| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wj9j+puqhe+E-AcG5j-5nP_tQ7DmAcb=Cb6v7n4mpxXjQ@mail.gmail.com>
Date: Fri, 19 May 2023 19:34:15 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Joel Fernandes <joel@...lfernandes.org>
Cc: linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-mm@...ck.org, Shuah Khan <shuah@...nel.org>,
Vlastimil Babka <vbabka@...e.cz>,
Michal Hocko <mhocko@...e.com>,
Lorenzo Stoakes <lstoakes@...il.com>,
Kirill A Shutemov <kirill@...temov.name>,
"Liam R. Howlett" <liam.howlett@...cle.com>,
"Paul E. McKenney" <paulmck@...nel.org>,
Suren Baghdasaryan <surenb@...gle.com>
Subject: Re: [PATCH v2 1/4] mm/mremap: Optimize the start addresses in move_page_tables()
On Fri, May 19, 2023 at 3:52 PM Joel Fernandes <joel@...lfernandes.org> wrote:
> >
> > I *suspect* that the test is literally just for the stack movement
> > case by execve, where it catches the case where we're doing the
> > movement entirely within the one vma we set up.
>
> Yes that's right, the test is only for the stack movement case. For
> the regular mremap case, I don't think there is a way for it to
> trigger.
So I feel the test is simply redundant.
For the regular mremap case, it never triggers.
And for the stack movement case by execve, I don't think it matters if
you just were to change the logic of the subsequent checks a bit.
In particular, you do this:
/* If the masked address is within vma, there is no prev
mapping of concern. */
if (vma->vm_start <= addr_masked)
return false;
/*
* Attempt to find vma before prev that contains the address.
* On any issue, assume the address is within a previous mapping.
* @mmap write lock is held here, so the lookup is safe.
*/
cur = find_vma_prev(vma->vm_mm, vma->vm_start, &prev);
if (!cur || cur != vma || !prev)
return true;
/* The masked address fell within a previous mapping. */
if (prev->vm_end > addr_masked)
return true;
return false;
And I think that
if (!cur || cur != vma || !prev)
return true;
is actively wrong, because if there is no 'prev', then you should return false.
So I *think* all of the above could just be replaced with this instead:
find_vma_prev(vma->vm_mm, vma->vm_start, &prev);
return prev && prev->vm_end > addr_masked;
because only if we have a 'prev', and the prev is into that masked
address, do we need to avoid doing the masking.
With that simplified test, do you even care about that whole "the
masked address was already in the vma"? Not that I can see.
And we don't even care about the return value of 'find_vma_prev()',
because it had better be 'vma'. We're giving it 'vma->vm_start' as an
address, for chrissake!
So if you *really* wanted to, you could do something like
cur = find_vma_prev(..);
if (WARN_ON_ONCE(cut != vma))
return true;
but even that WARN_ON_ONCE() seems pretty bogus. If it triggers, we
have some serious corruption going on.
So I stil find that whole "vma->vm_start <= addr_masked" test a bit
confusing, since it seems entirely redundant.
Is it just because you wanted to avoid calling "find_vma_prev()" at
all? Maybe just say that in the comment.
Linus
Powered by blists - more mailing lists