Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1413008lqp; Fri, 22 Mar 2024 14:14:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW8eyCAuCuJrCf93Ui84yMQme7eVUNkhFaVJxHnNiUnYFKBuyKDIWBXhTKXXKblfhExmhk0E5qCI7KSD81U2XUMmp/8fBAJWDtXGgzlLw== X-Google-Smtp-Source: AGHT+IFgEe6AwPDfTS+9+5tcYXX/mP8Y+VLzqatByE3MlKunHMGYGgJr6KuLpWICLysSqfoBJSjm X-Received: by 2002:a05:6a20:748d:b0:1a3:57f8:7aee with SMTP id p13-20020a056a20748d00b001a357f87aeemr960724pzd.46.1711142066730; Fri, 22 Mar 2024 14:14:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711142066; cv=pass; d=google.com; s=arc-20160816; b=OIRkVHiW6bi3yO9TLS7TkrahWSnS9guY6+oZfBhPGDlk2EmSwSSGoXadDYfY6GLVmL 3SOhsgV29A81kWzQz47lH0IqYiBg0wZOUYmR62aysxO0nk+xqufXZ8nzPkOf7dyy6bFe jD86xOcdQWIPGov/zEgvdX2vu8C6g9LDLihVwmlGLCdVqeGaRiSTMqbDOYLqr6swYTWx /ixHf801jTiTpSMTjJBoHplRnbwz7CxHAXcnSMjM1huVeukChl5h+UlNE0/0qKt02A1u NJavcOBz049K73V3WNeUQDUQgTL+Db8j/mkEpG+YLrwcGG61fERUQdpqucd/Z0UNANlv 2Kug== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=KmgzYVb0qHzcH73XxTT4tk5ZPnrch6O0LrMU5dSxuQ4=; fh=xCdghScYflSFAC0Ima4/9oAyoImdtULsXgq0VD8DlMw=; b=bjZVdMFBMuH9JPmjvOS2+Sv3hUawv9Q2VkY2riCKRdhbsP95QMhzQql8+GC3SKgF0n 3Wvs0CqIq/3iqgyW382uLmcqlqbEtkJZDo9AKsP6Odu7AbWBLUAFL3YQx3r/yY+834i4 pnjTm0zYLnSW5gffzq6bct8b5sDsdIstiqdgllTHlbolLcbB4YVJLCOd0dElGsshfY35 uG2OvLpLlqCorQPzJ5PslXMFgWiRKUQzjtFBOjCMD3qWSMim1aPdNEJcTff9uWjyN1/h kaINTVQBeK75asz32TQj+Et3t0hecBOFp6MkuRY2gDZL0iY0MkCDGW6O7kN0+AACC/p+ 0eRg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=Tq47jvbP; arc=pass (i=1 spf=pass spfdomain=szeredi.hu dkim=pass dkdomain=szeredi.hu dmarc=pass fromdomain=szeredi.hu); spf=pass (google.com: domain of linux-kernel+bounces-112031-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112031-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id ka17-20020a056a00939100b006e64772d362si333382pfb.399.2024.03.22.14.14.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 14:14:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-112031-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=Tq47jvbP; arc=pass (i=1 spf=pass spfdomain=szeredi.hu dkim=pass dkdomain=szeredi.hu dmarc=pass fromdomain=szeredi.hu); spf=pass (google.com: domain of linux-kernel+bounces-112031-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112031-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8EA15B21936 for ; Fri, 22 Mar 2024 21:14:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CC21F7FBD1; Fri, 22 Mar 2024 21:14:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=szeredi.hu header.i=@szeredi.hu header.b="Tq47jvbP" Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E62477FBAC for ; Fri, 22 Mar 2024 21:14:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.42 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711142050; cv=none; b=JHXXgMDTx9DgEorX7s7WfsA5Y/C/5YEoT0BBzsjKW8t62ET1FZpOUvXGriyHeQPATYkyR/w4uFt2SbHharPG35TVTI+PgoayH3wyKeA0SJqFZ0YMY6QAWmbrp5Yssti2d4UBV7+4LlJIEhzboLrSlTZhgIqfDymrzzBGR0e3F24= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711142050; c=relaxed/simple; bh=YK8oWB/5jtIhX0dRO1eYJBGTD8O4TPyHeQZLJnKitag=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=AdXmxTfCVqbJqyiT7+mOdtOjPqiTDcpRcL716P2iYZxeGxEqGWGgd/aOmzK73g/ufE6wNOBGZwspus88pL/OV9ymVwkJAOWqT3QgOzQatSbocpKmf/aP8Cnm94TEdJF7N9Rx3BbfbQSYfbORXnH720yGvxw4vWQImF8Zs9BC3do= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=szeredi.hu; spf=pass smtp.mailfrom=szeredi.hu; dkim=pass (1024-bit key) header.d=szeredi.hu header.i=@szeredi.hu header.b=Tq47jvbP; arc=none smtp.client-ip=209.85.218.