Received: by 10.213.65.68 with SMTP id h4csp657308imn; Wed, 28 Mar 2018 10:17:40 -0700 (PDT) X-Google-Smtp-Source: AIpwx49dPiMM1lK9aqrX9V40k9MC8O7/ctDsqv4BE5tHnO2UffTpYF/3SuqTASXgrqZnS3xz3RyJ X-Received: by 2002:a17:902:2006:: with SMTP id n6-v6mr4702644pla.150.1522257460685; Wed, 28 Mar 2018 10:17:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522257460; cv=none; d=google.com; s=arc-20160816; b=0ILGSo7MPHjV9ug6tlBaheJlDayLoyK14mEf6Ru8FzfN9WP4fdsnbN7ybo7f7Frz/Y hcxwu/uKKQKDG8PsM8swaw9Krs0q+sSZv5FNW5/dIwrk2xXw7XzYVk78FCQyp4on/xtx e935/c1xHAvN1zFaHFtIPVyTgo3oj6QSuw8J1jhKBhShCg4SAKEjjcC0FwQKoxEomOHy S5upctmaFtTDIUlq99QsrOKoxg2GHeUH4I7LCSTwBQa3uXikeOb2Flv7o1jrrzmHRluK pP1Ew9+0mIfyJXNDgqFooFRw/v7FzsK4SUON3BIYWwxC0XMb/YayfDUoO5fiHikOxk9R C05A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date:from :references:cc:to:subject:arc-authentication-results; bh=UsYO2QBr2lETZOos605kJFh+dFY25ZbDHuqoU5wQcQA=; b=FsHmNDPcgX0VmFXzH5pmIISwXuvqUFr35qQhUxXiC6b8WV/5Y4f1GCC5lhlB/ZeHBu mRzmjUsZRknaXXaIOXRJOnJzTJDW61QESkab0u/ArzcSTwUnWOFhgzQ8u9H1a+JtEx4F 0vN94XpsjLKcpOiTwwY6SMWYPzJIeFSXll3rZ8fdKfsYndeeTkr7M2s3Aig1uUim/yBI hDb+nxPg8KDYQXnwaEmNkn61BtQyLf5xJhXDdc98v/XMCEl6K4pSmqjtVtvlwRtNJaXe FAjxZ0AvMNJYYXO3pWy5z53DCR8Ee7lxyTZESy0FttugkNzlEvJJZbl8gO/gakgbQY8u jBdQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c76si2754498pga.156.2018.03.28.10.17.26; Wed, 28 Mar 2018 10:17:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753523AbeC1RLH (ORCPT + 99 others); Wed, 28 Mar 2018 13:11:07 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:42052 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752311AbeC1RLG (ORCPT ); Wed, 28 Mar 2018 13:11:06 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2SH3aNs025882 for ; Wed, 28 Mar 2018 13:11:06 -0400 Received: from e06smtp15.uk.ibm.com (e06smtp15.uk.ibm.com [195.75.94.111]) by mx0a-001b2d01.pphosted.com with ESMTP id 2h0f468bqb-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Wed, 28 Mar 2018 13:11:05 -0400 Received: from localhost by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 28 Mar 2018 18:11:03 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp15.uk.ibm.com (192.168.101.145) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 28 Mar 2018 18:10:56 +0100 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w2SHAujH57671836; Wed, 28 Mar 2018 17:10:56 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C796352045; Wed, 28 Mar 2018 17:02:11 +0100 (BST) Received: from [9.145.178.80] (unknown [9.145.178.80]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id BB16352043; Wed, 28 Mar 2018 17:02:09 +0100 (BST) Subject: Re: [PATCH v9 08/24] mm: Protect VMA modifications using VMA sequence count To: David Rientjes Cc: paulmck@linux.vnet.ibm.com, peterz@infradead.org, Andrew Morton , kirill@shutemov.name, ak@linux.intel.com, mhocko@kernel.org, dave@stgolabs.net, jack@suse.cz, Matthew Wilcox , benh@kernel.crashing.org, mpe@ellerman.id.au, paulus@samba.org, Thomas Gleixner , Ingo Molnar , hpa@zytor.com, Will Deacon , Sergey Senozhatsky , Andrea Arcangeli , Alexei Starovoitov , kemi.wang@intel.com, sergey.senozhatsky.work@gmail.com, Daniel Jordan , linux-kernel@vger.kernel.org, linux-mm@kvack.org, haren@linux.vnet.ibm.com, khandual@linux.vnet.ibm.com, npiggin@gmail.com, bsingharora@gmail.com, Tim Chen , linuxppc-dev@lists.ozlabs.org, x86@kernel.org References: <1520963994-28477-1-git-send-email-ldufour@linux.vnet.ibm.com> <1520963994-28477-9-git-send-email-ldufour@linux.vnet.ibm.com> From: Laurent Dufour Date: Wed, 28 Mar 2018 19:10:53 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 18032817-0020-0000-0000-0000040AC91C X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18032817-0021-0000-0000-0000429ED160 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-28_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1803280177 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 27/03/2018 23:57, David Rientjes wrote: > On Tue, 13 Mar 2018, Laurent Dufour wrote: > >> diff --git a/mm/mmap.c b/mm/mmap.c >> index 5898255d0aeb..d6533cb85213 100644 >> --- a/mm/mmap.c >> +++ b/mm/mmap.c >> @@ -847,17 +847,18 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, >> } >> >> if (start != vma->vm_start) { >> - vma->vm_start = start; >> + WRITE_ONCE(vma->vm_start, start); >> start_changed = true; >> } >> if (end != vma->vm_end) { >> - vma->vm_end = end; >> + WRITE_ONCE(vma->vm_end, end); >> end_changed = true; >> } >> - vma->vm_pgoff = pgoff; >> + WRITE_ONCE(vma->vm_pgoff, pgoff); >> if (adjust_next) { >> - next->vm_start += adjust_next << PAGE_SHIFT; >> - next->vm_pgoff += adjust_next; >> + WRITE_ONCE(next->vm_start, >> + next->vm_start + (adjust_next << PAGE_SHIFT)); >> + WRITE_ONCE(next->vm_pgoff, next->vm_pgoff + adjust_next); >> } >> >> if (root) { >> @@ -1781,6 +1782,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, >> out: >> perf_event_mmap(vma); >> >> + vm_write_begin(vma); >> vm_stat_account(mm, vm_flags, len >> PAGE_SHIFT); >> if (vm_flags & VM_LOCKED) { >> if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || >> @@ -1803,6 +1805,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, >> vma->vm_flags |= VM_SOFTDIRTY; >> >> vma_set_page_prot(vma); >> + vm_write_end(vma); >> >> return addr; >> > > Shouldn't this also protect vma->vm_flags? Nice catch ! I just found that too while reviewing the entire patch to answer your previous email. > > diff --git a/mm/mmap.c b/mm/mmap.c > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -1796,7 +1796,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr, > vma == get_gate_vma(current->mm))) > mm->locked_vm += (len >> PAGE_SHIFT); > else > - vma->vm_flags &= VM_LOCKED_CLEAR_MASK; > + WRITE_ONCE(vma->vm_flags, > + vma->vm_flags & VM_LOCKED_CLEAR_MASK); > } > > if (file) > @@ -1809,7 +1810,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, > * then new mapped in-place (which must be aimed as > * a completely new data area). > */ > - vma->vm_flags |= VM_SOFTDIRTY; > + WRITE_ONCE(vma->vm_flags, vma->vm_flags | VM_SOFTDIRTY); > > vma_set_page_prot(vma); > vm_write_end(vma); >