| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Feb 2024 10:14:38 -0800 From: Lokesh Gidra <lokeshgidra@...gle.com> To: "Liam R. Howlett" <Liam.Howlett@...cle.com>, Lokesh Gidra <lokeshgidra@...gle.com>, akpm@...ux-foundation.org, linux-fsdevel@...r.kernel.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org, selinux@...r.kernel.org, surenb@...gle.com, kernel-team@...roid.com, aarcange@...hat.com, peterx@...hat.com, david@...hat.com, axelrasmussen@...gle.com, bgeffon@...gle.com, willy@...radead.org, jannh@...gle.com, kaleshsingh@...gle.com, ngeoffray@...gle.com, timmurray@...gle.com, rppt@...nel.org Subject: Re: [PATCH v5 3/3] userfaultfd: use per-vma locks in userfaultfd operations On Tue, Feb 13, 2024 at 9:06 AM Liam R. Howlett <Liam.Howlett@...cle.com> wrote: > > * Lokesh Gidra <lokeshgidra@...gle.com> [240213 06:25]: > > On Mon, Feb 12, 2024 at 7:33 PM Liam R. Howlett <Liam.Howlett@...cle.com> wrote: > > > > > > * Lokesh Gidra <lokeshgidra@...gle.com> [240212 19:19]: > > > > All userfaultfd operations, except write-protect, opportunistically use > > > > per-vma locks to lock vmas. On failure, attempt again inside mmap_lock > > > > critical section. > > > > > > > > Write-protect operation requires mmap_lock as it iterates over multiple > > > > vmas. > > > > > > > > Signed-off-by: Lokesh Gidra <lokeshgidra@...gle.com> > > > > --- > > > > fs/userfaultfd.c | 13 +- > > > > include/linux/userfaultfd_k.h | 5 +- > > > > mm/userfaultfd.c | 392 ++++++++++++++++++++++++++-------- > > > > 3 files changed, 312 insertions(+), 98 deletions(-) > > > > > > > ... > > I just remembered an issue with the mmap tree that exists today that you > needs to be accounted for in this change. > > If you hit a NULL VMA, you need to fall back to the mmap_lock() scenario > today. Unless I'm missing something, isn't that already handled in the patch? We get the VMA outside mmap_lock critical section only via lock_vma_under_rcu() (in lock_vma() and find_and_lock_vmas()) and in both cases if we get NULL in return, we retry in mmap_lock critical section with vma_lookup(). Wouldn't that suffice? > > This is a necessity to avoid a race of removal/replacement of a VMA in > the mmap(MAP_FIXED) case. In this case, we munmap() prior to mmap()'ing > an area - which means you could see a NULL when there never should have > been a null. > > Although this would be exceedingly rare, you need to handle this case. > > Sorry I missed this earlier, > Liam
Powered by blists - more mailing lists