On Wed, Apr 05, 2023 at 04:25:35PM +0200, David Hildenbrand wrote:
> If we end up with a writable migration entry that has the uffd-wp bit set,
> we already messed up: the source PTE/PMD was writable, which means we could
> have modified the page without notifying uffd first. Setting the uffd-wp
> bit always implies converting migration entries to !writable migration
> entries.
>
> Commit 8f34f1eac382 ("mm/userfaultfd: fix uffd-wp special cases for
> fork()") documents that "3. Forget to carry over uffd-wp bit for a write
> migration huge pmd entry", but it doesn't really say why that should be
> relevant.
>
> So let's remove that code to avoid hiding an eventual underlying issue
> (in the future, we might want to warn when creating writable migration
> entries that have the uffd-wp bit set -- or even better when turning a
> PTE writable that still has the uffd-wp bit set).
>
> This now matches the handling for hugetlb migration entries in
> hugetlb_change_protection().
>
> In copy_huge_pmd()/copy_nonpresent_pte()/copy_hugetlb_page_range(), we
> still transfer the uffd-bit also for writable migration entries, but simply
> because we have unified handling for "writable" and "readable-exclusive"
> migration entries, and we care about transferring the uffd-wp bit for
> the latter.
>
> Signed-off-by: David Hildenbrand <david@xxxxxxxxxx>
Reviewed-by: Peter Xu <peterx@xxxxxxxxxx>
I think that's mostly for sanity to carry over one generic bit between
present <-> !present, even if uffd-wp is not that generic and currently
closely bound to write bit.
E.g., we will need to be more careful when we want to change the meaning of
uffd-wp bit some day, but that'll always be challenging anyway, so not
something this will change.
Thanks,
--
Peter Xu
