Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1614816rwb;
        Wed, 14 Dec 2022 12:31:01 -0800 (PST)
X-Google-Smtp-Source: AA0mqf5/9vQ0e6oVoXpVb+M8fixIoN7/a4xizvvOy5+EYFqv+PFA20/kpQtUsHXNqGQ5uhDGlrvE
X-Received: by 2002:a17:903:4c2:b0:187:30ec:67eb with SMTP id jm2-20020a17090304c200b0018730ec67ebmr25956716plb.59.1671049861497;
        Wed, 14 Dec 2022 12:31:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671049861; cv=none;
        d=google.com; s=arc-20160816;
        b=AJZ1+bq1NNC4xbpUg6Pw2CbGu7kpdLYIX7TWWrmh0AaukoG4QbKN/xMrS6qptjBOrj
         I5p/TT7VZ29e1qriy7wnrLzcOMfX/8hzSpd5KXG5EfvGk+B0DDLyLM8V4hD9e7KZua1K
         HE4H6v9e+7DKnnr0JC1OVq+iJL43vCs4WwuBtAQ3gAqv1w9dL1NZutt+55ipyXPtP9YH
         gboWlodQskEEMmaM540lmCys4jJG6XU7Cg6MH4dXFm1My4LQZEYWA5/AEEULPbyXrEYV
         +IyXyTC2qDcfrbNiUSs/SmNdpBDEYTTPu0p2FQvg78kBArh+Qb+gba94M2yTTm6nEs4u
         RN9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=OjnVrIvGwtoddEojvu7v3r8jpkJLbQV8Ta0gkZnxU7g=;
        b=QKTCe8Je9ptra4+rCg0cxX6ytphnZ5Lyvq59lr94ZRaIK6j0c0OEw7FV303fJkFNUv
         P42WmvoCqS/9XMBk3JbBfyif8tub/Qy2g40c/CxwqQ7LyKoLwYB7ea6iUl6C+yUFdTS7
         9FZFYXJg+kaXlKRtxjpHl/ZJQkhHtE9D8QTxQNAkjkIH1GrWBcaeTTSXcj63Zu5ydT1z
         aPDz9jWXE+1UWm0WVlGBzQU3HXJhMPCt9WVWbCcCgKBJ4T/fRWQp14y0w2bcGSfRoNYv
         e8VT6+YoIG1jYBHuYy6B2iPjBGbvNDriTTbiKxHkSU1/DjzRY93HKDvJiEHiaerWPLQg
         b9YQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dJMiGNc5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id y11-20020a17090322cb00b0017f8d9b7e5fsi4240211plg.133.2022.12.14.12.30.52;
        Wed, 14 Dec 2022 12:31:01 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dJMiGNc5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230136AbiLNUPc (ORCPT <rfc822;2014014876lha@gmail.com>
        + 69 others); Wed, 14 Dec 2022 15:15:32 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46902 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229866AbiLNUOh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Dec 2022 15:14:37 -0500
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0072C2DAB7
        for <linux-kernel@vger.kernel.org>; Wed, 14 Dec 2022 12:05:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671048301;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=OjnVrIvGwtoddEojvu7v3r8jpkJLbQV8Ta0gkZnxU7g=;
        b=dJMiGNc5korgFkTz8aGwAU42B8noZ1NRT0OpwRv1k4ybyzgk8yBL2oPhRi4km9yHWJaNiM
        rNzbknOiCRylkAzY41gn+UOlUaOt9VYiIQWUw1RdtKevrljCVHcW8SkPfelMAVw/6sm//6
        mQDJWWmjSPJWl8/sPK+QH1eErz3iHeU=
Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com
 [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id
 us-mta-170-45_FoOZWMe65xOXVc74Q7A-1; Wed, 14 Dec 2022 15:05:00 -0500
X-MC-Unique: 45_FoOZWMe65xOXVc74Q7A-1
Received: by mail-qv1-f69.google.com with SMTP id 71-20020a0c804d000000b004b2fb260447so543160qva.10
        for <linux-kernel@vger.kernel.org>; Wed, 14 Dec 2022 12:04:59 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=OjnVrIvGwtoddEojvu7v3r8jpkJLbQV8Ta0gkZnxU7g=;
        b=4mEXmQIgeuGlANXYDE2tfcuP2jGU9cxpyznOTGocsY9cy6LbAE3/PiK7whfYAzlm2h
         qF+FjGjh1ntZzTfoTO/tGoS6v+imLHdDOCUd4rtpOwWeIxk5TUBeaNxOcAP54sf7OMtZ
         Rm8d8uZxnS151NIkKOlDo6LVo4SjlSVUKQbSod4OlAxQ7GuL/Hb2zAeE3HsGyg60EatY
         JghgMyyzMxNWgtCAcami2km6RO5C4A6a9RUOdpP3S5q+M7SPRaabrLjDhwgW8UviIadw
         2+BHzzICtfjElo2Xi3VCd7HLot9oFnOGd/VDKikBbrGQ+sP6vdNZTSFoHI0P7smcTasd
         sPOA==
X-Gm-Message-State: ANoB5pmgNtx8mNyr1Oa8pRZDJti+O09AhvUtkTfEf9aWSoasVs6pBdUc
        dqP3s5TrvJ+QYRCFPaRW7K+HkpRqegbTI4WXRdSO1N+HqSBmPZ8l/xg4TVKFQmBf6+4BJxyIGRq
        LkJqkJgSqKkH5/4jHpMzTkPJQUJ+ss7uuWgLBC1b751obMzny7XiFNWGMetnNB8Mm3iCXqZlXIA
        ==
X-Received: by 2002:ac8:7a92:0:b0:3a8:234a:3204 with SMTP id x18-20020ac87a92000000b003a8234a3204mr11410979qtr.23.1671048298425;
        Wed, 14 Dec 2022 12:04:58 -0800 (PST)
X-Received: by 2002:ac8:7a92:0:b0:3a8:234a:3204 with SMTP id x18-20020ac87a92000000b003a8234a3204mr11410949qtr.23.1671048298123;
        Wed, 14 Dec 2022 12:04:58 -0800 (PST)
Received: from x1n.redhat.com (bras-base-aurron9127w-grc-45-70-31-26-132.dsl.bell.ca. [70.31.26.132])
        by smtp.gmail.com with ESMTPSA id l11-20020ac848cb000000b003a689a5b177sm2199352qtr.8.2022.12.14.12.04.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 14 Dec 2022 12:04:57 -0800 (PST)
From:   Peter Xu <peterx@redhat.com>
To:     linux-kernel@vger.kernel.org, linux-mm@kvack.org
Cc:     Andrea Arcangeli <aarcange@redhat.com>,
        Pengfei Xu <pengfei.xu@intel.com>, peterx@redhat.com,
        Nadav Amit <nadav.amit@gmail.com>,
        David Hildenbrand <david@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Miaohe Lin <linmiaohe@huawei.com>,
        Huang Ying <ying.huang@intel.com>, stable@vger.kernel.org
Subject: [PATCH 1/2] mm/uffd: Fix pte marker when fork() without fork event
Date:   Wed, 14 Dec 2022 15:04:52 -0500
Message-Id: <20221214200453.1772655-2-peterx@redhat.com>
X-Mailer: git-send-email 2.37.3
In-Reply-To: <20221214200453.1772655-1-peterx@redhat.com>
References: <20221214200453.1772655-1-peterx@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When fork(), dst_vma is not guaranteed to have VM_UFFD_WP even if src may
have it and has pte marker installed.  The warning is improper along with
the comment.  The right thing is to inherit the pte marker when needed, or
keep the dst pte empty.

