Re: [PATCH 6.12.y] mm: userfaultfd: fix race of userfaultfd_move and swap cache

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, lokeshgidra@google.com
Cc: Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 6.12.y] mm: userfaultfd: fix race of userfaultfd_move and swap cache
Date: Tue,  8 Jul 2025 16:01:52 -0400	[thread overview]
Message-ID: <20250708115052-a0931f57d43f3a34@stable.kernel.org> (raw)
In-Reply-To: <20250708135802.2870878-1-lokeshgidra@google.com>

[ Sasha's backport helper bot ]

Hi,

Summary of potential issues:
⚠️ Found matching upstream commit but patch is missing proper reference to it

Found matching upstream commit: 0ea148a799198518d8ebab63ddd0bb6114a103bc

WARNING: Author mismatch between patch and found commit:
Backport author: Lokesh Gidra<lokeshgidra@google.com>
Commit author: Kairui Song<kasong@tencent.com>

Status in newer kernel trees:
6.15.y | Present (different SHA1: db2ca8074955)

Note: The patch differs from the upstream commit:
---
1:  0ea148a799198 ! 1:  f52f3e06e0bb8 mm: userfaultfd: fix race of userfaultfd_move and swap cache
    @@ Commit message
         I'm not sure if there will be any data corruption though, seems no.
         The issues above are critical already.
     
    -
         On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache
         lookup, and tries to move the found folio to the faulting vma.  Currently,
         it relies on checking the PTE value to ensure that the moved folio still
    @@ Commit message
         Cc: Kairui Song <kasong@tencent.com>
         Cc: <stable@vger.kernel.org>
         Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    +    (cherry picked from commit 0ea148a799198518d8ebab63ddd0bb6114a103bc)
    +    [lokeshgidra: resolved merged conflict caused by the difference in
    +    move_swap_pte() arguments]
    +    Signed-off-by: Lokesh Gidra <lokeshgidra@google.com>
     
      ## mm/userfaultfd.c ##
     @@ mm/userfaultfd.c: static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma,
    + 			 pte_t *dst_pte, pte_t *src_pte,
      			 pte_t orig_dst_pte, pte_t orig_src_pte,
    - 			 pmd_t *dst_pmd, pmd_t dst_pmdval,
      			 spinlock_t *dst_ptl, spinlock_t *src_ptl,
     -			 struct folio *src_folio)
     +			 struct folio *src_folio,
    @@ mm/userfaultfd.c: static int move_swap_pte(struct mm_struct *mm, struct vm_area_
     +
      	double_pt_lock(dst_ptl, src_ptl);
      
    - 	if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte,
    + 	if (!pte_same(ptep_get(src_pte), orig_src_pte) ||
     @@ mm/userfaultfd.c: static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma,
      	if (src_folio) {
      		folio_move_anon_rmap(src_folio, dst_vma);
    @@ mm/userfaultfd.c: static int move_swap_pte(struct mm_struct *mm, struct vm_area_
     @@ mm/userfaultfd.c: static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
      		}
      		err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte,
    - 				orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval,
    + 				orig_dst_pte, orig_src_pte,
     -				dst_ptl, src_ptl, src_folio);
     +				dst_ptl, src_ptl, src_folio, si, entry);
      	}
---

Results of testing on various branches:

| Branch                    | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.12.y       |  Success    |  Success   |

     prev parent reply	other threads:[~2025-07-08 20:01 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-30  9:21 FAILED: patch "[PATCH] mm: userfaultfd: fix race of userfaultfd_move and swap cache" failed to apply to 6.12-stable tree gregkh
2025-07-08 13:58 ` [PATCH 6.12.y] mm: userfaultfd: fix race of userfaultfd_move and swap cache Lokesh Gidra
2025-07-08 20:01   ` Sasha Levin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250708115052-a0931f57d43f3a34@stable.kernel.org \
    --to=sashal@kernel.org \
    --cc=lokeshgidra@google.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox