From patchwork Tue Jan  9 11:24:42 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Muhammad Usama Anjum <usama.anjum@collabora.com>
X-Patchwork-Id: 186330
Return-Path: <linux-kernel+bounces-20770-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp42560dyi;
        Tue, 9 Jan 2024 03:26:56 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IFfEH6ZZNkg126GGe856J2AUJbhl2FJJzXMQVLzjsO4PSP+SsaCikMftPkpcoTN57KF6QCP
X-Received: by 2002:a17:90a:bf83:b0:28d:651:2631 with SMTP id
 d3-20020a17090abf8300b0028d06512631mr2840822pjs.88.1704799616545;
        Tue, 09 Jan 2024 03:26:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704799616; cv=none;
        d=google.com; s=arc-20160816;
        b=wXWh7nYVqU8ubTacD3TLZE/d0jkS1phOk+kFYZDw1wouyWrmmKe9VT3dzoYjm+9F/8
         vVd88/MyXOk34XbRCj9QSZL76YG/tnOaE/jyvNzdNLYGpt41zUXa9t/vj3JS1M2CJHr2
         Gwr5mnyDML+LomUs6rNIYPrA5VKhqJEw7rTZ0gGu6yeIlCN2oS0hK+nJCcWMV/aLbZdQ
         etfY/IBxsgImCN3ADeUAuR40+y2AzLnPhwZeJV3098SbX+5zNTmboa9+KOug+OHmKB+v
         /Q4CIDyXK8dKw1D9gXi6LetSVMKSnqJN1gJAgvpDJ/6u+aT346SJNLqbnL6g5OgdJRJf
         i1tQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=4Q/OHuRnE6fu0wU13DBm6h4q7K0Nl7t3ZJ4LavLbdYY=;
        fh=Fzin3729yjWj3P4LnuPNwJn8n48UvHumfELKbC0xQI4=;
        b=aAhDMnjb9zWTo71v1U6ZmpOH7rJeS+CwPKh6RE24GiBFdLBHxG+kplNvbbe2XZrzAI
         8mKVJciRstNoPgtw8zF2Qa8AxETwHq+Tiz5j9yPRaoJlP5MAINOQtC4SfP9azGywGICC
         yN6sufwlXF9Me+qb3CjpMV2njJOOS0kzerCCnCaOGdkiotSORmHoqgCwCJqbs9XVB77k
         6Tx9x1XNVuXN6nIca0eeNzzOFoyIAVc1rLk9CrZiuUqE9D7SdwasAWbW4FglKDl6Z5TL
         BzW9QfORGBRDdd1lAeWsLU0zSt72gJ2RmLtqxLCWqw1IDKuOrhh+EWj3r3bBv0BDCoz+
         1Onw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@collabora.com header.s=mail header.b=OopZzPMe;
       spf=pass (google.com: domain of
 linux-kernel+bounces-20770-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:45e3:2400::1 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-20770-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
 header.from=collabora.com
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org.
 [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id
 s15-20020a17090a880f00b0028ced82a7dcsi7116569pjn.4.2024.01.09.03.26.56
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Jan 2024 03:26:56 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-kernel+bounces-20770-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@collabora.com header.s=mail header.b=OopZzPMe;
       spf=pass (google.com: domain of
 linux-kernel+bounces-20770-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:45e3:2400::1 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-20770-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
 header.from=collabora.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 5684C282BD6
	for <ouuuleilei@gmail.com>; Tue,  9 Jan 2024 11:26:56 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id B0C8D39855;
	Tue,  9 Jan 2024 11:25:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=collabora.com header.i=@collabora.com
 header.b="OopZzPMe"
Received: from madrid.collaboradmins.com (madrid.collaboradmins.com
 [46.235.227.194])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62FCC381AD;
	Tue,  9 Jan 2024 11:25:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=collabora.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=collabora.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com;
	s=mail; t=1704799500;
	bh=Wn4ecH1GNnkPZ7jx7eZ6iiftyWhdMfTiRzbfmCdSNsI=;
	h=From:To:Cc:Subject:Date:From;
	b=OopZzPMexnJA9WO4ltmJ2GaJf0sLZBuWRX3VOrYwXUgHsZmOcio5QV7DfDGTbkeJg
	 vSVUsIH0R/IyEo0v0x0twpVhymcDIqQBikyER3Y37OnTqSTupJag5LLq+umN+hbr7k
	 ATV3Hnga2PrjrNfQne58DqtFCcLF9W+vfU7+adTXmZtsZs6+jfr6to39/pludbD0e5
	 D5icx+dtpAruHv/OmnuIrjXObjmqyR4LPFYFUDYV1zRQ3v68vyG/meyrWM1+olctTM
	 4mpWDOf2kMgTnN7se6UxzCIy+VNkpcsjaPTZir6VpJaZ5f3gswuoehb1I364QsE98u
	 LHwpcm/Ew1d8w==
Received: from localhost.localdomain (cola.collaboradmins.com
 [195.201.22.229])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	(Authenticated sender: usama.anjum)
	by madrid.collaboradmins.com (Postfix) with ESMTPSA id 6EEC63782056;
	Tue,  9 Jan 2024 11:24:55 +0000 (UTC)
From: Muhammad Usama Anjum <usama.anjum@collabora.com>
To: Andrew Morton <akpm@linux-foundation.org>,
 David Hildenbrand <david@redhat.com>,
 Muhammad Usama Anjum <usama.anjum@collabora.com>,
 Andrei Vagin <avagin@google.com>, Peter Xu <peterx@redhat.com>,
 Hugh Dickins <hughd@google.com>, Suren Baghdasaryan <surenb@google.com>,
 Ryan Roberts <ryan.roberts@arm.com>,
 Kefeng Wang <wangkefeng.wang@huawei.com>,
 "Liam R. Howlett" <Liam.Howlett@Oracle.com>, =?utf-8?b?TWljaGHFgiBNaXJvc8WC?=
	=?utf-8?b?YXc=?= <mirq-linux@rere.qmqm.pl>,
 Stephen Rothwell <sfr@canb.auug.org.au>, Arnd Bergmann <arnd@arndb.de>
Cc: kernel@collabora.com,
	syzbot+81227d2bd69e9dedb802@syzkaller.appspotmail.com,
	Sean Christopherson <seanjc@google.com>,
	stable@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
Subject: [PATCH] fs/proc/task_mmu: move mmu notification mechanism inside mm
 lock
Date: Tue,  9 Jan 2024 16:24:42 +0500
Message-ID: <20240109112445.590736-1-usama.anjum@collabora.com>
X-Mailer: git-send-email 2.42.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1787611962913720322
X-GMAIL-MSGID: 1787611962913720322

