Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp5936039ybi; Wed, 12 Jun 2019 11:00:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqzIkya0DUVr8KlyCdPrJ5YuTfK+QUM32TiPXgzcMyi6VPPmKajKx7wNl6t8HGYuZ+MtiTh0 X-Received: by 2002:a62:5b81:: with SMTP id p123mr88418308pfb.158.1560362446585; Wed, 12 Jun 2019 11:00:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560362446; cv=none; d=google.com; s=arc-20160816; b=m3oWzSQDJWpMt1axrVyolVp/Xf6q7apIXOQt1wYdu2qFVJSeaJqka7XhK82FL4QRdO 4WFvzT62u1z4Ha4oVBS0Acwb1HFflTRbxKovx2UssA2NDeowvcT3xJvUJJPeamW65LTa d6xLonFNjBjc7b2bU38X9buc9dGNFggM2meHyd/w//0BrjSsWGdyCKxZkKvyFNTrnXU6 PkhtEQ+EEt2h6Z8uP1KOWR8JhoSe+pTmEZtEXf8L13HksK6MGJcDMFWlMtnZoTWFU5oM wL1Ydb5vJeGhDGMHBXHwof5wZ94kNuXe9uUXYX9Aiwn0zR+q/HvNx2f7/n5NZZS4cGel fbsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=JuCNsBgKz2kjwwU2iDU7wV4lSMUa82jMKbRvCjaKNYk=; b=jQVYKJiH2vlJENuDgl9gBupY35CpqUEjeCWbdjiXeqYyGdcrT1vz5R8DAOnGhJEIsB xmY4TgI6Vqw48eAGBiHxdlIot15V8045D8mMpJZR9N+qiZXJLbVzb+14koGrPZGttkDY 7JVM7WtV6eCZgHlESmaVF/SItDtJmDTXhctgm6jt1593W9gjPkLFc1GBNfsy0ilrJ5bL UAIj9I3gNSuiWBiwU2F5gifhO69qy6+aEl8RFpPCkj0Xumz8CsOE7/DrNJ6aFLwilXxZ Y2F5+TCtrFiwTyvEMnw7oLB7rq3699aMxT1bbrOyw/WLvBsWk+PBjw5SSuqEpbnblhf3 vExQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DyjaHPUe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h9si382845pgq.539.2019.06.12.11.00.31; Wed, 12 Jun 2019 11:00:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DyjaHPUe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2408613AbfFLNzL (ORCPT + 99 others); Wed, 12 Jun 2019 09:55:11 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:39216 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2407368AbfFLNzK (ORCPT ); Wed, 12 Jun 2019 09:55:10 -0400 Received: by mail-pg1-f195.google.com with SMTP id 196so8981654pgc.6 for ; Wed, 12 Jun 2019 06:55:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=JuCNsBgKz2kjwwU2iDU7wV4lSMUa82jMKbRvCjaKNYk=; b=DyjaHPUeflN5ZsbtMGDS9Y5nT5fm3yy+sEHGvi6P//QVMQd2DHb7JAQZ1QAUpVOzvJ N+KZ9PwASzybi0SO1U8b+EDTeErIAqt7oZT6ojvJ5s9QMF+iex62ERsVrm8o8++vfvYF 6VIib32cQ8JALMkAgDNWQCE8e241NVPKstnWeQ2+mGDa7iuxpNCsYDcTDmmSc7BWe0jg XvsfjxgQKxKqyhdeezlhXKq113Cv2BhnB7TVMXccoGCXQ37WlMG42T5+DCr0X7DLsQHw znEQuw8W69ywX1XQ5aVKeL7n1nqWdZLqmHcAvIkalngQAuijXjBjEd8XJaWH3wKRJYE9 2Adw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=JuCNsBgKz2kjwwU2iDU7wV4lSMUa82jMKbRvCjaKNYk=; b=rcdR7l+KsQ7/KNKZ7S8vpTsnHEgdP9Y9SfkF403yGZdRpYAxOdE73q0BGUC/6zgL34 le0sQeXpVTGWrhzheqkcJjytuKL5lC350hL4NPm/1aCbtZsdUeP9U2tXEiTq1i1ongcL Hr72CSDDYSkMIsqvCNa1lc8hkFKmrlkSOGvkN7JNgFgJcZPoUUCjvhwwo1bPiMdpg6JI oLIn3Xz6y4/wpe4vJFRq+f42gVumTpyQkUcIY3RpbWcZHk8HNQm+UZN+mSU/q7E52f7k LGW+zLRGc9SbZwiz0iOIOyXrSB5JJ0FD0R+qKpzVDSA9gdAT5QXvOrHUXIQCBZPo8a+u RICg== X-Gm-Message-State: