q-1 Received: by mail-qv1-f71.google.com with SMTP id 6a1803df08f44-62387ccd3bdso1582316d6.1 for ; Wed, 17 May 2023 12:09:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684350564; x=1686942564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iN+jv8msY1qYvEsq3XmStz9lSIVf2EzEiCXgZiX6HJw=; b=ePb2itYHjhdiSJgSbBNFWFaunHoN88DMXznxPVxoOs9eZnQger4qa3RkJBKBi17nLo ThWjA67Tk4YkY9d+IQSD+CMbX6VFUZKBXbdBGNEEJUgs/IIImx2UmSLsjDmzgl/IQT5W ++PyAelYam6lTAsgFTiYw7l/rL13OOqcZKgZsfpUiDa5E7/t5K80b2396q0tKSCPWbjc +4Y3a8icvSU7mAL9wlRgJEjrFjE1J6er8NPI7WUgvdj1dP6/50rU7HDAdcLv/1PjETPy eOGFXdnWOgGn1vKycjYnHxuOSFaafGu2Y8XTLIZSTfnazx0kRenQJ/wSWU3STuBRaVWL 2z6w== X-Gm-Message-State: AC+VfDzSKC6w/IQ+GMY2umnInQtIq+cudOQZePWmFCH/TANYGtD1ko7P 9+hGMu5FlrS/qf7a9YtnNx7LKU2G2mXw4+wkBF5YWlXNJjt3au0JKhMr+GGXaPwhCwyBfxMjS38 2l0ZkWOphRyadWNddmT3GOkm99+q0oYJBZ5giT/5TqrOB4JMsf6DpVQ/A3Ni7N/CNgpPoOYPBJ+ nyA1NNfw== X-Received: by 2002:a05:6214:c2d:b0:61b:7115:55a9 with SMTP id a13-20020a0562140c2d00b0061b711555a9mr7053406qvd.0.1684350564449; Wed, 17 May 2023 12:09:24 -0700 (PDT) X-Received: by 2002:a05:6214:c2d:b0:61b:7115:55a9 with SMTP id a13-20020a0562140c2d00b0061b711555a9mr7053354qvd.0.1684350564106; Wed, 17 May 2023 12:09:24 -0700 (PDT) Received: from x1n.. (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id k21-20020a05620a143500b0075954005b46sm833464qkj.48.2023.05.17.12.09.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 12:09:23 -0700 (PDT) From: Peter Xu To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Mike Rapoport , peterx@redhat.com, Alexander Viro , Andrew Morton , "Liam R . Howlett" , Andrea Arcangeli , Mark Rutland , Lorenzo Stoakes , linux-stable Subject: [PATCH v2 2/2] mm/uffd: Allow vma to merge as much as possible Date: Wed, 17 May 2023 15:09:16 -0400 Message-Id: <20230517190916.3429499-3-peterx@redhat.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230517190916.3429499-1-peterx@redhat.com> References: <20230517190916.3429499-1-peterx@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766170675883869008?= X-GMAIL-MSGID: =?utf-8?q?1766170675883869008?= We used to not pass in the pgoff correctly when register/unregister uffd regions, it caused incorrect behavior on vma merging and can cause mergeable vmas being separate after ioctls return. For example, when we have: vma1(range 0-9, with uffd), vma2(range 10-19, no uffd) Then someone unregisters uffd on range (5-9), it should logically become: vma1(range 0-4, with uffd), vma2(range 5-19, no uffd) But with current code we'll have: vma1(range 0-4, with uffd), vma3(range 5-9, no uffd), vma2(range 10-19, no uffd) This patch allows such merge to happen correctly before ioctl returns. This behavior seems to have existed since the 1st day of uffd. Since pgoff for vma_merge() is only used to identify the possibility of vma merging, meanwhile here what we did was always passing in a pgoff smaller than what we should, so there should have no other side effect besides not merging it. Let's still tentatively copy stable for this, even though I don't see anything will go wrong besides vma being split (which is mostly not user visible). Cc: Andrea Arcangeli Cc: Mike Rapoport (IBM) Cc: linux-stable Reported-by: Lorenzo Stoakes Acked-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization") Signed-off-by: Peter Xu --- fs/userfaultfd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 17c8c345dac4..4e800bb7d2ab 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1332,6 +1332,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, bool basic_ioctls; unsigned long start, end, vma_end; struct vma_iterator vmi; + pgoff_t pgoff; user_uffdio_register = (struct uffdio_register __user *) arg; @@ -1484,8 +1485,9 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, vma_end = min(end, vma->vm_end); new_flags = (vma->vm_flags & ~__VM_UFFD_FLAGS) | vm_flags; + pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags, - vma->anon_vma, vma->vm_file, vma->vm_pgoff, + vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), ((struct vm_userfaultfd_ctx){ ctx }), anon_vma_name(vma)); @@ -1565,6 +1567,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, unsigned long start, end, vma_end; const void __user *buf = (void __user *)arg; struct vma_iterator vmi; + pgoff_t pgoff; ret = -EFAULT; if (copy_from_user(&uffdio_unregister, buf, sizeof(uffdio_unregister))) @@ -1667,8 +1670,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, uffd_wp_range(vma, start, vma_end - start, false); new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS; + pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags, - vma->anon_vma, vma->vm_file, vma->vm_pgoff, + vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), NULL_VM_UFFD_CTX, anon_vma_name(vma)); if (prev) {