* FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.12-stable tree
@ 2025-03-09 18:15 gregkh
2025-03-10 19:02 ` Suren Baghdasaryan
0 siblings, 1 reply; 3+ messages in thread
From: gregkh @ 2025-03-09 18:15 UTC (permalink / raw)
To: surenb, 21cnbao, Liam.Howlett, aarcange, akpm, david, hughd,
jannh, kaleshsingh, lokeshgidra, lorenzo.stoakes, peterx, stable,
v-songbaohua, willy
Cc: stable
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 927e926d72d9155fde3264459fe9bfd7b5e40d28
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2025030948-playhouse-strongman-c9c3@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 927e926d72d9155fde3264459fe9bfd7b5e40d28 Mon Sep 17 00:00:00 2001
From: Suren Baghdasaryan <surenb@google.com>
Date: Wed, 26 Feb 2025 10:55:09 -0800
Subject: [PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies
Current implementation of move_pages_pte() copies source and destination
PTEs in order to detect concurrent changes to PTEs involved in the move.
However these copies are also used to unmap the PTEs, which will fail if
CONFIG_HIGHPTE is enabled because the copies are allocated on the stack.
Fix this by using the actual PTEs which were kmap()ed.
Link: https://lkml.kernel.org/r/20250226185510.2732648-3-surenb@google.com
Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI")
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Reported-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Barry Song <21cnbao@gmail.com>
Cc: Barry Song <v-songbaohua@oppo.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jann Horn <jannh@google.com>
Cc: Kalesh Singh <kaleshsingh@google.com>
Cc: Liam R. Howlett <Liam.Howlett@Oracle.com>
Cc: Lokesh Gidra <lokeshgidra@google.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Matthew Wilcow (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
index f5c6b3454f76..d06453fa8aba 100644
--- a/mm/userfaultfd.c
+++ b/mm/userfaultfd.c
@@ -1290,8 +1290,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
spin_unlock(src_ptl);
if (!locked) {
- pte_unmap(&orig_src_pte);
- pte_unmap(&orig_dst_pte);
+ pte_unmap(src_pte);
+ pte_unmap(dst_pte);
src_pte = dst_pte = NULL;
/* now we can block and wait */
folio_lock(src_folio);
@@ -1307,8 +1307,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
/* at this point we have src_folio locked */
if (folio_test_large(src_folio)) {
/* split_folio() can block */
- pte_unmap(&orig_src_pte);
- pte_unmap(&orig_dst_pte);
+ pte_unmap(src_pte);
+ pte_unmap(dst_pte);
src_pte = dst_pte = NULL;
err = split_folio(src_folio);
if (err)
@@ -1333,8 +1333,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
goto out;
}
if (!anon_vma_trylock_write(src_anon_vma)) {
- pte_unmap(&orig_src_pte);
- pte_unmap(&orig_dst_pte);
+ pte_unmap(src_pte);
+ pte_unmap(dst_pte);
src_pte = dst_pte = NULL;
/* now we can block and wait */
anon_vma_lock_write(src_anon_vma);
@@ -1352,8 +1352,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
entry = pte_to_swp_entry(orig_src_pte);
if (non_swap_entry(entry)) {
if (is_migration_entry(entry)) {
- pte_unmap(&orig_src_pte);
- pte_unmap(&orig_dst_pte);
+ pte_unmap(src_pte);
+ pte_unmap(dst_pte);
src_pte = dst_pte = NULL;
migration_entry_wait(mm, src_pmd, src_addr);
err = -EAGAIN;
@@ -1396,8 +1396,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
src_folio = folio;
src_folio_pte = orig_src_pte;
if (!folio_trylock(src_folio)) {
- pte_unmap(&orig_src_pte);
- pte_unmap(&orig_dst_pte);
+ pte_unmap(src_pte);
+ pte_unmap(dst_pte);
src_pte = dst_pte = NULL;
put_swap_device(si);
si = NULL;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.12-stable tree
2025-03-09 18:15 FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.12-stable tree gregkh
@ 2025-03-10 19:02 ` Suren Baghdasaryan
2025-03-13 16:03 ` Greg KH
0 siblings, 1 reply; 3+ messages in thread
From: Suren Baghdasaryan @ 2025-03-10 19:02 UTC (permalink / raw)
To: gregkh
Cc: 21cnbao, Liam.Howlett, aarcange, akpm, david, hughd, jannh,
kaleshsingh, lokeshgidra, lorenzo.stoakes, peterx, stable,
v-songbaohua, willy
On Sun, Mar 9, 2025 at 11:15 AM <gregkh@linuxfoundation.org> wrote:
>
>
> The patch below does not apply to the 6.12-stable tree.
Hi Greg,
Similar to linux-6.13.y, I just posted linux-6.12.y backport [1] for
an earlier patch and with
that and with 37b338eed10581784e854d4262da05c8d960c748 which you
already backported into linux-6.12.y this patch should merge cleanly.
Could you please try cherry-picking it again after merging [1] into
linux-6.12.y?
Thanks,
Suren.
