| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Mar 2024 09:50:17 -0700 From: "Darrick J. Wong" <djwong@...nel.org> To: David Hildenbrand <david@...hat.com> Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>, John Hubbard <jhubbard@...dia.com>, Jason Gunthorpe <jgg@...dia.com>, Hugh Dickins <hughd@...gle.com> Subject: Re: [PATCH v1 0/2] mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly On Thu, Mar 14, 2024 at 05:12:58PM +0100, David Hildenbrand wrote: > Derrick reports that in some cases where pread() would fail with -EIO and > mmap()+access would generate a SIGBUS signal, MADV_POPULATE_READ / > MADV_POPULATE_WRITE will keep retrying forever and not fail with -EFAULT. > > It all boils down to missing VM_FAULT_RETRY handling. Let's try to handle > that in a better way, similar to how ordinary GUP handles it. > > Details in patch #1. In short, move special MADV_POPULATE_(READ|WRITE) > VMA handling into __get_user_pages(), and make faultin_page_range() > call __get_user_pages_locked(), which handles VM_FAULT_RETRY. Further, > avoid the now-useless madvise VMA walk, because __get_user_pages() will > perform the VMA lookup either way. > > I briefly played with handling the FOLL_MADV_POPULATE checks in > __get_user_pages() a bit differently, integrating them with existing > handling, but it ended up looking worse. So I decided to keep it simple. > > Likely, we need better selftests, but the reproducer from Darrick might > be a bit hard to convert into a simple selftest. > > Note that using mlock() in Darricks reproducer results in a similar > endless retry. Likely, that is not what we want, and we should handle > VM_FAULT_RETRY in populate_vma_page_range() / __mm_populate() as well. > However, similarly using __get_user_pages_locked() might be more > complicated, because of the advanced VMA handling in > populate_vma_page_range(). > > Further, most populate_vma_page_range() callers simply ignore the return > values, so it's unclear in which cases we expect to just silently fail, or > where we'd want to retry+fail or endlessly retry instead. > > Cc: Andrew Morton <akpm@...ux-foundation.org> > Cc: Darrick J. Wong <djwong@...nel.org> > Cc: John Hubbard <jhubbard@...dia.com> > Cc: Jason Gunthorpe <jgg@...dia.com> > Cc: Hugh Dickins <hughd@...gle.com> After a few days I haven't seen any problems, so Tested-by: Darrick J. Wong <djwong@...nel.org> --D > > David Hildenbrand (2): > mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY > properly > mm/madvise: don't perform madvise VMA walk for > MADV_POPULATE_(READ|WRITE) > > mm/gup.c | 54 ++++++++++++++++++++++++++++++--------------------- > mm/internal.h | 10 ++++++---- > mm/madvise.c | 43 +++++++++++++--------------------------- > 3 files changed, 52 insertions(+), 55 deletions(-) > > > base-commit: f48159f866f422371bb1aad10eb4d05b29ca4d8c > -- > 2.43.2 >
Powered by blists - more mailing lists