Muhammad: I'd rather leave these to you, but since I already started
looking into it, and you didn't yet start replying, let me try to do it.
Please still review if you can catch the train.
This series should fix two known reports from syzbot on the new
PAGEMAP_SCAN ioctl():
https://lore.kernel.org/all/[email protected]/
https://lore.kernel.org/all/[email protected]/
The 3rd patch is something I found when testing these patches.
Thanks,
Peter Xu (3):
mm/pagemap: Fix ioctl(PAGEMAP_SCAN) on vma check
mm/pagemap: Fix wr-protect even if PM_SCAN_WP_MATCHING not set
mm/selftests: Fix pagemap_ioctl memory map test
fs/proc/task_mmu.c | 26 +++++++++++++++++-----
tools/testing/selftests/mm/pagemap_ioctl.c | 9 +++++---
2 files changed, 27 insertions(+), 8 deletions(-)
--
2.41.0
The new pagemap ioctl contains a fast path for wr-protections without
looking into category masks. It forgets to check PM_SCAN_WP_MATCHING
before applying the wr-protections. It can cause, e.g., pte markers
installed on archs that do not even support uffd wr-protect.
WARNING: CPU: 0 PID: 5059 at mm/memory.c:1520 zap_pte_range mm/memory.c:1520 [inline]
Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag")
Reported-by: [email protected]
Signed-off-by: Peter Xu <[email protected]>
---
fs/proc/task_mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index e91085d79926..d19924bf0a39 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -2171,7 +2171,7 @@ static int pagemap_scan_pmd_entry(pmd_t *pmd, unsigned long start,
return 0;
}
- if (!p->vec_out) {
+ if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) {
/* Fast path for performing exclusive WP */
for (addr = start; addr != end; pte++, addr += PAGE_SIZE) {
if (pte_uffd_wp(ptep_get(pte)))
--
2.41.0
On 16.11.23 21:15, Peter Xu wrote:
> The new pagemap ioctl contains a fast path for wr-protections without
> looking into category masks. It forgets to check PM_SCAN_WP_MATCHING
> before applying the wr-protections. It can cause, e.g., pte markers
> installed on archs that do not even support uffd wr-protect.
>
> WARNING: CPU: 0 PID: 5059 at mm/memory.c:1520 zap_pte_range mm/memory.c:1520 [inline]
>
> Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag")
> Reported-by: [email protected]
> Signed-off-by: Peter Xu <[email protected]>
> ---
> fs/proc/task_mmu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
> index e91085d79926..d19924bf0a39 100644
> --- a/fs/proc/task_mmu.c
> +++ b/fs/proc/task_mmu.c
> @@ -2171,7 +2171,7 @@ static int pagemap_scan_pmd_entry(pmd_t *pmd, unsigned long start,
> return 0;
> }
>
> - if (!p->vec_out) {
> + if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) {
> /* Fast path for performing exclusive WP */
> for (addr = start; addr != end; pte++, addr += PAGE_SIZE) {
> if (pte_uffd_wp(ptep_get(pte)))
Reviewed-by: David Hildenbrand <[email protected]>
--
Cheers,
David / dhildenb
On Thu, Nov 16, 2023 at 12:15 PM Peter Xu <[email protected]> wrote:
>
> The new pagemap ioctl contains a fast path for wr-protections without
> looking into category masks. It forgets to check PM_SCAN_WP_MATCHING
> before applying the wr-protections. It can cause, e.g., pte markers
> installed on archs that do not even support uffd wr-protect.
>
> WARNING: CPU: 0 PID: 5059 at mm/memory.c:1520 zap_pte_range mm/memory.c:1520 [inline]
>
> Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag")
> Reported-by: [email protected]
> Signed-off-by: Peter Xu <[email protected]>
Reviewed-by: Andrei Vagin <[email protected]>
> ---
> fs/proc/task_mmu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
> index e91085d79926..d19924bf0a39 100644
> --- a/fs/proc/task_mmu.c
> +++ b/fs/proc/task_mmu.c
> @@ -2171,7 +2171,7 @@ static int pagemap_scan_pmd_entry(pmd_t *pmd, unsigned long start,
> return 0;
> }
>
> - if (!p->vec_out) {
> + if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) {
> /* Fast path for performing exclusive WP */
> for (addr = start; addr != end; pte++, addr += PAGE_SIZE) {
> if (pte_uffd_wp(ptep_get(pte)))
> --
> 2.41.0
>