From patchwork Thu Nov 16 20:15:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 165936 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9910:0:b0:403:3b70:6f57 with SMTP id i16csp90817vqn; Thu, 16 Nov 2023 12:17:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IGLXZZX5AjdrRUUim9dI/tUt/T3beHaT8JYD1A8pjZZv9hIXryfnR1qe2U69MhP2gzuk0BG X-Received: by 2002:a17:902:db0a:b0:1cb:dc81:379a with SMTP id m10-20020a170902db0a00b001cbdc81379amr3902836plx.53.1700165829846; Thu, 16 Nov 2023 12:17:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700165829; cv=none; d=google.com; s=arc-20160816; b=QjmGgiOIPJddEmIHz1rWnvgn7iC2aIyJjWbL6VNIrCMeTI1A7TWR6ynSMy0Q/hT9Iy YfyXOQo3glNQ5Gd5pdGHORY8BSalyx4h9mxK3btFNaQr+iCFVQ8cWQAuPp7dXU9TeAro 0LAjZKoIS27ZDXejUR60yA1CVKYMg1IicBIFQ5v4F2i6/9cZhyVYrbokx7pFvwgXISar /Tvz6ilvU5nBTHxBmyNxTi6haXipAQRefE47Sqpz83Dxfpd3qFEv69Y636cbh3A3Wcbq vOlP/q9OgL4/jJN8VTUBgWlZipfD32ZCpE/pYHz69eXIbWG0u+uZZSLJ7a0uAB4+0Oqi x5yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=K5Hs9QdfwrjJDDWeQ9cxEQGj2Q5OwzhPOjdAfeINdzY=; fh=zayWhtT8b3GDaXyzU69uJmn14byt5WMoSkT+9wgojr4=; b=UrJXCJFvp3/FP7UaVOQyWhUAao4vcN7O6nIvPH98wCu4luCE1NbowoOVDaXVNaAHvW qy2U2MDAWfRVfWpqklg3FspIn8DgL0QrLyY2G2V2qSFZlafiDIOFephhuID7zeogWRZw qC+/fjF3VzS2VEs75OqExNi6vRNJ3tjRhq/fpEHL5yzgbahFThLjY51sE37gENGN2v94 W8URR50IFTE26sQZDI6JZsRT3OoNBI0kbUVlI8OOzsxB23o47NCYYLg+r2GCtsn/Xji5 GSgetcqOEYc/gnHCNdaIiMlaeVotcQywbwavTo8ulGZXjhwnVnmLNUIqPBfFPOq+OWe5 XeCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Ht139EY9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id p9-20020a170902bd0900b001ce5b6de761si123126pls.447.2023.11.16.12.17.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:17:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Ht139EY9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 58F4B80981AF; Thu, 16 Nov 2023 12:16:12 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345532AbjKPUQB (ORCPT + 30 others); Thu, 16 Nov 2023 15:16:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345396AbjKPUP6 (ORCPT ); Thu, 16 Nov 2023 15:15:58 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A62E6131 for ; Thu, 16 Nov 2023 12:15:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700165753; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K5Hs9QdfwrjJDDWeQ9cxEQGj2Q5OwzhPOjdAfeINdzY=; b=Ht139EY9bgY4hLQn0dJcnFqesDIAwPtigeCY7vvmzJnvaN9pBIjOFTLRfaq/d9GmtRqOfa 7hVeS6+ZJpMj4j3Acr7dK/emKLQTADVCujwDQZanCe0/jj/AVxOz2wOUtBbqeLvX/xa+p6 536DAgj00N8xlQNiYTLGE7jAyBcxoCY= Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com [209.85.219.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-122-eEapdL2RNEexFak4aCs0gw-1; Thu, 16 Nov 2023 15:15:52 -0500 X-MC-Unique: eEapdL2RNEexFak4aCs0gw-1 Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-66ffa15d354so3241316d6.0 for ; Thu, 16 Nov 2023 12:15:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700165752; x=1700770552; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5Hs9QdfwrjJDDWeQ9cxEQGj2Q5OwzhPOjdAfeINdzY=; b=Gz6pvDvpkJ6vIg5+/j5OA4jdggLdYS0NfMQGmToZxxPvg9MJIz20uksomsyGoRxsRq gSfKac7y8hqwh6CMWydTouD2Zri/N8IIaYJK67+sHsaW1l2cNK/aM66rL6TVVWNYom1F 