lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID:
 <SN6PR02MB415777C2C9C15837BD413B8FD4AD2@SN6PR02MB4157.namprd02.prod.outlook.com>
Date: Mon, 31 Mar 2025 21:45:34 +0000
From: Michael Kelley <mhklinux@...look.com>
To: "linux-mm@...ck.org" <linux-mm@...ck.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Questions on .fault, .page_mkwrite, and .pfn_mkwrite callbacks

I have some questions about the use of the .fault, .page_mkwrite,
and .pfn_mkwrite callbacks in struct vm_operations_struct.

1. The .fault callback can return a struct page pointer in the vmf->page
   field after incrementing the page reference count. In this case, the
   .fault callback returns 0, and mm code inserts the PTE after the callback
   finishes. But alternatively, the callback can use vmf_insert_page() to
   immediately insert the PTE and return VM_FAULT_NOPAGE. Is there
   any meaningful difference in these two approaches? Is one preferred
   over the other?

2. Same question for the .page_mkwrite callback. Additionally, this
   callback can do lock_page() on the page, and mm code will finish
   write-enabling the PTE before releasing the lock. This locking enables
   synchronization with some other thread that might be trying to write
   protect the PTE. Alternatively, if vmf_insert_page_mkwrite() is used,
   the .page_mkwrite callback can do its own synchronization.

3. Finally, it appears that for the .pfn_mkwrite callback, the only option
   is a vmf_insert_*() function if synchronization is needed, as the mm
   code doesn't do an unlock after write-enabling the PTE (presumably
   since there might not be a struct page). Or did I miss something?

The context for my questions is the fbdev deferred I/O mechanism for a
framebuffer mmap'ed into user space (drivers/video/fbdev/core/fb_defio.c).
Current code works great if the framebuffer is a vmalloc() allocation
because mm can manage the page lifetimes with the page refcount. But
it doesn't work for a framebuffer allocated with alloc_pages(), where the
page refcounts cannot be used. For such I've marked the vma
VM_PFNMAP, and added a .pfn_mkwrite callback that seems to work.
But I want to double-check that I understand things correctly. My
.pfn_mkwrite callback does:

     vmf_insert_mixed_mkwrite(vmf->vma, vmf->address,
				__pfn_to_pfn_t(pfn, PFN_SPECIAL));

to make the PTE writeable, and returns VM_FAULT_NOPAGE. Using the
"mixed" variant seems like a bit of hack, but I didn't see any other way
to handle a PTE marked "special".  Thoughts?

Thanks for any help,

Michael Kelley

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