On 12/8/2020 10:47 AM, Borislav Petkov wrote:
On Tue, Dec 08, 2020 at 10:25:15AM -0800, Yu, Yu-cheng wrote:
Both are "R/O + _PAGE_COW". Where's the difference? The dirty bit?
The PTEs are the same for both (a) and (b), but come from different routes.
Do not be afraid to go into detail and explain to me what those routes
are please.
Case (a) is a normal writable data page that has gone through fork().
So it has W=0, D=1. But here, the software chooses not to use the D
bit, and instead, W=0, COW=1.
Case (b) is a normal read-only data page. Since it is read-only, fork()
won't affect it. In __get_user_pages(), a copy of the read-only page is
needed, and the page is duplicated. The software sets COW=1 for the new
copy.
(e) A page where the processor observed a Write=1 PTE, started a write, set
Dirty=1, but then observed a Write=0 PTE.
How does that happen? Something changed the PTE's W bit to 0 in-between?
Yes.
Also do not scare from going into detail and explaining what you mean
here. Example?
Thread-A is writing to a writable page, and the page's PTE is becoming
W=1, D=1. In the middle of it, Thread-B is changing the PTE to W=0.
Does _PAGE_COW mean dirty too?
Yes. Basically [read-only & dirty] is created by software. Now the
software uses a different bit.
That convention:
"[read-only & dirty] is created by software."
needs some prominent writeup somewhere explaining what it is.
Thx.
I will put these into the comments.
--
Yu-cheng