Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp5967624yba;
        Wed, 1 May 2019 03:34:09 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxRZHFownb1MDc3Htu7a+YWRN/zIqJgFObkZfhPUuFgBpPvYUEjarcSHEU9P0DlrAiZvdKL
X-Received: by 2002:a62:1c87:: with SMTP id c129mr53145871pfc.113.1556706849241;
        Wed, 01 May 2019 03:34:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556706849; cv=none;
        d=google.com; s=arc-20160816;
        b=kLogwnCjS35DN2vPzmfhBzS/T8IjxRvpqx0IU7cHL75mGny43/m3GK1zI6Itk9LYwF
         bcBVkNXXEMMCVOLXem1yMyPF17VRYI1vBFA8zw1S0D25o0qqCIYjcuD6EE5IbxKoH81Y
         1XuyFBZTPEmLgcOTFHYq0oO3IemjiwOwd006PlH2/ybg4bV/TVgB4L1Q86WbeEtWBeCh
         FHOcaiAgcjrdnf7sl7/H+U6Lca1nHvtaMZ7sjKIiuAVMYlCnKe5qVdyjYi2mrZYceQz+
         BSJN8InNwUNp5FQCUVtNodT5A8WuodQgXxl9H18QVqV8qqLudi0qrjf5+7vXiNT6e67I
         9Giw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:references:in-reply-to:subject:cc:to:from;
        bh=5dQpedGkLhJMU3CaGbzsxI7NrgSaTWVCjWYQVsJyxGU=;
        b=Z4qcJu+ZesPq6Tki6fTgQ8RAE6zQnyYhJgWQx6W36wN/o7ZAccyuFx9FIwx8IX0wEJ
         G4TRWfMREQaP4mnJjiPBfH2+BpM16pRZdqYr+f3cus/7GfYs/Lpsc7ixce3Xy4AYDz4x
         2LZq2vo+Bymo3IvvGMtM233uNYED7XM73Mljy6dG+xNBLc6fNY8YrHJyMzR+3LVIPxRZ
         R80rxALtqIR+pq7Rvt2xGIl3nr9c17ReTFBMIeARvuE/4mMoNEou2XbLUoRTT9EsDdtd
         3TFOJZljznFftfj8qrr8B2Odr5qRFniuUxSANzYUrlKGyQFzdhX+Xt3UkoD6dEWxzibn
         idvg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u4si21348005pgp.477.2019.05.01.03.33.53;
        Wed, 01 May 2019 03:34:09 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726267AbfEAKdC convert rfc822-to-8bit (ORCPT
        <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 1 May 2019 06:33:02 -0400
Received: from ozlabs.org ([203.11.71.1]:50579 "EHLO ozlabs.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725959AbfEAKdB (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 1 May 2019 06:33:01 -0400
Received: from authenticated.ozlabs.org (localhost [127.0.0.1])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
        (No client certificate requested)
        by mail.ozlabs.org (Postfix) with ESMTPSA id 44vF8m5zk3z9s9N;
        Wed,  1 May 2019 20:32:56 +1000 (AEST)
From:   Michael Ellerman <mpe@ellerman.id.au>
To:     Laurent Dufour <ldufour@linux.vnet.ibm.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Dave Hansen <dave.hansen@linux.intel.com>
Cc:     LKML <linux-kernel@vger.kernel.org>, rguenther@suse.de,
        mhocko@suse.com, vbabka@suse.cz, luto@amacapital.net,
        x86@kernel.org, Andrew Morton <akpm@linux-foundation.org>,
        linux-mm@kvack.org, stable@vger.kernel.org,
        linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH] x86/mpx: fix recursive munmap() corruption
In-Reply-To: <4e1bbb14-e14f-8643-2072-17b4cdef5326@linux.vnet.ibm.com>
References: <20190401141549.3F4721FE@viggo.jf.intel.com> <alpine.DEB.2.21.1904191248090.3174@nanos.tec.linutronix.de> <87d0lht1c0.fsf@concordia.ellerman.id.au> <6718ede2-1fcb-1a8f-a116-250eef6416c7@linux.vnet.ibm.com> <4f43d4d4-832d-37bc-be7f-da0da735bbec@intel.com> <4e1bbb14-e14f-8643-2072-17b4cdef5326@linux.vnet.ibm.com>
Date:   Wed, 01 May 2019 20:32:55 +1000
Message-ID: <87k1faa2i0.fsf@concordia.ellerman.id.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Laurent Dufour <ldufour@linux.vnet.ibm.com> writes:
> Le 23/04/2019 à 18:04, Dave Hansen a écrit :
>> On 4/23/19 4:16 AM, Laurent Dufour wrote:
...
>>> There are 2 assumptions here:
>>>   1. 'start' and 'end' are page aligned (this is guaranteed by __do_munmap().
>>>   2. the VDSO is 1 page (this is guaranteed by the union vdso_data_store on powerpc)
>> 
>> Are you sure about #2?  The 'vdso64_pages' variable seems rather
>> unnecessary if the VDSO is only 1 page. ;)
>
> Hum, not so sure now ;)
> I got confused, only the header is one page.
> The test is working as a best effort, and don't cover the case where 
> only few pages inside the VDSO are unmmapped (start > 
> mm->context.vdso_base). This is not what CRIU is doing and so this was 
> enough for CRIU support.
>
> Michael, do you think there is a need to manage all the possibility 
> here, since the only user is CRIU and unmapping the VDSO is not a so 
> good idea for other processes ?

Couldn't we implement the semantic that if any part of the VDSO is
unmapped then vdso_base is set to zero? That should be fairly easy, eg:

	if (start < vdso_end && end >= mm->context.vdso_base)
		mm->context.vdso_base = 0;


We might need to add vdso_end to the mm->context, but that should be OK.

That seems like it would work for CRIU and make sense in general?

cheers