* [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
@ 2026-04-09 10:33 Denis M. Karpov
2026-04-09 10:43 ` Lorenzo Stoakes
0 siblings, 1 reply; 2+ messages in thread
From: Denis M. Karpov @ 2026-04-09 10:33 UTC (permalink / raw)
To: harry, rppt, akpm, Liam.Howlett, ljs
Cc: vbabka, jannh, peterx, pfalcato, brauner, viro, jack, linux-mm,
linux-fsdevel, linux-kernel, usama.arif, Denis M. Karpov
The current implementation of validate_range() in fs/userfaultfd.c
performs a hard check against mmap_min_addr. This is redundant because
UFFDIO_REGISTER operates on memory ranges that must already be backed
by a VMA.
Enforcing mmap_min_addr or capability checks again in userfaultfd is
unnecessary and prevents applications like binary compilers from
using UFFD for valid memory regions mapped by application.
Remove the redundant check for mmap_min_addr.
Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
Signed-off-by: Denis M. Karpov <komlomal@gmail.com>
---
v2:
- Remove the check entirely rather than replacing it, as suggested by
Harry Yoo and Lorenzo Stoakes.
- Added Fixes tag.
- Link to v1: https://lore.kernel.org/r/20260407081442.6256-1-komlomal@gmail.com
---
fs/userfaultfd.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index bdc84e521..4b53dc4a3 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1238,8 +1238,6 @@ static __always_inline int validate_unaligned_range(
return -EINVAL;
if (!len)
return -EINVAL;
- if (start < mmap_min_addr)
- return -EINVAL;
if (start >= task_size)
return -EINVAL;
if (len > task_size - start)
--
2.43.0
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr
2026-04-09 10:33 [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr Denis M. Karpov
@ 2026-04-09 10:43 ` Lorenzo Stoakes
0 siblings, 0 replies; 2+ messages in thread
From: Lorenzo Stoakes @ 2026-04-09 10:43 UTC (permalink / raw)
To: Denis M. Karpov
Cc: harry, rppt, akpm, Liam.Howlett, vbabka, jannh, peterx, pfalcato,
brauner, viro, jack, linux-mm, linux-fsdevel, linux-kernel,
usama.arif
On Thu, Apr 09, 2026 at 01:33:45PM +0300, Denis M. Karpov wrote:
> The current implementation of validate_range() in fs/userfaultfd.c
> performs a hard check against mmap_min_addr. This is redundant because
> UFFDIO_REGISTER operates on memory ranges that must already be backed
> by a VMA.
>
> Enforcing mmap_min_addr or capability checks again in userfaultfd is
> unnecessary and prevents applications like binary compilers from
> using UFFD for valid memory regions mapped by application.
>
> Remove the redundant check for mmap_min_addr.
>
> Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
> Signed-off-by: Denis M. Karpov <komlomal@gmail.com>
LGTM, so:
Reviewed-by: Lorenzo Stoakes <ljs@kernel.org>
> ---
> v2:
> - Remove the check entirely rather than replacing it, as suggested by
> Harry Yoo and Lorenzo Stoakes.
> - Added Fixes tag.
> - Link to v1: https://lore.kernel.org/r/20260407081442.6256-1-komlomal@gmail.com
> ---
> fs/userfaultfd.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index bdc84e521..4b53dc4a3 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -1238,8 +1238,6 @@ static __always_inline int validate_unaligned_range(
> return -EINVAL;
> if (!len)
> return -EINVAL;
> - if (start < mmap_min_addr)
> - return -EINVAL;
> if (start >= task_size)
> return -EINVAL;
> if (len > task_size - start)
> --
> 2.43.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-09 10:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-09 10:33 [PATCH v2] userfaultfd: allow registration of ranges below mmap_min_addr Denis M. Karpov
2026-04-09 10:43 ` Lorenzo Stoakes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox