lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 16 May 2016 17:57:29 +0200
From:	Andrea Arcangeli <aarcange@...hat.com>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH 1/1] userfaultfd: don't pin the user memory in
 userfaultfd_file_create()

On Mon, May 16, 2016 at 05:25:46PM +0200, Oleg Nesterov wrote:
> userfaultfd_file_create() increments mm->mm_users; this means that the memory
> won't be unmapped/freed if mm owner exits/execs, and UFFDIO_COPY after that can
> populate the orphaned mm more.
> 
> Change userfaultfd_file_create() and userfaultfd_ctx_put() to use mm->mm_count
> to pin mm_struct. This means that atomic_inc_not_zero(mm->mm_users) is needed
> when we are going to actually play with this memory. Except handle_userfault()
> path doesn't need this, the caller must already have a reference.

This is nice and desired improvement to reduce the pinning from the
"mm" as a whole to just the "mm struct". The code used mm_users for
simplicity, but using mm_count was definitely wanted to always keep
the memory footprint as low as possible (especially to avoid some
latency in the footprint reduction in the future non-cooperative
usage).

Reviewed-by: Andrea Arcangeli <aarcange@...hat.com>

> +static inline bool userfaultfd_get_mm(struct userfaultfd_ctx *ctx)
> +{
> +	return atomic_inc_not_zero(&ctx->mm->mm_users);
> +}

Nice cleanup, but wouldn't it be more generic to implement this as
mmget(&ctx->mm) (or maybe mmget_not_zero) in include/linux/mm.h
instead of userfaultfd.c, so then others can use it too, see:

drivers/gpu/drm/i915/i915_gem_userptr.c:                if (atomic_inc_not_zero(&mm->mm_users)) {
drivers/iommu/intel-svm.c:              if (!atomic_inc_not_zero(&svm->mm->mm_users))
fs/proc/base.c: if (!atomic_inc_not_zero(&mm->mm_users))
fs/proc/base.c: if (!atomic_inc_not_zero(&mm->mm_users))
fs/proc/task_mmu.c:     if (!mm || !atomic_inc_not_zero(&mm->mm_users))
fs/proc/task_mmu.c:     if (!mm || !atomic_inc_not_zero(&mm->mm_users))
fs/proc/task_nommu.c:   if (!mm || !atomic_inc_not_zero(&mm->mm_users))
kernel/events/uprobes.c:                if (!atomic_inc_not_zero(&vma->vm_mm->mm_users))
mm/oom_kill.c:  if (!atomic_inc_not_zero(&mm->mm_users)) {
mm/swapfile.c:                          if (!atomic_inc_not_zero(&mm->mm_users))

Anyway this is just an idea, userfaultfd_get_mm is sure fine with me.

Thanks,
Andrea

Powered by blists - more mailing lists