[ Sasha's backport helper bot ]
Hi,
Summary of potential issues: ⚠️ Found matching upstream commit but patch is missing proper reference to it
Found matching upstream commit: 0ea148a799198518d8ebab63ddd0bb6114a103bc
WARNING: Author mismatch between patch and found commit: Backport author: Lokesh Gidralokeshgidra@google.com Commit author: Kairui Songkasong@tencent.com
Status in newer kernel trees: 6.15.y | Present (different SHA1: db2ca8074955)
Note: The patch differs from the upstream commit: --- 1: 0ea148a799198 ! 1: f52f3e06e0bb8 mm: userfaultfd: fix race of userfaultfd_move and swap cache @@ Commit message I'm not sure if there will be any data corruption though, seems no. The issues above are critical already.
- On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and tries to move the found folio to the faulting vma. Currently, it relies on checking the PTE value to ensure that the moved folio still @@ Commit message Cc: Kairui Song kasong@tencent.com Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org + (cherry picked from commit 0ea148a799198518d8ebab63ddd0bb6114a103bc) + [lokeshgidra: resolved merged conflict caused by the difference in + move_swap_pte() arguments] + Signed-off-by: Lokesh Gidra lokeshgidra@google.com
## mm/userfaultfd.c ## @@ mm/userfaultfd.c: static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, + pte_t *dst_pte, pte_t *src_pte, pte_t orig_dst_pte, pte_t orig_src_pte, - pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, @@ mm/userfaultfd.c: static int move_swap_pte(struct mm_struct *mm, struct vm_area_ + double_pt_lock(dst_ptl, src_ptl);
- if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, + if (!pte_same(ptep_get(src_pte), orig_src_pte) || @@ mm/userfaultfd.c: static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); @@ mm/userfaultfd.c: static int move_swap_pte(struct mm_struct *mm, struct vm_area_ @@ mm/userfaultfd.c: static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, + orig_dst_pte, orig_src_pte, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si, entry); } ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.12.y | Success | Success |