APjAAAWcUULu2MqxiHgoNJGqmlHOS3fASO41fs1O/OoAjv4fGfjXFdwi XhH24meGRjQjX/I6SXT2Ig== X-Received: by 2002:a63:574b:: with SMTP id h11mr5323558pgm.25.1560347710137; Wed, 12 Jun 2019 06:55:10 -0700 (PDT) Received: from dhcp-128-55.nay.redhat.com ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id j11sm2865040pfa.2.2019.06.12.06.55.05 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 12 Jun 2019 06:55:09 -0700 (PDT) Date: Wed, 12 Jun 2019 21:54:58 +0800 From: Pingfan Liu To: "Weiny, Ira" Cc: "Aneesh Kumar K.V" , "linux-mm@kvack.org" , Andrew Morton , Mike Rapoport , "Williams, Dan J" , Matthew Wilcox , John Hubbard , "Busch, Keith" , Christoph Hellwig , "linux-kernel@vger.kernel.org" Subject: Re: [PATCHv3 1/2] mm/gup: fix omission of check on FOLL_LONGTERM in get_user_pages_fast() Message-ID: <20190612135458.GA19916@dhcp-128-55.nay.redhat.com> References: <1559725820-26138-1-git-send-email-kernelfans@gmail.com> <87tvcwhzdo.fsf@linux.ibm.com> <2807E5FD2F6FDA4886F6618EAC48510E79D8D79B@CRSMSX101.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2807E5FD2F6FDA4886F6618EAC48510E79D8D79B@CRSMSX101.amr.corp.intel.com> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 11, 2019 at 04:29:11PM +0000, Weiny, Ira wrote: > > Pingfan Liu writes: > > > > > As for FOLL_LONGTERM, it is checked in the slow path > > > __gup_longterm_unlocked(). But it is not checked in the fast path, > > > which means a possible leak of CMA page to longterm pinned requirement > > > through this crack. > > > > Shouldn't we disallow FOLL_LONGTERM with get_user_pages fastpath? W.r.t > > dax check we need vma to ensure whether a long term pin is allowed or not. > > If FOLL_LONGTERM is specified we should fallback to slow path. > > Yes, the fastpath bails to the slowpath if FOLL_LONGTERM _and_ DAX. But it does this while walking the page tables. I missed the CMA case and Pingfan's patch fixes this. We could check for CMA pages while walking the page tables but most agreed that it was not worth it. For DAX we already had checks for *_devmap() so it was easier to put the FOLL_LONGTERM checks there. > Then for CMA pages, are you suggesting something like: diff --git a/mm/gup.c b/mm/gup.c index 42a47c0..8bf3cc3 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2251,6 +2251,8 @@ int get_user_pages_fast(unsigned long start, int nr_pages, if (unlikely(!access_ok((void __user *)start, len))) return -EFAULT; + if (unlikely(gup_flags & FOLL_LONGTERM)) + goto slow; if (gup_fast_permitted(start, nr_pages)) { local_irq_disable(); gup_pgd_range(addr, end, gup_flags, pages, &nr); @@ -2258,6 +2260,7 @@ int get_user_pages_fast(unsigned long start, int nr_pages, ret = nr; } +slow: if (nr < nr_pages) { /* Try to get the remaining pages with get_user_pages */ start += nr << PAGE_SHIFT; Thanks, Pingfan