From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14B74CEFC38 for ; Tue, 8 Oct 2024 18:07:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8ABA16B0093; Tue, 8 Oct 2024 14:07:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 85B326B0096; Tue, 8 Oct 2024 14:07:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 722A16B0098; Tue, 8 Oct 2024 14:07:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 4BCE36B0093 for ; Tue, 8 Oct 2024 14:07:17 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id ECFE8A09D4 for ; Tue, 8 Oct 2024 18:07:13 +0000 (UTC) X-FDA: 82651216872.21.4D9A33E Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by imf12.hostedemail.com (Postfix) with ESMTP id 5A58A40012 for ; Tue, 8 Oct 2024 18:07:13 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=pvOpvN4n; spf=pass (imf12.hostedemail.com: domain of jannh@google.com designates 209.85.128.47 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728410654; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=viBmhD7gGvLGQ7Oo9pTHKKgJri2maYs3RTGP4qOy4BY=; b=l+P64e2CR+89tZQw2v9TCkX0XxBdAcKS4Jc+KNLqfiNG7rc56jrD5iHmwi3TPtitPyzXpF 6SRFlSVA/q0vaAVtH4PDjbDQyexzZ7FnxXDMdOPO/OJupV/ablHi3UJ91VndwvUNa6lB2Y hzBbH3JtcKAZ5Ge4ehFb7Tc1jupjSj4= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=pvOpvN4n; spf=pass (imf12.hostedemail.com: domain of jannh@google.com designates 209.85.128.47 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728410654; a=rsa-sha256; cv=none; b=Vd6LeRmxj7haUXQzFGr9pSjPJSnipM/HhfW6kKpHV1pKLJqPTTzvKcc3drGiMqryobKY6p 4EjAzRs8qQJ831hcVj8BT6XgLwlQqmCic7A4iAKHRavAq+iFNHUFK5+mmFWiMmxA2QZg+P f/Ytldomge9ik3r4IN+rC6AM26SkC5U= Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-42cae4ead5bso28645e9.1 for ; Tue, 08 Oct 2024 11:07:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728410832; x=1729015632; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=viBmhD7gGvLGQ7Oo9pTHKKgJri2maYs3RTGP4qOy4BY=; b=pvOpvN4nLJp4YgyYuIXJKai3/5vyaP6mZFtQg+6+iXygEZgJcoipsfc4WG5Q7o2Mzo rvJ+8dzmiT9StmPv5yqIKeVl2O8kganah/e6ufBI5NAbndaB25JXchNmWzaS+oKK6Ydg QSwTKxlWOMr6CDs+Z3oPk1J01OKxEISQJtaF2Jxr+WSPtXi/pfLBx8Bi5gdnX0qTpimK S4dgp/ilOb5BaGbywuP0ywr/3UgBWMEXtOz1ThRVf5KjBXX3+0yZAMCOF0tb5hfFrKFs yIisV023t5+AWJxKDYnKsxirNCQBByC7fgrrYMuzTZnl3hOdJpqc5CjxgXaB/E75AJOH cbyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728410832; x=1729015632; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=viBmhD7gGvLGQ7Oo9pTHKKgJri2maYs3RTGP4qOy4BY=; b=A2vuv5P/pJELG6wyi5VLAZlWxLP0/UZrr1B2qWpQ3BFuVdlUpaR2v46FbPxqzPPUIg GRcJ/WE3c1sb07mt2T9OTzurHtzg30Ydg/lgCb4PsAUxD6cqReNFQZx2R+uqrTySUygX TLVDOz80Emt1hRDubLWbLWXz1wwhoCiqr9VkjX3x1+N15EgN554ExbzU/UsZKu/UwgDW 7cenz0ApKH7sMENSeY0ipORy27xcaWXAF1EhAf7tlVm70fpDtxfZ7GH0y5GXoL8Yeo59 MX27Mkz0fLgOfqCd/eQIH9r0SE+qLv10xQefGuOB/tb/sa2T+Jop1O7jcOYQg/TNc+Sy o1ew== X-Forwarded-Encrypted: i=1; AJvYcCXPC81fCGbLJ0VPbYU2iH3aUpYTiYe5gCqbW4ec0jJrEmgR33ic/XyXxrnYYIha2Pj/71/Q2acaxg==@kvack.org X-Gm-Message-State: AOJu0YxZ7hMSqFmNfQheSIKS8MLZvhjEE8ePUfa+HolowwxPHxMq1RZa 2PXEzXTxzL9Sse5aTBxbJmzWFveIs9iIqIg2xWNvRLk70s6+q8DIyEWywBXjLeaUwENELbwWmtQ BIG30Qcm/Z2gRu2De53qGsCYTJz4NtMjjppr4 X-Google-Smtp-Source: