From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 93EB8C5B543
	for <linux-mm@archiver.kernel.org>; Thu,  5 Jun 2025 12:30:49 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 17C956B059C; Thu,  5 Jun 2025 08:30:49 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 105386B05A0; Thu,  5 Jun 2025 08:30:49 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id F0F8F6B05AC; Thu,  5 Jun 2025 08:30:48 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id C97436B059C
	for <linux-mm@kvack.org>; Thu,  5 Jun 2025 08:30:48 -0400 (EDT)
Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 6D6951205D2
	for <linux-mm@kvack.org>; Thu,  5 Jun 2025 12:30:48 +0000 (UTC)
X-FDA: 83521280976.05.F57E55C
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])
	by imf06.hostedemail.com (Postfix) with ESMTP id 08800180010
	for <linux-mm@kvack.org>; Thu,  5 Jun 2025 12:30:45 +0000 (UTC)
Authentication-Results: imf06.hostedemail.com;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=tGtr2Dy3;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=IeK+w307;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=F6TWfQsw;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=zXpyJk0M;
	spf=pass (imf06.hostedemail.com: domain of pfalcato@suse.de designates 195.135.223.131 as permitted sender) smtp.mailfrom=pfalcato@suse.de;
	dmarc=pass (policy=none) header.from=suse.de
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1749126646;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=YAgu98E1bIifkTUOiXNpdPWPnGDf9XZuLBI7jjfvBBg=;
	b=tWqyoGF2veYqRdmMeEzibRSOcfjI4E/TiSX4UByKY2+lCqrVR0hXDCQ7v4WTnJxCKBHY9U
	fYhiFX/GhjURxMv5fwPHwMFdYsIhEInWsZ+JIeouPvsHzr7iJyRZLZbYXdjUFVxIdo+Vav
	NFAjZvokfXQQvFYvpD2OoQch/qlLzvU=
ARC-Authentication-Results: i=1;
	imf06.hostedemail.com;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=tGtr2Dy3;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=IeK+w307;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=F6TWfQsw;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=zXpyJk0M;
	spf=pass (imf06.hostedemail.com: domain of pfalcato@suse.de designates 195.135.223.131 as permitted sender) smtp.mailfrom=pfalcato@suse.de;
	dmarc=pass (policy=none) header.from=suse.de
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749126646; a=rsa-sha256;
	cv=none;
	b=vJu7YXaPINr+fUpERRNk7r/f85hocHvHCEgIrok+GxxMcVjQA0wve5vnnCZHTVNOYmGAci
	Bvg/Pb7phibRbdjIBChwvnwfff0orEUx8Tce1cJ+yeUKsk9aEU7owta1w5G8pHUW0aEzCG
	oT2Ebn62HTTxR5kKytepqDBGK13yEuo=
Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id DCCDC5C1F6;
	Thu,  5 Jun 2025 12:30:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1749126644; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=YAgu98E1bIifkTUOiXNpdPWPnGDf9XZuLBI7jjfvBBg=;
	b=tGtr2Dy3C/GpKweEEI9DHbgUKTTNhfhiqJgbj75tlgEAJNn6W8ySsORuvzeXfHiXOgABAo
	o4KE9hX4Rn5z3PMa+bUbwTClWS3FGsFL1YIIzAkJjfnXrJ9Hkyow7SutdUu1QTkzJNQ6o4
