From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D5EEEB64DB for ; Tue, 20 Jun 2023 22:29:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B5E7F8D0002; Tue, 20 Jun 2023 18:29:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B0E848D0001; Tue, 20 Jun 2023 18:29:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9D7668D0002; Tue, 20 Jun 2023 18:29:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 8C8F68D0001 for ; Tue, 20 Jun 2023 18:29:50 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 58E06160659 for ; Tue, 20 Jun 2023 22:29:50 +0000 (UTC) X-FDA: 80924569740.23.2FB1814 Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com [209.85.167.173]) by imf14.hostedemail.com (Postfix) with ESMTP id 7EED8100004 for ; Tue, 20 Jun 2023 22:29:47 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=UOyd0Sqf; spf=pass (imf14.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.173 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687300187; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=737y4GyRKpqE91gxSPyOenREhA5BzvvW+7hP1UZx97Y=; b=r2sDRBLoMZESvlFie9McaaYwRYfaamdwx5cvvoUBKxOj2xGYiwFNV0NQgYhqbzU7dc4Odw lPHwya8HQfodDLzo1flZSxGPgx13Sb7T8CM0qd7L94UrSQ8VlbBKpWX94U5T4B4Cc2fmNM WrPVqBMuKUzgUZMjuzouif1VMFASk8Y= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687300187; a=rsa-sha256; cv=none; b=I2XQQ8okvQtAnB5C+Q180Nk2w+Mat23W2o7pIXrTSeJBO6NgrTP1uqEonAxrDpvCOD0ca4 jSXDhwxdgr2DrB2SJs9cuCIu1AxXlf0A974YS0DMPV4AY6i8u4Az6PJWfoKpdg0yD5wFvo 2zm79XeOyDRBaLQPJ5Hlu222edMguXI= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=UOyd0Sqf; spf=pass (imf14.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.173 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-oi1-f173.google.com with SMTP id 5614622812f47-392116ae103so3585386b6e.0 for ; Tue, 20 Jun 2023 15:29:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1687300186; x=1689892186; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=737y4GyRKpqE91gxSPyOenREhA5BzvvW+7hP1UZx97Y=; b=UOyd0SqfeJgjhXQSRp176NRZYdP7jXBIUwyWyjy9o2GHZalWpMTMxx/ULyTCXJLjcO VxnHQbRksc+9saHehv+vc4iI4O3WP73yzFRSzFTsMi6Y5r7foNdSNvSBerZNxrWF+Vhe Vtc8fz4c44M5POvOs+oxJilbwBw+uozTOHVbU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687300186; x=1689892186; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=737y4GyRKpqE91gxSPyOenREhA5BzvvW+7hP1UZx97Y=; b=J/8QMkJ1ARrpUfCq2KDV32v9HeLvmHqS+PRrd2E8KONMOzyWm1pBto+6qw/q3J5KIK lcu3ydRG7YtVIn4RZmucbUie2NdQIcweeS3vXpX2A9DS9ZJbHxsKekCN0bpKi8X6hpbX WqqoGWQ35Gr0QVNlEtH/s0y7UiUx7lAW8DAMFWtPzkMudElTTK5kqvK3SZrsAu2Tl2tG Q0XRk/bElY8f18ZtpPb1gIWWI5Ddzbuz6LnEyTmGHGnwXqJzUbvnVD+B7Ji8st//Owoa 9YwTTaS4q8yhnc/X+vUFXQRdbgNxTmKBrG4eZwlbVJHcFZrSi9SeHh3v+BgRxWgMwzpT KYnQ== X-Gm-Message-State: AC+VfDwjXHA4IzoLznKY01V5Z2R+BWk+HUDAuy0pMNkzjj+4TFDk/7ql IYhIEbCpUW7gRl9oY/Y9kSaqiF+Oh0480SE1cN2aSw== X-Google-Smtp-Source: ACHHUZ4o4Qo09sbgerKhKFBt3uDUXaRfWTXfdNBwHm3LbMd5T9IVxxNte6h21MAZepg91DnddrV44fMX/rci9N6oSqg= X-Received: by 2002:a05:6808:1294:b0:3a0:3249:b29e with SMTP id a20-20020a056808129400b003a03249b29emr5459279oiw.44.1687300186491; Tue, 20 Jun 2023 15:29:46 -0700 (PDT) MIME-Version: 1.0 References: <20230614011814.sz2l6z6wbaubabk2@revolver> <20230614125731.GY52412@kernel.org> In-Reply-To: <20230614125731.GY52412@kernel.org> From: Jeff Xu Date: Tue, 