A vague guess is this happened by an accident when there's the prior patch
to introduce src/dst vma into this helper during the uffd-wp feature got
developed and I probably messed up in the rebase, since if we replace
dst_vma with src_vma the warning & comment it all makes sense too.

Hugetlb did exactly the right here (copy_hugetlb_page_range()).  Fix the
general path.

Reproducer:

https://github.com/xupengfe/syzkaller_logs/blob/main/221208_115556_copy_page_range/repro.c

Cc: <stable@vger.kernel.org> # 5.19+
Fixes: c56d1b62cce8 ("mm/shmem: handle uffd-wp during fork()")
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216808
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
---
 mm/memory.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/mm/memory.c b/mm/memory.c
index aad226daf41b..032ef700c3e8 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -828,12 +828,8 @@ copy_nonpresent_pte(struct mm_struct *dst_mm, struct mm_struct *src_mm,
 			return -EBUSY;
 		return -ENOENT;
 	} else if (is_pte_marker_entry(entry)) {
-		/*
-		 * We're copying the pgtable should only because dst_vma has
-		 * uffd-wp enabled, do sanity check.
-		 */
-		WARN_ON_ONCE(!userfaultfd_wp(dst_vma));
-		set_pte_at(dst_mm, addr, dst_pte, pte);
+		if (userfaultfd_wp(dst_vma))
+			set_pte_at(dst_mm, addr, dst_pte, pte);
 		return 0;
 	}
 	if (!userfaultfd_wp(dst_vma))
-- 
2.37.3