From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 271B8C47DD9 for ; Fri, 22 Mar 2024 21:14:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 881F26B0088; Fri, 22 Mar 2024 17:14:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8311E6B0089; Fri, 22 Mar 2024 17:14:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 71F366B008A; Fri, 22 Mar 2024 17:14:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 657886B0088 for ; Fri, 22 Mar 2024 17:14:11 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 2EFBAA16A1 for ; Fri, 22 Mar 2024 21:14:11 +0000 (UTC) X-FDA: 81925927902.26.A3023B3 Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) by imf21.hostedemail.com (Postfix) with ESMTP id 2C43B1C0005 for ; Fri, 22 Mar 2024 21:14:08 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=szeredi.hu header.s=google header.b=iWMDEyzi; dmarc=pass (policy=quarantine) header.from=szeredi.hu; spf=pass (imf21.hostedemail.com: domain of miklos@szeredi.hu designates 209.85.218.41 as permitted sender) smtp.mailfrom=miklos@szeredi.hu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1711142049; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KmgzYVb0qHzcH73XxTT4tk5ZPnrch6O0LrMU5dSxuQ4=; b=A55sWbMNqPedEZmOXcJ6AiuNkFtGiU3TETyn0in1a6bm44G3H6VIYMIqJgVqSvEsOXKnC4 Zt/mYFRqmYh/7t0hbZ/tDMQievrTJ6OOtxkJiiuCiXMCDHBjvWdFJ171s1ZQCVx6Xz7NJU +14CnGpgmu1MrUdR0YPdf35nKmaJI5c= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=szeredi.hu header.s=google header.b=iWMDEyzi; dmarc=pass (policy=quarantine) header.from=szeredi.hu; spf=pass (imf21.hostedemail.com: domain of miklos@szeredi.hu designates 209.85.218.41 as permitted sender) smtp.mailfrom=miklos@szeredi.hu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1711142049; a=rsa-sha256; cv=none; b=lxMArOL8w7t5+sWqj8L9o9OX4u8ewGZUPTd6tu68kYD8+hFGSXSRm6FNl9HgrsgjjH5Yc7 4CZrUN30LuGd9BfVFdYFBh6Y9OZvj0TMGkn/uRXf/XOTc/c80HKBL6YRiqcTAsT/DCrKiL x5ORyuMkPwTe7exMXU6h6Hfn6LSVOh4= Received: by mail-ej1-f41.google.com with SMTP id a640c23a62f3a-a4702457ccbso350124466b.3 for ; Fri, 22 Mar 2024 14:14:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; t=1711142047; x=1711746847; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KmgzYVb0qHzcH73XxTT4tk5ZPnrch6O0LrMU5dSxuQ4=; b=iWMDEyziz/8jyibwm8F4xxNaXsSe1yuHK/RCFqS0W6/isMdO8+aF/U8tjOr7lKEWN2 ChGBeadwF5wN271NDAxCaOuXGCzhlhDVVpdEal8hiOEqIgbr9BpRdEVHN7ubXIOfqOAY rlmzdi0DQL31oiSME8s0irPcfxxcCm7DtBKIE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711142047; x=1711746847; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KmgzYVb0qHzcH73XxTT4tk5ZPnrch6O0LrMU5dSxuQ4=; b=EuPHFZx6MtXMNtd+tzWWfqwgOgVamYFGh+lZ6B86MvFDrfb8RT6AL9e157QNnn5R6h lsO/dAngf1PQu4Wd9kEK6/u8LMyAz46mXeEfFv5mNtg07TMuHobWRSCVGnTBxAfSVSEO Q2A+B0fTyAx6ltKFsyCWXGP98CWY45nlI95duivSTWY/XJz9QLiiH5jU8STZ0kFRRtuG ka1Z5YhTcUdFGZGlTIgMnZ+isFEWnd2UKT5pwRV0aUojoHv8fuobPQklDs/1SpHtRddP CISBysuQLd9Kj/Faj96fu27uQIzyDiuWFqgM+5+4LkkA0tsolMxLXU5bxmykdL3SRCRL x8CQ== X-Forwarded-Encrypted: i=1; AJvYcCVS2U6GZumEIakv5GoKmGHNlyz9ZATJgZkAqE+MaUETdIbaWq+u8WjScX3sp6o4Y24Euepk1ExlYC+vX07OWg8spn0= X-Gm-Message-State: AOJu0Yz7Wzd2wRRhqtxt0UY8xQF7lpPXge/377x6lz+RSTIIic4tjMSH cyEiaENGjdjun6EWxwtRXCLkxyKKqa2IhFloUdzJyY+rMFZMcFGJka/7gHqjgXk/NDBeIf4TjZO LwsQRv4Iy4lJXk9o/Re4iDDvbNkdnMV3xbpG+RA== X-Google-Smtp-Source: AGHT+IHKQa75GXq/U1NjxtoNfEyHGpXqUM7XHMqglu9Eh8+LxUFFMfvLnYffCDOzrMaHkijgXtHtYKVc5oxO/rNlAOA= X-Received: by 2002:a17:907:77ce:b0:a46:d049:6de2 with SMTP id kz14-20020a17090777ce00b00a46d0496de2mr496828ejc.70.1711142046762; Fri, 22 Mar 2024 14:14:06 -0700 (PDT) MIME-Version: 1.0 References: <620f68b0-4fe0-4e3e-856a-dedb4bcdf3a7@redhat.com> In-Reply-To: <620f68b0-4fe0-4e3e-856a-dedb4bcdf3a7@redhat.com> From: Miklos Szeredi Date: Fri, 22 Mar 2024 22:13:55 +0100 Message-ID: Subject: Re: BUG: unable to handle kernel paging request in fuse_copy_do To: David Hildenbrand Cc: xingwei lee , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, samsun1006219@gmail.com, syzkaller-bugs@googlegroups.com, linux-mm , Mike Rapoport Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 2C43B1C0005 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: xg3c79zpys9jeoa9zq45qmsic8qdfpwq X-HE-Tag: 1711142048-674324 X-HE-Meta: U2FsdGVkX19R6xMOl+9QCh35kk0v9JhVAl3sh0VCruYykTPgS6L7iP9GBknycEU4zs7pedqngngoJYK3gLbIlgMu8Bju8PfUDzbnADxr1OAlH9j7AWrElrZEveZFjyDUULEHMVjoIMszJCxADJkdRJm9xSSA/3Bz+jki4gYTActktPy44AInDVVihioUjpNddKIu0wH49TWTB86MpesPaXty+SlmyJA+bEemnRIT4mvoCWU1g577qa4T7DZFdo2vScFWflmzdqdgwjY/Y7M87UdNWGu4zFCrNZRr92n/aRovtB7zG69y/KeH+XhYowSHVppQ8c+m75BdRMJPqhb2SvpEwO16Kquh+JBACtnBef6+i6d2m+9DpNdLC8kqoVjdMb0y74g08dNiYETOb8EL5mqwXCDjKANmhllk2ouVh3GApOz3xC16EbnLo4d5pp+P1mhOHeJQpyaw9ymGWHO9DgTa67T7zyHMh1yu6auPSQNITdXXbvGv9pywE5yp97QerWMh/hzTx4fnX2t3yddfpATHUubmTsa7K+OoaHlmyGJcLsyHbchuEsMMZzvjhuUWTttzym+Pes8fQ9E6SyVleckHg7yg9MMHXEDvxUilVB8fd5N8DC9/q5wCrSAHjNNz28+fAxyOsjcVx+uLszALacMyGbt40/7cIeRzT1OQY8qojS2vCEmJgK1zMOt6Nhpfll1hc3QriRIQNIGF6sJJ/ijAnyZju+OwyfsFT+bAAWaTLQ57Ef2D6UhEfzZEpm6LaYg0FA5lEplU5NhdwM2/dBkJaDi/ahREZPo6tm/ziYfxyx8PsZbgAQp8tcXI/AYUltMuBpCuLS4Yk4rwFOvrYNXil+VBvJXDdpD+8YhIBypbbmhexur+eDNwZW56F158rgkt8YkWuntvM3Ybhj1v+tBsg5gatK8EcjBYj36XAw77+x2jpILdCC/kj3NRJu0WAfJpheMvtTKSmQEbxK+ Ah84/nKs 6CrMEC8qcoCzqxFv0MOVi/YWntue22lUZ9ihwJTZDnO/wWKfOUbUKmNmsZBlgV+hlcwBvKuxFn7LJS1xY4B9CySc4m5rAK5Pe6ockXIbyH4PgANfEyeZ/y9derouND+d1qfQb1FGGDmltpnKJYTWnU8dPg85/FD8ntTEOMjA2uKWCqmctImXy8+oMlwWjpainPhHaumz/vUGUtdEcXShffG/cwFL3skPyCfeKQ/CcZ6iPqTEjPP7NXTkVu4mJDLuyl3S8UJ/6gf0MHyU729wyrDp8VIcbeDJD72MeB/3C+JRyCOn2xziBoPy8xDlmHtCH75OTCpINhJtHeYE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000040, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, 22 Mar 2024 at 22:08, David Hildenbrand wrote: > > On 22.03.24 20:46, Miklos Szeredi wrote: > > On Fri, 22 Mar 2024 at 16:41, David Hildenbrand wrote: > > > >> But at least the vmsplice() just seems to work. Which is weird, because > >> GUP-fast should not apply (page not faulted in?) > > > > But it is faulted in, and that indeed seems to be the root cause. > > secretmem mmap() won't populate the page tables. So it's not faulted in yet. > > When we GUP via vmsplice, GUP-fast should not find it in the page tables > and fallback to slow GUP. > > There, we seem to pass check_vma_flags(), trigger faultin_page() to > fault it in, and then find it via follow_page_mask(). > > ... and I wonder how we manage to skip check_vma_flags(), or otherwise > managed to GUP it. > > vmsplice() should, in theory, never succeed here. > > Weird :/ > > > Improved repro: > > > > #define _GNU_SOURCE > > > > #include > > #include > > #include > > #include > > #include > > #include > > > > int main(void) > > { > > int fd1, fd2; > > int pip[2]; > > struct iovec iov; > > char *addr; > > int ret; > > > > fd1 = syscall(__NR_memfd_secret, 0); > > addr = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, fd1, 0); > > ftruncate(fd1, 7); > > addr[0] = 1; /* fault in page */ Here the page is faulted in and GUP-fast will find it. It's not in the kernel page table, but it is in the user page table, which is what matter for GUP. Thanks, Miklos