lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 2 Aug 2020 19:07:24 +0800
From:   Pengfei Li <>
To:     Hugh Dickins <>
Subject: Re: [PATCH 2/2] mm, util: account_locked_vm() does not hold

On Wed, 29 Jul 2020 12:21:11 -0700 (PDT)
Hugh Dickins <> wrote:

Sorry for the late reply.

> On Sun, 26 Jul 2020, Pengfei Li wrote:
> > Since mm->locked_vm is already an atomic counter,
> > account_locked_vm() does not need to hold mmap_lock.  
> I am worried that this patch, already added to mmotm, along with its
> 1/2 making locked_vm an atomic64, might be rushed into v5.9 with just
> that two-line commit description, and no discussion at all.
> locked_vm belongs fundamentally to mm/mlock.c, and the lock to guard
> it is mmap_lock; and mlock() has some complicated stuff to do under
> that lock while it decides how to adjust locked_vm.
> It is very easy to convert an unsigned long to an atomic64_t, but
> "atomic read, check limit and do stuff, atomic add" does not give
> the same guarantee as holding the right lock around it all.
> (At the very least, __account_locked_vm() in 1/2 should be changed to
> replace its atomic64_add by an atomic64_cmpxchg, to enforce the limit
> that it just checked.  But that will be no more than lipstick on a
> pig, when the right lock that everyone else agrees upon is not being
> held.)

Thank you for your detailed comment.

You are right, I should use atomic64_cmpxchg to guarantee the limit of

> Now, it can be argued that our locked_vm and pinned_vm maintenance
> is so random and deficient, and too difficult to keep right across
> a sprawl of drivers, that we should just be grateful for those that
> do volunteer to subject themselves to RLIMIT_MEMLOCK limitation,
> and never mind if it's a little racy.
> And it may well be that all those who have made considerable efforts
> in the past to improve the situation, have more interesting things to
> devote their time to, and would prefer not to get dragged back here.
> But let's at least give this a little more visibility, and hope
> to hear opinions one way or the other from those who care.

Thank you. My patch should be more thoughtful.

I will send an email to Stephen soon asking to remove these two patches
from -mm tree.


Powered by blists - more mailing lists