lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6feb6f37-dfb9-0fe1-1303-2744ad2758d9@suse.cz>
Date:   Mon, 9 Oct 2023 17:22:33 +0200
From:   Vlastimil Babka <vbabka@...e.cz>
To:     Lorenzo Stoakes <lstoakes@...il.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Christian Brauner <brauner@...nel.org>
Cc:     "=Liam R . Howlett" <Liam.Howlett@...cle.com>,
        linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 1/4] mm: abstract the vma_merge()/split_vma() pattern for
 mprotect() et al.

On 10/8/23 22:23, Lorenzo Stoakes wrote:
> mprotect() and other functions which change VMA parameters over a range
> each employ a pattern of:-
> 
> 1. Attempt to merge the range with adjacent VMAs.
> 2. If this fails, and the range spans a subset of the VMA, split it
> accordingly.
> 
> This is open-coded and duplicated in each case. Also in each case most of
> the parameters passed to vma_merge() remain the same.
> 
> Create a new static function, vma_modify(), which abstracts this operation,
> accepting only those parameters which can be changed.
> 
> To avoid the mess of invoking each function call with unnecessary
> parameters, create wrapper functions for each of the modify operations,
> parameterised only by what is required to perform the action.

Nice!

> Note that the userfaultfd_release() case works even though it does not
> split VMAs - since start is set to vma->vm_start and end is set to
> vma->vm_end, the split logic does not trigger.
> 
> In addition, since we calculate pgoff to be equal to vma->vm_pgoff + (start
> - vma->vm_start) >> PAGE_SHIFT, and start - vma->vm_start will be 0 in this
> instance, this invocation will remain unchanged.
> 
> Signed-off-by: Lorenzo Stoakes <lstoakes@...il.com>
> ---
>  fs/userfaultfd.c   | 53 +++++++++-----------------
>  include/linux/mm.h | 23 ++++++++++++
>  mm/madvise.c       | 25 ++++---------
>  mm/mempolicy.c     | 20 ++--------
>  mm/mlock.c         | 24 ++++--------
>  mm/mmap.c          | 93 ++++++++++++++++++++++++++++++++++++++++++++++
>  mm/mprotect.c      | 27 ++++----------
>  7 files changed, 157 insertions(+), 108 deletions(-)
> 
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index a7c6ef764e63..9e5232d23927 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -927,11 +927,10 @@ static int userfaultfd_release(struct inode *inode, struct file *file)
>  			continue;
>  		}
>  		new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS;
> -		prev = vma_merge(&vmi, mm, prev, vma->vm_start, vma->vm_end,
> -				 new_flags, vma->anon_vma,
> -				 vma->vm_file, vma->vm_pgoff,
> -				 vma_policy(vma),
> -				 NULL_VM_UFFD_CTX, anon_vma_name(vma));
> +		prev = vma_modify_uffd(&vmi, prev, vma, vma->vm_start,
> +				       vma->vm_end, new_flags,
> +				       NULL_VM_UFFD_CTX);
> +
>  		if (prev) {
>  			vma = prev;
>  		} else {
> @@ -1331,7 +1330,6 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx,
>  	unsigned long start, end, vma_end;
>  	struct vma_iterator vmi;
>  	bool wp_async = userfaultfd_wp_async_ctx(ctx);
> -	pgoff_t pgoff;
>  
>  	user_uffdio_register = (struct uffdio_register __user *) arg;
>  
> @@ -1484,26 +1482,18 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx,
>  		vma_end = min(end, vma->vm_end);
>  
>  		new_flags = (vma->vm_flags & ~__VM_UFFD_FLAGS) | vm_flags;
> -		pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
> -		prev = vma_merge(&vmi, mm, prev, start, vma_end, new_flags,
> -				 vma->anon_vma, vma->vm_file, pgoff,
> -				 vma_policy(vma),
> -				 ((struct vm_userfaultfd_ctx){ ctx }),
> -				 anon_vma_name(vma));
> +		prev = vma_modify_uffd(&vmi, prev, vma, start, vma_end,
> +				       new_flags,
> +				       ((struct vm_userfaultfd_ctx){ ctx }));
>  		if (prev) {

This will hit also for IS_ERR(prev), no?

>  			/* vma_merge() invalidated the mas */
>  			vma = prev;
>  			goto next;
>  		}
> -		if (vma->vm_start < start) {
> -			ret = split_vma(&vmi, vma, start, 1);
> -			if (ret)
> -				break;
> -		}
> -		if (vma->vm_end > end) {
> -			ret = split_vma(&vmi, vma, end, 0);
> -			if (ret)
> -				break;
> +
> +		if (IS_ERR(prev)) {

So here's too late to test for it. AFAICS the other usages are like this as
well.

> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index a7b667786cde..c069813f215f 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -3253,6 +3253,29 @@ extern struct vm_area_struct *copy_vma(struct vm_area_struct **,
>  	unsigned long addr, unsigned long len, pgoff_t pgoff,
>  	bool *need_rmap_locks);
>  extern void exit_mmap(struct mm_struct *);
> +struct vm_area_struct *vma_modify_flags(struct vma_iterator *vmi,
> +					struct vm_area_struct *prev,
> +					struct vm_area_struct *vma,
> +					unsigned long start, unsigned long end,
> +					unsigned long new_flags);
> +struct vm_area_struct *vma_modify_flags_name(struct vma_iterator *vmi,
> +					     struct vm_area_struct *prev,
> +					     struct vm_area_struct *vma,
> +					     unsigned long start,
> +					     unsigned long end,
> +					     unsigned long new_flags,
> +					     struct anon_vma_name *new_name);
> +struct vm_area_struct *vma_modify_policy(struct vma_iterator *vmi,
> +					 struct vm_area_struct *prev,
> +					 struct vm_area_struct *vma,
> +					 unsigned long start, unsigned long end,
> +					 struct mempolicy *new_pol);
> +struct vm_area_struct *vma_modify_uffd(struct vma_iterator *vmi,
> +				       struct vm_area_struct *prev,
> +				       struct vm_area_struct *vma,
> +				       unsigned long start, unsigned long end,
> +				       unsigned long new_flags,
> +				       struct vm_userfaultfd_ctx new_ctx);

Could these be instead static inline wrappers, and vma_modify exported
instead of static?

Maybe we could also move this to mm/internal.h? Which would mean
fs/userfaultfd.c would have to start including it, but as it's already so
much rooted in mm, it shouldn't be wrong?

>  
>  static inline int check_data_rlimit(unsigned long rlim,
>  				    unsigned long new,
> diff --git a/mm/madvise.c b/mm/madvise.c
> index a4a20de50494..73024693d5c8 100644

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