Hello,
Do you have a more recent version of this patchset?
On Thu, Nov 19, 2015 at 02:33:47PM -0800, Shaohua Li wrote:
> + down_read(&dst_mm->mmap_sem);
[..]
> + if (enable_wp)
> + newprot = vm_get_page_prot(dst_vma->vm_flags & ~(VM_WRITE));
> + else
> + newprot = vm_get_page_prot(dst_vma->vm_flags);
The vm_flags for anon vmas are always wrprotected, just we mark them
writable during fault or during cow if vm_flags VM_WRITE is set, when
we know it's not shared. So this requires checking the mapcount
somewhere while fork cannot run, or the above won't properly
unprotect?
> +
> + change_protection(dst_vma, start, start + len, newprot,
> + !enable_wp, 0);
change_protection(prot_numa=0) assumes mmap_sem hold for writing
breaking here:
/* !prot_numa is protected by mmap_sem held for write */
if (!prot_numa)
return pte_offset_map_lock(vma->vm_mm, pmd, addr, ptl);
pmdl = pmd_lock(vma->vm_mm, pmd);
if (unlikely(pmd_trans_huge(*pmd) || pmd_none(*pmd))) {
spin_unlock(pmdl);
return NULL;
}
pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, ptl);
spin_unlock(pmdl);
With userfaultfd the pmd can be trans unstable as we only hold the
mmap_sem for reading.
In short calling change_protection() with prot_numa==0 with only the
mmap_sem for reading looks wrong...
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>