3dqFU9U5snRBHk7TYDvEPaEgg/B0TBd5XK6sM4iymoSr2C1NOsppWtgm7q7tdnUU4Bh9 LC4A0VBacqOAWWhRh86G4JNSbbpRmrNL19ui63nVs6V07I3wBGwURWNcYlJOD8leiiWF tbPzqb2BcHRiQzHjJSHX0rJLR0r80S8DuwoCvtYI4FnfigLHD/vhATm6pVs/SppMk7Em Bgzw== X-Gm-Message-State: AOJu0YzMTsAzEHZhdzEmfJ+v3HIITmWZouenjGv5NcgX3hdHnX74BEmZ jH5jWOUd/nSKTyfMy7cQ9ifgh7DgiYpeSiooKuV0Y9bwNqQHwvr5O+NxzTMcZqyUWe0pd57mq3L gyHT3+zj5WB637Ku6YVuwa4zR X-Received: by 2002:a05:620a:4687:b0:76d:9234:1db4 with SMTP id bq7-20020a05620a468700b0076d92341db4mr10712155qkb.7.1700165751876; Thu, 16 Nov 2023 12:15:51 -0800 (PST) X-Received: by 2002:a05:620a:4687:b0:76d:9234:1db4 with SMTP id bq7-20020a05620a468700b0076d92341db4mr10712123qkb.7.1700165751543; Thu, 16 Nov 2023 12:15:51 -0800 (PST) Received: from x1n.redhat.com (cpe688f2e2cb7c3-cm688f2e2cb7c0.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id b19-20020a05620a271300b007659935ce64sm65524qkp.71.2023.11.16.12.15.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:15:50 -0800 (PST) From: Peter Xu To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: peterx@redhat.com, Muhammad Usama Anjum , Andrew Morton , David Hildenbrand , Andrei Vagin , syzbot+e94c5aaf7890901ebf9b@syzkaller.appspotmail.com Subject: [PATCH 1/3] mm/pagemap: Fix ioctl(PAGEMAP_SCAN) on vma check Date: Thu, 16 Nov 2023 15:15:45 -0500 Message-ID: <20231116201547.536857-2-peterx@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231116201547.536857-1-peterx@redhat.com> References: <20231116201547.536857-1-peterx@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 16 Nov 2023 12:16:12 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782753085480157872 X-GMAIL-MSGID: 1782753085480157872 The new ioctl(PAGEMAP_SCAN) relies on vma wr-protect capability provided by userfault, however in the vma test it didn't explicitly require the vma to have wr-protect function enabled, even if PM_SCAN_WP_MATCHING flag is set. It means the pagemap code can now apply uffd-wp bit to a page in the vma even if not registered to userfaultfd at all. Then in whatever way as long as the pte got written and page fault resolved, we'll apply the write bit even if uffd-wp bit is set. We'll see a pte that has both UFFD_WP and WRITE bit set. Anything later that looks up the pte for uffd-wp bit will trigger the warning: WARNING: CPU: 1 PID: 5071 at arch/x86/include/asm/pgtable.h:403 pte_uffd_wp arch/x86/include/asm/pgtable.h:403 [inline] Fix it by doing proper check over the vma attributes when PM_SCAN_WP_MATCHING is specified. Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Reported-by: syzbot+e94c5aaf7890901ebf9b@syzkaller.appspotmail.com Signed-off-by: Peter Xu Reviewed-by: David Hildenbrand Reviewed-by: Andrei Vagin Reviewed-by: Muhammad Usama Anjum --- fs/proc/task_mmu.