Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Liam Howlett <liam.howlett@xxxxxxxxxx>
Subject: Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 May 2021 06:05:11 -1000
Cc: "Aneesh Kumar K.V" <aneesh.kumar@xxxxxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Michael Ellerman <mpe@xxxxxxxxxxxxxx>, linuxppc-dev <linuxppc-dev@xxxxxxxxxxxxxxxx>, Kalesh Singh <kaleshsingh@xxxxxxxxxx>, Nick Piggin <npiggin@xxxxxxxxx>, Joel Fernandes <joel@xxxxxxxxxxxxxxxxx>, Christophe Leroy <christophe.leroy@xxxxxxxxxx>
In-reply-to: <20210521152438.jczhe6nxnz5woxpl@revolver>
References: <20210422054323.150993-1-aneesh.kumar@linux.ibm.com> <20210422054323.150993-8-aneesh.kumar@linux.ibm.com> <b3047082-fc82-b326-dbdb-835b88df78d0@linux.ibm.com> <2eafd7df-65fd-1e2c-90b6-d143557a1fdc@linux.ibm.com> <CAHk-=wjq8thag3uNv-2MMu75OgX5ybMon7gZDUHYwzeTwcZHoA@mail.gmail.com> <f676b053-bda4-a1f5-321e-f00fb3de8a40@linux.ibm.com> <CAHk-=wgXVR04eBNtxQfevontWnP6FDm+oj5vauQXP3S-huwbPw@mail.gmail.com> <5ea8fa4f-a5a2-7dc4-7958-23df6a2c1f3a@linux.ibm.com> <20210521152438.jczhe6nxnz5woxpl@revolver>

On Fri, May 21, 2021 at 5:25 AM Liam Howlett <liam.howlett@xxxxxxxxxx> wrote:
>
> mremap holds the mmap_sem in write mode as well, doesn't it?  How is the user thread
> getting the new location?

No amount of locking protects against the HW page table walker (or,
indeed, software ones, but they are irrelevant).

And an attacker _knows_ the new address, because that's who would be
doing the mremap() in the first place - to trigger this bug.

             Linus

References:
- [PATCH v5 0/9] Speedup mremap on ppc64
  - From: Aneesh Kumar K.V
- [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
  - From: Aneesh Kumar K.V
- Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
  - From: Aneesh Kumar K.V
- Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
  - From: Aneesh Kumar K.V
- Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
  - From: Linus Torvalds
- Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
  - From: Aneesh Kumar K.V
- Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
  - From: Linus Torvalds
- Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
  - From: Aneesh Kumar K.V
- Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
  - From: Liam Howlett

Prev by Date: Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
Next by Date: [PATCH net-next v6 0/5] page_pool: recycle buffers
Previous by thread: Re: [PATCH v5 7/9] mm/mremap: Move TLB flush outside page table lock
Next by thread: [PATCH v5 9/9] powerpc/mm: Enable move pmd/pud
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]