Re: [PATCH 09/10] vhost, mm: make sure that oom_reaper doesn't reap memory read by vhost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri 29-07-16 19:07:28, Oleg Nesterov wrote:
> Well. I promised to not argue, but I can't resist...
> 
> On 07/28, Michal Hocko wrote:
> >
> > --- a/include/linux/uaccess.h
> > +++ b/include/linux/uaccess.h
> > @@ -76,6 +76,28 @@ static inline unsigned long __copy_from_user_nocache(void *to,
> >  #endif		/* ARCH_HAS_NOCACHE_UACCESS */
> >
> >  /*
> > + * A safe variant of __get_user for for use_mm() users to have a
> > + * gurantee that the address space wasn't reaped in the background
> > + */
> > +#define __get_user_mm(mm, x, ptr)				\
> > +({								\
> > +	int ___gu_err = __get_user(x, ptr);			\
> > +	if (!___gu_err && test_bit(MMF_UNSTABLE, &mm->flags))	\
> > +		___gu_err = -EFAULT;				\
> > +	___gu_err;						\
> > +})
> > +
> > +/* similar to __get_user_mm */
> > +static inline __must_check long __copy_from_user_mm(struct mm_struct *mm,
> > +		void *to, const void __user * from, unsigned long n)
> > +{
> > +	long ret = __copy_from_user(to, from, n);
> > +	if ((ret >= 0) && test_bit(MMF_UNSTABLE, &mm->flags))
> > +		return -EFAULT;
> > +	return ret;
> > +}
> 
> Still fail to understand why do we actually need this, but nevermind.

Well, I only rely on what Michael told me about the possible breakage
because I am not familiar with the internals of the vhost driver enough
to tell any better.

> Can't we instead change handle_pte_fault() or do_anonymous_page() to
> fail if MMF_UNSTABLE? We can realy pte_offset_map_lock(), MMF_UNSTABLE
> must be visible under this lock.

I have considered this option but felt like this would impose the
overhead (small but still non-zero) to everybody while actually only one
user really needs this. If we had more users the page fault path might
be worthwhile but it is only use_mm users which we have 3 and only one
really needs it.

> We do not even need to actually disallow to re-populate the unmapped
> pte afaics, so we can even change handle_mm_fault() to check
> MMF_UNSTABLE after at the ens and return VM_FAULT_SIGBUS if it is set.
> 
> Oleg.
> 

-- 
Michal Hocko
SUSE Labs

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]