Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3943906pxj; Mon, 21 Jun 2021 09:54:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCljIRFe8dig69N/zEdSoK/bkmAABva1oRV8z3O3ndAsxE7iJGLwyZ6Aneqz2BqQSetNy1 X-Received: by 2002:a6b:c985:: with SMTP id z127mr20616542iof.33.1624294491123; Mon, 21 Jun 2021 09:54:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624294491; cv=none; d=google.com; s=arc-20160816; b=KRbFUjRL7FEDVMCYRQWVSKk9r+e3n6+QrH12/sE8nQDf5A4PYIlSIXbE1ayT37XtXI mmXR89N565E/VVYxmYrQR4IEO0nMTdjTe8plsXAwUOelPwjzoBun9kH82FkMglndfBlG oaiLuA7sMzBdnU2/UnVrGvRb+m2iiTVqCIPR60n+QPbSDTZ+/L+6CwMTJ18zgyW4NSp4 q616OidGnBeXipgmCsP5joi/SyLuxV6sF7J5lVi4iREj8bm5SSCX5dxM8NXd4hbkL6v3 D7nfyfDm83y29LTgwlJDSqa+mLUQ+eamC9bACffnYJe7odsaH0HODUtC7TMxzAhPs8Jw kJ+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=8qPROF6/ciFKqwlMoKmfSd2oQrpcRY1J2Fiasbv6BaI=; b=V5V3PVYuLg041V6MOQWKmoqJC3tRGr+Pjeg9jfhEfZb0UWqXdMteJ20T2ZKzHqE7Rp zUZSBQEdQaW6UN8xWJq+WD8SnL1XyFHpJc0bN/HRCJ8l1BcDn2f85gvnUBMufziz7Znx R1+GKFpaR5PgNblPHN+ox9oIPO3WhRwTZsvj8iG9JxKX306htdYyIvSyGUZVX5hrFeSU Raj1zzvNSaSj7u0a9vLXD+QFLugcytuoqaIBqxzfBYpOnRmEhAXfC2FL7TOCmF9YndZe 9akGr257fdKnY8rb8uRVZWES0xo2sSZmy4oTxHIYpSjEQFVMbHdMVhmYKfW9laOV8l1n bZ7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=VOkarGMR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d64si18869361iof.89.2021.06.21.09.54.39; Mon, 21 Jun 2021 09:54:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=VOkarGMR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232387AbhFUQzD (ORCPT + 99 others); Mon, 21 Jun 2021 12:55:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:42638 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231910AbhFUQvM (ORCPT ); Mon, 21 Jun 2021 12:51:12 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2FE18613F3; Mon, 21 Jun 2021 16:35:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1624293313; bh=n934x2tpM8HhHvF7QHLQN/YmfHbLAivklXYW+i2OmWk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VOkarGMRxUHLYkZjt35fXQGgeaWR8QFY2X12JIyArM8SGbRhB9EFXsON2SI1mwicu 7LR1DP0kOH4WYMrjxgWPNvmvqtpubytCGRWOtRYF0vZU8t5cmmWsbamX0pbzNsv9Cy XDhlU671oRLVY0dj0TOwSF2a0KnoxpriZvePDimM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Peter Xu , Hugh Dickins , Andrea Arcangeli , Andrew Morton , Linus Torvalds Subject: [PATCH 5.12 167/178] mm/swap: fix pte_same_as_swp() not removing uffd-wp bit when compare Date: Mon, 21 Jun 2021 18:16:21 +0200 Message-Id: <20210621154928.428205468@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210621154921.212599475@linuxfoundation.org> References: <20210621154921.212599475@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Peter Xu commit 099dd6878b9b12d6bbfa6bf29ce0c8ddd38f6901 upstream. I found it by pure code review, that pte_same_as_swp() of unuse_vma() didn't take uffd-wp bit into account when comparing ptes. pte_same_as_swp() returning false negative could cause failure to swapoff swap ptes that was wr-protected by userfaultfd. Link: https://lkml.kernel.org/r/20210603180546.9083-1-peterx@redhat.com Fixes: f45ec5ff16a7 ("userfaultfd: wp: support swap and page migration") Signed-off-by: Peter Xu Acked-by: Hugh Dickins Cc: Andrea Arcangeli Cc: [5.7+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- include/linux/swapops.h | 15 +++++++++++---- mm/swapfile.c | 2 +- 2 files changed, 12 insertions(+), 5 deletions(-) --- a/include/linux/swapops.h +++ b/include/linux/swapops.h @@ -23,6 +23,16 @@ #define SWP_TYPE_SHIFT (BITS_PER_XA_VALUE - MAX_SWAPFILES_SHIFT) #define SWP_OFFSET_MASK ((1UL << SWP_TYPE_SHIFT) - 1) +/* Clear all flags but only keep swp_entry_t related information */ +static inline pte_t pte_swp_clear_flags(pte_t pte) +{ + if (pte_swp_soft_dirty(pte)) + pte = pte_swp_clear_soft_dirty(pte); + if (pte_swp_uffd_wp(pte)) + pte = pte_swp_clear_uffd_wp(pte); + return pte; +} + /* * Store a type+offset into a swp_entry_t in an arch-independent format */ @@ -66,10 +76,7 @@ static inline swp_entry_t pte_to_swp_ent { swp_entry_t arch_entry; - if (pte_swp_soft_dirty(pte)) - pte = pte_swp_clear_soft_dirty(pte); - if (pte_swp_uffd_wp(pte)) - pte = pte_swp_clear_uffd_wp(pte); + pte = pte_swp_clear_flags(pte); arch_entry = __pte_to_swp_entry(pte); return swp_entry(__swp_type(arch_entry), __swp_offset(arch_entry)); } --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -1900,7 +1900,7 @@ unsigned int count_swap_pages(int type, static inline int pte_same_as_swp(pte_t pte, pte_t swp_pte) { - return pte_same(pte_swp_clear_soft_dirty(pte), swp_pte); + return pte_same(pte_swp_clear_flags(pte), swp_pte); } /*