| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190107223935.GC6310@bombadil.infradead.org>
Date: Mon, 7 Jan 2019 14:39:35 -0800
From: Matthew Wilcox <willy@...radead.org>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Hugh Dickins <hughd@...gle.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm: Remove redundant test from find_get_pages_contig
On Mon, Jan 07, 2019 at 02:33:19PM -0800, Andrew Morton wrote:
> On Mon, 7 Jan 2019 12:02:24 -0800 Matthew Wilcox <willy@...radead.org> wrote:
>
> > After we establish a reference on the page, we check the pointer continues
> > to be in the correct position in i_pages. There's no need to check the
> > page->mapping or page->index afterwards; if those can change after we've
> > got the reference, they can change after we return the page to the caller.
>
> But that isn't what the comment says.
Right. That patch from Nick moved the check from before taking the
ref to after taking the ref. It was racy to have it before. But it's
unnecessary to have it afterwards -- pages can't move once there's a
ref on them. Or if they can move, they can move after the ref is taken.
> > --- a/mm/filemap.c
> > +++ b/mm/filemap.c
> > @@ -1837,16 +1837,6 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
> > if (unlikely(page != xas_reload(&xas)))
> > goto put_page;
> >
> > - /*
> > - * must check mapping and index after taking the ref.
> > - * otherwise we can get both false positives and false
> > - * negatives, which is just confusing to the caller.
> > - */
> > - if (!page->mapping || page_to_pgoff(page) != xas.xa_index) {
> > - put_page(page);
> > - break;
> > - }
>
> The assertion here is that the page's state can alter before we take
> the ref but not afterwards. Which is contrary to your assertion that
> "they can change after we return the page to the caller".
>
> This:
>
> commit 9cbb4cb21b19fff46cf1174d0ed699ef710e641c
> Author: Nick Piggin <npiggin@...nel.dk>
> AuthorDate: Thu Jan 13 15:45:51 2011 -0800
> Commit: Linus Torvalds <torvalds@...ux-foundation.org>
> CommitDate: Thu Jan 13 17:32:32 2011 -0800
>
> mm: find_get_pages_contig fixlet
>
> Testing ->mapping and ->index without a ref is not stable as the page
> may have been reused at this point.
>
> Signed-off-by: Nick Piggin <npiggin@...nel.dk>
> Reviewed-by: Wu Fengguang <fengguang.wu@...el.com>
> Reviewed-by: Minchan Kim <minchan.kim@...il.com>
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
>
> diff --git a/mm/filemap.c b/mm/filemap.c
> index ca389394fa2a..1a3dd5914726 100644
> --- a/mm/filemap.c
> +++ b/mm/filemap.c
> @@ -837,9 +837,6 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
> if (radix_tree_deref_retry(page))
> goto restart;
>
> - if (page->mapping == NULL || page->index != index)
> - break;
> -
> if (!page_cache_get_speculative(page))
> goto repeat;
>
> @@ -849,6 +846,16 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
> goto repeat;
> }
>
> + /*
> + * must check mapping and index after taking the ref.
> + * otherwise we can get both false positives and false
> + * negatives, which is just confusing to the caller.
> + */
> + if (page->mapping == NULL || page->index != index) {
> + page_cache_release(page);
> + break;
> + }
> +
> pages[ret] = page;
> ret++;
> index++;
>
>
Powered by blists - more mailing lists