[PATCH 0/8] Avoid MAP_FIXED gap exposure

["Liam R. Howlett" <Liam.Howlett@oracle.com>]

It is now possible to walk the vma tree using the rcu read locks and is
beneficial to do so to reduce lock contention.  Doing so while a
MAP_FIXED mapping is executing means that a reader may see a gap in the
vma tree that should never logically exist - and does not when using the
mmap lock in read mode.  The temporal gap exists because mmap_region()
calls munmap() prior to installing the new mapping.

This patch set stops rcu readers from seeing the temporal gap by
splitting up the munmap() function into two parts.  The first part
prepares the vma tree for modifications by doing the necessary splits
and tracks the vmas marked for removal in a side tree.  The second part
completes the munmapping of the vmas after the vma tree has been
overwritten (either by a MAP_FIXED replacement vma or by a NULL in the
munmap() case).

Please note that rcu walkers will still be able to see a temporary state
of split vmas that may be in the process of being removed, but the
temporal gap will not be exposed.  vma_start_write() are called on both
parts of the split vma, so this state is detectable.

RFC: https://lore.kernel.org/linux-mm/20240531163217.1584450-1-Liam.Howlett@oracle.com/

Changes since RFC:
- Fixed comment on __split_vma() - Thanks Lorenzo & Suren
- Split out abort & complete stages of munmap_vmas() to reduce
  complexity of review - Thanks Suren
- Correct accidental removal of validate_mm() and split the extraction
  of the validate_mm() to its own patch - Thanks Suren
- Fixed merge error in comments - Thanks Lorenzo
- Added reviewers, but I didn't add Suren's review of patch 2 as it
  significantly changed into 3 patches to make reviewing easier as he
  suggested.


Liam R. Howlett (8):
  mm/mmap: Correctly position vma_iterator in __split_vma()
  mm/mmap: Introduce abort_munmap_vmas()
  mm/mmap: Introduce vmi_complete_munmap_vmas()
  mm/mmap: Extract the gathering of vmas from do_vmi_align_munmap()
  mm/mmap: Introduce vma_munmap_struct for use in munmap operations
  mm/mmap: Change munmap to use vma_munmap_struct() for accounting and
    surrounding vmas
  mm/mmap: Extract validate_mm() from vma_complete()
  mm/mmap: Use split munmap calls for MAP_FIXED

 mm/internal.h |  22 +++
 mm/mmap.c     | 399 +++++++++++++++++++++++++++++++-------------------
 2 files changed, 270 insertions(+), 151 deletions(-)

-- 
2.43.0