Move mmu notification mechanism inside mm lock to prevent race condition
in other components which depend on it. The notifier will invalidate
memory range. Depending upon the number of iterations, different memory
ranges would be invalidated.

The following warning would be removed by this patch:
WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734

There is no behavioural and performance change with this patch when
there is no component registered with the mmu notifier.

Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
Reported-by: syzbot+81227d2bd69e9dedb802@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/000000000000f6d051060c6785bc@google.com/
Cc: Sean Christopherson <seanjc@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
---
 fs/proc/task_mmu.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 62b16f42d5d2..56c2e7357494 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -2448,13 +2448,6 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg)
 	if (ret)
 		return ret;
 
-	/* Protection change for the range is going to happen. */
-	if (p.arg.flags & PM_SCAN_WP_MATCHING) {
-		mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0,
-					mm, p.arg.start, p.arg.end);
-		mmu_notifier_invalidate_range_start(&range);
-	}
-
 	for (walk_start = p.arg.start; walk_start < p.arg.end;
 			walk_start = p.arg.walk_end) {
 		long n_out;
@@ -2467,8 +2460,20 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg)
 		ret = mmap_read_lock_killable(mm);
 		if (ret)
 			break;
+
+		/* Protection change for the range is going to happen. */
+		if (p.arg.flags & PM_SCAN_WP_MATCHING) {
+			mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0,
+						mm, walk_start, p.arg.end);
+			mmu_notifier_invalidate_range_start(&range);
+		}
+
 		ret = walk_page_range(mm, walk_start, p.arg.end,
 				      &pagemap_scan_ops, &p);
+
+		if (p.arg.flags & PM_SCAN_WP_MATCHING)
+			mmu_notifier_invalidate_range_end(&range);
+
 		mmap_read_unlock(mm);
 
 		n_out = pagemap_scan_flush_buffer(&p);
@@ -2494,9 +2499,6 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg)
 	if (pagemap_scan_writeback_args(&p.arg, uarg))
 		ret = -EFAULT;
 
-	if (p.arg.flags & PM_SCAN_WP_MATCHING)
-		mmu_notifier_invalidate_range_end(&range);
-
 	kfree(p.vec_buf);
 	return ret;
 }