On Thu, 1 Jul 2021 09:46:18 -0400 Kaiyang Zhao <zhao776@xxxxxxxxxx> wrote:
>+
>+int __tfork_pte_alloc(struct mm_struct *mm, pmd_t *pmd)
>+{
>+ pgtable_t new = pte_alloc_one(mm);
>+
>+ if (!new)
>+ return -ENOMEM;
>+ smp_wmb(); /* Could be smp_wmb__xxx(before|after)_spin_lock */
Adding a comment pointing to the matching smp_rmb() helps more.
>+
>+ mm_inc_nr_ptes(mm);
>+ //kyz: won't check if the pte table already exists
>+ pmd_populate(mm, pmd, new);
>+ new = NULL;
>+ if (new)
>+ pte_free(mm, new);
>+ return 0;
>+}
>+
>+
> int __pte_alloc(struct mm_struct *mm, pmd_t *pmd)
> {
> spinlock_t *ptl;
>@@ -928,6 +1052,45 @@ copy_present_page(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma
> return 0;
> }
>
>+static inline unsigned long
>+copy_one_pte_tfork(struct mm_struct *dst_mm,
>+ pte_t *dst_pte, pte_t *src_pte, struct vm_area_struct *vma,
>+ unsigned long addr, int *rss)
>+{
>+ unsigned long vm_flags = vma->vm_flags;
>+ pte_t pte = *src_pte;
>+ struct page *page;
>+
>+ /*
>+ * If it's a COW mapping
>+ * only protect in the child (the faulting process)
>+ */
>+ if (is_cow_mapping(vm_flags) && pte_write(pte)) {
>+ pte = pte_wrprotect(pte);
Is it likely a loophole to leak the parent's info to the child?
>+ }
>+
>+ /*
>+ * If it's a shared mapping, mark it clean in
>+ * the child
>+ */
>+ if (vm_flags & VM_SHARED)
>+ pte = pte_mkclean(pte);
>+ pte = pte_mkold(pte);