AGHT+IG0Ua74EgE6K84YQjHt1KQHJmVOAGcNEjhiw2VgdV6Hy6/FCQVVmouz8XlYGgRxh/uOG2ghJ1mnq9tthv5OIXE= X-Received: by 2002:a05:600c:b8a:b0:42c:b0b0:513a with SMTP id 5b1f17b1804b1-43058cf488cmr294435e9.2.1728410831395; Tue, 08 Oct 2024 11:07:11 -0700 (PDT) MIME-Version: 1.0 References: <20240830040101.822209-1-Liam.Howlett@oracle.com> <20240830040101.822209-15-Liam.Howlett@oracle.com> In-Reply-To: From: Jann Horn Date: Tue, 8 Oct 2024 20:06:33 +0200 Message-ID: Subject: Re: [BUG] page table UAF, Re: [PATCH v8 14/21] mm/mmap: Avoid zeroing vma tree in mmap_region() To: Suren Baghdasaryan Cc: "Liam R. Howlett" , Andrew Morton , Lorenzo Stoakes , Linux-MM , kernel list , Matthew Wilcox , Vlastimil Babka , Sidhartha Kumar , Bert Karwatzki , Jiri Olsa , Kees Cook , "Paul E . McKenney" , Jeff Xu , Seth Jenkins Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 5A58A40012 X-Stat-Signature: dowrd9xjgyujsd3arpd6x5o6s8xj7tdp X-Rspam-User: X-HE-Tag: 1728410833-43608 X-HE-Meta: U2FsdGVkX18akoJGbjkXqxcXlm99P1j4ok2JalopCf2kq1B3l3d6drfAa2vBaqNEyqkfPe2ToCClm+byKo6MK1VkGz3H/vJvwMeCa0QXx+A7RpYPFcAxttqgCm2XKluByMZvawN6Cv8EWvu5fSsuevQzroMA/NkTnIYSWBVOrT56TDU5ry2hf3BdQW0kr1HR05/7u1e+hqNPzmrQRvWGeD9KE6E3Cf7rZHKSSnz1BVTtgCrOqv5+Odff2i7zXEPH3s+NXJOMfOdR8q2XSXbFIqMsjfkpq2oLbjU2fQ1DN9QLiDtF8fIkZRA+QiToF0OWWrWSXnDNezMmP5sGduHFqd3kWfzHhEMsKF/GLA19D1mvt9P6dmEEI4jrlSkH2jHP0oI/0RYbpj2kAoh6xXbfi/j3HEC56vAuSY30mi4W+mknUNFwFC1zyFUgZpa2/2wKPFIA5GtZGtv1yUYEwCNqDxLFMzFuJ9F3JeFCj6leYo/8d58kllJMWh9FS5B8KeM6KsemDHI1GDWcCA4TBn0t2cEXSSC7dZJ6ruWTzYlttdDrnaIw7rWtRug5gYK3ZcBferJUt3mEhzNwgMxjSBZ1xqzqI5029mV+f/UaRADAnTt6yUs1pEJ5YODJMIHRPXgZYnkgl3CIP1x959X3+4a3EMdY9VcKvSalRyUu+prJwJPRgUG11/wawoWoyXo0rr1lnOmxY2X23QZopubawpEoeZ24U2Zj8nTmkdtMNfRzuZ0ws0sGuSkk/xzs/h6YLdY/5vy5psijAqt50Eq2exuGUQ5+rRkkpY6NVniYoOdCHCccdkbHZtfmzmA++clP8rG4+Kb4in4gzyoxaloylXsQWzLpmiK44ug04H2a9Y+6Ho7m0sg5QLnPhqun8hOEUBxfk9bGPHvhGVtuaqruxlyfLOTPG4ia5lUron6nnCzmjvEHyT5VhNxcFu+08JHtHCxvk4R/4UQEAI9iMfNmFPI 3ZE4k3cm M0KX0sLqccpZRissY87Av/90Njc+RxavbOAdnpGuyVdoMK07ET3m6HI67n8enLP+JMKyua1n8Wkz7QmObigsTxN21BJBo6k5xuhUoixq+K8Q6Jvt98N9dZ81btjNci4euMLb7QxW/p0g4n/AAgFinM/Zfg8GCXtvLRmZarsjQuIkUQ3aPLOL/mcmZMbW9Gm/4lZmX+PVVe91di2dq6RU0Sl1PEDwIT9NpncaM3FhOEHFOPFopZfjlE3LDrh6PQsMCyVxbSR8FQzEiR7MhgrGD4ppyPE7WcALt96Nv/O/22VQjVogGWiPX9lFoUw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.092971, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Oct 8, 2024 at 7:52=E2=80=AFPM Suren Baghdasaryan wrote: > On Tue, Oct 8, 2024 at 10:16=E2=80=AFAM Jann Horn wrot= e: > > Is that code in a tree somewhere? > > > > What locking will those RCU walkers use when accessing VMAs? I guess > > they probably anyway have to take the VMA locks to ensure they see > > consistent state, though I guess with enough effort you could avoid it > > (seqlock-style) on some fastpaths when the vma is not concurrently > > modified and the fastpath doesn't need access to the VMA's file? > > Sorry, it's not posted upstream yet but yes, the idea is to walk the > tree under RCU and detect concurrent changes using seq-counters. A > prototype was posted here: > https://lore.kernel.org/all/20240123231014.3801041-3-surenb@google.com/ > but it had some issues I'm yet to resolve. Ah, thanks for the pointer.