Re: [PATCH] userfaultfd: fix a race between writeprotect and exit_mmap()

From: Peter Xu
Date: Wed Sep 22 2021 - 10:31:05 EST

Next message: Andrey Grodzovsky: "Re: [PATCH v3 4/9] drm/scheduler: Add fence deadline support"
Previous message: Johannes Berg: "Re: [PATCH] mac80211_hwsim: enable 6GHz channels"
In reply to: Nadav Amit: "[PATCH] userfaultfd: fix a race between writeprotect and exit_mmap()"
Next in thread: Peter Xu: "Re: [PATCH] userfaultfd: fix a race between writeprotect and exit_mmap()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 21, 2021 at 01:02:47PM -0700, Nadav Amit wrote:
> From: Nadav Amit <namit@xxxxxxxxxx>
>
> A race is possible when a process exits, its VMAs are removed
> by exit_mmap() and at the same time userfaultfd_writeprotect() is
> called.
>
> The race was detected by KASAN on a development kernel, but it appears
> to be possible on vanilla kernels as well.
>
> Use mmget_not_zero() to prevent the race as done in other userfaultfd
> operations.
>
> Cc: Peter Xu <peterx@xxxxxxxxxx>
> Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 63b2d4174c4ad ("userfaultfd: wp: add the writeprotect API to userfaultfd ioctl")
> Signed-off-by: Nadav Amit <namit@xxxxxxxxxx>

Reviewed-by: Peter Xu <peterx@xxxxxxxxxx>

Thanks!

--
Peter Xu

Next message: Andrey Grodzovsky: "Re: [PATCH v3 4/9] drm/scheduler: Add fence deadline support"
Previous message: Johannes Berg: "Re: [PATCH] mac80211_hwsim: enable 6GHz channels"
In reply to: Nadav Amit: "[PATCH] userfaultfd: fix a race between writeprotect and exit_mmap()"
Next in thread: Peter Xu: "Re: [PATCH] userfaultfd: fix a race between writeprotect and exit_mmap()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]