lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 11 Oct 2019 08:36:58 +0800
From:   Wei Yang <richardw.yang@...ux.intel.com>
To:     Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
Cc:     Wei Yang <richardw.yang@...ux.intel.com>,
        akpm@...ux-foundation.org, kirill.shutemov@...ux.intel.com,
        jglisse@...hat.com, mike.kravetz@...cle.com, riel@...riel.com,
        cai@....pw, shakeelb@...gle.com, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [Patch v2 1/2] mm/rmap.c: don't reuse anon_vma if we just want a
 copy

On Thu, Oct 10, 2019 at 06:29:32PM +0300, Konstantin Khlebnikov wrote:
>On 10/10/2019 16.58, Wei Yang wrote:
>> Before commit 7a3ef208e662 ("mm: prevent endless growth of anon_vma
>> hierarchy"), anon_vma_clone() doesn't change dst->anon_vma. While after
>> this commit, anon_vma_clone() will try to reuse an exist one on forking.
>> 
>> But this commit go a little bit further for the case not forking.
>> anon_vma_clone() is called from __vma_split(), __split_vma(), copy_vma()
>> and anon_vma_fork(). For the first three places, the purpose here is get
>> a copy of src and we don't expect to touch dst->anon_vma even it is
>> NULL. While after that commit, it is possible to reuse an anon_vma when
>> dst->anon_vma is NULL. This is not we intend to have.
>
>In all these cases dst->anon_vma is a copy of src->anon_vma except
>anon_vma_fork where dst_>anon_vma explicitly set to NULL before call.
>
>So reuse == true iff (!dst->anon_vma && src->anon_vma)
>

What if src->anon_vma is NULL?

>> 
>> This patch stop reuse anon_vma for non-fork cases.
>> 
>> Fix commit 7a3ef208e662 ("mm: prevent endless growth of anon_vma
>> hierarchy")
>> 
>> Signed-off-by: Wei Yang <richardw.yang@...ux.intel.com>
>> ---
>>   include/linux/rmap.h | 3 ++-
>>   mm/mmap.c            | 6 +++---
>>   mm/rmap.c            | 7 ++++---
>>   3 files changed, 9 insertions(+), 7 deletions(-)
>> 
>> diff --git a/include/linux/rmap.h b/include/linux/rmap.h
>> index 988d176472df..963e6ab09b9b 100644
>> --- a/include/linux/rmap.h
>> +++ b/include/linux/rmap.h
>> @@ -142,7 +142,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
>>   void anon_vma_init(void);	/* create anon_vma_cachep */
>>   int  __anon_vma_prepare(struct vm_area_struct *);
>>   void unlink_anon_vmas(struct vm_area_struct *);
>> -int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *);
>> +int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src,
>> +		   bool reuse);
>>   int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *);
>>   static inline int anon_vma_prepare(struct vm_area_struct *vma)
>> diff --git a/mm/mmap.c b/mm/mmap.c
>> index 93f221785956..21e94f8ac4c7 100644
>> --- a/mm/mmap.c
>> +++ b/mm/mmap.c
>> @@ -791,7 +791,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
>>   			int error;
>>   			importer->anon_vma = exporter->anon_vma;
>> -			error = anon_vma_clone(importer, exporter);
>> +			error = anon_vma_clone(importer, exporter, false);
>>   			if (error)
>>   				return error;
>>   		}
>> @@ -2666,7 +2666,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
>>   	if (err)
>>   		goto out_free_vma;
>> -	err = anon_vma_clone(new, vma);
>> +	err = anon_vma_clone(new, vma, false);
>>   	if (err)
>>   		goto out_free_mpol;
>> @@ -3247,7 +3247,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
>>   		new_vma->vm_pgoff = pgoff;
>>   		if (vma_dup_policy(vma, new_vma))
>>   			goto out_free_vma;
>> -		if (anon_vma_clone(new_vma, vma))
>> +		if (anon_vma_clone(new_vma, vma, false))
>>   			goto out_free_mempol;
>>   		if (new_vma->vm_file)
>>   			get_file(new_vma->vm_file);
>> diff --git a/mm/rmap.c b/mm/rmap.c
>> index d9a23bb773bf..f729e4013613 100644
>> --- a/mm/rmap.c
>> +++ b/mm/rmap.c
>> @@ -258,7 +258,8 @@ static inline void unlock_anon_vma_root(struct anon_vma *root)
>>    * good chance of avoiding scanning the whole hierarchy when it searches where
>>    * page is mapped.
>>    */
>> -int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
>> +int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src,
>> +		   bool reuse)
>>   {
>>   	struct anon_vma_chain *avc, *pavc;
>>   	struct anon_vma *root = NULL;
>> @@ -286,7 +287,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
>>   		 * will always reuse it. Root anon_vma is never reused:
>>   		 * it has self-parent reference and at least one child.
>>   		 */
>> -		if (!dst->anon_vma && anon_vma != src->anon_vma &&
>> +		if (reuse && !dst->anon_vma && anon_vma != src->anon_vma &&
>>   				anon_vma->degree < 2)
>>   			dst->anon_vma = anon_vma;
>>   	}
>> @@ -329,7 +330,7 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma)
>>   	 * First, attach the new VMA to the parent VMA's anon_vmas,
>>   	 * so rmap can find non-COWed pages in child processes.
>>   	 */
>> -	error = anon_vma_clone(vma, pvma);
>> +	error = anon_vma_clone(vma, pvma, true);
>>   	if (error)
>>   		return error;
>> 

-- 
Wei Yang
Help you, Help me

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