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 51e0ec658457..e91085d79926 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -1994,15 +1994,31 @@ static int pagemap_scan_test_walk(unsigned long start, unsigned long end, struct pagemap_scan_private *p = walk->private; struct vm_area_struct *vma = walk->vma; unsigned long vma_category = 0; + bool wp_allowed = userfaultfd_wp_async(vma) && + userfaultfd_wp_use_markers(vma); - if (userfaultfd_wp_async(vma) && userfaultfd_wp_use_markers(vma)) - vma_category |= PAGE_IS_WPALLOWED; - else if (p->arg.flags & PM_SCAN_CHECK_WPASYNC) - return -EPERM; + if (!wp_allowed) { + /* User requested explicit failure over wp-async capability */ + if (p->arg.flags & PM_SCAN_CHECK_WPASYNC) + return -EPERM; + /* + * User requires wr-protect, and allows silently skipping + * unsupported vmas. + */ + if (p->arg.flags & PM_SCAN_WP_MATCHING) + return 1; + /* + * Then the request doesn't involve wr-protects at all, + * fall through to the rest checks, and allow vma walk. + */ + } if (vma->vm_flags & VM_PFNMAP) return 1; + if (wp_allowed) + vma_category |= PAGE_IS_WPALLOWED; + if (vma->vm_flags & VM_SOFTDIRTY) vma_category |= PAGE_IS_SOFT_DIRTY; From patchwork Thu Nov 16 20:15:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 165937 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9910:0:b0:403:3b70:6f57 with SMTP id i16csp90943vqn; Thu, 16 Nov 2023 12:17:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IH+ev5ScFBxz/iO0Fjd5OYCcmp3qVcQ8b+CVHCNv1OqkUHDg+UTNyIo2rykC65dSJHC8L+C X-Received: by 2002:a17:903:1c7:b0:1ce:5ca7:1060 with SMTP id e7-20020a17090301c700b001ce5ca71060mr23385plh.10.1700165841774; Thu, 16 Nov 2023 12:17:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700165841; cv=none; d=google.com; s=arc-20160816; b=Ksh5PoYPM0Up8sK9SWdVh6+rGmy64M3BiIkfOnY2HJWqpfYGfizK0mcCxl1mzJSJ/m MOiYcIZEzlLjyU+JBVpMC2ZVdj3i6SU5GkLAh5iSLYn8vwo62s8CP59bOC8U0YRuFWID kR2vccfVCh0rwNZWO04IsTiZleQ/cJ/lb/GTV9hv+ESo73NruVpH441laMAjAqrEF6BZ gob7pNReC8eiJp0IbMScYlzg+Xa0QqSVCyHfepCsIJkFZpdQSMhdkjh0iSSRBueunZDd 1dfpZ52jfwWyFKg5phyMQt4Pma6fWoajfCxcaN/FUbbp1VIU2wLI2jhH8NQSuUwBhJNk 8SMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rVI0G/o2WVlv6Ps9x/muR3n3l0/Wk8HAmms0O3t+e7A=; fh=sPHHIA3pMu8A4vGQVwda8CKzuH0S1Jt6EDBsyVcOHQc=; b=PTv7XtanLn//0jNDwV67EuQpEH4AOe3A+wnW0u9dGUCXNQ39vKgF/+wr0OvQ2X3ZmK kODTTC9bYqPJsMI7n1/oU9XFqM8MPZIY3OrdbaU/NUg8Ag5Ms7kCytlVYjjF/6GdOGfS YJRdtncxhDV/D6FLaBcnoQDfk9WsxqAcTyFhUIA7N+VGV1gtJO7mK+/H3crDxKsH9QWH cPjSqWZXi1fx9wNYhULTLb1XcWpInq1s7aqv1+2OKH60eVrTkbHC70REH6UxpMGK/Xaj 1iJVrLlHoAIiUYcMHlvmRwtwB9jBJIplsjOn2EM1kS8TDGezkkHDCFfFyBBRrNZEwADJ qGfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HSAVCuIL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id y12-20020a17090322cc00b001c9fb2acff5si126565plg.526.2023.11.16.12.17.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:17:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HSAVCuIL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 199A2806665B; Thu, 16 Nov 2023 12:16:15 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229510AbjKPUQF (ORCPT + 30 others); Thu, 16 Nov 2023 15:16:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229544AbjKPUP7 (ORCPT ); Thu, 16 Nov 2023 15:15:59 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6389E131 for ; Thu, 16 Nov 2023 12:15:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700165755; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rVI0G/o2WVlv6Ps9x/muR3n3l0/Wk8HAmms0O3t+e7A=; b=HSAVCuIL2t2DIYS831ApH1+gEOYQlD8DqMveKP01DunmehYWIFpNZfofwQbQSu291ND2cT