20 Jun 2023 15:29:34 -0700 Message-ID: Subject: Re: inconsistence in mprotect_fixup mlock_fixup madvise_update_vma To: Mike Rapoport Cc: "Liam R. Howlett" , Peter Xu , linux-mm@kvack.org, linux-hardening@vger.kernel.org, zhangpeng.00@bytedance.com, akpm@linux-foundation.org, koct9i@gmail.com, david@redhat.com, ak@linux.intel.com, hughd@google.com, emunson@akamai.com, rppt@linux.ibm.com, aarcange@redhat.com, linux-kernel@vger.kernel.org, Lorenzo Stoakes Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 7EED8100004 X-Rspam-User: X-Stat-Signature: ghh4xorm5eub9pxuhjj65ybc94ea6i83 X-Rspamd-Server: rspam03 X-HE-Tag: 1687300187-306997 X-HE-Meta: U2FsdGVkX19UNMVBfUaFRL3jYsmJasbXB5c0EqYd4jXVJ83Xj7ovJUBg3oIXd9mR0a27a3lC8b26oCngd/fMEeI/ggxlnsvfZOTz3IvfWHe9IXV9AUT02VyWbDeX9U1s6+BY8suMkNC9MODVlPj7naNMekBHbdsurZjRxkSDyhN3Uh74wyjuW1nhThHMsybMqtHQtjMO+RXjls3+3vX/QcPl/Sk1B/YZ13+9tWOY3bDRXmuuURbta4q+4yas0exB0lSGSaKQP7zYemMJLi4NfrTbIXF46sADJAi/7EZMLWE0JzdPL/PSzRVFQq6/4MB+pz/f6LXNW/E3YCZXs7E1J+0LONQLAek6OQQKdGHbhzS6pnGci60/PptTrVS7rbYDJDYwwUZcZI3RSiQ/P0QV1VMap74UQaCumIowNz728gohDGkxdU/p3nb4Ij0UWSD+DG13BS8BrBi+Y4jvACjXgUHtT43s9PuQwQkP0KS5Zy2jMJu1qBWTvTUmGemKT137UFGCYjr6KlAOyHfsMjmSgJYN5fcNHGa9mf95HoWavghG1qqRMQUsOVFfFyEl3LeCPHbrTGDqjMrHLibmRpsfbM0dLnNP+IE4+CT2QJsnUj9+0ZD8bBpnnmihzSIsQySwa5XM3iWLEoDhvexW/2jRg916dIcorR3X+dOnMXeJl9jgOxqrbe2RiOsbNH2I6GKBUrPphHZpDiNOeDfWX9jeVaPkQyFcfa/AFJ6HTPZ+XgqTBaabvpFT021Ke15PhJIzyuBD2F1/HVO352U6f/Sb4qhzjMr8ThtbxzVyRKlQAO/4zIYwrpIRHMrJ80CILidWWTwbAFctnnAlnf/91Scggzclw7anbkDnj6+NGOJdMddtrKz3mix8uQep1wCvHN5GERcgrBmLi6jhycctSbGYXCGJttuK/cY91OPm22xZJrR0JkrXVQv46Bib+AZLugKwCg9vWNyJGg993qhFw2o IPVgBBD8 pUmCFWy2zvUUS+A2jLCRv+HYSusSmKo9Mt3nTd2BcaHIhfcGqT9vmX973hdslESJ9Bz2gfQ7XgNFg8Nts2kcQURluziyfdZkCYRVW9oPugwZ+ymQlv0WsrD0tymWRpZfRcWAhlnnhxHqDFKrI59daYpRSsanDeScAEr9AURO3xzxIOUKRcl3pojljecplJcWFciej74Idcvu9+du5ImfUGiTbqiNUMuPq6H01iCeXr8GnPkxwXl/ykWltJ/FioqMlRLlsR7+Ixl2Vz49aB9gY1UA3GXW6Arj2+fRcawhylZs1jYu+vKfUK9lwto1CrwILYq1NHUla2y/Pvg53a9+RsT89kPbhyL3bukCfO3Oi2WGtrgnOnCMOe043kyPQEWK/Dt8s54EEzEsk6mH553dpTTG6vr6sILm4UAG4 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Jun 14, 2023 at 5:58=E2=80=AFAM Mike Rapoport wro= te: > > On Tue, Jun 13, 2023 at 09:18:14PM -0400, Liam R. Howlett wrote: > > * Jeff Xu [230613 17:29]: > > > Hello Peter, > > > > > > Thanks for responding. > > > > > > On Tue, Jun 13, 2023 at 1:16=E2=80=AFPM Peter Xu = wrote: > > > > > > > > Hi, Jeff, > > > > > > > > On Tue, Jun 13, 2023 at 08:26:26AM -0700, Jeff Xu wrote: > > > > > + more ppl to the list. > > > > > > > > > > On Mon, Jun 12, 2023 at 6:04=E2=80=AFPM Jeff Xu wrote: > > > > > > > > > > > > Hello, > > > > > > > > > > > > There seems to be inconsistency in different VMA fixup > > > > > > implementations, for example: > > > > > > mlock_fixup will skip VMA that is hugettlb, etc, but those chec= ks do > > > > > > not exist in mprotect_fixup and madvise_update_vma. Wouldn't th= is be a > > > > > > problem? the merge/split skipped by mlock_fixup, might get acte= d on in > > > > > > the madvice/mprotect case. > > > > > > > > > > > > mlock_fixup currently check for > > > > > > if (newflags =3D=3D oldflags || > > > > newflags =3D=3D oldflags, then we don't need to do anything here, it's > > already at the desired mlock. mprotect does