Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp1461529pxb; Sat, 23 Apr 2022 07:17:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzVMjA7i2eWv0b1WkX7NX54YvjhSGUKLxr64ll2aWVPPNfdZXJRlhp1vIH+OTCFixdaXlp/ X-Received: by 2002:a17:90b:3804:b0:1d2:6c52:5bed with SMTP id mq4-20020a17090b380400b001d26c525bedmr21729028pjb.17.1650723443215; Sat, 23 Apr 2022 07:17:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650723443; cv=none; d=google.com; s=arc-20160816; b=Uy1aXlo5nOYcNn3CvaxJKDxR/BFlgHXTfhqS6+Mf1ZDo+Hg16gZCDoeL++DDtXb9lZ WBb10VES/Kxp+EU0THre8UMPO3iQrZV120bxoKQgtssHARSFadX9Fqu1uU6GxKbe+sBP 3aYOSHEx1/s1/nK7UTjrRfogIOhIdehRtL3BYk+1p40IIp9S34eGNw4loQb/boO0iQ4/ K3LV8A04cnLl3kST498jauHWcEc9A+/2kltdgOqRK6xa/ed38+l+/Wu9ej7MqWi6CtWS ikbngI0NBNn64oOTr4cLEHU1Aw2poXuxAIF4nu8Ftkf5Fl0v8VYk4ZtX7BLEwxBrtfJc aBwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=gRTFbeDMeTcb1cU8ZK53go8iH8krtfV2ie30KMad1X4=; b=ms6U0gY4oEybYsDroFeh5qykF2u30FFT91NTqvW1Fp7Fe7Naav1T5+G/hi3RXsTmVS v5jgydhGAJJmD6QqpxOYcsjJYKixvQCzM5RLpGNR6l+Ucxc8F8w9mnSIFEDyiOjYrFrB kFyrQoTsqmkaw15egDlUj0GfSPAF2USogDGAuIdXnWrLKZaT8KzzqZxLh+OFnZiDQLW7 tFlzq9rYtgnmCtZD7L99wZW+m0SeT7iazSYxtdOgcO8ji2ONmjWiBrk9Oqu0/LZCfbI6 E6J8WCOvLoXCw9T5Ar2OctN8WCV1TaaJ/hLw73jXGDR0Iu1wXVIWC0n6OnUETsd8IE03 kROA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n12-20020a170902d2cc00b0015b3dbc18b3si7156545plc.371.2022.04.23.07.17.05; Sat, 23 Apr 2022 07:17:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234791AbiDWKK4 (ORCPT + 99 others); Sat, 23 Apr 2022 06:10:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234289AbiDWKKy (ORCPT ); Sat, 23 Apr 2022 06:10:54 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0A141B2B00; Sat, 23 Apr 2022 03:07:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 75650B80AD3; Sat, 23 Apr 2022 10:07:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EE488C385A5; Sat, 23 Apr 2022 10:07:53 +0000 (UTC) From: Catalin Marinas To: Andrew Morton Cc: Linus Torvalds , Andreas Gruenbacher , Josef Bacik , Al Viro , Chris Mason , David Sterba , Will Deacon , linux-fsdevel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 0/3] Avoid live-lock in btrfs fault-in+uaccess loop Date: Sat, 23 Apr 2022 11:07:48 +0100 Message-Id: <20220423100751.1870771-1-catalin.marinas@arm.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, A minor update from v3 here: https://lore.kernel.org/r/20220406180922.1522433-1-catalin.marinas@arm.com In patch 3/3 I dropped the 'len' local variable, so the btrfs patch simply replaces fault_in_writeable() with fault_in_subpage_writeable() and adds a comment. I kept David's ack as there's no functional change since v3. Andrew, since there was no objection last time around, I'd like this series to land in 5.19. As it touches arch, fs and mm, it should probably go in via the mm tree but I'm also happy to merge the series via arm64. Please let me know if you have any preference. The btrfs search_ioctl() function can potentially live-lock on arm64 with MTE enabled due to a fault_in_writeable() + copy_to_user_nofault() unbounded loop. The uaccess can fault in the middle of a page (MTE tag check fault) even if a prior fault_in_writeable() successfully wrote to the beginning of that page. The btrfs loop always restarts the fault-in loop from the beginning of the user buffer, hence the live-lock. The series introduces fault_in_subpage_writeable() together with the arm64 probing counterpart and the btrfs fix. Thanks. Catalin Marinas (3): mm: Add fault_in_subpage_writeable() to probe at sub-page granularity arm64: Add support for user sub-page fault probing btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page faults arch/Kconfig | 7 +++++++ arch/arm64/Kconfig | 1 + arch/arm64/include/asm/mte.h | 1 + arch/arm64/include/asm/uaccess.h | 15 +++++++++++++++ arch/arm64/kernel/mte.c | 30 ++++++++++++++++++++++++++++++ fs/btrfs/ioctl.c | 7 ++++++- include/linux/pagemap.h | 1 + include/linux/uaccess.h | 22 ++++++++++++++++++++++ mm/gup.c | 29 +++++++++++++++++++++++++++++ 9 files changed, 112 insertions(+), 1 deletion(-) base-commit: b2d229d4ddb17db541098b83524d901257e93845