Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2618595rwd; Wed, 17 May 2023 12:03:19 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5NStshz6348itiiEflySke8yGuwY3hXTu4R/1BGLoy8GrYB7gYyVt4f4WN4YDdpuC118sa X-Received: by 2002:a17:902:dad1:b0:1ac:86b5:70eb with SMTP id q17-20020a170902dad100b001ac86b570ebmr44031859plx.39.1684350198744; Wed, 17 May 2023 12:03:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684350198; cv=none; d=google.com; s=arc-20160816; b=ei2HfjRA+UBwn0KazuXvfZ9lMrwIQDvgfjm7oEdIIgWZ/iNkJihZZy8hSN1wchU1Sp qGHjaAT66ermBOY1OpJJFkLR7d17famEJc0fwMDjwvQZl7uYpKzg0J3uhZeupemzujh/ IsirS5HpdW9kYYOFaj5AlcU/prMTbWrHaHGWMAORGvW/W5ZrISqRUlNy7ugcNzI+nEqp OwPnnOay29Ay5ya/o+LXef0yjjbe45mL/jn9uBHVGgNQCcVYPHlC7kV3YU/hPL06HuFF QAXo9JdTN0wFQb8ZpaQ5EGp5f+YL/K1zFlIed804h2fLT5Kq/kmjAGbR8jzie672xBSx HPlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=mkG2ZLXHuugF8E/05ptWNFpBJazv1H3EjWyKDlq3jVU=; b=XJ0uNyD2kzCFEabFG52Kw6jEi8qfL+gm+NSiU+HIrZpV50mgXrRWK+ShUjasD2kV6L NgNNiBsrAlJX7DnV5W3rED7wDF8SZVMEwFqCzQF8QOx29FvHeLHKm6K0GyVE0K4rRQx/ 6NeGUEI46GrkvANpHBuTRdVTdG1BlWwJhyopRGqoacso/w6M5YZ5zF+9AYGHwgGKG4iz aHqcHnfwlrpY+6vFRaeFO4HcU7XcrcGtyIedxh9q9BroFaaqeAufoTmzdzDbAhXc67WH v16truO0yeO5S/TVuQgnfFPpORDqbA9nVMD+GbMLSvoM8bTDIKhBQWBBcZwB21v7g5Pv dibw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FvVHQ2E7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i8-20020a170902c94800b001a66c501a46si24314288pla.136.2023.05.17.12.03.03; Wed, 17 May 2023 12:03:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FvVHQ2E7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229601AbjEQSzb (ORCPT + 99 others); Wed, 17 May 2023 14:55:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229484AbjEQSza (ORCPT ); Wed, 17 May 2023 14:55:30 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D04A28A79 for ; Wed, 17 May 2023 11:54:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684349683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=mkG2ZLXHuugF8E/05ptWNFpBJazv1H3EjWyKDlq3jVU=; b=FvVHQ2E7OCDYppfvzL7/yNxiUBJakWX+RUnrX70bUf3XBiKEnBj5s3cmMOaa9ct3GnjcpZ 3RTDwy1eYGhqkqvpuRURMv5XlPCP2/wiwxTMohU9ookjzhnG/YbujfP5e44qf91LKNhxVp RIk2Qkja0QLftYBqkclaBI7R9/5140Y= Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-197-Z9wH1b39NNyTm2M1zdinSQ-1; Wed, 17 May 2023 14:54:41 -0400 X-MC-Unique: Z9wH1b39NNyTm2M1zdinSQ-1 Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-61a3c7657aeso2117406d6.0 for ; Wed, 17 May 2023 11:54:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684349681; x=1686941681; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mkG2ZLXHuugF8E/05ptWNFpBJazv1H3EjWyKDlq3jVU=; b=VFYj9ub3FohxmqU3kX55DFV6QF6CaRw97j+vpQc1wgS+jesbEl/DEKNCNM83r3A8tB JjxVhu457LuLYN96M/L8WCUOMASN1+G2MsgKDm9N0eNDwbg92Epkt5AX6dvs4g+XrVDH pq3GWFdY7AaiMFAg4dmpmfvw6yx8wua/KhvGHtKBKRW4YoLaW8ksermuma3pTzRAAN95 vhLiZqnC0HPg/qlPd/E1rzEQAykPKp3Vyj7eraSkZUemLIwjFthMJGOVVGOfk332jEAF 46X4hhBxOw9MP2dqTaam5GWOsp6cwCCTrbxmprb+IYVK/NDkpDMQxwyH5Hfdep857UC5 QnpA== X-Gm-Message-State: AC+VfDxnoEF+WaByeUs+mpDLaLI17OFlW0GBrTmWs2kSUMHRlLM9xPVr PJgab51VNioXryYt9SIDkbJaf4M8FeT8wvCH5nTB3oVueEJAaBjFeXjvQSGtOTz+svQAxyKVD/W NJJI+k9nMziBCkXkfCi/Rsn/9 X-Received: by 