From: Steven Rostedt <rostedt@goodmis.org>
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Vincent Donnefort <vdonnefort@google.com>,
Qing Wang <wangqing7171@gmail.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org,
syzbot+3b5dd2030fe08afdf65d@syzkaller.appspotmail.com,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>,
David Hildenbrand <david@kernel.org>
Subject: Re: [PATCH] tracing: Fix WARN_ON in tracing_buffers_mmap_close
Date: Tue, 3 Mar 2026 10:25:28 -0500 [thread overview]
Message-ID: <20260303102528.744d57ae@gandalf.local.home> (raw)
In-Reply-To: <71c3a923-dc00-471c-9555-c08d5e135dee@lucifer.local>
On Tue, 3 Mar 2026 10:19:52 +0000
Lorenzo Stoakes <lorenzo.stoakes@oracle.com> wrote:
> > > Setting VM_IO just to trigger a failure case in madvise() feels like a hack? I
> > > guess it'd do the trick though, but you're not going to be able to reclaim that
> > > memory, and you might get some unexpected behaviour in code paths that assume
> > > VM_IO means it's memory-mapped I/O... (for instance GUP will stop working, if
> > > you need that).
> >
> > Well, we don't reclaim that memory anyway.
>
> OK so maybe not such an issue then! As long as GUP not working with it wouldn't
> break anything?
Yeah, we don't ever use get_user_page() for this memory. It's pretty much
all handled on the kernel side. User space just has it mapped as read only.
The kernel doesn't care what user space does with it.
> > Yeah, right now the accounting gets screwed up as the mappings get out of
> > sync when it is forked.
>
> Ack, is that in a way that could screw up things from a kernel point of view at
> all? Presumably there was some report that triggered this work, like an assert
> fail or something, or a warning?
Yes, it triggered a warning. The start of this thread added a patch to allow
madvise to remove DONTCOPY from this memory without screwing things up
(by adding an open() handler for the vm_operations_struct).
>
> If a user is explicitly going to an ftrace buffer and madvise()'ing it in random
> ways they've only themselves to blame for being so stupid :)
>
> As long as it's not exploitable in some way I don't think that's too much of an
> issue?
>
> It'd be nice to keep the semantics of 'don't copy on fork' if we could, even if
> some crazy users might override it with madvise().
OK, so should we add the VM_IO flag?
>
> Kind of separate from the question, but I mean if it's kernel-allocated memory
> which you're managing separately it should surely be VM_PFNMAP?
OK, I'm a bit confused. What do you mean "managing separately"? You mean
managing the user space side of things? if so then yes.
Hmm, I haven't heard of VM_PFNMAP, can you explain more its use case.
>
> It depends if you want to have a refcounted folio underneath though. If you do
> then yeah don't do that :)
I have no idea what a refcounted folio would do here :-p
>
> In general I'd suggest supporting the fork case if you can, or just let things
> be wrong if a user does something crazy and undoes the VM_DONTCOPY flag.
OK, so don't add these flags and just allow the forking to happen as this
patch does (if they screw it up, it's their problem).
This patch is here:
https://lore.kernel.org/all/20260227025842.1085206-1-wangqing7171@gmail.com/
I mean, we allow two separate tasks to mmap the same buffer, and they will
have the same issues as a fork would have. Thus, I guess the answer is to
apply this patch?
-- Steve
prev parent reply other threads:[~2026-03-03 15:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260227025842.1085206-1-wangqing7171@gmail.com>
[not found] ` <aaFrmHzIAkEe7ufy@google.com>
[not found] ` <aaF0zS3xh5KgM_yy@google.com>
[not found] ` <aaF-bhAIhCgusG9k@google.com>
[not found] ` <20260227102038.0fef81e9@gandalf.local.home>
2026-02-27 20:56 ` Steven Rostedt
2026-03-02 12:13 ` Lorenzo Stoakes
2026-03-02 16:52 ` Steven Rostedt
2026-03-03 10:19 ` Lorenzo Stoakes
2026-03-03 15:25 ` Steven Rostedt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260303102528.744d57ae@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=akpm@linux-foundation.org \
--cc=david@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=syzbot+3b5dd2030fe08afdf65d@syzkaller.appspotmail.com \
--cc=vbabka@suse.cz \
--cc=vdonnefort@google.com \
--cc=wangqing7171@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox