Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp260587rdd; Tue, 9 Jan 2024 03:26:48 -0800 (PST) X-Google-Smtp-Source: AGHT+IFOy7x/TUOFzg4EL5CegyDUC9uejo5m3c2VrOhKyUCy2HE74pMMKFbogIbP8AaSLKvt+byB X-Received: by 2002:a05:6808:1294:b0:3b9:d7a0:d15c with SMTP id a20-20020a056808129400b003b9d7a0d15cmr3225687oiw.34.1704799608488; Tue, 09 Jan 2024 03:26:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704799608; cv=none; d=google.com; s=arc-20160816; b=ZNkBzVLTrb3d3haEUbiLTcwzX0fZtMPxvWt3j/DvlAPkl0VzxIE11w/i4MaoMyWO3R M45buDpka0yC9I+JLSHDQXGVkZNLF0X1cQmSyqHt6gn1BNTNnq2m/A1yvIB9S19SCAX5 6QJ5fnGU1ne4P3zsifgcVWGhvhbzpRH3RFPGhoK0aRDeROI8VirydKnFGCJJFK2ooSty Da5TUFuiSX710/byvmCgjzAOwiFsvmqAgEbu0mr/N7t5L5mtQu6JOHofWqen9IBJn383 uNNCVmCDgHceHnnE4hVYYUAt6SQOz+dGMxSE2sLHR1tzTKkuBZ7Gw/+R8aQ+XUhO18CL PyXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=4Q/OHuRnE6fu0wU13DBm6h4q7K0Nl7t3ZJ4LavLbdYY=; fh=Fzin3729yjWj3P4LnuPNwJn8n48UvHumfELKbC0xQI4=; b=aAhDMnjb9zWTo71v1U6ZmpOH7rJeS+CwPKh6RE24GiBFdLBHxG+kplNvbbe2XZrzAI 8mKVJciRstNoPgtw8zF2Qa8AxETwHq+Tiz5j9yPRaoJlP5MAINOQtC4SfP9azGywGICC yN6sufwlXF9Me+qb3CjpMV2njJOOS0kzerCCnCaOGdkiotSORmHoqgCwCJqbs9XVB77k 6Tx9x1XNVuXN6nIca0eeNzzOFoyIAVc1rLk9CrZiuUqE9D7SdwasAWbW4FglKDl6Z5TL BzW9QfORGBRDdd1lAeWsLU0zSt72gJ2RmLtqxLCWqw1IDKuOrhh+EWj3r3bBv0BDCoz+ 1Onw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=OopZzPMe; spf=pass (google.com: domain of linux-kernel+bounces-20770-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20770-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id a10-20020a0ca98a000000b00680bb9364f6si1991936qvb.84.2024.01.09.03.26.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 03:26:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-20770-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=OopZzPMe; spf=pass (google.com: domain of linux-kernel+bounces-20770-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20770-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 3E3B31C20985 for ; Tue, 9 Jan 2024 11:26:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D7CCC38FBE; Tue, 9 Jan 2024 11:25:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=collabora.com header.i=@collabora.com header.b="OopZzPMe" Received: from madrid.collaboradmins.com (madrid.collaboradmins.com [46.235.227.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62FCC381AD; Tue, 9 Jan 2024 11:25:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=collabora.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=collabora.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1704799500; bh=Wn4ecH1GNnkPZ7jx7eZ6iiftyWhdMfTiRzbfmCdSNsI=; h=From:To:Cc:Subject:Date:From; b=OopZzPMexnJA9WO4ltmJ2GaJf0sLZBuWRX3VOrYwXUgHsZmOcio5QV7DfDGTbkeJg vSVUsIH0R/IyEo0v0x0twpVhymcDIqQBikyER3Y37OnTqSTupJag5LLq+umN+hbr7k ATV3Hnga2PrjrNfQne58DqtFCcLF9W+vfU7+adTXmZtsZs6+jfr6to39/pludbD0e5 D5icx+dtpAruHv/OmnuIrjXObjmqyR4LPFYFUDYV1zRQ3v68vyG/meyrWM1+olctTM 4mpWDOf2kMgTnN7se6UxzCIy+VNkpcsjaPTZir6VpJaZ5f3gswuoehb1I364QsE98u LHwpcm/Ew1d8w== Received: from localhost.localdomain (cola.collaboradmins.com [195.201.22.229]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: usama.anjum) by madrid.collaboradmins.com (Postfix) with ESMTPSA id 6EEC63782056; Tue, 9 Jan 2024 11:24:55 +0000 (UTC) From: Muhammad Usama Anjum To: Andrew Morton , David Hildenbrand , Muhammad Usama Anjum , Andrei Vagin , Peter Xu , Hugh Dickins , Suren Baghdasaryan , Ryan Roberts , Kefeng Wang , "Liam R. Howlett" , =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= , Stephen Rothwell , Arnd Bergmann Cc: kernel@collabora.com, syzbot+81227d2bd69e9dedb802@syzkaller.appspotmail.com, Sean Christopherson , stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH] fs/proc/task_mmu: move mmu notification mechanism inside mm lock Date: Tue, 9 Jan 2024 16:24:42 +0500 Message-ID: <20240109112445.590736-1-usama.anjum@collabora.com> X-Mailer: git-send-email 2.42.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Move mmu notification mechanism inside mm lock to prevent race condition in other components which depend on it. The notifier will invalidate memory range. Depending upon the number of iterations, different memory ranges would be invalidated. The following warning would be removed by this patch: WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 There is no behavioural and performance change with this patch when there is no component registered with the mmu notifier. Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Reported-by: syzbot+81227d2bd69e9dedb802@syzkaller.appspotmail.com Link: https://lore.kernel.org/all/000000000000f6d051060c6785bc@google.com/ Cc: Sean Christopherson Cc: stable@vger.kernel.org Signed-off-by: Muhammad Usama Anjum --- fs/proc/task_mmu.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 62b16f42d5d2..56c2e7357494 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -2448,13 +2448,6 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg) if (ret) return ret; - /* Protection change for the range is going to happen. */ - if (p.arg.flags & PM_SCAN_WP_MATCHING) { - mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0, - mm, p.arg.start, p.arg.end); - mmu_notifier_invalidate_range_start(&range); - } - for (walk_start = p.arg.start; walk_start < p.arg.end; walk_start = p.arg.walk_end) { long n_out; @@ -2467,8 +2460,20 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg) ret = mmap_read_lock_killable(mm); if (ret) break; + + /* Protection change for the range is going to happen. */ + if (p.arg.flags & PM_SCAN_WP_MATCHING) { + mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0, + mm, walk_start, p.arg.end); + mmu_notifier_invalidate_range_start(&range); + } + ret = walk_page_range(mm, walk_start, p.arg.end, &pagemap_scan_ops, &p); + + if (p.arg.flags & PM_SCAN_WP_MATCHING) + mmu_notifier_invalidate_range_end(&range); + mmap_read_unlock(mm); n_out = pagemap_scan_flush_buffer(&p); @@ -2494,9 +2499,6 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg) if (pagemap_scan_writeback_args(&p.arg, uarg)) ret = -EFAULT; - if (p.arg.flags & PM_SCAN_WP_MATCHING) - mmu_notifier_invalidate_range_end(&range); - kfree(p.vec_buf); return ret; } -- 2.42.0