Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4361025pxu; Mon, 21 Dec 2020 10:25:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJzcTHA3egX/xKQgXrC+C1pdVFI9zbcjL0I04+VAVs5gHqMVNftrH1BsKbpMsJxZEnuzE93I X-Received: by 2002:a17:906:38c8:: with SMTP id r8mr16737345ejd.39.1608575146797; Mon, 21 Dec 2020 10:25:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608575146; cv=none; d=google.com; s=arc-20160816; b=AouxREWx3n2MKmnu1KoIQcSsA7c17zRrOhq+DvuwmoeMX1LcAJkAjmpaOzczhFa0Sd QkXyoV+VbmvxJsIfOlQAJ3wIphbS274BmnYkDjpofeL77pO8qpkVWsJGA8cmnJJMTbfE 254qa+lfZrY29mv4FylblyEeSZAb3I2jEYRzbEvOHO3TwLNykUyQGv7nwbVFameVaJ1e CbbEVnPb+XaZPy9OQBxFWDQu99f80J4xB6veTfGPpl7DIaRN3xb4kls1luNTbdOcaEtY Wo7XoYjja4uqUsLZlm9atDkLIQx50xWEKot+HI82RPjrrFufLN1XkxqNMFF3CaHVLh8r IJbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=09s/7/3Abqx6UuMNj0u19lQ8gCTkTlZe5NqmmaxK9+4=; b=UIXeGk52Fxel4WiRJcC0goW4Dfurr9mJVgNE9WdoC5BrtD6Ikabu1GMWIySsxg78Ri B9t34RBEMy/sXZl2DXTnj1EiC46CmxJk9xFrsFU6REGypLPEf0XQylMUD20hhWRmlgjO JB2ak3jmHoplYhEn4VijCxLHWDC9lDyG6ptYKpwtx15C8rGbObdE/IrQfVWj81/6OrVZ y+zjRZnRY4Owr20a0h5q5VgCcKY6ccFSFRGluhW/EQ5oROCOzk+73YDTH6VgyD0qFXeb ZDqtayUBBTa9I0B+V75A7TSnH6ar+QAHUacfJuxfSkgT209/Z1L7Jp/7KetXSNgnhUgW Uc8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Bo2Fa9gW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a21si11139491eda.110.2020.12.21.10.25.24; Mon, 21 Dec 2020 10:25:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Bo2Fa9gW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726336AbgLUSXc (ORCPT + 99 others); Mon, 21 Dec 2020 13:23:32 -0500 Received: from mail.kernel.org ([198.145.29.99]:46740 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726230AbgLUSXc (ORCPT ); Mon, 21 Dec 2020 13:23:32 -0500 X-Gm-Message-State: AOAM533QpgqTX/sHV15rEAgd5dgXZ8pURXbEn5GO1NfxOz+HscMEfJol xuBF6I5aiQIJJpohI+hQVpYlpQ1rPJRQAVF6CG26Jw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1608574971; bh=09s/7/3Abqx6UuMNj0u19lQ8gCTkTlZe5NqmmaxK9+4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Bo2Fa9gWLOSAKLQOzb6Oj9YP9nN27xyxcbVrrkxKTgaUUis9adXsAlE2/PQ08Uour 5ZXP8SsubuI5xmfpmWXU21mr+asURMlTMcL11Tuiyw8dcRfdrofSVP77gCtiTk6SfP IPdvY2lQIoggfdku1N5Os27Lp/UWEHNZa6Jn72Iwo4rpHUAF3Vn2q6w6ubIbhZ+EwB +8Cc9hqwT2ogGzrD48wKxfs6128Ln/14xdpWV17jgR7fpdIzaU/2iDlSypRZqflsX/ 36Sp7GH5M9zSlW8VmJyOrL1xQO+qqc3WLwdmRlieo+GiTaaU/ogXQ9qHelRL4WEjrA DFuE9CfYmVvqg== X-Received: by 2002:a1c:630b:: with SMTP id x11mr17742545wmb.138.1608574969815; Mon, 21 Dec 2020 10:22:49 -0800 (PST) MIME-Version: 1.0 References: <20201219043006.2206347-1-namit@vmware.com> In-Reply-To: From: Andy Lutomirski Date: Mon, 21 Dec 2020 10:22:38 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] mm/userfaultfd: fix memory corruption due to writeprotect To: Andrea Arcangeli Cc: Andy Lutomirski , Nadav Amit , Dave Hansen , linux-mm , Peter Xu , lkml , Pavel Emelyanov , Mike Kravetz , Mike Rapoport , stable , Minchan Kim , Yu Zhao , Will Deacon , Peter Zijlstra Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 21, 2020 at 10:04 AM Andrea Arcangeli wrote: > > Hello, > > On Sat, Dec 19, 2020 at 09:08:55PM -0800, Andy Lutomirski wrote: > > On Sat, Dec 19, 2020 at 6:49 PM Andrea Arcangeli wrote: > > > The ptes are changed always with the PT lock, in fact there's no > > > problem with the PTE updates. The only difference with mprotect > > > runtime is that the mmap_lock is taken for reading. And the effect > > > contested for this change doesn't affect the PTE, but supposedly the > > > tlb flushing deferral. > > > > Can you point me at where the lock ends up being taken in this path? > > pte_offset_map_lock in change_pte_range, as in mprotect, no difference. > > As I suspected on my follow up, the bug described wasn't there, but > I'll look at the new theory posted. Indeed.