Well. I promised to not argue, but I can't resist...
On 07/28, Michal Hocko wrote:
>
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -76,6 +76,28 @@ static inline unsigned long __copy_from_user_nocache(void *to,
> #endif /* ARCH_HAS_NOCACHE_UACCESS */
>
> /*
> + * A safe variant of __get_user for for use_mm() users to have a
> + * gurantee that the address space wasn't reaped in the background
> + */
> +#define __get_user_mm(mm, x, ptr) \
> +({ \
> + int ___gu_err = __get_user(x, ptr); \
> + if (!___gu_err && test_bit(MMF_UNSTABLE, &mm->flags)) \
> + ___gu_err = -EFAULT; \
> + ___gu_err; \
> +})
> +
> +/* similar to __get_user_mm */
> +static inline __must_check long __copy_from_user_mm(struct mm_struct *mm,
> + void *to, const void __user * from, unsigned long n)
> +{
> + long ret = __copy_from_user(to, from, n);
> + if ((ret >= 0) && test_bit(MMF_UNSTABLE, &mm->flags))
> + return -EFAULT;
> + return ret;
> +}
Still fail to understand why do we actually need this, but nevermind.
Can't we instead change handle_pte_fault() or do_anonymous_page() to
fail if MMF_UNSTABLE? We can realy pte_offset_map_lock(), MMF_UNSTABLE
must be visible under this lock.
We do not even need to actually disallow to re-populate the unmapped
pte afaics, so we can even change handle_mm_fault() to check
MMF_UNSTABLE after at the ens and return VM_FAULT_SIGBUS if it is set.
Oleg.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>