From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B4D2C00A5A for ; Wed, 18 Jan 2023 02:16:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 609306B0071; Tue, 17 Jan 2023 21:16:19 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 5BA266B0072; Tue, 17 Jan 2023 21:16:19 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 480DA6B0074; Tue, 17 Jan 2023 21:16:19 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 3848A6B0071 for ; Tue, 17 Jan 2023 21:16:19 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 122331C1D13 for ; Wed, 18 Jan 2023 02:16:19 +0000 (UTC) X-FDA: 80366305278.01.1ABCCDB Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174]) by imf06.hostedemail.com (Postfix) with ESMTP id 81F11180010 for ; Wed, 18 Jan 2023 02:16:17 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=LEYLSbN+; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf06.hostedemail.com: domain of surenb@google.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=surenb@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674008177; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=plQIjN2wQ9XQXBQ5PSme4vUCmLrYkEIK9If4doKFLBI=; b=ZfVRsnbA0x05gLO6BWkyhXNmcHEZABPlfGP6+L5ZXziGiJonEzExCfjrwcv065y2xHDPzJ inBMJVIcvnQ+HvcMIVxNfjtKkF6Juu3seEWAUCT1z44n2XapL/2C93D4OoN6mnRt+YUWVo ewnxOTfV/4DVi+bFP6AQzLShOt5Mo18= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=LEYLSbN+; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf06.hostedemail.com: domain of surenb@google.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=surenb@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674008177; a=rsa-sha256; cv=none; b=jhQ4+nkssrTiELvcDBhFl1m59ySto3pH35m3zZ+kDvk4KXlD259Os5yomExUWD7wgdsSQq N0iW8TUiVQHUc5uRfP0Ao51pN1kUNaOHmQj/vX+kXpzBtHvPTyj3s9wcvqBkm8PLuLD0X+ wj/2p7NhUILb9mU2PH7mVLkHR8i9wjA= Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-4e9adf3673aso113034897b3.10 for ; Tue, 17 Jan 2023 18:16:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=plQIjN2wQ9XQXBQ5PSme4vUCmLrYkEIK9If4doKFLBI=; b=LEYLSbN+VJha9Y8r6nX3W37X12OGy8n862kizG4i1KEMLBQvAcrAa7awSx1mGj6i1M UZO5TbjxfJVrwATY1r5dwUg8ulM2yFaaEytzlAWSqp+tigueh/wVI7At443/LMXGGcdV 02aU2qgTw4KyyW2cVar/Q+JPbd/GajrGO3fhydG8cNxnsGEj2DNXX1lHjQcNta+ndKLq VlrCSw29Fmnei5ErjNjvLZbBUUKgepCwNTFqoqk9hXLiOqQJA6NxpzwZj5tNijHCrCY0 zNFBA/nJjj38TAHajL1bHQYqy86Qx8fnD261/akARVMdMAHEV4rhTf3wbpcFOTD1vzhT StSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=plQIjN2wQ9XQXBQ5PSme4vUCmLrYkEIK9If4doKFLBI=; b=uejG5OsB8dWCrnO3TBL4wG43VW6FaW/lLgGqPOYESXf+RSbFalpaxpmSL7EoNfcBh2 xBF9DHlvFVr9M8YzQ1A9REvHLDeZbEmzxrxBvuDRERFmatqFrGZa+roJiwvwjR1a/mU2 CXiIa8QbUeXRflHiVa6kMv5aPuQo3+H3j0Kb0f1Eiy95721YmwOEu0QEoMWNlidShSsW x2ftRFznptuRvrOaAe9T08tpMsTJJXx2ScMwZpsr6/ixmorR5G8UZjX/rkdvpMbhtrUk 85PvXrlt/O39BjvB6cX+vewsJoMnyXF3YXKTZKTDvJedg+KZYy3Ue0LS9jVebq5l6EUP KyCA== X-Gm-Message-State: AFqh2krMcoFlS9qSYM01uOVp2w2e8cQdQtDiuS8M/GmyVRJhdDS/58fW yi5ogNe/r8v5xHt6ISKrrKixSbtV90aIdRBXob2Qkg== X-Google-Smtp-Source: AMrXdXu0PzeQzUrtMPh6Q6gmLxuEYbH19qaRWq6JHAbxojJ61ekKXs60PExdWQAgVi5xOUd0vb27BXUobHRewBc0eVw= X-Received: by 2002:a81:9105:0:b0:3dc:fd91:ef89 with SMTP id i5-20020a819105000000b003dcfd91ef89mr584557ywg.347.1674008176468; Tue, 17 Jan 2023 18:16:16 -0800 (PST) MIME-Version: 1.0 References: <20230109205336.3665937-1-surenb@google.com> <20230109205336.3665937-10-surenb@google.com> In-Reply-To: