On 08/31/2017 05:07 PM, Laura Abbott wrote: > On 08/31/2017 07:32 AM, Vlastimil Babka wrote: >> On 08/31/2017 03:40 AM, Joonsoo Kim wrote: >>> On Tue, Aug 29, 2017 at 11:16:18AM +0200, Vlastimil Babka wrote: >>>> >>>> BTW, if we dropped NR_FREE_CMA_PAGES, could we also drop MIGRATE_CMA and >>>> related hooks? Is that counter really that useful as it works right now? >>>> It will decrease both by CMA allocations (which has to be explicitly >>>> freed) and by movable allocations (which can be migrated). What if only >>>> CMA alloc/release touched it? >>> >>> I think that NR_FREE_CMA_PAGES would not be as useful as previous. We >>> can remove it. >>> >>> However, removing MIGRATE_CMA has a problem. There is an usecase to >>> check if the page comes from the CMA area or not. See >>> check_page_span() in mm/usercopy.c. I can implement it differently by >>> iterating whole CMA area and finding the match, but I'm not sure it's >>> performance effect. I guess that it would be marginal. >> >> +CC Kees Cook >> >> Hmm, seems like this check is to make sure we don't copy from/to parts >> of kernel memory we're not supposed to? Then I believe checking that >> pages are in ZONE_MOVABLE should then give the same guarantees as >> MIGRATE_CMA. >> > > The check is to make sure we are copying only to a single page unless > that page is allocated with __GFP_COMP. CMA needs extra checks since > its allocations have nothing to do with compound page. Checking > ZONE_MOVABLE might cause us to miss some cases of copying to vanilla > ZONE_MOVABLE pages. How big problem is that? ZONE_MOVABLE should not contain kernel pages, so from the kernel protection side we are OK? I expect there's another check somewhere that the pages are not userspace, as that would be unexpected on a wrong side of copy_to/from_user, no? Also you can already miss some cases with the is_migrate_cma check, because pages might be in the CMA pageblocks but not be allocated by CMA itself - movable pages allocation can fallback here. >> BTW the comment says "Reject if range is entirely either Reserved or >> CMA" but the code does the opposite thing. I assume the comment is wrong? >> > > Yes, I think that needs clarification. > > Thanks, > Laura > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
