Received: by 2002:a05:7412:798b:b0:fc:a2b0:25d7 with SMTP id fb11csp590724rdb;
        Thu, 22 Feb 2024 13:01:01 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCUNvvl2tOM3Z6ELqCGRrC/eGL5S+OysfsRmCGQrygDzsAceEtZDmgGc7MbP58r9j/+Lq+tK9CdwESqrTNJHxNzuYpTAZ5KzsuRHoVs6oA==
X-Google-Smtp-Source: AGHT+IFyYIa3GobtiyHIxLeRNjqCsTZXzYh21CIFimMY/c18mI8nRyb5jf21qLZ9l5SJh8uRr6Qz
X-Received: by 2002:a05:6359:4f82:b0:17b:7de:bab6 with SMTP id nh2-20020a0563594f8200b0017b07debab6mr22918134rwb.28.1708635661045;
        Thu, 22 Feb 2024 13:01:01 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708635661; cv=pass;
        d=google.com; s=arc-20160816;
        b=eryIH6WxoDfwCR/hi2bk8XM8vVn+9a2r+XWOGreqp5PnsudxZ5Xrxj1l2Sb0J6q9QW
         WfhDJB9YmR+g4+pa74GfXlgkTRBLD1V6OWlWrunuwrNoZkE6FuW3S1nlhNIzWMauH3ct
         GQHhHCXGzkv5tVjMubmfM1Mo3OomxxitV3b4buCBYRFjJcPTVGH40soU/1hoeVvTkPqg
         P4IU39eR0GNvww+B2XM0Yomy0m2S6A/3+YbGPGIbxZ1t7jGLbfOml2Th5IU61UjOkLQB
         OTPMtAZyGPcd9v0cFtjeiLwzK0dumG1/Dro7xCiJjeYCux7FBHLVMjen9b69vYIYe7ca
         x+/w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :subject:cc:to:from:date:dkim-signature;
        bh=5g1ufyiq60aRWeUnMDwoFLYdQZoebiuC53CwmwEpMqo=;
        fh=n+fL9e+zDc9E/Rd7rFTDXRiGt3nVBX4naeZnrb3xv1M=;
        b=qsMWhA3h6v/7/RCUwouDhXS5wN5Y9DrbXCpRKdGh419QExt+OrrdWBPb0bytc/k4dZ
         fSwy1DAQ16Gpkj3gymgIUI3/D6eVMzqjCENcxyc7wTfDbtI2ud/y3j+0j7gQ0Z9ptgyK
         FMKBLwpT2BY3VrvqEFX2qq1CY9yonWDoKm6BrtysXowB+xLx0NBpe+w520eVUVEKrv5Y
         tErHYmgVanKJAN2KIUqh4u0V6hluNj5SXQ+xo9JyMQS2aNXGLqIe0C4spQNw8qe5GpJm
         IDo/MYCenncVUTRpKhiA4+EMFb1FRGw3RMdH0rB5C0sWskWB6j/qJ8SGwLMUw4fcwf2v
         +cTA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=korg header.b=RzVo8jjC;
       arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-77354-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-77354-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-77354-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id l4-20020a63ba44000000b005c658bf30aasi11131669pgu.412.2024.02.22.13.01.00
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 22 Feb 2024 13:01:01 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-77354-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=korg header.b=RzVo8jjC;
       arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-77354-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-77354-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 740D9289105
	for <linux.lists.archive@gmail.com>; Thu, 22 Feb 2024 21:00:13 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 0E31573F0E;
	Thu, 22 Feb 2024 21:00:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="RzVo8jjC"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E12671752
	for <linux-kernel@vger.kernel.org>; Thu, 22 Feb 2024 21:00:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708635607; cv=none; b=uznKBq3SOO+/NmQ96tzGdkHvm1qlGXvaGV0kaTb6byfebo+N8NhPwjtm1JPTmPXWl8WEcaEoQHyKC8V2GNMj+pxMfe0TVDxVtjTJ1A1xv6abzN9i2YvuJvdB+WIMKjrg8Lg0tgbBnGL4b+Fg4rBDwv1kXKG+tVndbKwmC2Suvj8=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708635607; c=relaxed/simple;
	bh=HymouZr2YHKpHb3mvgD1ibkZ/BT1PspGINwhb5XB978=;
	h=Date:From:To:Cc:Subject:Message-Id:In-Reply-To:References:
	 Mime-Version:Content-Type; b=g61s2NQtQinzhaIeGg/p8z5g08hxk+mFDYXRlabqvdCBVLOzudMO6MAbsQZ+sEvPQ9JziPHOr+dR0cRvzcDEpqJ1NDF6M6Z4E7ZzwYshRu5p/CfgWkOOPOg2JEk0Dv3LpBknfeySxYHRmeBXk0ZAvJ7kXwg77u+qsOyWl3LSKTI=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=RzVo8jjC; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 56E32C433F1;
	Thu, 22 Feb 2024 21:00:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1708635606;
	bh=HymouZr2YHKpHb3mvgD1ibkZ/BT1PspGINwhb5XB978=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=RzVo8jjCWjxbKTR0lq4p74IvclPrBtHc0dD6boesc39QJaNz4PlZn+6LQH1Mbcst+
	 6Z8ynsaGqqGbItqtA8y89ryPQyb/BTsyh23/5cSpzmc4BvRsvS8/43kmPr0MVMBp2/
	 pnPQSdlh8lZQANoKTmmsTr/QU8xbguAK4lvXf0Uo=
Date: Thu, 22 Feb 2024 13:00:05 -0800
From: Andrew Morton <akpm@linux-foundation.org>
To: Qi Zheng <zhengqi.arch@bytedance.com>
Cc: aarcange@redhat.com, surenb@google.com, david@redhat.com,
 linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm: userfaultfd: fix unexpected change to src_folio
 when UFFDIO_MOVE fails
Message-Id: <20240222130005.c3f24eed1c1a27c66947e9df@linux-foundation.org>
In-Reply-To: <20240222080815.46291-1-zhengqi.arch@bytedance.com>
References: <20240222080815.46291-1-zhengqi.arch@bytedance.com>
X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Thu, 22 Feb 2024 16:08:15 +0800 Qi Zheng <zhengqi.arch@bytedance.com> wrote:

> After ptep_clear_flush(), if we find that src_folio is pinned we will fail
> UFFDIO_MOVE and put src_folio back to src_pte entry, but the change to
> src_folio->{mapping,index} is not restored in this process. This is not
> what we expected, so fix it.
> 
> Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI")

What are the expected worst-case userspace-visible runtime effects of
this flaw?