2002:a05:6214:e6d:b0:5ac:325c:a28f with SMTP id jz13-20020a0562140e6d00b005ac325ca28fmr6964957qvb.0.1684349681327; Wed, 17 May 2023 11:54:41 -0700 (PDT) X-Received: by 2002:a05:6214:e6d:b0:5ac:325c:a28f with SMTP id jz13-20020a0562140e6d00b005ac325ca28fmr6964932qvb.0.1684349681041; Wed, 17 May 2023 11:54:41 -0700 (PDT) Received: from x1n (bras-base-aurron9127w-grc-62-70-24-86-62.dsl.bell.ca. [70.24.86.62]) by smtp.gmail.com with ESMTPSA id j7-20020a0cf507000000b006211c23abbasm6531041qvm.26.2023.05.17.11.54.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 11:54:40 -0700 (PDT) Date: Wed, 17 May 2023 14:54:39 -0400 From: Peter Xu To: Lorenzo Stoakes Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, Andrew Morton , "Liam R . Howlett" , Mark Rutland , Andrea Arcangeli , Mike Rapoport , Alexander Viro , linux-stable Subject: Re: [PATCH 1/2] mm/uffd: Fix vma operation where start addr cuts part of vma Message-ID: References: <20230517150408.3411044-1-peterx@redhat.com> <20230517150408.3411044-2-peterx@redhat.com> <4a68aee6-68d9-4d17-bb7f-cda3910f6f1f@lucifer.local> <99566f92-9b97-4b2b-b75b-860532e851fd@lucifer.local> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <99566f92-9b97-4b2b-b75b-860532e851fd@lucifer.local> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 17, 2023 at 07:40:59PM +0100, Lorenzo Stoakes wrote: > On Wed, May 17, 2023 at 02:37:41PM -0400, Peter Xu wrote: > > On Wed, May 17, 2023 at 06:20:55PM +0100, Lorenzo Stoakes wrote: > > > On Wed, May 17, 2023 at 11:04:07AM -0400, Peter Xu wrote: > > > > It seems vma merging with uffd paths is broken with either > > > > register/unregister, where right now we can feed wrong parameters to > > > > vma_merge() and it's found by recent patch which moved asserts upwards in > > > > vma_merge() by Lorenzo Stoakes: > > > > > > > > https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ > > > > > > > > The problem is in the current code base we didn't fixup "prev" for the case > > > > where "start" address can be within the "prev" vma section. In that case > > > > we should have "prev" points to the current vma rather than the previous > > > > one when feeding to vma_merge(). > > > > > > This doesn't seem quite correct, perhaps - "where start is contained within vma > > > but not clamped to its start. We need to convert this into case 4 which permits > > > subdivision of prev by assigning vma to prev. As we loop, each subsequent VMA > > > will be clamped to the start." > > > > I think it covers more than case 4 - it can also be case 0 where no merge > > will happen? > > Ugh please let's not call a case that doesn't merge by a number :P but sure of > course it might also not merge. To me the original paragraph was still fine. But if you prefer your version (which I'm perfectly fine either way if you'd like to spell out what cases it'll trigger), it'll be: It's possible that "start" is contained within vma but not clamped to its start. We need to convert this into either "cannot merge" case or "can merge" case 4 which permits subdivision of prev by assigning vma to prev. As we loop, each subsequent VMA will be clamped to the start. Does that look good to you? Thanks, -- Peter Xu