sashiko.dev --
https://sashiko.dev/#/patchset/[email protected] -- wrote:
> Does this code lose the RWP read protection after a page is swapped out
> and back in?
> [ ... ]
> The restored PTE will be PROT_READ with the uffd bit set, instead of
> PROT_NONE. Will this silently allow subsequent read accesses to succeed
> without triggering the required RWP userfault?
The PROT_NONE restoration on swap-in is performed two commits earlier,
in patch 6/14 "mm: preserve RWP marker across PTE rewrites", which
adds to do_swap_page():
if (pte_swp_uffd(vmf->orig_pte) && userfaultfd_rwp(vma))
pte = pte_modify(pte, PAGE_NONE);
so a swapped-in RWP page comes back as PAGE_NONE | _PAGE_UFFD, not
PROT_READ | _PAGE_UFFD. The same patch covers unuse_pte() (the
swapoff(2) path), restore_exclusive_pte(), and the migration-entry
resolvers; each gates on userfaultfd_rwp(vma) and the swap-pte uffd
bit before re-applying PAGE_NONE.
> Can this sequence cause a state collision between RWP and NUMA-hinted
> UFFD_WP pages?
> If a VMA has both VM_UFFD_WP and VM_UFFD_RWP enabled, [ ... ]
No. VM_UFFD_WP and VM_UFFD_RWP are mutually exclusive.
--
Kiryl Shutsemau / Kirill A. Shutemov
