| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110614154052.GA22082@redhat.com> Date: Tue, 14 Jun 2011 17:40:52 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Peter Zijlstra <peterz@...radead.org> Cc: Srikar Dronamraju <srikar@...ux.vnet.ibm.com>, Ingo Molnar <mingo@...e.hu>, Steven Rostedt <rostedt@...dmis.org>, Linux-mm <linux-mm@...ck.org>, Arnaldo Carvalho de Melo <acme@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Hugh Dickins <hughd@...gle.com>, Christoph Hellwig <hch@...radead.org>, Andi Kleen <andi@...stfloor.org>, Thomas Gleixner <tglx@...utronix.de>, Jonathan Corbet <corbet@....net>, Andrew Morton <akpm@...ux-foundation.org>, Jim Keniston <jkenisto@...ux.vnet.ibm.com>, Roland McGrath <roland@...k.frob.com>, Ananth N Mavinakayanahalli <ananth@...ibm.com>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v4 3.0-rc2-tip 2/22] 2: uprobes: Breakground page replacement. On 06/14, Peter Zijlstra wrote: > > On Tue, 2011-06-14 at 16:27 +0200, Oleg Nesterov wrote: > > On 06/14, Peter Zijlstra wrote: > > > > > > On Mon, 2011-06-13 at 19:00 +0200, Oleg Nesterov wrote: > > > > > > > > Also. This is called under down_read(mmap_sem), can't we race with > > > > access_process_vm() modifying the same memory? > > > > > > Shouldn't matter COW and similar things are serialized using the pte > > > lock. > > > > Yes, but afaics this doesn't matter. Suppose that write_opcode() is > > called when access_process_vm() does copy_to_user_page(). We can cow > > the page before memcpy() completes. > > access_process_vm() will end up doing a FOLL_WRITE itself when > copy_to_user_page() is called since write=1 in that case. > > At that point we have a COW-race, someone wins, but the other will then > return the same page. > > At this point further PTRACE pokes can indeed race with the memcpy in > write_opcode(). Currently it can't, write_opcode() does another cow. But that cow can, and this is the same, yes. > A possible fix would be to lock_page() around > copy_to_user_page() (its already done in set_page_dirty_lock(), so > pulling it out shouldn't matter much). Yes, or write_opcode() could take mmap_sem for writing as Srikar suggests. But do we really care? Whatever we do we can race with the other updates to this memory. Say, someone can write to vma->vm_file. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists