From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=TJZR=GO=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 59C02C4332D
	for <linux-mm@archiver.kernel.org>; Mon, 11 Jan 2021 14:39:09 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 0A9AB225AB
	for <linux-mm@archiver.kernel.org>; Mon, 11 Jan 2021 14:39:08 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0A9AB225AB
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ziepe.ca
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 7F21A8D0036; Mon, 11 Jan 2021 09:39:08 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 77B858D0020; Mon, 11 Jan 2021 09:39:08 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 643808D0036; Mon, 11 Jan 2021 09:39:08 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0216.hostedemail.com [216.40.44.216])
	by kanga.kvack.org (Postfix) with ESMTP id 479038D0020
	for <linux-mm@kvack.org>; Mon, 11 Jan 2021 09:39:08 -0500 (EST)
Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 111CC181AEF09
	for <linux-mm@kvack.org>; Mon, 11 Jan 2021 14:39:08 +0000 (UTC)
X-FDA: 77693751576.25.uncle37_5a0d6a72750d
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin25.hostedemail.com (Postfix) with ESMTP id E35221804E3A8
	for <linux-mm@kvack.org>; Mon, 11 Jan 2021 14:39:07 +0000 (UTC)
X-HE-Tag: uncle37_5a0d6a72750d
X-Filterd-Recvd-Size: 4846
Received: from mail-io1-f50.google.com (mail-io1-f50.google.com [209.85.166.50])
	by imf38.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon, 11 Jan 2021 14:39:07 +0000 (UTC)
Received: by mail-io1-f50.google.com with SMTP id i18so18099260ioa.1
        for <linux-mm@kvack.org>; Mon, 11 Jan 2021 06:39:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ziepe.ca; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=7Ff3/GSz0mDP53UZ3T0QGRCfO7riuClvIlABMtVajPk=;
        b=inW1dDnetuqja+9mHz3m2TD0WEbZabWqOxG698JoybfYr524YxgBstuIE+/Db6X0xo
         g/m8/lxB43q0Zmd9iYr17sqVH99pkqEtQ4Vs1KAuwDb1xhCmvOxn4To85Bv5HMp96ui3
         oeyj37C2/mVSrqCNDOud8PM9HWMK1Oq3020sGSA+i31XpQoq/4S+R/4UXnNFQ8B9HvZy
         5LhTeE3AJsigE37XN6sMDBw4qKke1WtFG20EiCp9XGcGkjQVvM0/OKzAN91u9qUJif6k
         ETm39Lwzlc/QdlAB2yEvzkFsuLpakkAhb10Q5lLwZrxXE7y8IU2eMZBgRsj++8AeJ339
         a7YQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=7Ff3/GSz0mDP53UZ3T0QGRCfO7riuClvIlABMtVajPk=;
        b=K1FmpyII1NFdII0RnNF+/dOIlckcnoOxrAU/THnV3CtpUa9pVhHhay8omsUSYsLVZr
         j7akXp9/rdvNU/KqGtjMq1j8RoLD8x7iNEQEAcFoSzmMP9HQrXnzyJ+XoNGr67kV4ehO
         A8wi/e0uXDPN/huq/EyawgS3SDitczmsAt2/OnLXtAlGQesJwcsS+j7wXfDNTI5O7kN+
         Q0vX1VIJqIhmTvLyIjhFKRO4aqpBG2QKomUn60h8MiTBs649Ex0KjuOrzD4FfAGupoXY
         ZoGdPtuffxel2g8oOqLJNWOMO1UH4ygYSBC03qd5cGf/VxVjV0h8nmGa7hoPaYLQNRXU
         w/3g==
X-Gm-Message-State: AOAM532vwKxvZk0VsCs7DUi+fOkhYU4L+fsJDh5puLoDn0COvu6wex+d
	yBN1BlIGpi/obBblBpB2kD8cMQ==
X-Google-Smtp-Source: ABdhPJxf15ocI9P3XR4J51G1f7eg48SV9hJ5+LCEM96Gu0bdOr/8qyQbWCmzfLMkw+O+2XQ8RhWuBw==
X-Received: by 2002:a05:6602:59e:: with SMTP id v30mr14472695iox.37.1610375946838;
        Mon, 11 Jan 2021 06:39:06 -0800 (PST)
Received: from ziepe.ca (hlfxns017vw-142-162-115-133.dhcp-dynamic.fibreop.ns.bellaliant.net. [142.162.115.133])
        by smtp.gmail.com with ESMTPSA id y5sm15175749ilj.35.2021.01.11.06.39.06
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 11 Jan 2021 06:39:06 -0800 (PST)
Received: from jgg by mlx with local (Exim 4.94)
	(envelope-from <jgg@ziepe.ca>)
	id 1kyyLZ-005WNx-O1; Mon, 11 Jan 2021 10:39:05 -0400
Date: Mon, 11 Jan 2021 10:39:05 -0400
From: Jason Gunthorpe <jgg@ziepe.ca>
To: Hillf Danton <hdanton@sina.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	Yu Zhao <yuzhao@google.com>, Andy Lutomirski <luto@kernel.org>,
	Peter Xu <peterx@redhat.com>, Jann Horn <jannh@google.com>
Subject: Re: [PATCH 0/2] page_count can't be used to decide when wp_page_copy
Message-ID: <20210111143905.GJ504133@ziepe.ca>
References: <B1B85771-B211-4FCC-AEEF-BDFD37332C25@vmware.com>
 <20210107200402.31095-1-aarcange@redhat.com>
 <20210107202525.GD504133@ziepe.ca>
 <X/eA/f1r5GXvcRWH@redhat.com>
 <20210108133649.GE504133@ziepe.ca>
 <X/iPtCktcQHwuK5T@redhat.com>
 <20210109034958.6928-1-hdanton@sina.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210109034958.6928-1-hdanton@sina.com>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000492, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Sat, Jan 09, 2021 at 11:49:58AM +0800, Hillf Danton wrote:
> On Fri, 8 Jan 2021 14:19:45 -0400 Jason Gunthorpe wrote:
> > 
> > What I was trying to explain below, is I think we agreed that a page
> > under active FOLL_LONGTERM pin *can not* be write protected.
> > 
> > Establishing the FOLL_LONGTERM pin (for read or write) must *always*
> > break the write protection and the VM *cannot* later establish a new
> > write protection on that page while the pin is active.
> > 
> > Indeed, it is complete nonsense to try and write protect a page that
> > has active DMA write activity! Changing the CPU page protection bits
> > will not stop any DMA! Doing so will inevitably become a security
> > problem with an attack similar to what you described.
> > 
> > So this is what was done during fork() - fork will no longer write
> > protect pages under FOLL_LONGTERM to make them COWable, instead it
> > will copy them at fork time.
> 
> Is it, in a step forward, unlikely for DMA write activity to happen
> during page copy at fork?

I'm not sure it matters, it is not that much different than CPU write
activity concurrent to fork(). fork() will capture some point in time
- if the application cares that this data is coherent during fork()
then it has to deliberately cause coherence somehow.

DMA just has fewer options for the application to create the coherency
because of data tearing during the page copy.

Jason