Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752606Ab1DRVPQ (ORCPT ); Mon, 18 Apr 2011 17:15:16 -0400 Received: from smtp-out.google.com ([74.125.121.67]:55511 "EHLO smtp-out.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752101Ab1DRVPL convert rfc822-to-8bit (ORCPT ); Mon, 18 Apr 2011 17:15:11 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=g+x2rERhRSvI5MkII/E+JLMdZ/7TuwiTfUYCiNzBPMCyi36QPzu5IGtlThxdEarEgI yXhQybldnDBolVaTykuw== MIME-Version: 1.0 In-Reply-To: References: Date: Mon, 18 Apr 2011 14:15:07 -0700 Message-ID: Subject: Re: [PATCH] mm: fix possible cause of a page_mapped BUG From: Michel Lespinasse To: Linus Torvalds Cc: =?UTF-8?B?Um9iZXJ0IMWad2nEmWNraQ==?= , Hugh Dickins , Andrew Morton , Miklos Szeredi , "Eric W. Biederman" , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Peter Zijlstra , Rik van Riel Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-System-Of-Record: true Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1946 Lines: 40 On Tue, Apr 12, 2011 at 12:38 PM, Linus Torvalds wrote: > On Tue, Apr 12, 2011 at 12:02 PM, Robert Święcki wrote: >> >> I'm testing currently with the old one, w/o any symptoms of problems >> by now, but it's not a meaningful period of time. I can try with the >> new one, leave it over(European)night, and let you know tomorrow. > > You might as well keep testing the old one, if that gives it better > coverage. No need to disrupt anything you already have running. > > The more important input is "was that actually the root cause", rather > than deciding between the ugly or clean way of fixing it. > > So if the first patch fixes it, then I'm pretty sure the second one > will too - just in a cleaner manner. Sorry for the delayed response - I have been traveling abroad in the last two weeks and until the end of the month. This second patch looks more attractive than the first, but is also harder to prove correct. Hugh looked at all gup call sites and convinced himself that the change was safe, except for the fault_in_user_writeable() site in futex.c which he asked me to look at. I am worried that we would have an issue there, as places like futex_wake_op() or fixup_pi_state_owner() operate on user memory with page faults disabled, and expect fault_in_user_writeable() to set up the user page so that they can retry if the initial access failed. With this proposal, fault_in_user_writeable() would become inoperative when the address is within the guard page; this could cause some malicious futex operation to create an infinite loop. -- Michel "Walken" Lespinasse A program is never fully debugged until the last user dies. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/