Re: [PATCH v1] mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage

[David Hildenbrand]

On 02.03.23 23:29, Peter Xu wrote:
> On Thu, Mar 02, 2023 at 06:54:23PM +0100, David Hildenbrand wrote:
> > Currently, we'd lose the userfaultfd-wp marker when PTE-mapping a huge
> > zeropage, resulting in the next write faults in the PMD range
> > not triggering uffd-wp events.
> >
> > Various actions (partial MADV_DONTNEED, partial mremap, partial munmap,
> > partial mprotect) could trigger this. However, most importantly,
> > un-protecting a single sub-page from the userfaultfd-wp handler when
> > processing a uffd-wp event will PTE-map the shared huge zeropage and
> > lose the uffd-wp bit for the remainder of the PMD.
> >
> > Let's properly propagate the uffd-wp bit to the PMDs.
>
> Ouch.. I thought this was reported once, probably it fell through the
> cracks.

Yes, I reported it a while ago, but our understanding back then was that 
primarily MADV_DONTNEED would trigger it (which my reproducer back then 
did), and e.g., QEMU would make sure to not have concurrent 
MADV_DONTNEED while doing background snapshots.

I realized only yesterday when retesting my patch that that a simple 
unprotect is already sufficient to mess it up.

> Acked-by: Peter Xu <peterx@xxxxxxxxxx>

Thanks!

--
Thanks,

David / dhildenb