Re: [PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions

From: Andrew Morton
Date: Sat Jun 07 2025 - 18:04:51 EST

Next message: Eslam Khafagy: "[PATCH bpf-next] Documentation: Enhance readability in BPF docs"
Previous message: Barry Song: "[PATCH v4] mm: use per_vma lock for MADV_DONTNEED"
In reply to: Jason A. Donenfeld: "Re: [PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions"
Next in thread: Tal Zussman: "[PATCH v2 3/4] userfaultfd: prevent unregistering VMAs through a different userfaultfd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 07 Jun 2025 02:40:00 -0400 Tal Zussman <tz2294@xxxxxxxxxxxx> wrote:

> vma_can_userfault() masks off non-userfaultfd VM flags from vm_flags.
> The vm_flags & VM_DROPPABLE test will then always be false, incorrectly
> allowing VM_DROPPABLE regions to be registered with userfaultfd.
>
> Additionally, vm_flags is not guaranteed to correspond to the actual
> VMA's flags. Fix this test by checking the VMA's flags directly.

Wondering if we should backport this. afaict we don't know the
userspace impact of this because nobody has tried it!

Next message: Eslam Khafagy: "[PATCH bpf-next] Documentation: Enhance readability in BPF docs"
Previous message: Barry Song: "[PATCH v4] mm: use per_vma lock for MADV_DONTNEED"
In reply to: Jason A. Donenfeld: "Re: [PATCH v2 1/4] userfaultfd: correctly prevent registering VM_DROPPABLE regions"
Next in thread: Tal Zussman: "[PATCH v2 3/4] userfaultfd: prevent unregistering VMAs through a different userfaultfd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]