From: Suren Baghdasaryan Date: Tue, 17 Jan 2023 18:16:05 -0800 Message-ID: Subject: Re: [PATCH 09/41] mm: rcu safe VMA freeing To: Michal Hocko Cc: akpm@linux-foundation.org, michel@lespinasse.org, jglisse@google.com, vbabka@suse.cz, hannes@cmpxchg.org, mgorman@techsingularity.net, dave@stgolabs.net, willy@infradead.org, liam.howlett@oracle.com, peterz@infradead.org, ldufour@linux.ibm.com, laurent.dufour@fr.ibm.com, paulmck@kernel.org, luto@kernel.org, songliubraving@fb.com, peterx@redhat.com, david@redhat.com, dhowells@redhat.com, hughd@google.com, bigeasy@linutronix.de, kent.overstreet@linux.dev, punit.agrawal@bytedance.com, lstoakes@gmail.com, peterjung1337@gmail.com, rientjes@google.com, axelrasmussen@google.com, joelaf@google.com, minchan@google.com, jannh@google.com, shakeelb@google.com, tatashin@google.com, edumazet@google.com, gthelen@google.com, gurua@google.com, arjunroy@google.com, soheil@google.com, hughlynch@google.com, leewalsh@google.com, posk@google.com, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, x86@kernel.org, linux-kernel@vger.kernel.org, kernel-team@android.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 81F11180010 X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: uwpx5cz6x1q5jhw4hy1gok4fnnyhw9k8 X-HE-Tag: 1674008177-899267 X-HE-Meta: U2FsdGVkX1/1vsW3p4yOKdWd9ViDiAg5xuRoatuNCNoqnBpYRtiHnY6VHfLA7q6LYRU21AH5ieEvhRsuxIktMoqe+tuG+FeLhhrEfnGH2C5Is/BGsfEivY/ZswcZQ0tq0F2T6O49c+RgksSrOgjMqATxn0k+xCzI0ymvYmIlBYQI7hyMB4Ojjmz0yb4CHCSAiZ5PE6mjCB72dHuIDekFWjl83JsPZ0tfU+EUjLChW1SOYlRXaiXNEaGoS+36uyTGn4iIB+7cXhIlLio1Q7TxDSgwH6l9/z06LpSolBKVyjNJpS/FB3k7q5cpoOKxG20sY1TQxMHwBhODZP9zZ2UJie905kS1ELIecS+2zncrUV+SIkorB6VqWBiF7B3YUmmsTbw67Tw41MQ77xT2f5r8c411g6CEZ988DoHo9mBhO34eMe2XwN2wA8EojWttg2g6TJTzFXEdQsLCXmmp4reQ0xGrpG1uhCX8UolZiLA6mfTspG6286J51UsJyxZ12nkXBZc0kXf8YCnT70DXl/YjlB6V68aB9tl8aQI4oFW1N6bRXRyrdwzFmCiRS1QfhyHlyt/is2rcXabNc6ugkKld2rqUNvTz0LUyUc7VwZCFFYXEGoqqrq0AzxPN9nalg4aDqQXRJfVG7iVba8OgBq4FIkWn1qJabHGb/vifjZdEIc7Z0D1VagqXmli499Jk//E5gQHERsxvTk9XITBW/ceyaxVteViaCVne4oX1iEXBYDjZD3FCZwLSKVzrb0w/KbsD6+dcyYkGK/EmngR8HJp1OD0zf2dPIa42qNyC+HmqoPYxlovY+u5y7hQqBVw4Y4v55jBlLsKN54LFu/Sp6WqUNkdasIlXULdveZn4vWDfrO579Zz6w0jc2QWC3jjiqXoD7PxxJ2SnKSJ1U3nnNvFFptIYoipGmSCbPynZp5jolNQGNYk7sfuDty6YmY3N62QobtETM1ZL1pHby+kNeL+ TAumOE1c /9BXe90iKclgcUkI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Jan 17, 2023 at 6:25 AM Michal Hocko wrote: > > On Mon 09-01-23 12:53:04, Suren Baghdasaryan wrote: > [...] > > void vm_area_free(struct vm_area_struct *vma) > > { > > free_anon_vma_name(vma); > > +#ifdef CONFIG_PER_VMA_LOCK > > + call_rcu(&vma->vm_rcu, __vm_area_free); > > +#else > > kmem_cache_free(vm_area_cachep, vma); > > +#endif > > Is it safe to have vma with already freed vma_name? I suspect this is > safe because of mmap_lock but is there any reason to split the freeing > process and have this potential UAF lurking? It should be safe because VMA is either locked or has been isolated while locked, so no page fault handlers should have access to it. But you are right, moving free_anon_vma_name() into __vm_area_free() does seem safer. Will make the change in the next rev. > > > } > > > > static void account_kernel_stack(struct task_struct *tsk, int account) > > -- > > 2.39.0 > > -- > Michal Hocko > SUSE Labs