On Thu, Jul 27, 2023 at 09:20:33PM +0200, Jann Horn wrote: > One kinda straightforward option would be to pass the vmf (or NULL if > it's not in fault context) to anon_vma_prepare(), teach it to bail if > it runs under the mm lock, and propagate a VM_FAULT_RETRY all the way > up? It can already fail due to OOM, so the bailout paths exist, though > you'd have to work a bit to plumb the right error code up. > > And if you're feeling adventurous, you could try to build a way to > opportunistically upgrade from vma lock to mmap lock, to avoid having > to bail out all the way back up and then dive back in when that > happens. Something that does mmap_read_trylock(); on failure, bail out > with VM_FAULT_RETRY; on success, drop the VMA lock and change > vmf->flags to note the changed locking context. I think that's all a little more adventurous than I'd be comfortable with right now ;-) I just sent the fix patch that syzbot tested to Andrew for integration.
