Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3930791pxj; Mon, 21 Jun 2021 09:36:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2XV3svUrk5TBcTVm6wsO7dYXnQy8xN1ywg7ctmO920T+ozPRJ7RJJHLYue2CVG0N99SFk X-Received: by 2002:a05:6402:100e:: with SMTP id c14mr22206422edu.51.1624293413625; Mon, 21 Jun 2021 09:36:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624293413; cv=none; d=google.com; s=arc-20160816; b=jj4p/QrobKj2OaHweGtsHMjT0LEQ/3UHPlWBQsGMRgWtEoVDFKXd3j2qyOMQumHY/5 7DQPmdtuGqKjH8+LSP+ua/5vB4ltcjvtFzfvrNU/3XwAPezhnLJThd/wiW0w4myPbxYe FVH8cS6MEFle/kPmeta7aOEa0QdN4fGIC29DwniVU90oDG4ENtL2O7Pu21iM375CAYAH 24o9945gu1WMm5weJOhviac8fjcr2bHYCp3l2+d5z2PKcN/kKikF7IscJ1AfXoieI7WE E9y2S9eVLgi+M8M+DumRWjhg2HDV6b11+7Lok65m12YUbOwdHXE5OL3PTZ1bolDsJ0JU EHjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=i/mQOxkqR8uehFEBLUaWygApZdjjcx4KLXUPWlT++QY=; b=0Rv9ySvyi941VdHUjMCVfSZyuzfut+Q7OUMdnZqFdEyW4TgvsqKULVNMCOfBlys0jZ zWoMwgrlKl3PJSGvCHB+BmWE21uUjcdrZ1grnfn8fjq48otCePDH7Yh2suyCRc8nEsSH FRlZAJJegoGBOze5XiLKYKnqOFkqenMXSznLGTIxL1zlMTQS+miGXUPKbn1eUMyB1/Le P3JlJBBx7s6CkXm6T0hP3LXL9nHV5t+BFVnFCZhGRjG+kbcUX9BAmZV7aWzK+CHZefB2 dohVlWGmETR8SdZMj3qE0m78w8gKezb7qbuzaG4jZ1UddFBW47UXQaSEjiGLPbwNCA9P 0CIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=vXpe7bHJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 19si10632255ejx.529.2021.06.21.09.36.30; Mon, 21 Jun 2021 09:36:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=vXpe7bHJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232817AbhFUQhr (ORCPT + 99 others); Mon, 21 Jun 2021 12:37:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:54924 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232548AbhFUQeF (ORCPT ); Mon, 21 Jun 2021 12:34:05 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 874506140F; Mon, 21 Jun 2021 16:26:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1624292804; bh=afjJnfrjpo4SGRDumAJ7mvbEE5onHssv9v2ffyWrkdk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vXpe7bHJ0xg8nohyRggK/gtAmkR2o/03JmhiQpksUoKq+VlPufJvYU84jxULyxmUb S2EVfhA7dlWdINp1lwtobv3LPsykkZ8jLD8wJFbCOApJsoUsmTpWB7gpjWzhpnIsy6 2cv3Yyy6YPxXJs81oQsuuh3EuPOfuCocAWrJZm+o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Peter Xu , Hugh Dickins , Andrea Arcangeli , Andrew Morton , Linus Torvalds Subject: [PATCH 5.10 136/146] mm/swap: fix pte_same_as_swp() not removing uffd-wp bit when compare Date: Mon, 21 Jun 2021 18:16:06 +0200 Message-Id: <20210621154920.247823951@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210621154911.244649123@linuxfoundation.org> References: <20210621154911.244649123@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Peter Xu commit 099dd6878b9b12d6bbfa6bf29ce0c8ddd38f6901 upstream. I found it by pure code review, that pte_same_as_swp() of unuse_vma() didn't take uffd-wp bit into account when comparing ptes. pte_same_as_swp() returning false negative could cause failure to swapoff swap ptes that was wr-protected by userfaultfd. Link: https://lkml.kernel.org/r/20210603180546.9083-1-peterx@redhat.com Fixes: f45ec5ff16a7 ("userfaultfd: wp: support swap and page migration") Signed-off-by: Peter Xu Acked-by: Hugh Dickins Cc: Andrea Arcangeli Cc: [5.7+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- include/linux/swapops.h | 15 +++++++++++---- mm/swapfile.c | 2 +- 2 files changed, 12 insertions(+), 5 deletions(-) --- a/include/linux/swapops.h +++ b/include/linux/swapops.h @@ -23,6 +23,16 @@ #define SWP_TYPE_SHIFT (BITS_PER_XA_VALUE - MAX_SWAPFILES_SHIFT) #define SWP_OFFSET_MASK ((1UL << SWP_TYPE_SHIFT) - 1) +/* Clear all flags but only keep swp_entry_t related information */ +static inline pte_t pte_swp_clear_flags(pte_t pte) +{ + if (pte_swp_soft_dirty(pte)) + pte = pte_swp_clear_soft_dirty(pte); + if (pte_swp_uffd_wp(pte)) + pte = pte_swp_clear_uffd_wp(pte); + return pte; +} + /* * Store a type+offset into a swp_entry_t in an arch-independent format */ @@ -66,10 +76,7 @@ static inline swp_entry_t pte_to_swp_ent { swp_entry_t arch_entry; - if (pte_swp_soft_dirty(pte)) - pte = pte_swp_clear_soft_dirty(pte); - if (pte_swp_uffd_wp(pte)) - pte = pte_swp_clear_uffd_wp(pte); + pte = pte_swp_clear_flags(pte); arch_entry = __pte_to_swp_entry(pte); return swp_entry(__swp_type(arch_entry), __swp_offset(arch_entry)); } --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -1903,7 +1903,7 @@ unsigned int count_swap_pages(int type, static inline int pte_same_as_swp(pte_t pte, pte_t swp_pte) { - return pte_same(pte_swp_clear_soft_dirty(pte), swp_pte); + return pte_same(pte_swp_clear_flags(pte), swp_pte); } /*