* Re: [PATCH v2 1/3] userfaultfd: ensure mremap_userfaultfd_fail() releases mmap_changing [not found] ` <20260501145433.156211-2-rppt@kernel.org> @ 2026-05-11 9:15 ` David Hildenbrand (Arm) 2026-05-11 10:48 ` Mike Rapoport 0 siblings, 1 reply; 3+ messages in thread From: David Hildenbrand (Arm) @ 2026-05-11 9:15 UTC (permalink / raw) To: Mike Rapoport, Andrew Morton Cc: Alexander Viro, Christian Brauner, Jan Kara, Peter Xu, linux-fsdevel, linux-kernel, linux-mm On 5/1/26 16:54, Mike Rapoport wrote: > From: "Mike Rapoport (Microsoft)" <rppt@kernel.org> > > Sashiko says: > > mremap_userfaultfd_prep() increments ctx->mmap_changing to stall > concurrent operations, but mremap_userfaultfd_fail() does not > decrement it before dropping the context reference. > > If an mremap operation fails, ctx->mmap_changing remains elevated. This > will causes subsequent userfaultfd operations like a UFFDIO_COPY to fail > with -EAGAIN. > Sounds like we should CC stable? > Decrement ctx->mmap_changing in mremap_userfaultfd_fail(). > > Link: https://sashiko.dev/#/patchset/20260430113512.115938-1-rppt@kernel.org > Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") > Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org> > --- > fs/userfaultfd.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c > index 4b53dc4a3266..ef963a58f1a1 100644 > --- a/fs/userfaultfd.c > +++ b/fs/userfaultfd.c > @@ -786,6 +786,7 @@ void mremap_userfaultfd_fail(struct vm_userfaultfd_ctx *vm_ctx) > if (!ctx) > return; > > + atomic_dec(&ctx->mmap_changing); I'll note that other users have a VM_WARN_ON_ONCE(atomic_read(&ctx->mmap_changing) < 0); In there. Likely we should do the same? -- Cheers, David ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2 1/3] userfaultfd: ensure mremap_userfaultfd_fail() releases mmap_changing 2026-05-11 9:15 ` [PATCH v2 1/3] userfaultfd: ensure mremap_userfaultfd_fail() releases mmap_changing David Hildenbrand (Arm) @ 2026-05-11 10:48 ` Mike Rapoport 2026-05-11 12:18 ` David Hildenbrand (Arm) 0 siblings, 1 reply; 3+ messages in thread From: Mike Rapoport @ 2026-05-11 10:48 UTC (permalink / raw) To: David Hildenbrand (Arm) Cc: Andrew Morton, Alexander Viro, Christian Brauner, Jan Kara, Peter Xu, linux-fsdevel, linux-kernel, linux-mm On Mon, May 11, 2026 at 11:15:34AM +0200, David Hildenbrand (Arm) wrote: > On 5/1/26 16:54, Mike Rapoport wrote: > > From: "Mike Rapoport (Microsoft)" <rppt@kernel.org> > > > > Sashiko says: > > > > mremap_userfaultfd_prep() increments ctx->mmap_changing to stall > > concurrent operations, but mremap_userfaultfd_fail() does not > > decrement it before dropping the context reference. > > > > If an mremap operation fails, ctx->mmap_changing remains elevated. This > > will causes subsequent userfaultfd operations like a UFFDIO_COPY to fail > > with -EAGAIN. > > > > Sounds like we should CC stable? Yes. > > Decrement ctx->mmap_changing in mremap_userfaultfd_fail(). > > > > Link: https://sashiko.dev/#/patchset/20260430113512.115938-1-rppt@kernel.org > > Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") > > Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org> > > --- > > fs/userfaultfd.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c > > index 4b53dc4a3266..ef963a58f1a1 100644 > > --- a/fs/userfaultfd.c > > +++ b/fs/userfaultfd.c > > @@ -786,6 +786,7 @@ void mremap_userfaultfd_fail(struct vm_userfaultfd_ctx *vm_ctx) > > if (!ctx) > > return; > > > > + atomic_dec(&ctx->mmap_changing); > > I'll note that other users have a > > VM_WARN_ON_ONCE(atomic_read(&ctx->mmap_changing) < 0); > > In there. Likely we should do the same? Yeah, we could. > -- > Cheers, > > David -- Sincerely yours, Mike. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2 1/3] userfaultfd: ensure mremap_userfaultfd_fail() releases mmap_changing 2026-05-11 10:48 ` Mike Rapoport @ 2026-05-11 12:18 ` David Hildenbrand (Arm) 0 siblings, 0 replies; 3+ messages in thread From: David Hildenbrand (Arm) @ 2026-05-11 12:18 UTC (permalink / raw) To: Mike Rapoport Cc: Andrew Morton, Alexander Viro, Christian Brauner, Jan Kara, Peter Xu, linux-fsdevel, linux-kernel, linux-mm On 5/11/26 12:48, Mike Rapoport wrote: > On Mon, May 11, 2026 at 11:15:34AM +0200, David Hildenbrand (Arm) wrote: >> On 5/1/26 16:54, Mike Rapoport wrote: >>> From: "Mike Rapoport (Microsoft)" <rppt@kernel.org> >>> >>> Sashiko says: >>> >>> mremap_userfaultfd_prep() increments ctx->mmap_changing to stall >>> concurrent operations, but mremap_userfaultfd_fail() does not >>> decrement it before dropping the context reference. >>> >>> If an mremap operation fails, ctx->mmap_changing remains elevated. This >>> will causes subsequent userfaultfd operations like a UFFDIO_COPY to fail >>> with -EAGAIN. >>> >> >> Sounds like we should CC stable? > > Yes. > >>> Decrement ctx->mmap_changing in mremap_userfaultfd_fail(). >>> >>> Link: https://sashiko.dev/#/patchset/20260430113512.115938-1-rppt@kernel.org >>> Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") >>> Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org> >>> --- >>> fs/userfaultfd.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c >>> index 4b53dc4a3266..ef963a58f1a1 100644 >>> --- a/fs/userfaultfd.c >>> +++ b/fs/userfaultfd.c >>> @@ -786,6 +786,7 @@ void mremap_userfaultfd_fail(struct vm_userfaultfd_ctx *vm_ctx) >>> if (!ctx) >>> return; >>> >>> + atomic_dec(&ctx->mmap_changing); >> >> I'll note that other users have a >> >> VM_WARN_ON_ONCE(atomic_read(&ctx->mmap_changing) < 0); >> >> In there. Likely we should do the same? > > Yeah, we could. In any case Reviewed-by: David Hildenbrand (Arm) <david@kernel.org> -- Cheers, David ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-11 12:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20260501145433.156211-1-rppt@kernel.org>
[not found] ` <20260501145433.156211-2-rppt@kernel.org>
2026-05-11 9:15 ` [PATCH v2 1/3] userfaultfd: ensure mremap_userfaultfd_fail() releases mmap_changing David Hildenbrand (Arm)
2026-05-11 10:48 ` Mike Rapoport
2026-05-11 12:18 ` David Hildenbrand (Arm)
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox