Re: [PATCH 2/3] userfaultfd: prevent unregistering VMAs through a different userfaultfd
From: Tal Zussman
Date: Fri Jun 06 2025 - 15:15:41 EST
On Fri, Jun 6, 2025 at 9:25 AM Peter Xu <peterx@xxxxxxxxxx> wrote:
> On Thu, Jun 05, 2025 at 05:11:53PM -0400, Tal Zussman wrote:
> >
> > As I mentioned in my response to James, it seems like the existing behavior
> > is broken as well, due to the following in in userfaultfd_unregister():
> >
> > if (!vma_can_userfault(cur, cur->vm_flags, wp_async))
> > goto out_unlock;
> >
> > where wp_async is derived from ctx, not cur.
> >
> > Pasting here:
> >
> > This also seems to indicate that the current behavior is broken and may reject
> > unregistering some VMAs incorrectly. For example, a file-backed VMA registered
> > with `wp_async` and UFFD_WP cannot be unregistered through a VMA that does not
> > have `wp_async` set.
>
> This is true. Meanwhile it seems untrivial to fix the flag alone with the
> prior per-vma loop to check compatibility. We could drop the prior check
> but then it slightly breaks the abi in another way..
>
> Then let's go with the change to see our luck.
>
> Could you mention more things when repost in the commit log? (1) wp_async
> bug, (2) explicitly mention that this is a slight ABI change, and (3) not
> needed to backport to stable.
Will do!
> Thanks,
>
> --
> Peter Xu
>