• Lorenzo Stoakes's avatar
    userfaultfd: move core VMA manipulation logic to mm/userfaultfd.c · a17c7d8f
    Lorenzo Stoakes authored
    Patch series "Make core VMA operations internal and testable", v4.
    
    There are a number of "core" VMA manipulation functions implemented in
    mm/mmap.c, notably those concerning VMA merging, splitting, modifying,
    expanding and shrinking, which logically don't belong there.
    
    More importantly this functionality represents an internal implementation
    detail of memory management and should not be exposed outside of mm/
    itself.
    
    This patch series isolates core VMA manipulation functionality into its
    own file, mm/vma.c, and provides an API to the rest of the mm code in
    mm/vma.h.
    
    Importantly, it also carefully implements mm/vma_internal.h, which
    specifies which headers need to be imported by vma.c, leading to the very
    useful property that vma.c depends only on mm/vma.h and mm/vma_internal.h.
    
    This means we can then re-implement vma_internal.h in userland, adding
    shims for kernel mechanisms as required, allowing us to unit test internal
    VMA functionality.
    
    This testing is useful as opposed to an e.g.  kunit implementation as this
    way we can avoid all external kernel side-effects while testing, run tests
    VERY quickly, and iterate on and debug problems quickly.
    
    Excitingly this opens the door to, in the future, recreating precise
    problems observed in production in userland and very quickly debugging
    problems that might otherwise be very difficult to reproduce.
    
    This patch series takes advantage of existing shim logic and full userland
    maple tree support contained in tools/testing/radix-tree/ and
    tools/include/linux/, separating out shared components of the radix tree
    implementation to provide this testing.
    
    Kernel functionality is stubbed and shimmed as needed in
    tools/testing/vma/ which contains a fully functional userland
    vma_internal.h file and which imports mm/vma.c and mm/vma.h to be directly
    tested from userland.
    
    A simple, skeleton testing implementation is provided in
    tools/testing/vma/vma.c as a proof-of-concept, asserting that simple VMA
    merge, modify (testing split), expand and shrink functionality work
    correctly.
    
    
    This patch (of 4):
    
    This patch forms part of a patch series intending to separate out VMA
    logic and render it testable from userspace, which requires that core
    manipulation functions be exposed in an mm/-internal header file.
    
    In order to do this, we must abstract APIs we wish to test, in this
    instance functions which ultimately invoke vma_modify().
    
    This patch therefore moves all logic which ultimately invokes vma_modify()
    to mm/userfaultfd.c, trying to transfer code at a functional granularity
    where possible.
    
    [lorenzo.stoakes@oracle.com: fix user-after-free in userfaultfd_clear_vma()]
      Link: https://lkml.kernel.org/r/3c947ddc-b804-49b7-8fe9-3ea3ca13def5@lucifer.local
    Link: https://lkml.kernel.org/r/cover.1722251717.git.lorenzo.stoakes@oracle.com
    Link: https://lkml.kernel.org/r/50c3ed995fd81c45876c86304c8a00bf3e396cfd.1722251717.git.lorenzo.stoakes@oracle.comSigned-off-by: default avatarLorenzo Stoakes <lorenzo.stoakes@oracle.com>
    Reviewed-by: default avatarVlastimil Babka <vbabka@suse.cz>
    Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Cc: Brendan Higgins <brendanhiggins@google.com>
    Cc: Christian Brauner <brauner@kernel.org>
    Cc: David Gow <davidgow@google.com>
    Cc: Eric W. Biederman <ebiederm@xmission.com>
    Cc: Jan Kara <jack@suse.cz>
    Cc: Kees Cook <kees@kernel.org>
    Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
    Cc: Rae Moar <rmoar@google.com>
    Cc: SeongJae Park <sj@kernel.org>
    Cc: Shuah Khan <shuah@kernel.org>
    Cc: Suren Baghdasaryan <surenb@google.com>
    Cc: Pengfei Xu <pengfei.xu@intel.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    a17c7d8f
userfaultfd.c 55.2 KB