From: Nadav Amit namit@vmware.com
Userfaultfd is supposed to provide the full address (i.e., unmasked) of the faulting access back to userspace. However, that is not the case for quite some time.
Even running "userfaultfd_demo" from the userfaultfd man page provides the wrong output (and contradicts the man page). Notice that "UFFD_EVENT_PAGEFAULT event" shows the masked address.
Address returned by mmap() = 0x7fc5e30b3000
fault_handler_thread(): poll() returns: nready = 1; POLLIN = 1; POLLERR = 0 UFFD_EVENT_PAGEFAULT event: flags = 0; address = 7fc5e30b3000 (uffdio_copy.copy returned 4096) Read address 0x7fc5e30b300f in main(): A Read address 0x7fc5e30b340f in main(): A Read address 0x7fc5e30b380f in main(): A Read address 0x7fc5e30b3c0f in main(): A
Add a new "real_address" field to vmf to hold the unmasked address. It is possible to keep the unmasked address in the existing address field (and mask whenever necessary) instead, but this is likely to cause backporting problems of this patch.
Cc: Andrea Arcangeli aarcange@redhat.com Cc: Mike Rapoport rppt@linux.vnet.ibm.com Cc: Peter Xu peterx@redhat.com Cc: Jan Kara jack@suse.cz Cc: stable@vger.kernel.org Fixes: 1a29d85eb0f19 ("mm: use vmf->address instead of of vmf->virtual_address") Signed-off-by: Nadav Amit namit@vmware.com --- fs/userfaultfd.c | 2 +- include/linux/mm.h | 3 ++- mm/memory.c | 1 + 3 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 003f0d31743e..1dfc0fcd83c1 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -481,7 +481,7 @@ vm_fault_t handle_userfault(struct vm_fault *vmf, unsigned long reason)
init_waitqueue_func_entry(&uwq.wq, userfaultfd_wake_function); uwq.wq.private = current; - uwq.msg = userfault_msg(vmf->address, vmf->flags, reason, + uwq.msg = userfault_msg(vmf->real_address, vmf->flags, reason, ctx->features); uwq.ctx = ctx; uwq.waken = false; diff --git a/include/linux/mm.h b/include/linux/mm.h index 00bb2d938df4..f3f324e3f2bf 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -523,7 +523,8 @@ struct vm_fault { struct vm_area_struct *vma; /* Target VMA */ gfp_t gfp_mask; /* gfp mask to be used for allocations */ pgoff_t pgoff; /* Logical page offset based on vma */ - unsigned long address; /* Faulting virtual address */ + unsigned long address; /* Faulting virtual address - masked */ + unsigned long real_address; /* Faulting virtual address - unmaked */ }; enum fault_flag flags; /* FAULT_FLAG_xxx flags * XXX: should really be 'const' */ diff --git a/mm/memory.c b/mm/memory.c index 12a7b2094434..3d2d7fdbb7dc 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -4594,6 +4594,7 @@ static vm_fault_t __handle_mm_fault(struct vm_area_struct *vma, struct vm_fault vmf = { .vma = vma, .address = address & PAGE_MASK, + .real_address = address, .flags = flags, .pgoff = linear_page_index(vma, address), .gfp_mask = __get_fault_gfp_mask(vma),