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=szeredi.hu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=szeredi.hu Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-a466a27d30aso336637166b.1 for ; Fri, 22 Mar 2024 14:14:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; t=1711142047; x=1711746847; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KmgzYVb0qHzcH73XxTT4tk5ZPnrch6O0LrMU5dSxuQ4=; b=Tq47jvbPrBpg0pRpjlqi9YL/LJWBpyxn1sfm+6hBKAJuwRJMSyfsTYNK7nyVpfDq9k 9ffDwARUo0DIPaU9m1E+ldk5tRX9AO26y6Mf1uGapXWB9au1NjHtjv7LDCJhtaQorJVf 2cLU56jLh6CL3OICfvrQS+VaNeZZGjbFEYghc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711142047; x=1711746847; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KmgzYVb0qHzcH73XxTT4tk5ZPnrch6O0LrMU5dSxuQ4=; b=aqsoYoIkA+6UUt48xcFojhV2sMhmg8w+JYSufmAC4kVxxZ/x+af2GDR0EDYJZ2aJSx jMcKe8giZRDIguw6/RLqqDx81flChlYCQYc3kSC3W8kYsM+cdqQe2yipc3+KSGgPilKW AyRpwxgUTvIOO7uzKrWVfzCeXeZkOFxEZ6kbbfao60QjEl/cUqkUsWY8dU+EbjVeR71Y 1XFmH1ZoEx5fLU4Fa/M+b1Ian5JR0Qkr9p8D0KMiL9CbSdSa4lrhQPUl2Xll7GvVSSdX OBlGtHHRgjA4qb2IL7SnkYx5gY+uknjSbsgsFjp4tSeurXTq0dx5+4ZVUZIc5/QxaEYw JHBg== X-Forwarded-Encrypted: i=1; AJvYcCWxk3Pi5N9F/2AnrSI7W67Gpo8ji2OeM+Kh2wWZXVXHMvutP7DP6pca01167ZDQWOD84qV3RrECx0T++oAYuQFAzheaT4V4phztFUPa X-Gm-Message-State: AOJu0YyX9OWSG7M0yxoWhkgoyAatN0SYiMTau4QerMp8vJ+MFlCeDmP8 M5Ux/l9pD3qUcrVnLtUs1BV7QDxrj4/36HMRtOJutgBO/glzRXA+zx6qD5PTZ7MmFhtOsl/viWg MFYvpvpKe8qpL9D6CFjiSXiMW1aP2NmCNypkQ7Q== X-Received: by 2002:a17:907:77ce:b0:a46:d049:6de2 with SMTP id kz14-20020a17090777ce00b00a46d0496de2mr496828ejc.70.1711142046762; Fri, 22 Mar 2024 14:14:06 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <620f68b0-4fe0-4e3e-856a-dedb4bcdf3a7@redhat.com> In-Reply-To: <620f68b0-4fe0-4e3e-856a-dedb4bcdf3a7@redhat.com> From: Miklos Szeredi Date: Fri, 22 Mar 2024 22:13:55 +0100 Message-ID: Subject: Re: BUG: unable to handle kernel paging request in fuse_copy_do To: David Hildenbrand Cc: xingwei lee , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, samsun1006219@gmail.com, syzkaller-bugs@googlegroups.com, linux-mm , Mike Rapoport Content-Type: text/plain; charset="UTF-8" On Fri, 22 Mar 2024 at 22:08, David Hildenbrand wrote: > > On 22.03.24 20:46, Miklos Szeredi wrote: > > On Fri, 22 Mar 2024 at 16:41, David Hildenbrand wrote: > > > >> But at least the vmsplice() just seems to work. Which is weird, because > >> GUP-fast should not apply (page not faulted in?) > > > > But it is faulted in, and that indeed seems to be the root cause. > > secretmem mmap() won't populate the page tables. So it's not faulted in yet. > > When we GUP via vmsplice, GUP-fast should not find it in the page tables > and fallback to slow GUP. > > There, we seem to pass check_vma_flags(), trigger faultin_page() to > fault it in, and then find it via follow_page_mask(). > > ... and I wonder how we manage to skip check_vma_flags(), or otherwise > managed to GUP it. > > vmsplice() should, in theory, never succeed here. > > Weird :/ > > > Improved repro: > > > > #define _GNU_SOURCE > > > > #include > > #include > > #include > > #include > > #include > > #include > > > > int main(void) > > { > > int fd1, fd2; > > int pip[2]; > > struct iovec iov; > > char *addr; > > int ret; > > > > fd1 = syscall(__NR_memfd_secret, 0); > > addr = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, fd1, 0); > > ftruncate(fd1, 7); > > addr[0] = 1; /* fault in page */ Here the page is faulted in and GUP-fast will find it. It's not in the kernel page table, but it is in the user page table, which is what matter for GUP. Thanks, Miklos