lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1193750751.27652.86.camel@twins>
Date:	Tue, 30 Oct 2007 14:25:51 +0100
From:	Peter Zijlstra <a.p.zijlstra@...llo.nl>
To:	Jaya Kumar <jayakumar.lkml@...il.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>, stefani@...bold.net,
	linux-kernel@...r.kernel.org, David Howells <dhowells@...hat.com>,
	linux-mm@...ck.org, Hugh Dickins <hugh@...itas.com>
Subject: Re: vm_ops.page_mkwrite() fails with vmalloc on 2.6.23

On Tue, 2007-10-30 at 09:16 -0400, Jaya Kumar wrote:
> On 10/30/07, Peter Zijlstra <a.p.zijlstra@...llo.nl> wrote:
> > So page->index does what you want it to, identify which part of the
> > framebuffer this particular page belongs to.
> 
> Ok. I'm attempting to walk the code sequence. Here's what I think:
> 
> - driver loads
> - driver vmalloc()s its fb
> - this creates the necessary pte entries

well, one set thereof, the kernel mappings, which for this purpose are
the least interesting.

> then...
> - app mmap(/dev/fb0)
> - vma is created
> - defio mmap adds this vma to private list (equivalent of
> address_space or anon_vma)

> - app touches base + pixel(128,128) = base + 16k
> - page fault
> - defio nopage gets called
> - defio nopage does vmalloc_to_page(base+16k)

this installs a user space page table entry for your page; this is the
interesting one as it carries the user-dirty state.

> - that finds the correct struct page corresponding to that vaddr.
> page->index has not been set by anyone so far, right?
> * ah... i see, you are suggesting that this is where I could set the
> index since i know the offset i want it to represent. right?

Not quite, you would set that right after vmallocing, just set an
increasing page->index starting with 0 for the first page.

Then ensure your vma->vm_pgoff is 0 (which should be the case since
userspace will most likely mmap the whole thing, and if not it still
gets what it expects).

> - defio mkwrite get called. defio adds page to its list. schedules delayed work
> - app keeps writing the page
> - delayed work occurs
> - foreach vma { foreach page { page_mkclean_one(page, vma) }

Yeah, page_mkclean_one(page, vma) will use vma_address() to obtain an
user-space address for the page in this vma using page->index and the
formula from the last email, this address is then used to walk the page
tables and obtain a pte.

This will be the user-space pte installed by your nopfn handler. Not the
kernel vmap pte resulting from the vmalloc() call.

> - cycle repeats...



Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