On 08/08, Song Liu wrote:
>
> > On Aug 8, 2019, at 9:33 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> >
> >> + for (i = 0, addr = haddr; i < HPAGE_PMD_NR; i++, addr += PAGE_SIZE) {
> >> + pte_t *pte = pte_offset_map(pmd, addr);
> >> + struct page *page;
> >> +
> >> + if (pte_none(*pte))
> >> + continue;
> >> +
> >> + page = vm_normal_page(vma, addr, *pte);
just noticed... shouldn't you also check pte_present() before
vm_normal_page() ?
> >> + if (!page || !PageCompound(page))
> >> + return;
> >> +
> >> + if (!hpage) {
> >> + hpage = compound_head(page);
> >
> > OK,
> >
> >> + if (hpage->mapping != vma->vm_file->f_mapping)
> >> + return;
> >
> > is it really possible? May be WARN_ON(hpage->mapping != vm_file->f_mapping)
> > makes more sense ?
>
> I haven't found code paths lead to this,
Neither me, that is why I asked. I think this should not be possible,
but again this is not my area.
> but this is technically possible.
> This pmd could contain subpages from different THPs.
Then please explain how this can happen ?
> The __replace_page()
> function in uprobes.c creates similar pmd.
No it doesn't,
> Current uprobe code won't really create this problem, because
> !PageCompound() check above is sufficient. But it won't be difficult to
> modify uprobe code to break this.
I bet it will be a) difficult and b) the very idea to do this would be wrong.
> For this code to be accurate and safe,
> I think both this check and the one below are necessary.
I didn't suggest to remove these checks.
> Also, this code
> is not on any critical path, so the overhead should be negligible.
I do not care about overhead. But I do care about a poor reader like me
who will try to understand this code.
If you too do not understand how a THP page can have a different mapping
then use VM_WARN or at least add a comment to explain that this is not
supposed to happen!
> Does this make sense?
Not to me :/
Oleg.
