Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp10795341imu; Thu, 6 Dec 2018 06:57:46 -0800 (PST) X-Google-Smtp-Source: AFSGD/WlS5KQaJEwYicxxxjVOvCxBflCzNWa4iYMjHkSt2PUC1M1a0jEi6OyN6c1ktIve0BQcw+C X-Received: by 2002:a62:3305:: with SMTP id z5mr29389671pfz.112.1544108266050; Thu, 06 Dec 2018 06:57:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544108266; cv=none; d=google.com; s=arc-20160816; b=bQVGSPMtnIf76Is3E5CJuYL18zhLRHAxvmSRNeyG7ZxnJ9iD1lRau3PX0apPxPjOLf DtxHOizW/sz5n0DNp/fsqJw3M3eM7uqPjFE6tKpelgjDeSDG4RYMPt8bdaeYBsl+T+X7 j4sU/d5Q8lqAo/p4KH0X5XtrxIvg6tgSo0tM5vqHwYQQs9e2sT5bPcyEH6fHxWqsWUD2 6woC8xTEYWDwS77s03thVrDtOTGYHtw0SnQubU75wRcVocx0AEPzybTdVivmk1hZfjDT u1i2wt5gx9l/UirhV0UMiZmNY35FIAj5Y2C/Sn4l5j713yRZKMVIKTdM5UYzuc0tsM0b A3tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=auqlNbfokvdQtlCnyhZCoXo+ZdJ8HF9jMUbA32Q3tso=; b=Vc5j0v9yfFZ4Ow1ZTGb7v24jv4pbD+NtCbryIHluODxRUQ8bRNi49RTgBfp6vBx4x1 o02CGrAvEUOryzuFj+S29y9+MgNZBvhzgE9zObTdGgCKtHBuE89FhJFAyzKoB0ttzUmM qbvzKfJmMdLNWklavHMVWGlISG2DvWQACiGtS4CZNYIUCEsBpHTe/KsmFbs5DVisWVZ5 yp2Uw0SbbDFbbtR6zA0JJzxGg15P9gYwRfpHGH+AAAd7bUTtpesRXa/8Ipabz1I0U4jl kTv6w9QzMOp/HTVRseSnMKHfoTbbqviJlJVqsf1y58LENpZCbJy8xaWjhVD/ACL7RRrT 5LpA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PCugimqN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r14si401224pgk.75.2018.12.06.06.57.30; Thu, 06 Dec 2018 06:57:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PCugimqN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726253AbeLFOzh (ORCPT + 99 others); Thu, 6 Dec 2018 09:55:37 -0500 Received: from mail.kernel.org ([198.145.29.99]:48378 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730757AbeLFOnw (ORCPT ); Thu, 6 Dec 2018 09:43:52 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id ED51120661; Thu, 6 Dec 2018 14:43:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1544107431; bh=6qbi5bvTTaptI1ngkuF5CJ+CHsWr+Jg2z5aZIWlqio4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PCugimqN8L6gAUkMVUcMwrWnKGUXNmqEEXHMaf/chBDVsyHLqpC/eDRq3jcHQdAbZ veSAvenpxAcQ579+30bbVolNMExTSQnmfP22zPGfN1oL+eVElJtfwTtUvRl+MGuFrI iuFTGEdZChC24TWBJaLBco3tB8itybvktYK3CX+g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hugh Dickins , Andrea Arcangeli , "Dr. David Alan Gilbert" , Jann Horn , Mike Kravetz , Mike Rapoport , Peter Xu , Andrew Morton , Linus Torvalds Subject: [PATCH 4.14 25/55] userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set Date: Thu, 6 Dec 2018 15:38:59 +0100 Message-Id: <20181206143003.110474898@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181206143001.749982936@linuxfoundation.org> References: <20181206143001.749982936@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Andrea Arcangeli commit dcf7fe9d89763a28e0f43975b422ff141fe79e43 upstream. Set the page dirty if VM_WRITE is not set because in such case the pte won't be marked dirty and the page would be reclaimed without writepage (i.e. swapout in the shmem case). This was found by source review. Most apps (certainly including QEMU) only use UFFDIO_COPY on PROT_READ|PROT_WRITE mappings or the app can't modify the memory in the first place. This is for correctness and it could help the non cooperative use case to avoid unexpected data loss. Link: http://lkml.kernel.org/r/20181126173452.26955-6-aarcange@redhat.com Reviewed-by: Hugh Dickins Cc: stable@vger.kernel.org Fixes: 4c27fe4c4c84 ("userfaultfd: shmem: add shmem_mcopy_atomic_pte for userfaultfd support") Reported-by: Hugh Dickins Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Jann Horn Cc: Mike Kravetz Cc: Mike Rapoport Cc: Peter Xu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/shmem.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2305,6 +2305,16 @@ static int shmem_mfill_atomic_pte(struct _dst_pte = mk_pte(page, dst_vma->vm_page_prot); if (dst_vma->vm_flags & VM_WRITE) _dst_pte = pte_mkwrite(pte_mkdirty(_dst_pte)); + else { + /* + * We don't set the pte dirty if the vma has no + * VM_WRITE permission, so mark the page dirty or it + * could be freed from under us. We could do it + * unconditionally before unlock_page(), but doing it + * only if VM_WRITE is not set is faster. + */ + set_page_dirty(page); + } dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl); @@ -2338,6 +2348,7 @@ out: return ret; out_release_uncharge_unlock: pte_unmap_unlock(dst_pte, ptl); + ClearPageDirty(page); delete_from_page_cache(page); out_release_uncharge: mem_cgroup_cancel_charge(page, memcg, false);