Received: by 10.213.65.68 with SMTP id h4csp465771imn; Wed, 4 Apr 2018 01:26:45 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/FyTi87sXHiVz97dH/LM6pKkkUukRPqHTOU68r9b+x9icshW/C9tc6f9f5maM0qKfuqHri X-Received: by 2002:a17:902:7888:: with SMTP id q8-v6mr17555752pll.108.1522830405105; Wed, 04 Apr 2018 01:26:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522830405; cv=none; d=google.com; s=arc-20160816; b=EO1Tp+MRhWQi8sJAj4SIy08if8hSFXNKkRwP7Cz5/OzLVrQb/EOwkq3KyiB8kEmFbg 9XFMY+rY17xywhGnvwIQIPb80TjdzqLYWF6wtUMB+fg9aYtSCvDvi4Bv0fPTsKcwmmUN IHYFH+n8m2lBjVseTgjFeSNYahb25wa6V3tEojUUp7B/5iP673v9YmyuU/zL1RXupLZf IQqWzC5qSNwIZFSVPr9NVOSYzayd0olRxyPgKawsYVA+rD6tsa8O54Si01pE9lyAJwIw 45EV3qKJsEJdS06zaGRPdwWPkGDoPeIv+9/LT/83dH35411l3kEddREzc0PHK71INFdE NmIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date:from :references:cc:to:subject:arc-authentication-results; bh=zHAtGk6+NUi+XwXj2lnSzGZPcyriU+YqK1IKa8BxFjs=; b=h5a/W6oB59GoXKvKs+s0GpYmoVQ0aXoBACn6ZN+a91HQHXWisAWS/UBu+CO5Iwwu4u K37cgn/905+Whc03Yq6IYaqXXZQOobkdNQsUt3QpF8djSq9GovVHQIunn0Vbwc4x6A96 aA15+bCbp07pgMZE4mXvLhso35Ck2q5ZAyE0VaiYI/knNpqS+RC+a6Kr9oooP8VLj3sU yxaXmsUhfQO9C6VXRlMW8UP/kfOc7xZXtqbRi/sGjW6UlvkfTMfLE9fL8RxBYFLf2i6s KrbYq5KuLCPGeTWN75TcEYJxoifIu9jw2l+63q/iF5W7UGTvyfufpsBeu956CUaSp18c VZXw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d15-v6si2657378pls.232.2018.04.04.01.26.31; Wed, 04 Apr 2018 01:26:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751285AbeDDIZQ (ORCPT + 99 others); Wed, 4 Apr 2018 04:25:16 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:55428 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751167AbeDDIZO (ORCPT ); Wed, 4 Apr 2018 04:25:14 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w348OnXa012048 for ; Wed, 4 Apr 2018 04:25:13 -0400 Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110]) by mx0b-001b2d01.pphosted.com with ESMTP id 2h4pjvbe3y-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Wed, 04 Apr 2018 04:25:10 -0400 Received: from localhost by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 4 Apr 2018 09:25:06 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 4 Apr 2018 09:24:58 +0100 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w348Ov4212648752; Wed, 4 Apr 2018 08:24:57 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2598E42041; Wed, 4 Apr 2018 09:16:48 +0100 (BST) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1590D4203F; Wed, 4 Apr 2018 09:16:46 +0100 (BST) Received: from [9.145.59.61] (unknown [9.145.59.61]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 4 Apr 2018 09:16:45 +0100 (BST) Subject: Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder To: David Rientjes Cc: paulmck@linux.vnet.ibm.com, peterz@infradead.org, akpm@linux-foundation.org, kirill@shutemov.name, ak@linux.intel.com, mhocko@kernel.org, dave@stgolabs.net, jack@suse.cz, Matthew Wilcox , benh@kernel.crashing.org, mpe@ellerman.id.au, paulus@samba.org, Thomas Gleixner , Ingo Molnar , hpa@zytor.com, Will Deacon , Sergey Senozhatsky , Andrea Arcangeli , Alexei Starovoitov , kemi.wang@intel.com, sergey.senozhatsky.work@gmail.com, Daniel Jordan , linux-kernel@vger.kernel.org, linux-mm@kvack.org, haren@linux.vnet.ibm.com, khandual@linux.vnet.ibm.com, npiggin@gmail.com, bsingharora@gmail.com, Tim Chen , linuxppc-dev@lists.ozlabs.org, x86@kernel.org References: <1520963994-28477-1-git-send-email-ldufour@linux.vnet.ibm.com> <1520963994-28477-10-git-send-email-ldufour@linux.vnet.ibm.com> <1fe7529a-947c-fdb2-12d2-b38bdd41bb04@linux.vnet.ibm.com> From: Laurent Dufour Date: Wed, 4 Apr 2018 10:24:55 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 18040408-0044-0000-0000-0000054343F6 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18040408-0045-0000-0000-000028835969 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-04-04_02:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1804040089 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 28/03/2018 23:21, David Rientjes wrote: > On Wed, 28 Mar 2018, Laurent Dufour wrote: > >>>> @@ -326,7 +336,10 @@ static unsigned long move_vma(struct vm_area_struct *vma, >>>> mremap_userfaultfd_prep(new_vma, uf); >>>> arch_remap(mm, old_addr, old_addr + old_len, >>>> new_addr, new_addr + new_len); >>>> + if (vma != new_vma) >>>> + vm_raw_write_end(vma); >>>> } >>>> + vm_raw_write_end(new_vma); >>> >>> Just do >>> >>> vm_raw_write_end(vma); >>> vm_raw_write_end(new_vma); >>> >>> here. >> >> Are you sure ? we can have vma = new_vma done if (unlikely(err)) >> > > Sorry, what I meant was do > > if (vma != new_vma) > vm_raw_write_end(vma); > vm_raw_write_end(new_vma); > > after the conditional. Having the locking unnecessarily embedded in the > conditional has been an issue in the past with other areas of core code, > unless you have a strong reason for it. Unfortunately, I can't see how doing this in another way since vma = new_vma is done in the error branch. So releasing the VMAs outside of the conditional may lead to miss 'vma' if the error branch is taken. Here is the code snippet as a reminder: new_vma = copy_vma(&vma, new_addr, new_len, new_pgoff, &need_rmap_locks); [...] if (vma != new_vma) vm_raw_write_begin(vma); [...] if (unlikely(err)) { [...] if (vma != new_vma) vm_raw_write_end(vma); vma = new_vma; <<<< here we lost reference to vma [...] } else { [...] if (vma != new_vma) vm_raw_write_end(vma); } vm_raw_write_end(new_vma);