On Mon 16-07-18 17:47:39, Kirill A. Shutemov wrote: > On Mon, Jul 16, 2018 at 04:22:45PM +0200, Michal Hocko wrote: > > On Mon 16-07-18 17:04:41, Kirill A. Shutemov wrote: > > > On Mon, Jul 16, 2018 at 01:30:28PM +0000, Michal Hocko wrote: > > > > On Tue 10-07-18 13:48:58, Andrew Morton wrote: > > > > > On Tue, 10 Jul 2018 16:48:20 +0300 "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx> wrote: > > > > > > > > > > > vma_is_anonymous() relies on ->vm_ops being NULL to detect anonymous > > > > > > VMA. This is unreliable as ->mmap may not set ->vm_ops. > > > > > > > > > > > > False-positive vma_is_anonymous() may lead to crashes: > > > > > > > > > > > > ... > > > > > > > > > > > > This can be fixed by assigning anonymous VMAs own vm_ops and not relying > > > > > > on it being NULL. > > > > > > > > > > > > If ->mmap() failed to set ->vm_ops, mmap_region() will set it to > > > > > > dummy_vm_ops. This way we will have non-NULL ->vm_ops for all VMAs. > > > > > > > > > > Is there a smaller, simpler fix which we can use for backporting > > > > > purposes and save the larger rework for development kernels? > > > > > > > > Why cannot we simply keep anon vma with null vm_ops and set dummy_vm_ops > > > > for all users who do not initialize it in their mmap callbacks? > > > > Basically have a sanity check&fixup in call_mmap? > > > > > > As I said, there's a corner case of MAP_PRIVATE of /dev/zero. > > > > This is really creative. I really didn't think about that. I am > > wondering whether this really has to be handled as a private anonymous > > mapping implicitly. Why does vma_is_anonymous has to succeed for these > > mappings? Why cannot we simply handle it as any other file backed > > PRIVATE mapping? > > Because it's established way to create anonymous mappings in Linux. > And we cannot break the semantics. How exactly would semantic break? You would still get zero pages on read faults and anonymous pages on CoW. So basically the same thing as for any other file backed MAP_PRIVATE mapping. -- Michal Hocko SUSE Labs