From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A58B7C02199 for ; Sat, 8 Feb 2025 02:50:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E4BA26B008A; Fri, 7 Feb 2025 21:50:18 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id DFAB96B008C; Fri, 7 Feb 2025 21:50:18 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CC3256B0092; Fri, 7 Feb 2025 21:50:18 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id AAA426B008A for ; Fri, 7 Feb 2025 21:50:18 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 554681C97FF for ; Sat, 8 Feb 2025 02:50:18 +0000 (UTC) X-FDA: 83095248516.06.302D4D6 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf03.hostedemail.com (Postfix) with ESMTP id B7C0420005 for ; Sat, 8 Feb 2025 02:50:16 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=0fOTGxYe; spf=pass (imf03.hostedemail.com: domain of akpm@linux-foundation.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738983016; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+6SPAQay5bDSOh9OE8GcTbO125GONwcz2O/hpF6N/es=; b=pGSYvJsL/Ec/nsAhzyv9FvKIWB5Fmcb3uAq4busqTvyEgnaoIgmueaFYSSyuRcR6CMHT21 Fei4Mj5XZsO4iO+n/EwV5KpU466uAkfzOO+21Gm5OGK3Gtd5bsKjOZWZB8giOtipP3tHEU jPUdx9yLLIz8/QgaKagCZvr2k1gVYjY= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=0fOTGxYe; spf=pass (imf03.hostedemail.com: domain of akpm@linux-foundation.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738983016; a=rsa-sha256; cv=none; b=yliPe0stuqQxlUY5QUw7p2YLxj3tlKLKddwOSX84dpbcy47AHKY0MThSyAgNhaxQZaWZhK ba/GkzH4EJMiY8LdqfBKxHvQYVyCNcij7K1C4Fa/xC9ex2IzE+/uBV17mSw6yL2+W30yzw WpkJMy3+OJbqXIouDjr+OUi5l7ewGVg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 40B08A44032; Sat, 8 Feb 2025 02:48:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 87B8CC4CED1; Sat, 8 Feb 2025 02:50:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1738983015; bh=pDRzqpp8fUS1lYlC2zVt4ipLm46EmEyYzyuHUVJ7uDA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=0fOTGxYeUAMW+cSH/0d9eI5mMBIljHmvTCF64i/LBiommBfR1v0tHDtj4i6bNZ4BK juCTFccDEGJb9hnjFjwxi19z3NxzTpVXssuoPRPwZfWcUltE86E6dDOlH3+IdZROB7 204bQVNPBSLEv/GtIxxQGnxnevGHPsx15YtyD6DA= Date: Fri, 7 Feb 2025 18:50:14 -0800 From: Andrew Morton To: Lorenzo Stoakes Cc: "Liam R . Howlett" , Vlastimil Babka , Jann Horn , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm: use READ/WRITE_ONCE() for vma->vm_flags on migrate, mprotect Message-Id: <20250207185014.c5d9f8f3e7065c11a4825125@linux-foundation.org> In-Reply-To: <20250207172442.78836-1-lorenzo.stoakes@oracle.com> References: <20250207172442.78836-1-lorenzo.stoakes@oracle.