From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=+9F1=OR=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 919CEC433F5
	for <linux-mm@archiver.kernel.org>; Mon, 27 Sep 2021 11:55:11 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 165B160F9B
	for <linux-mm@archiver.kernel.org>; Mon, 27 Sep 2021 11:55:10 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 165B160F9B
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=shutemov.name
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 671706B0071; Mon, 27 Sep 2021 07:55:10 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 622656B0072; Mon, 27 Sep 2021 07:55:10 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4E92C6B0073; Mon, 27 Sep 2021 07:55:10 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0040.hostedemail.com [216.40.44.40])
	by kanga.kvack.org (Postfix) with ESMTP id 3C1D36B0071
	for <linux-mm@kvack.org>; Mon, 27 Sep 2021 07:55:10 -0400 (EDT)
Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id D8C09181B04AD
	for <linux-mm@kvack.org>; Mon, 27 Sep 2021 11:55:09 +0000 (UTC)
X-FDA: 78633197538.08.525B082
Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com [209.85.167.50])
	by imf14.hostedemail.com (Postfix) with ESMTP id 90E89600198B
	for <linux-mm@kvack.org>; Mon, 27 Sep 2021 11:55:09 +0000 (UTC)
Received: by mail-lf1-f50.google.com with SMTP id x27so76348192lfu.5
        for <linux-mm@kvack.org>; Mon, 27 Sep 2021 04:55:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=shutemov-name.20210112.gappssmtp.com; s=20210112;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=DS5KVI0MI3urzxy+Dr1c8uCppaGchpddwzrmXVrMjZw=;
        b=cQvdOnUkyhSPNzgh4Wudd6h8B02zdpU4K7tSFEUUhp0dws6UouuWJi+cxD0kvJFMoZ
         NwMiIC/K24a4LRk6LE2ewO8tO1YgqceTgui7RHon2GlaZ5bk6v4bL+wBVX6EpJoQkPaV
         WYyhwxWv6r40e6cMQyPT8+qPaCfj//7a8RGg8O905rCqUvL/ufW+fx1w8BDNuxA7uSe9
         FRF8+xgRNxR25AFQpGRRobbWp+VWribppnUjhJQ5mvbL1arcTkfJ74mcT9qmxhEPnOvW
         F/+w0VEXbr3dOVwplmKTzVnFkgQbKd8o5P9vj9dH6lj10g6Vxri4I7yg90cGTxMEXZiI
         7kKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=DS5KVI0MI3urzxy+Dr1c8uCppaGchpddwzrmXVrMjZw=;
        b=1nMZpGSwVQKBGo6V39H3Z9u65ysLvkwbbq2UjQqZjIwXjrKkNMlOCQq85J3MMdvFgr
         wEvTR9dR/kzpWyLpHLO7RLukA1R3/CS2Vobxe2MDjr1wSsa6DykYdu2RAlJvob6t6318
         9Hz/CLokG9E/wEgxtLGLpank9euGMCrMq1dQXOGe4eQZkqZJaTVdmK+UO0EJk3jNVuaX
         uFINlhkt3TkLBOkWwlthpifqsTACM2UKV9rEqbeRF6vFXO2u1eb6nxOwtp7tn79E/XVO
         rcD26siAPwsGLgAhfKoboSAHXSHcM1OXsVyUj8xJPaLodEJ8iWyjeK8nFSxzu//Fev/r
         MM1A==
X-Gm-Message-State: AOAM53013rNMxQITGDIZSkMb6BTv7BwDjVUrq3tp+TDZXWnjuFw765m9
	1B7ZMP7kkDp+pOhTeZtWztIj1Q==
X-Google-Smtp-Source: ABdhPJxk5GpozFMxWdpW/k7DbdIGJqQW2CyjZzhWKCVp8cH1dBvyXn+qf5X9RIP4VUFMj9EiPhdCKw==
X-Received: by 2002:a05:6512:b0f:: with SMTP id w15mr23568038lfu.164.1632743708091;
        Mon, 27 Sep 2021 04:55:08 -0700 (PDT)
Received: from box.localdomain ([86.57.175.117])
        by smtp.gmail.com with ESMTPSA id v26sm1954224lja.22.2021.09.27.04.55.07
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 27 Sep 2021 04:55:07 -0700 (PDT)
Received: by box.localdomain (Postfix, from userid 1000)
	id 1AD8F102FD9; Mon, 27 Sep 2021 14:55:07 +0300 (+03)
Date: Mon, 27 Sep 2021 14:55:07 +0300
