lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5b570bcd-e0fb-4473-7cfc-81b8b53d7712@google.com>
Date:   Tue, 24 Oct 2023 09:32:44 -0700 (PDT)
From:   Hugh Dickins <hughd@...gle.com>
To:     "Liam R. Howlett" <Liam.Howlett@...cle.com>,
        Hugh Dickins <hughd@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andi Kleen <ak@...ux.intel.com>,
        Christoph Lameter <cl@...ux.com>,
        Matthew Wilcox <willy@...radead.org>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        David Hildenbrand <david@...hat.com>,
        Suren Baghdasaryan <surenb@...gle.com>,
        Yang Shi <shy828301@...il.com>,
        Sidhartha Kumar <sidhartha.kumar@...cle.com>,
        Vishal Moola <vishal.moola@...il.com>,
        Kefeng Wang <wangkefeng.wang@...wei.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Tejun Heo <tj@...nel.org>,
        Mel Gorman <mgorman@...hsingularity.net>,
        Michal Hocko <mhocko@...e.com>,
        "Huang, Ying" <ying.huang@...el.com>, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org
Subject: Re: [PATCH] mempolicy: migration attempt to match interleave nodes:
 fix

On Tue, 24 Oct 2023, Liam R. Howlett wrote:

> * Hugh Dickins <hughd@...gle.com> [231024 02:50]:
> > mm-unstable commit edd33b8807a1 ("mempolicy: migration attempt to match
> > interleave nodes") added a second vma_iter search to do_mbind(), to
> > determine the interleave index to be used in the MPOL_INTERLEAVE case.
> > 
> > But sadly it added it just after the mmap_write_unlock(), leaving this
> > new VMA search unprotected: and so syzbot reports suspicious RCU usage
> > from lib/maple_tree.c:856.
> > 
> > This could be fixed with an rcu_read_lock/unlock() pair (per Liam);
> > but since we have been relying on the mmap_lock up to this point, it's
> > slightly better to extend it over the new search too, for a well-defined
> > result consistent with the policy this mbind() is establishing (rather
> > than whatever might follow once the mmap_lock is dropped).
> 
> Would downgrading the lock work?  It would avoid the potential writing
> issue and should still satisfy lockdep.

Downgrading the lock would work, but it would be a pointless complication.

The "second vma_iter search" is not a lengthy operation (normally it just
checks pgoff,start,end of the first VMA and immediately breaks out; in
worst case it just makes that check on each VMA involved: it doesn't get
into splits or merges or pte scans), we already have mmap_lock, yes it's
only needed for read during that scani, but it's not worth playing with.

Whereas migrating an indefinite number of pages, with all the allocating
and unmapping and copying and remapping involved, really is something we
prefer not to hold mmap_lock across.

Hugh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