lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200802190724.493304b6.fly@kernel.page>
Date:   Sun, 2 Aug 2020 19:07:24 +0800
From:   Pengfei Li <fly@...nel.page>
To:     Hugh Dickins <hughd@...gle.com>
Cc:     akpm@...ux-foundation.org, bmt@...ich.ibm.com, dledford@...hat.com,
        willy@...radead.org, vbabka@...e.cz,
        kirill.shutemov@...ux.intel.com, jgg@...pe.ca,
        alex.williamson@...hat.com, cohuck@...hat.com,
        daniel.m.jordan@...cle.com, dbueso@...e.de, jglisse@...hat.com,
        jhubbard@...dia.com, ldufour@...ux.ibm.com,
        Liam.Howlett@...cle.com, peterz@...radead.org, cl@...ux.com,
        jack@...e.cz, rientjes@...gle.com, walken@...gle.com,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, fly@...nel.page
Subject: Re: [PATCH 2/2] mm, util: account_locked_vm() does not hold
 mmap_lock

On Wed, 29 Jul 2020 12:21:11 -0700 (PDT)
Hugh Dickins <hughd@...gle.com> wrote:

Sorry for the late reply.

> On Sun, 26 Jul 2020, Pengfei Li wrote:
> 
> > Since mm->locked_vm is already an atomic counter,
> > account_locked_vm() does not need to hold mmap_lock.  
> 
> I am worried that this patch, already added to mmotm, along with its
> 1/2 making locked_vm an atomic64, might be rushed into v5.9 with just
> that two-line commit description, and no discussion at all.
> 
> locked_vm belongs fundamentally to mm/mlock.c, and the lock to guard
> it is mmap_lock; and mlock() has some complicated stuff to do under
> that lock while it decides how to adjust locked_vm.
> 
> It is very easy to convert an unsigned long to an atomic64_t, but
> "atomic read, check limit and do stuff, atomic add" does not give
> the same guarantee as holding the right lock around it all.
> 
> (At the very least, __account_locked_vm() in 1/2 should be changed to
> replace its atomic64_add by an atomic64_cmpxchg, to enforce the limit
> that it just checked.  But that will be no more than lipstick on a
> pig, when the right lock that everyone else agrees upon is not being
> held.)
> 

Thank you for your detailed comment.

You are right, I should use atomic64_cmpxchg to guarantee the limit of
RLIMIT_MEMLOCK.

> Now, it can be argued that our locked_vm and pinned_vm maintenance
> is so random and deficient, and too difficult to keep right across
> a sprawl of drivers, that we should just be grateful for those that
> do volunteer to subject themselves to RLIMIT_MEMLOCK limitation,
> and never mind if it's a little racy.
> 
> And it may well be that all those who have made considerable efforts
> in the past to improve the situation, have more interesting things to
> devote their time to, and would prefer not to get dragged back here.
> 
> But let's at least give this a little more visibility, and hope
> to hear opinions one way or the other from those who care.


Thank you. My patch should be more thoughtful.

I will send an email to Stephen soon asking to remove these two patches
from -mm tree.

-- 
Pengfei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