[1] https://lore.kernel.org/all/20250310185747.1238197-1-surenb@google.com/
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
>
> To reproduce the conflict and resubmit, you may use the following commands:
>
> git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
> git checkout FETCH_HEAD
> git cherry-pick -x 927e926d72d9155fde3264459fe9bfd7b5e40d28
> # <resolve conflicts, build, test, etc.>
> git commit -s
> git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2025030948-playhouse-strongman-c9c3@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
>
> Possible dependencies:
>
>
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> From 927e926d72d9155fde3264459fe9bfd7b5e40d28 Mon Sep 17 00:00:00 2001
> From: Suren Baghdasaryan <surenb@google.com>
> Date: Wed, 26 Feb 2025 10:55:09 -0800
> Subject: [PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies
>
> Current implementation of move_pages_pte() copies source and destination
> PTEs in order to detect concurrent changes to PTEs involved in the move.
> However these copies are also used to unmap the PTEs, which will fail if
> CONFIG_HIGHPTE is enabled because the copies are allocated on the stack.
> Fix this by using the actual PTEs which were kmap()ed.
>
> Link: https://lkml.kernel.org/r/20250226185510.2732648-3-surenb@google.com
> Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI")
> Signed-off-by: Suren Baghdasaryan <surenb@google.com>
> Reported-by: Peter Xu <peterx@redhat.com>
> Reviewed-by: Peter Xu <peterx@redhat.com>
> Cc: Andrea Arcangeli <aarcange@redhat.com>
> Cc: Barry Song <21cnbao@gmail.com>
> Cc: Barry Song <v-songbaohua@oppo.com>
> Cc: David Hildenbrand <david@redhat.com>
> Cc: Hugh Dickins <hughd@google.com>
> Cc: Jann Horn <jannh@google.com>
> Cc: Kalesh Singh <kaleshsingh@google.com>
> Cc: Liam R. Howlett <Liam.Howlett@Oracle.com>
> Cc: Lokesh Gidra <lokeshgidra@google.com>
> Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
> Cc: Matthew Wilcow (Oracle) <willy@infradead.org>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
>
> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
> index f5c6b3454f76..d06453fa8aba 100644
> --- a/mm/userfaultfd.c
> +++ b/mm/userfaultfd.c
> @@ -1290,8 +1290,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
> spin_unlock(src_ptl);
>
> if (!locked) {
> - pte_unmap(&orig_src_pte);
> - pte_unmap(&orig_dst_pte);
> + pte_unmap(src_pte);
> + pte_unmap(dst_pte);
> src_pte = dst_pte = NULL;
> /* now we can block and wait */
> folio_lock(src_folio);
> @@ -1307,8 +1307,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
> /* at this point we have src_folio locked */
> if (folio_test_large(src_folio)) {
> /* split_folio() can block */
> - pte_unmap(&orig_src_pte);
> - pte_unmap(&orig_dst_pte);
> + pte_unmap(src_pte);
> + pte_unmap(dst_pte);
> src_pte = dst_pte = NULL;
> err = split_folio(src_folio);
> if (err)
> @@ -1333,8 +1333,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
> goto out;
> }
> if (!anon_vma_trylock_write(src_anon_vma)) {
> - pte_unmap(&orig_src_pte);
> - pte_unmap(&orig_dst_pte);
> + pte_unmap(src_pte);
> + pte_unmap(dst_pte);
> src_pte = dst_pte = NULL;
> /* now we can block and wait */
> anon_vma_lock_write(src_anon_vma);
> @@ -1352,8 +1352,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
> entry = pte_to_swp_entry(orig_src_pte);
> if (non_swap_entry(entry)) {
> if (is_migration_entry(entry)) {
> - pte_unmap(&orig_src_pte);
> - pte_unmap(&orig_dst_pte);
> + pte_unmap(src_pte);
> + pte_unmap(dst_pte);
> src_pte = dst_pte = NULL;
> migration_entry_wait(mm, src_pmd, src_addr);
> err = -EAGAIN;
> @@ -1396,8 +1396,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
> src_folio = folio;
> src_folio_pte = orig_src_pte;
> if (!folio_trylock(src_folio)) {
> - pte_unmap(&orig_src_pte);
> - pte_unmap(&orig_dst_pte);
> + pte_unmap(src_pte);
> + pte_unmap(dst_pte);
> src_pte = dst_pte = NULL;
> put_swap_device(si);
> si = NULL;
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.12-stable tree
2025-03-10 19:02 ` Suren Baghdasaryan
@ 2025-03-13 16:03 ` Greg KH
0 siblings, 0 replies; 3+ messages in thread
From: Greg KH @ 2025-03-13 16:03 UTC (permalink / raw)
To: Suren Baghdasaryan
Cc: 21cnbao, Liam.Howlett, aarcange, akpm, david, hughd, jannh,
kaleshsingh, lokeshgidra, lorenzo.stoakes, peterx, stable,
v-songbaohua, willy
On Mon, Mar 10, 2025 at 12:02:12PM -0700, Suren Baghdasaryan wrote:
> On Sun, Mar 9, 2025 at 11:15 AM <gregkh@linuxfoundation.org> wrote:
> >
> >
> > The patch below does not apply to the 6.12-stable tree.
>
> Hi Greg,
> Similar to linux-6.13.y, I just posted linux-6.12.y backport [1] for
> an earlier patch and with
> that and with 37b338eed10581784e854d4262da05c8d960c748 which you
> already backported into linux-6.12.y this patch should merge cleanly.
> Could you please try cherry-picking it again after merging [1] into
> linux-6.12.y?
Now done, thanks.
greg k-h
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-03-13 16:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-09 18:15 FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.12-stable tree gregkh
2025-03-10 19:02 ` Suren Baghdasaryan
2025-03-13 16:03 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).