From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: Nadav Amit <nadav.amit@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Linux-MM <linux-mm@kvack.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Peter Xu <peterx@redhat.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Minchan Kim <minchan@kernel.org>, Colin Cross <ccross@google.com>,
	Suren Baghdasarya <surenb@google.com>,
	Mike Rapoport <rppt@linux.vnet.ibm.com>
Subject: Re: [RFC PATCH 1/8] mm/madvise: propagate vma->vm_end changes
Message-ID: <20210927115507.6xfpugeg3swookbh@box>
References: <20210926161259.238054-1-namit@vmware.com>
 <20210926161259.238054-2-namit@vmware.com>
 <20210927090852.sc5u65ufwvfx57rl@box.shutemov.name>
 <A923D77C-8C45-41B0-A1B2-55F68168D058@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <A923D77C-8C45-41B0-A1B2-55F68168D058@gmail.com>
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: 90E89600198B
X-Stat-Signature: pcuw491g8w95pruwy8m6e4q81gam55rz
Authentication-Results: imf14.hostedemail.com;
	dkim=pass header.d=shutemov-name.20210112.gappssmtp.com header.s=20210112 header.b=cQvdOnUk;
	dmarc=none;
	spf=none (imf14.hostedemail.com: domain of kirill@shutemov.name has no SPF policy when checking 209.85.167.50) smtp.mailfrom=kirill@shutemov.name
X-HE-Tag: 1632743709-744137
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Sep 27, 2021 at 03:11:20AM -0700, Nadav Amit wrote:
> 
> > On Sep 27, 2021, at 2:08 AM, Kirill A. Shutemov <kirill@shutemov.name> wrote:
> > 
> > On Sun, Sep 26, 2021 at 09:12:52AM -0700, Nadav Amit wrote:
> >> From: Nadav Amit <namit@vmware.com>
> >> 
> >> The comment in madvise_dontneed_free() says that vma splits that occur
> >> while the mmap-lock is dropped, during userfaultfd_remove(), should be
> >> handled correctly, but nothing in the code indicates that it is so: prev
> >> is invalidated, and do_madvise() will therefore continue to update VMAs
> >> from the "obsolete" end (i.e., the one before the split).
> >> 
> >> Propagate the changes to end from madvise_dontneed_free() back to
> >> do_madvise() and continue the updates from the new end accordingly.
> > 
> > Could you describe in details a race that would lead to wrong behaviour?
> 
> Thanks for the quick response.
> 
> For instance, madvise(MADV_DONTNEED) can race with mprotect() and cause
> the VMA to split.
> 
> Something like:
> 
>   CPU0				CPU1
>   ----				----
>   madvise(0x10000, 0x2000, MADV_DONTNEED)
>   -> userfaultfd_remove()
>    [ mmap-lock dropped ]
> 				mprotect(0x11000, 0x1000, PROT_READ)
> 				[splitting the VMA]
> 
> 				read(uffd)
> 				[unblocking userfaultfd_remove()]
> 
>    [ resuming ]
>    end = vma->vm_end
>    [end == 0x11000]
> 
>    madvise_dontneed_single_vma(vma, 0x10000, 0x11000)
> 
>   Following this operation, 0x11000-0x12000 would not be zapped.

Okay, fair enough.

Wouldn't something like this work too:

diff --git a/mm/madvise.c b/mm/madvise.c
index 0734db8d53a7..0898120c5c04 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -796,6 +796,7 @@ static long madvise_dontneed_free(struct vm_area_struct *vma,
 			 */
 			return -ENOMEM;
 		}
+		*prev = vma;
 		if (!can_madv_lru_vma(vma))
 			return -EINVAL;
 		if (end > vma->vm_end) {
-- 
 Kirill A. Shutemov