On Tue, Feb 13, 2024 at 9:06 AM Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> wrote: > > * Lokesh Gidra <lokeshgidra@xxxxxxxxxx> [240213 06:25]: > > On Mon, Feb 12, 2024 at 7:33 PM Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> wrote: > > > > > > * Lokesh Gidra <lokeshgidra@xxxxxxxxxx> [240212 19:19]: > > > > All userfaultfd operations, except write-protect, opportunistically use > > > > per-vma locks to lock vmas. On failure, attempt again inside mmap_lock > > > > critical section. > > > > > > > > Write-protect operation requires mmap_lock as it iterates over multiple > > > > vmas. > > > > > > > > Signed-off-by: Lokesh Gidra <lokeshgidra@xxxxxxxxxx> > > > > --- > > > > fs/userfaultfd.c | 13 +- > > > > include/linux/userfaultfd_k.h | 5 +- > > > > mm/userfaultfd.c | 392 ++++++++++++++++++++++++++-------- > > > > 3 files changed, 312 insertions(+), 98 deletions(-) > > > > > > > ... > > I just remembered an issue with the mmap tree that exists today that you > needs to be accounted for in this change. > > If you hit a NULL VMA, you need to fall back to the mmap_lock() scenario > today. Unless I'm missing something, isn't that already handled in the patch? We get the VMA outside mmap_lock critical section only via lock_vma_under_rcu() (in lock_vma() and find_and_lock_vmas()) and in both cases if we get NULL in return, we retry in mmap_lock critical section with vma_lookup(). Wouldn't that suffice? > > This is a necessity to avoid a race of removal/replacement of a VMA in > the mmap(MAP_FIXED) case. In this case, we munmap() prior to mmap()'ing > an area - which means you could see a NULL when there never should have > been a null. > > Although this would be exceedingly rare, you need to handle this case. > > Sorry I missed this earlier, > Liam
