From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1653730EF7B
	for <linux-kernel@vger.kernel.org>; Tue, 26 May 2026 15:25:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779809142; cv=none; b=e9XlZgfmLs9Qpa3gyisyRaYAv9yIc9RkxYh+2yVR7ppNl1ZaEnD4ntjA8+BJkXATUbtIVir3Zx7Gju73RDI4UjwOITY1t5V+AnFjs9VRKjcYJJVLJ7M16+7ncNm0e7/0LN1KBG9qEJYfyZwLGcjldg3Tab9OVISFeH1Wn6b4M70=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779809142; c=relaxed/simple;
	bh=oI5J+dGFxehaWGIQNmFSSxTOxhYDKzNrRH0wE/D6bbs=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=PdevzgPj8/uV1Nra9mo9pMa+eUWrnAlo0KjIzZOp9qlasqGZC8COZAIeO29bH6EZLnmOIfLyAhWRURzFDG4DNZUAQwY9X/paOEuUwObMAJk4em5E2eNlNApw7ipc2Qa9YXcrXzUMOtXnR7x81NhsOvPwo2/8tHB7TfXM4xuyH7c=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OSXlzwyV; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OSXlzwyV"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 608F81F000E9;
	Tue, 26 May 2026 15:25:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1779809140;
	bh=+SrzDE8/cqy8nJcJUdAWFlhS2+gkYHsuU2i1VgUgaS8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To;
	b=OSXlzwyVcKsXaBGOhuak3CF+tKURbsF4Nm1jQaXBh8JKquL1MBiG7GFYEq/FcdNyY
	 8npjNwcxyn3BX9EcZaWZ14zwr2sibLwWRmLumnohizDkrTFuGYefUcHiI5ZQhyWgi/
	 uX0p3yCxbHzhzSA9GPUFKhY2CIFVuDU6KPnAQ5scozqfyXWos6dwgCkI1jy3aVbLpe
	 NuTM0szFQOckniFftj5XFHwLjeExyH9gmjqOKEtEjavg6F0WfIqpZyf+GBWwRO42ns
	 0lIFnt434wblt0ChCBMdoskmW7hShLCCgAG5Tb7M+TUyiWaTnzEThNZNewYE3t+RYy
	 zW2y3cTTCnhcw==
Date: Tue, 26 May 2026 16:25:35 +0100
From: Lorenzo Stoakes <ljs@kernel.org>
To: "David Hildenbrand (Arm)" <david@kernel.org>
Cc: "Liam R. Howlett" <liam@infradead.org>, 
	Mike Rapoport <rppt@kernel.org>, Andrew Morton <akpm@linux-foundation.org>, 
	David Carlier <devnexen@gmail.com>, Heechan Kang <gganji11@naver.com>, 
	Michael Bommarito <michael.bommarito@gmail.com>, Peter Xu <peterx@redhat.com>, linux-mm@kvack.org, 
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH RESEND] userfaultfd: snapshot VMA state across
 UFFDIO_COPY retry
Message-ID: <ahW7MaB7Tj0IcnEG@lucifer>
References: <20260519052516.3315196-1-rppt@kernel.org>
 <a4e9fac5-e674-4528-9815-d588a35fedec@kernel.org>
 <ag2uzVgx2Xl7zi58@kernel.org>
 <e0412898-913e-4a28-b264-36438231d0ec@kernel.org>
 <ag3BNLU1b6p9u_6K@kernel.org>
 <d48f558c-1bed-44d5-bbf6-34782ebf18f2@kernel.org>
 <z6t4kefzgrdiu4zurxt63f3qdyjbjsvgyjnpxjkufj546huf2s@hq6xghp5w4ns>
 <855a00a7-c1f4-4c6d-bd4a-f3ccb0eb1eab@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <855a00a7-c1f4-4c6d-bd4a-f3ccb0eb1eab@kernel.org>

On Tue, May 26, 2026 at 02:47:45PM +0200, David Hildenbrand (Arm) wrote:
> On 5/25/26 19:12, Liam R. Howlett wrote:
> > On 26/05/20 04:38PM, David Hildenbrand (Arm) wrote:
> >> On 5/20/26 16:12, Mike Rapoport wrote:
> >>>
> >>> Let me reiterate:
> >>>
> >>> A thread doing UFFDIO_COPY releases the VMA in mfill_copy_folio_retry(),
> >>> re-gets the VMA and checks if the per-MM counter stayed the same.
> >>>
> >>> If another thread makes any change to VMA while mfill_copy_folio_retry()
> >>> waits to re-get the VMA, the counter would be incremented by another
> >>> thread. mfill_copy_folio_retry() will see the change after mfill_get_vma()
> >>> and will bail out with -EAGAIN.
> >>>
> >>
> >> Yeah.
> >
> > This isn't bulletproof anyways.  The sequence count can wrap.  So, if
> > someone can replace the vma then cause the sequence counter wrap, then
> > you can be fooled into thinking it's okay (we had this problem years ago
> > with the vmacache using a 32 bit counter, iirc).
>
> If you can get it to wrap for such short durations, then how would sequence
> counters possibly work in any reasonable context?

Surely even for a 32-bit value, we can be pretty confident we're not going to
see a wrap that matters (the seqnum will != the prev seqnum unless 4 billion VMA
write locks were obtained)?

I may be missing something though!

>
> --
> Cheers,
>
> David

Thanks, Lorenzo