tpZaY24vWxpGwIHOTAI0tdQleBFj5NXh8nms2vfljz5b2+4plg81qROn6t0Q7alBbXd1ZU xvJGD+rIMou1o8SwnrqPn+MRpNAgWzk= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-27-HvXjgfiSOzOKR2awrTdG0Q-1; Thu, 16 Nov 2023 15:15:53 -0500 X-MC-Unique: HvXjgfiSOzOKR2awrTdG0Q-1 Received: by mail-qk1-f198.google.com with SMTP id af79cd13be357-77a02ceef95so18075885a.0 for ; Thu, 16 Nov 2023 12:15:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700165753; x=1700770553; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rVI0G/o2WVlv6Ps9x/muR3n3l0/Wk8HAmms0O3t+e7A=; b=TfLa/imSRczWOZpalZyVQcnsiHc7mBJSsFhsp4mngLpN0vdNdFVhv+3HYmRd6lz9S3 xMfYZ0Xa+fVku6dpxoNcXRcp/YcXCvvcTpJNuAxDjz3sA6KxL+Ru6UryTVgou0mvz85F GSYJRhfJjol2gRG+/ustFekZaG7yC5Q6hc0pgaELiVbSW4yqYXHIWvjMxkR7hsOYGKuj yHLAxwhphp9BUNSg7T2rk5EcdI9DuNjWnGbjVcKtDFs4b6580P74Ag7pscLBHdphXmIc ZPQE0KeL7/XCKmxJU+Y02hEQUoKMeD1XcqB4MaORvZ0k8ApGL5AY5oviVlQ3jsMk/U6l +tDA== X-Gm-Message-State: AOJu0Yz/0uF7AGf2BERCNcBFkzbvt7ThIR4pW8JTY2a6+U9MPhnmyC9M N1ky+TbZDO1Hif32v0OTkubOK5uBYCQx7WruQumDoVhBuxFTYcyeDP6g7GDLCZz1S+nTwOE6Ms/ 6N+0mx8qskHsOxaBx/osIGQyR X-Received: by 2002:a05:620a:bd3:b0:772:5300:1c3d with SMTP id s19-20020a05620a0bd300b0077253001c3dmr9471538qki.0.1700165753215; Thu, 16 Nov 2023 12:15:53 -0800 (PST) X-Received: by 2002:a05:620a:bd3:b0:772:5300:1c3d with SMTP id s19-20020a05620a0bd300b0077253001c3dmr9471523qki.0.1700165752989; Thu, 16 Nov 2023 12:15:52 -0800 (PST) Received: from x1n.redhat.com (cpe688f2e2cb7c3-cm688f2e2cb7c0.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id b19-20020a05620a271300b007659935ce64sm65524qkp.71.2023.11.16.12.15.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:15:52 -0800 (PST) From: Peter Xu To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: peterx@redhat.com, Muhammad Usama Anjum , Andrew Morton , David Hildenbrand , Andrei Vagin , syzbot+7ca4b2719dc742b8d0a4@syzkaller.appspotmail.com Subject: [PATCH 2/3] mm/pagemap: Fix wr-protect even if PM_SCAN_WP_MATCHING not set Date: Thu, 16 Nov 2023 15:15:46 -0500 Message-ID: <20231116201547.536857-3-peterx@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231116201547.536857-1-peterx@redhat.com> References: <20231116201547.536857-1-peterx@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 16 Nov 2023 12:16:15 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782753097340914375 X-GMAIL-MSGID: 1782753097340914375 The new pagemap ioctl contains a fast path for wr-protections without looking into category masks. It forgets to check PM_SCAN_WP_MATCHING before applying the wr-protections. It can cause, e.g., pte markers installed on archs that do not even support uffd wr-protect. WARNING: CPU: 0 PID: 5059 at mm/memory.c:1520 zap_pte_range mm/memory.c:1520 [inline] Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag") Reported-by: syzbot+7ca4b2719dc742b8d0a4@syzkaller.appspotmail.com Signed-off-by: Peter Xu Reviewed-by: David Hildenbrand Reviewed-by: Andrei Vagin --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index e91085d79926..d19924bf0a39 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -2171,7 +2171,7 @@ static int pagemap_scan_pmd_entry(pmd_t *pmd, unsigned long start, return 0; } - if (!p->vec_out) { + if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) { /* Fast path for performing exclusive WP */ for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { if (pte_uffd_wp(ptep_get(pte))) From patchwork Thu Nov 16 20:15:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Xu X-Patchwork-Id: 165935 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9910:0:b0:403:3b70:6f57 with SMTP id i16csp90481vqn; Thu, 16 Nov 2023 12:16:36 -0800 (PST) X-Google-Smtp-Source: AGHT+IHmIR8SDwIhkBG1PXvKra7o4pwcO8+C9qz9Xas+saU/TSJpqzXwGqtKKD2fR8d0eC7NthLN X-Received: by 2002:a05:6808:164d:b0:3ad:c476:9ad9 with SMTP id az13-20020a056808164d00b003adc4769ad9mr22113826oib.4.1700165796444; Thu, 16 Nov 2023 12:16:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700165796; cv=none; d=google.com; s=arc-20160816; b=mRhSVjH6y9hQfOq8eMqJSM12OQndnhVI0CCIqqkag/h2J8mEibTy3TFGtb63kziTbq fKP5VJVTDgE6sNLNIBf8WoukiY37MtpFlPg/oY5DfACdV8ktQMUkiyF1fYWuDYzJuUn0 CSXacfZ2cB8UAcgt6QocARZAntXkpzsBk8tE+Rftq9ubJYqO4qGzYJC5+viKhrFrIo3w Wo/vncM2xicYeCwmT9GJM07ZdADuPXAeSPMirZ6igTP5bi85s64SoEf7QZjrT+1a6tzI 0Sc0gkrEHMKrZYGymscwzKGwtSzAM65CEMgMFJD6J6ZXtlsYlXtni0h5WmprVmZ0uiQv Fakg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=QIfhkJ5q+MuBUNqDP7+llj85JgVyRPSym9vvMGwkwM8=; fh=ONBGb8POD0DAPCHfLkA/ec1VmXEVS74YC25GSOEo2kI=; b=VczI4BBS7rV46cMkn0fdNoCqp49qkd5HmirzYTXKpPWz3PcjNqBOOP9ui7AaZ+uep5 x/EHjlmAoInCsFUiJMdT3Arvly7P1lc93pqDlKRJhw/0VcUKRJeUTZ+pycEQxg8F2u51 vV3ZbjnEE1tV0iNBBEuKG0UVewwBEtD/6opCRVJpYEF6153Ipr1c5oPLWagB66UWjoev sWja8gQ3idfq+yv+ntfCdvSVUAI2GZJkl5ZevmC1cgspYNCj/WWdVsYneLY5SRkkVT1J rWSB6G43IXnzj+sgKGsDS6hQDidH+ETzi5KTs1HN94g76UNDkU/Rtk/A5g+aIZFiyD5a vlbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EMx+bDzk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id q14-20020a63e20e000000b0056f7f18bbfdsi193996pgh.632.2023.11.16.12.16.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:16:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EMx+bDzk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id D2057808E578; Thu, 16 Nov 2023 12:16:29 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234138AbjKPUQI (ORCPT + 30 others); Thu, 16 Nov 2023 15:16:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59282 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231300AbjKPUP7 (ORCPT ); Thu, 16 Nov 2023 15:15:59 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3B361AD for ; Thu, 16 Nov 2023 12:15:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700165756; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QIfhkJ5q+MuBUNqDP7+llj85JgVyRPSym9vvMGwkwM8=; b=EMx+bDzk8Nr6qdAyyHWiJIBCZsczcUAeVyoyfOnK7j09Dx0o3tGzSJJCquD6Cz1ihDUGAf JT0HHJwk4/AfoDhrwMAauPtQmzUsz8f5AgNWITHtHtSrFhFjXKJrugQ9C/1JawY77aYj1l AAVX7Yom9diVSfpqjEI3NswuF9l+ZL4= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-133-tfgHdjaBOQGR7f3JsXbUXQ-1; Thu, 16 Nov 2023 15:15:54 -0500 X-MC-Unique: tfgHdjaBOQGR7f3JsXbUXQ-1 Received: by mail-qk1-f198.google.com with SMTP id af79cd13be357-77a02ceef95so18076385a.0 for ; Thu, 16 Nov 2023 12:15:54 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700165754; x=1700770554; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QIfhkJ5q+MuBUNqDP7+llj85JgVyRPSym9vvMGwkwM8=; b=njd9H8AZLVpERM9UglB7S0bIz6/cg74E57X9V/jQUdQnJ6k5UM/BtceOhsJG4NiADj FXuKG04svL3kjY+hmneJ2uqCfxrfFpAECoTfhD4nubOi0CdtGyGn6dQnbXJH7B+TFlxB 93tXymbKZyZWGY082sJWfLR6XOjDjg5LVxN6SyG2LqLi7pO4CKVEZ94hp6EoTaCkxkhh PHj7aPnBVZEwt0r7WOp3Y0pt60lmOwXi+RWcgd3vNSMFzDSzv2Io2vOEibt8IqXh9E+X oetBNT+htpe/A1dDBTzh53/rgT82MmxGPkBsYmi79aqshNDARSFCbDDi3P7bdZ0Btbcp 9ZJg== X-Gm-Message-State: AOJu0Yy7Eci+Q4VuIpONnnc9mZT4ykYTUSaGJ/6Pndh5jeLszd49mUQS lobd2RIzJ9P9dIv1kkXm50wKRUSvaP8WKK9jB/z5Ura81DeljrN2M+BZxpY/jlO8zuxK8kqg4n7 vlapXNR78kzUonyByvZnlpdB4 X-Received: by 2002:a05:620a:460f:b0:777:7178:ebf0 with SMTP id br15-20020a05620a460f00b007777178ebf0mr10983525qkb.5.1700165754345; Thu, 16 Nov 2023 12:15:54 -0800 (PST) X-Received: by 2002:a05:620a:460f:b0:777:7178:ebf0 with SMTP id br15-20020a05620a460f00b007777178ebf0mr10983511qkb.5.1700165754044; Thu, 16 Nov 2023 12:15:54 -0800 (PST) Received: from x1n.redhat.com (cpe688f2e2cb7c3-cm688f2e2cb7c0.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id b19-20020a05620a271300b007659935ce64sm65524qkp.71.2023.11.16.12.15.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 12:15:53 -0800 (PST) From: Peter Xu To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: peterx@redhat.com, Muhammad Usama Anjum , Andrew Morton , David Hildenbrand , Andrei Vagin Subject: [PATCH 3/3] mm/selftests: Fix pagemap_ioctl memory map test Date: Thu, 16 Nov 2023 15:15:47 -0500 Message-ID: <20231116201547.536857-4-peterx@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231116201547.536857-1-peterx@redhat.com> References: <20231116201547.536857-1-peterx@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 16 Nov 2023 12:16:29 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782753050472333226 X-GMAIL-MSGID: 1782753050472333226 __FILE__ is not guaranteed to exist in current dir. Replace that with argv[0] for memory map test. Fixes: 46fd75d4a3c9 ("selftests: mm: add pagemap ioctl tests") Signed-off-by: Peter Xu Reviewed-by: David Hildenbrand --- tools/testing/selftests/mm/pagemap_ioctl.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/mm/pagemap_ioctl.c b/tools/testing/selftests/mm/pagemap_ioctl.c index befab43719ba..d59517ed3d48 100644 --- a/tools/testing/selftests/mm/pagemap_ioctl.c +++ b/tools/testing/selftests/mm/pagemap_ioctl.c @@ -36,6 +36,7 @@ int pagemap_fd; int uffd; int page_size; int hpage_size; +const char *progname; #define LEN(region) ((region.end - region.start)/page_size) @@ -1149,11 +1150,11 @@ int sanity_tests(void) munmap(mem, mem_size); /* 9. Memory mapped file */ - fd = open(__FILE__, O_RDONLY); + fd = open(progname, O_RDONLY); if (fd < 0) ksft_exit_fail_msg("%s Memory mapped file\n", __func__); - ret = stat(__FILE__, &sbuf); + ret = stat(progname, &sbuf); if (ret < 0) ksft_exit_fail_msg("error %d %d %s\n", ret, errno, strerror(errno)); @@ -1472,12 +1473,14 @@ static void transact_test(int page_size) extra_thread_faults); } -int main(void) +int main(int argc, char *argv[]) { int mem_size, shmid, buf_size, fd, i, ret; char *mem, *map, *fmem; struct stat sbuf; + progname = argv[0]; + ksft_print_header(); if (init_uffd())