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspam-User: X-Stat-Signature: 4g63h9rwhchj7btsakcspip5kxqz8ega X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: B7C0420005 X-HE-Tag: 1738983016-339861 X-HE-Meta: U2FsdGVkX1+XjYztzOarXuZBD6JHg2izklpT20g8GrIvroA4Nnxx1cl7vs9AAMSOOvi8/GoLMfFIx0GaogQZlp9xxGOBeB5c1w5NiSg+X4Gdh1GH4ddRE8l8n65dHGEzHWWAIXalSXe+v5gOugYN8SY1inGTditZ9EFEQiuZNuWswq4+YvIxZyH8PNwYdBRcs7+SkCt64BLNHN9fln6Vl5+lNCHqUsfR40pr3BK+VsAvagnGoX1dxBqR1WCZEHoQgjZJoLtcwZ2lSbWmqaDqmGg75Ace6+VJLuKayAkFtt8IT+pi3V/A9co1P1QR+YasVRPpXHRHeD9dDkFSPcFgjSnuDPLCYbVUwR3Wlbnszv9hM4cW5dZMPvcpY73QGSjNr9ZYjj35T4U3Uuc4e4CY2/+z1r46IekVMwIUjxY9WRd09qCamyIIJa8+cC6DrQBfC3pmf+VxfG6KTCNhfmQJFMc0JchAgCQPi6g+S4Pe+nJAGRsXtaGiZxXgqNoXyAvMbyuC+0Tmd4cbIukyHpYGIlTCzUHq94n8CsaF+9XJq7gvFIV3Lk7yPhI/ajnUNHeAI9fbzQxkEgHxgy05Vh+6XYfBPUdz9HC6x7y13elV64zE+0SCNHNypN8bzqVlCs9thlEXny5UyWyc4VtJFAEJzNEINEaKQbIrpGR1yukDG//TNQxTld7Ck19kSwSO4xmQWEs21smqyWtnon6d5oN8u3pmalAPxjM9OkgYKTSSY0WbVfJ9VFr66X1Iva1Z1PBn/LwQ2C0Mq8XC+UQTBWi/F0jIxX/pDUdoLOno416Hnhgn5/+KIs4o6dB2Ban2xOXv8hLaU/KdQ53Y1g8Db80sNE+cYlk0bieu4bh9mExm2+yGPpLfor/sYxY/iVArSK8XWKE2lubyUc11J3m29mWFehWshgpITFGwNYuiqsxZuB23OtBzQJF9Y5tPNIP/6b9t4VuCwx38ZNQP8KLvhJl URSI+Htj V9iJmJKPlvZdNkUfEln0AfsaFJsP1A8jVy58/3+RheDyOrx/qUQJWh6YCAPUIXJBuMUxNMwNPbdjR5OX+XgcgTOO6V9Q5nWHHMdCa/3aL4UD8LOrnZHVnqozugW4F3nU5Bofbps+Z45hMzQGROXo9Boq6EYYZRVYwdSRdI7Yr4vWalfa1bh5W0Ddek+H1x2MW7ZoJImYNCFWnglKzVmYfNOwjpG1v4dwcW6Db2F4jbrNLP9I0XIvgDk6UYej1b1QTb+gIsWSMwqRQ7WNL+dlcEKn2dtrUUHEOnB11pbhOSEHusg70vf7rlvkS67Q5TDkxQA/3 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, 7 Feb 2025 17:24:42 +0000 Lorenzo Stoakes wrote: > According to the syzbot report referenced here, it is possible to encounter > a race between mprotect() writing to the vma->vm_flags field and migration > checking whether the VMA is locked. > > There is no real problem with timing here per se, only that torn > reads/writes may occur. Therefore, as a proximate fix, ensure both > operations READ_ONCE() and WRITE_ONCE() to avoid this. > > This race is possible due to the ability to look up VMAs via the rmap, > which migration does in this case, which takes no mmap or VMA lock and > therefore does not preclude an operation to modify a VMA. > > When the final update of VMA flags is performed by mprotect, this will > cause the rmap lock to be taken while the VMA is inserted on split/merge. > > However the means by which we perform splits/merges in the kernel is that > we perform the split/merge operation on the VMA, acquiring/releasing locks > as needed, and only then, after having done so, modifying fields. > > We should carefully examine and determine whether we can combine the two > operations so as to avoid such races, and whether it might be possible to > otherwise annotate these rmap field accesses. Thanks. If some poor person reads this code and wonders "why is it using READ_ONCE", what's our answer? I guess it's "poke around with git-blame". And I guess we can live with that - it doesn't seem practical to paste changelog text into every READ_ONCE() site. Probably most people won't bother and READ_ONCEs of ->vm_flags will get pasted into other places where unneeded. I do wonder if we can do better.