| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220321161823.GZ11336@nvidia.com>
Date: Mon, 21 Mar 2022 13:18:23 -0300
From: Jason Gunthorpe <jgg@...dia.com>
To: David Hildenbrand <david@...hat.com>
Cc: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Hugh Dickins <hughd@...gle.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
David Rientjes <rientjes@...gle.com>,
Shakeel Butt <shakeelb@...gle.com>,
John Hubbard <jhubbard@...dia.com>,
Mike Kravetz <mike.kravetz@...cle.com>,
Mike Rapoport <rppt@...ux.ibm.com>,
Yang Shi <shy828301@...il.com>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Matthew Wilcox <willy@...radead.org>,
Vlastimil Babka <vbabka@...e.cz>, Jann Horn <jannh@...gle.com>,
Michal Hocko <mhocko@...nel.org>,
Nadav Amit <namit@...are.com>, Rik van Riel <riel@...riel.com>,
Roman Gushchin <guro@...com>,
Andrea Arcangeli <aarcange@...hat.com>,
Peter Xu <peterx@...hat.com>,
Donald Dutile <ddutile@...hat.com>,
Christoph Hellwig <hch@....de>,
Oleg Nesterov <oleg@...hat.com>, Jan Kara <jack@...e.cz>,
Liang Zhang <zhangliang5@...wei.com>,
Pedro Gomes <pedrodemargomes@...il.com>,
Oded Gabbay <oded.gabbay@...il.com>, linux-mm@...ck.org
Subject: Re: [PATCH v2 13/15] mm: support GUP-triggered unsharing of
anonymous pages
On Mon, Mar 21, 2022 at 05:15:06PM +0100, David Hildenbrand wrote:
> On 19.03.22 00:30, Jason Gunthorpe wrote:
> > On Tue, Mar 15, 2022 at 11:47:39AM +0100, David Hildenbrand wrote:
> >> Whenever GUP currently ends up taking a R/O pin on an anonymous page that
> >> might be shared -- mapped R/O and !PageAnonExclusive() -- any write fault
> >> on the page table entry will end up replacing the mapped anonymous page
> >> due to COW, resulting in the GUP pin no longer being consistent with the
> >> page actually mapped into the page table.
> >>
> >> The possible ways to deal with this situation are:
> >> (1) Ignore and pin -- what we do right now.
> >> (2) Fail to pin -- which would be rather surprising to callers and
> >> could break user space.
> >> (3) Trigger unsharing and pin the now exclusive page -- reliable R/O
> >> pins.
> >>
> >> We want to implement 3) because it provides the clearest semantics and
> >> allows for checking in unpin_user_pages() and friends for possible BUGs:
> >> when trying to unpin a page that's no longer exclusive, clearly
> >> something went very wrong and might result in memory corruptions that
> >> might be hard to debug. So we better have a nice way to spot such
> >> issues.
> >>
> >> To implement 3), we need a way for GUP to trigger unsharing:
> >> FAULT_FLAG_UNSHARE. FAULT_FLAG_UNSHARE is only applicable to R/O mapped
> >> anonymous pages and resembles COW logic during a write fault. However, in
> >> contrast to a write fault, GUP-triggered unsharing will, for example, still
> >> maintain the write protection.
> >
> > Given the way this series has developed you might want to call this
> > FAULT_FLAG_MAKE_ANON_EXCLUSIVE
> >
> > Which strikes me as more directly connected to what it is trying to
> > do.
>
> I thought about something similar along those lines, and I think it
> would apply even when extending that mechanism to anything !anon inside
> a MAP_PRIVATE mapping.
>
> The whole
>
> const bool unshare = vmf->flags & FAULT_FLAG_UNSHARE;
I think the extra words are worthwhile, share makes me think about
MAP_SHARED as we don't really use shared anywhere else FWICT..
Jason
Powered by blists - more mailing lists