lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20200603180731.7df1082f@canb.auug.org.au>
Date:   Wed, 3 Jun 2020 18:07:31 +1000
From:   Stephen Rothwell <sfr@...b.auug.org.au>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Linux Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        John Hubbard <jhubbard@...dia.com>
Subject: linux-next: manual merge of the akpm-current tree with Linus' tree

Hi all,

Today's linux-next merge of the akpm-current tree got a conflict in:

  mm/gup.c

between commit:

  17839856fd58 ("gup: document and work around "COW can break either way" issue")

from Linus' tree and (at least) commits:

  d7f76db8e4ad ("mm/gup: move __get_user_pages_fast() down a few lines in gup.c")
  6a5f74c81019 ("mm/gup: refactor and de-duplicate gup_fast() code")

from the akpm-current tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc mm/gup.c
index 3edf740a3897,fb28e7aecd35..000000000000
--- a/mm/gup.c
+++ b/mm/gup.c
@@@ -2814,17 -2743,21 +2758,33 @@@ static int internal_get_user_pages_fast
  		return -EFAULT;
  
  	/*
+ 	 * Disable interrupts. The nested form is used, in order to allow full,
+ 	 * general purpose use of this routine.
+ 	 *
+ 	 * With interrupts disabled, we block page table pages from being
+ 	 * freed from under us. See struct mmu_table_batch comments in
+ 	 * include/asm-generic/tlb.h for more details.
+ 	 *
+ 	 * We do not adopt an rcu_read_lock(.) here as we also want to
+ 	 * block IPIs that come from THPs splitting.
++	 *
++	 * NOTE! We allow read-only gup_fast() here, but you'd better be
++	 * careful about possible COW pages. You'll get _a_ COW page, but
++	 * not necessarily the one you intended to get depending on what
++	 * COW event happens after this. COW may break the page copy in a
++	 * random direction.
++	 *
 +	 * The FAST_GUP case requires FOLL_WRITE even for pure reads,
 +	 * because get_user_pages() may need to cause an early COW in
 +	 * order to avoid confusing the normal COW routines. So only
 +	 * targets that are already writable are safe to do by just
 +	 * looking at the page tables.
  	 */
  	if (IS_ENABLED(CONFIG_HAVE_FAST_GUP) &&
  	    gup_fast_permitted(start, end)) {
- 		local_irq_disable();
+ 		local_irq_save(flags);
 -		gup_pgd_range(addr, end, gup_flags, pages, &nr_pinned);
 +		gup_pgd_range(addr, end, gup_flags | FOLL_WRITE, pages, &nr_pinned);
- 		local_irq_enable();
+ 		local_irq_restore(flags);
  		ret = nr_pinned;
  	}
  
@@@ -2848,6 -2781,46 +2808,50 @@@
  	return ret;
  }
  
+ /*
+  * Like get_user_pages_fast() except it's IRQ-safe in that it won't fall back to
+  * the regular GUP.
+  * Note a difference with get_user_pages_fast: this always returns the
+  * number of pages pinned, 0 if no pages were pinned.
+  *
+  * If the architecture does not support this function, simply return with no
+  * pages pinned.
++ *
++ * Careful, careful! COW breaking can go either way, so a non-write
++ * access can get ambiguous page results. If you call this function without
++ * 'write' set, you'd better be sure that you're ok with that ambiguity.
+  */
+ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
+ 			  struct page **pages)
+ {
+ 	int nr_pinned;
+ 	/*
+ 	 * Internally (within mm/gup.c), gup fast variants must set FOLL_GET,
+ 	 * because gup fast is always a "pin with a +1 page refcount" request.
+ 	 *
+ 	 * FOLL_FAST_ONLY is required in order to match the API description of
+ 	 * this routine: no fall back to regular ("slow") GUP.
+ 	 */
+ 	unsigned int gup_flags = FOLL_GET | FOLL_FAST_ONLY;
+ 
+ 	if (write)
+ 		gup_flags |= FOLL_WRITE;
+ 
+ 	nr_pinned = internal_get_user_pages_fast(start, nr_pages, gup_flags,
+ 						 pages);
+ 	/*
+ 	 * As specified in the API description above, this routine is not
+ 	 * allowed to return negative values. However, the common core
+ 	 * routine internal_get_user_pages_fast() *can* return -errno.
+ 	 * Therefore, correct for that here:
+ 	 */
+ 	if (nr_pinned < 0)
+ 		nr_pinned = 0;
+ 
+ 	return nr_pinned;
+ }
+ EXPORT_SYMBOL_GPL(__get_user_pages_fast);
+ 
  /**
   * get_user_pages_fast() - pin user pages in memory
   * @start:      starting user address

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