Re: [PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions

From: Jason A. Donenfeld
Date: Sat Jun 07 2025 - 10:40:36 EST

Next message: pr-tracker-bot: "Re: [GIT PULL] JFFS2 and UBIFS fixes for v6.16-rc1"
Previous message: Linus Torvalds: "Re: [GIT PULL] JFFS2 and UBIFS fixes for v6.16-rc1"
In reply to: Tal Zussman: "[PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions"
Next in thread: Andrew Morton: "Re: [PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jun 07, 2025 at 02:40:00AM -0400, Tal Zussman wrote:
> vma_can_userfault() masks off non-userfaultfd VM flags from vm_flags.
> The vm_flags & VM_DROPPABLE test will then always be false, incorrectly
> allowing VM_DROPPABLE regions to be registered with userfaultfd.
>
> Additionally, vm_flags is not guaranteed to correspond to the actual
> VMA's flags. Fix this test by checking the VMA's flags directly.
>
> Link: https://lore.kernel.org/linux-mm/5a875a3a-2243-4eab-856f-bc53ccfec3ea@xxxxxxxxxx/
> Fixes: 9651fcedf7b9 ("mm: add MAP_DROPPABLE for designating always lazily freeable mappings")
> Acked-by: David Hildenbrand <david@xxxxxxxxxx>
> Acked-by: Peter Xu <peterx@xxxxxxxxxx>
> Signed-off-by: Tal Zussman <tz2294@xxxxxxxxxxxx>

Nice catch and thanks for fixing this.

Acked-by: Jason A. Donenfeld <Jason@xxxxxxxxx>

Next message: pr-tracker-bot: "Re: [GIT PULL] JFFS2 and UBIFS fixes for v6.16-rc1"
Previous message: Linus Torvalds: "Re: [GIT PULL] JFFS2 and UBIFS fixes for v6.16-rc1"
In reply to: Tal Zussman: "[PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions"
Next in thread: Andrew Morton: "Re: [PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]