| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3cc33611-a430-1ce4-bb30-7dc62a530cb8@suse.cz>
Date: Tue, 19 Apr 2022 18:31:49 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: David Hildenbrand <david@...hat.com>, linux-kernel@...r.kernel.org
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Hugh Dickins <hughd@...gle.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
David Rientjes <rientjes@...gle.com>,
Shakeel Butt <shakeelb@...gle.com>,
John Hubbard <jhubbard@...dia.com>,
Jason Gunthorpe <jgg@...dia.com>,
Mike Kravetz <mike.kravetz@...cle.com>,
Mike Rapoport <rppt@...ux.ibm.com>,
Yang Shi <shy828301@...il.com>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Matthew Wilcox <willy@...radead.org>,
Jann Horn <jannh@...gle.com>, Michal Hocko <mhocko@...nel.org>,
Nadav Amit <namit@...are.com>, Rik van Riel <riel@...riel.com>,
Roman Gushchin <guro@...com>,
Andrea Arcangeli <aarcange@...hat.com>,
Peter Xu <peterx@...hat.com>,
Donald Dutile <ddutile@...hat.com>,
Christoph Hellwig <hch@....de>,
Oleg Nesterov <oleg@...hat.com>, Jan Kara <jack@...e.cz>,
Liang Zhang <zhangliang5@...wei.com>,
Pedro Gomes <pedrodemargomes@...il.com>,
Oded Gabbay <oded.gabbay@...il.com>, linux-mm@...ck.org
Subject: Re: [PATCH v3 14/16] mm: support GUP-triggered unsharing of anonymous
pages
On 4/19/22 18:29, David Hildenbrand wrote:
>>> @@ -4515,8 +4550,11 @@ static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf)
>>> /* `inline' is required to avoid gcc 4.1.2 build error */
>>> static inline vm_fault_t wp_huge_pmd(struct vm_fault *vmf)
>>> {
>>> + const bool unshare = vmf->flags & FAULT_FLAG_UNSHARE;
>>> +
>>> if (vma_is_anonymous(vmf->vma)) {
>>> - if (userfaultfd_huge_pmd_wp(vmf->vma, vmf->orig_pmd))
>>> + if (unlikely(unshare) &&
>>
>> Is this condition flipped, should it be "likely(!unshare)"? As the similar
>> code in do_wp_page() does.
>
> Good catch, this should affect uffd-wp on THP -- it wouldn't trigger as expected. Thanks a lot for finding that!
Yay, glad I was right this time.
>>
>>> + userfaultfd_huge_pmd_wp(vmf->vma, vmf->orig_pmd))
>>> return handle_userfault(vmf, VM_UFFD_WP);
>>> return do_huge_pmd_wp_page(vmf);
>>> }
>>> @@ -4651,10 +4689,11 @@ static vm_fault_t handle_pte_fault(struct vm_fault *vmf)
>>> update_mmu_tlb(vmf->vma, vmf->address, vmf->pte);
>>> goto unlock;
>>> }
>>> - if (vmf->flags & FAULT_FLAG_WRITE) {
>>> + if (vmf->flags & (FAULT_FLAG_WRITE|FAULT_FLAG_UNSHARE)) {
>>> if (!pte_write(entry))
>>> return do_wp_page(vmf);
>>> - entry = pte_mkdirty(entry);
>>> + else if (likely(vmf->flags & FAULT_FLAG_WRITE))
>>> + entry = pte_mkdirty(entry);
>>> }
>>> entry = pte_mkyoung(entry);
>>> if (ptep_set_access_flags(vmf->vma, vmf->address, vmf->pte, entry,
>>
>
>
> So the following on top, right?
Looks good!
> diff --git a/mm/memory.c b/mm/memory.c
> index 8b3cb73f5e44..4584c7e87a70 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -3137,7 +3137,7 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf)
> free_swap_cache(old_page);
> put_page(old_page);
> }
> - return page_copied && !unshare ? VM_FAULT_WRITE : 0;
> + return (page_copied && !unshare) ? VM_FAULT_WRITE : 0;
> oom_free_new:
> put_page(new_page);
> oom:
> @@ -4604,7 +4604,7 @@ static inline vm_fault_t wp_huge_pmd(struct vm_fault *vmf)
> const bool unshare = vmf->flags & FAULT_FLAG_UNSHARE;
>
> if (vma_is_anonymous(vmf->vma)) {
> - if (unlikely(unshare) &&
> + if (likely(!unshare) &&
> userfaultfd_huge_pmd_wp(vmf->vma, vmf->orig_pmd))
> return handle_userfault(vmf, VM_UFFD_WP);
> return do_huge_pmd_wp_page(vmf);
>
>
Powered by blists - more mailing lists