Re: [PATCH] userfaultfd: Write protect when virtual memory range has no page table entry

[Andrew Morton]

On Fri, 19 Mar 2021 22:24:28 +0700 Bui Quang Minh <minhquangbui99@xxxxxxxxx> wrote:

> userfaultfd_writeprotect() use change_protection() to clear write bit in
> page table entries (pte/pmd). So, later write to this virtual address
> range causes a page fault, which is then handled by userspace program.
> However, change_protection() has no effect when there is no page table
> entries associated with that virtual memory range (a newly mapped memory
> range). As a result, later access to that memory range causes allocating a
> page table entry with write bit still set (due to VM_WRITE flag in
> vma->vm_flags).
> 
> Add checks for VM_UFFD_WP in vma->vm_flags when allocating new page table
> entry in missing page table entry page fault path.

This sounds like a pretty significant bug?

Would it be possible to add a test to
tools/testing/selftests/vm/userfaultfd.c to check for this?  It should
fail without your patch and succeed with it.

Thanks.