this, madvise does this.. > > probably.. it's ugly. > > > > > > > > (oldflags & VM_SPECIAL) || > > > > It's special, merging will fail always. I don't know about splitting, > > but I guess we don't want to alter the mlock state on special mappings. > > > > > > > > is_vm_hugetlb_page(vma) || vma =3D=3D get_gate_vma(current->mm)= || > > > > > > vma_is_dax(vma) || vma_is_secretmem(vma)) > > > > > > > > The special handling you mentioned in mlock_fixup mostly makes sens= e to me. > > > > > > > > E.g., I think we can just ignore mlock a hugetlb page if it won't b= e > > > > swapped anyway. > > > > > > > > Do you encounter any issue with above? > > > > > > > > > > Should there be a common function to handle VMA merge/split ? > > > > > > > > IMHO vma_merge() and split_vma() are the "common functions". Copy = Lorenzo > > > > as I think he has plan to look into the interface to make it even e= asier to > > > > use. > > > > > > > The mprotect_fixup doesn't have the same check as mlock_fixup. When > > > userspace calls mlock(), two VMAs might not merge or split because of > > > vma_is_secretmem check, However, when user space calls mprotect() wit= h > > > the same address range, it will merge/split. If mlock() is doing the > > > right thing to merge/split the VMAs, then mprotect() is not ? > > > > It looks like secretmem is mlock'ed to begin with so they don't want it > > to be touched. So, I think they will be treated differently and I thin= k > > it is correct. > > Right, they don't :) > > secretmem VMAs are always mlocked, they cannot be munlocked and there is = no > point trying to mlock them again. > > The mprotect for secretmem is Ok though, so e.g. if we (unlikely) have tw= o > adjacent secretmem VMAs in a range passed to mprotect, it's fine to merge > them. > I m thinking/brainstorming below, assuming: Address range 1: 0x5000 to 0x6000 (regular mmap) Address range 2: 0x6000 to 0x7000 (allocated to secretmem) Address range 3: 0x7000 to 0x8000 (regular mmap) User space call: mlock(0x5000,0x3000) range 1 and 2 won't merge. range 2 and 3 could merge, when mlock_fixup checks current vma (range 3), it is not secretmem, so it will merge with prev vma. user space call: mprotect(0x5000,0x3000) range 1 2 3 could merge, all three can have the same flags. Note: vma_is_secretmem() isn't checked in mprotect_fixup, same for vma_is_dax and get_gate_vma, those doesn't have included in vma->vm_flags Once 1 and 2 are merged, maybe user space is able to use munlock(0x5000,0x3000) to unlock range 1 to 3, this will include 2, right ? (haven't used the code to prove it) I'm using secretmem as an example here, having 3 different _fixup implementations seems to be error prone to me. Thanks -Jeff > > Although, it would have been nice to have the comment above the functio= n > > kept up to date on why certain VMAs are filtered out. > > > > > > > > Also skipping merge of VMA might be OK, but skipping split doesn't, > > > wouldn't that cause inconsistent between vma->vm_flags and what is > > > provisioned in the page ? > > > > I don't quite follow what you mean. It seems like the mlock_fixup() is > > skipped when we don't want the flag to be altered on a particular VMA. > > Where do they get out of sync? > > > > > > -- > Sincerely yours, > Mike.