On 02.03.23 23:29, Peter Xu wrote:
On Thu, Mar 02, 2023 at 06:54:23PM +0100, David Hildenbrand wrote:
Currently, we'd lose the userfaultfd-wp marker when PTE-mapping a huge
zeropage, resulting in the next write faults in the PMD range
not triggering uffd-wp events.
Various actions (partial MADV_DONTNEED, partial mremap, partial munmap,
partial mprotect) could trigger this. However, most importantly,
un-protecting a single sub-page from the userfaultfd-wp handler when
processing a uffd-wp event will PTE-map the shared huge zeropage and
lose the uffd-wp bit for the remainder of the PMD.
Let's properly propagate the uffd-wp bit to the PMDs.
Ouch.. I thought this was reported once, probably it fell through the
cracks.
Yes, I reported it a while ago, but our understanding back then was that
primarily MADV_DONTNEED would trigger it (which my reproducer back then
did), and e.g., QEMU would make sure to not have concurrent
MADV_DONTNEED while doing background snapshots.
I realized only yesterday when retesting my patch that that a simple
unprotect is already sufficient to mess it up.
Acked-by: Peter Xu <peterx@xxxxxxxxxx>
Thanks!
--
Thanks,
David / dhildenb
