[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bbc060ca6e967790423e0a3ca940d1e700447554.camel@intel.com>
Date: Tue, 31 May 2022 14:06:30 +0800
From: Ying Huang <ying.huang@...el.com>
To: Miaohe Lin <linmiaohe@...wei.com>, akpm@...ux-foundation.org,
naoya.horiguchi@....com
Cc: peterx@...hat.com, apopple@...dia.com, osalvador@...e.de,
mike.kravetz@...cle.com, songmuchun@...edance.com, hch@....de,
dhowells@...hat.com, cl@...ux.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org,
"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: [PATCH v4 1/4] mm: reduce the rcu lock duration
On Mon, 2022-05-30 at 19:30 +0800, Miaohe Lin wrote:
> Commit 3268c63eded4 ("mm: fix move/migrate_pages() race on task struct")
> extends the period of the rcu_read_lock until after the permissions checks
> are done to prevent the task pointed to from changing from under us. But
> the task_struct refcount is also taken at that time, the reference to task
> is guaranteed to be stable. So it's unnecessary to extend the period of
> the rcu_read_lock. Release the rcu lock after task refcount is successfully
> grabbed to reduce the rcu holding time.
Sorry for late reply, I am busy on something else recently.
I have just read the whole thread of the original patch discussion.
During discussion, in
https://lore.kernel.org/lkml/alpine.DEB.2.00.1202241131400.3726@router.home/
a patch that is same as your one is proposed. Then in the following
message, Eric think that the rcu read lock should be released until
permission is checked,
https://lore.kernel.org/lkml/87sjhzun47.fsf@xmission.com/
"
At the moment I suspect the permissions checks are not safe unless
performed under both rcu_read_lock and task_lock to ensure that
the task<->mm association does not change on us while we are
working. Even with that the cred can change under us but at least
we know the cred will be valid until rcu_read_unlock happens.
"
So the rcu lock duration is enlarged in the following message.
https://lore.kernel.org/lkml/alpine.DEB.2.00.1202271238450.32410@router.home/
But, after some thought, I don't think extended rcu read lock adds much
value. Because after permission checking the permission may still be
changed. There's no much difference.
So, I have no objection to the patch itself. But you should add more
information in patch description about why the RCU proected region is
extended and why we can reduce it.
Best Regards,
Huang, Ying
> Reviewed-by: Muchun Song <songmuchun@...edance.com>
> Reviewed-by: Christoph Hellwig <hch@....de>
> Reviewed-by: Oscar Salvador <osalvador@...e.de>
> Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
> Cc: Huang Ying <ying.huang@...el.com>
> Cc: David Howells <dhowells@...hat.com>
> Cc: Christoph Lameter <cl@...ux.com>
> ---
> mm/mempolicy.c | 3 +--
> mm/migrate.c | 3 +--
> 2 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/mm/mempolicy.c b/mm/mempolicy.c
> index 0b4ba3ee810e..2dad094177bf 100644
> --- a/mm/mempolicy.c
> +++ b/mm/mempolicy.c
> @@ -1609,6 +1609,7 @@ static int kernel_migrate_pages(pid_t pid, unsigned long maxnode,
> goto out;
> }
> get_task_struct(task);
> + rcu_read_unlock();
>
>
>
>
> err = -EINVAL;
>
>
>
>
> @@ -1617,11 +1618,9 @@ static int kernel_migrate_pages(pid_t pid, unsigned long maxnode,
> * Use the regular "ptrace_may_access()" checks.
> */
> if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
> - rcu_read_unlock();
> err = -EPERM;
> goto out_put;
> }
> - rcu_read_unlock();
>
>
>
>
> task_nodes = cpuset_mems_allowed(task);
> /* Is the user allowed to access the target nodes? */
> diff --git a/mm/migrate.c b/mm/migrate.c
> index e51588e95f57..e88ebb88fa6f 100644
> --- a/mm/migrate.c
> +++ b/mm/migrate.c
> @@ -1902,17 +1902,16 @@ static struct mm_struct *find_mm_struct(pid_t pid, nodemask_t *mem_nodes)
> return ERR_PTR(-ESRCH);
> }
> get_task_struct(task);
> + rcu_read_unlock();
>
>
>
>
> /*
> * Check if this process has the right to modify the specified
> * process. Use the regular "ptrace_may_access()" checks.
> */
> if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
> - rcu_read_unlock();
> mm = ERR_PTR(-EPERM);
> goto out;
> }
> - rcu_read_unlock();
>
>
>
>
> mm = ERR_PTR(security_task_movememory(task));
> if (IS_ERR(mm))
Powered by blists - more mailing lists