	gjRISWBYD/pZtAN0JTuZ0XITB+ucByc=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1749126644;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=YAgu98E1bIifkTUOiXNpdPWPnGDf9XZuLBI7jjfvBBg=;
	b=IeK+w3075fMh+8B7J58UiOjp9Isy7/MAqGRTPgI/g85DaIUIDVUuGlGVtVqhq0VTEXezMT
	kD0kezbdSQmtukBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1749126643; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=YAgu98E1bIifkTUOiXNpdPWPnGDf9XZuLBI7jjfvBBg=;
	b=F6TWfQswfJZexme0kiCnKgKFSCP0akK6Yov5eQ6pZ/WiDPCn2Ttp5ByY9d2jCUf25tZyGt
	YSJE5QCp4ydpnNz8dyPrNN1YKbnP68QPIe545zIpJ+R9jhRGvgD0wmabvYrNIPS3VtkVAh
	DwG68iN5V4k6qdh6x2IaF4ibtacV2oQ=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1749126643;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=YAgu98E1bIifkTUOiXNpdPWPnGDf9XZuLBI7jjfvBBg=;
	b=zXpyJk0Mlc3IihdBf2SNSsA8wthXdxSB6O3sKt5WQ3o6r/J3GKTWQVwMKcJCi847iqFOWQ
	xVMQUhfjznO6vlBA==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 132EA137FE;
	Thu,  5 Jun 2025 12:30:43 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id wxpmAfONQWgbHgAAD6G6ig
	(envelope-from <pfalcato@suse.de>); Thu, 05 Jun 2025 12:30:43 +0000
Date: Thu, 5 Jun 2025 13:30:37 +0100
From: Pedro Falcato <pfalcato@suse.de>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Jann Horn <jannh@google.com>, 
	Andrew Morton <akpm@linux-foundation.org>, David Hildenbrand <david@redhat.com>, 
	Lorenzo Stoakes <lorenzo.stoakes@oracle.com>, "Liam R. Howlett" <Liam.Howlett@oracle.com>, 
	Mike Rapoport <rppt@kernel.org>, Suren Baghdasaryan <surenb@google.com>, 
	Michal Hocko <mhocko@suse.com>, linux-mm@kvack.org, Peter Xu <peterx@redhat.com>, 
	linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH 1/2] mm/memory: ensure fork child sees coherent memory
 snapshot
Message-ID: <tvlqhsldouhdocdf3zsgepv4klq4646yuafsls67n6bwntsnb4@ucsrfbweeumv>
References: <20250603-fork-tearing-v1-0-a7f64b7cfc96@google.com>
 <20250603-fork-tearing-v1-1-a7f64b7cfc96@google.com>
 <ba208d76-7992-4c70-be8f-49082001f194@suse.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ba208d76-7992-4c70-be8f-49082001f194@suse.cz>
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 08800180010
X-Stat-Signature: 6d6kha8pzea1bec6fw9igeejh63xm6of
X-Rspam-User: 
X-HE-Tag: 1749126645-622150
X-HE-Meta: U2FsdGVkX18BQLGeA1jcsqhnu2B2ymuW0X1yaRDuL1vxwlr2Xc2k/SsH6upK4xtD8v5bp8+bx24OG5qyPiWCciziQ8UtPR0zYoO8hlwysYFtPiQj0wDjA0qd11m6zoC+FCtQrmQYXpjCA0OBhLL11yWg1uSpaKI5Qst5u9Z8EEOhGplqWP7KLRd9vcOSTXu7/9ROg63G7NfZ6j75NmkNUg76w+IivtrRu4nUKN+GBAPcuRj0nKkK58KpBlTydDBinKcDBcmE2ELchv/QCRhCptkdkY/lwhGf9u2vEFyOWaIyVq0zDkv4l0bh+i2QHvU1GP6jGveUWD20RXxVEuYl+TsYGm8ktnD0Z2P5ZSTMZVB99D0I7axDEmFiAqe2C3koTe5AgBF1ysgjDdEE//++w0vA+SCqaKGWveOavjzDSNDWsQdcgRTBykbswcvbHTX/3c+4FhAgrRqjmd+AxPl1vSg9vJLUlRWFrew/geRvgJGIFm1KMtOS2PB2kXtsFCoMkwJJhfgk3pfAWfOLjUxHBwNmgMgfrv0RK4INJRhncW8CQaYJkO5HT+tZ43gnS/FVwaVhoajr7oLnmm3FD2CLjuEltogONvu58UhRoM1OomuEYilydEJNei39LL08TwqGXPpEBh/n+w3uS8PKHAMiEDQSHaN9I+zFjelyljGvSo9Vb4lMZILCofTiFC5XiPlrqrEjg69f0Jv78c/+VMGDtuwvchLXJ/mIYVf9YhCz5DekYw9b0dXsBf/R5RYgov2W1lk3CEjYY1hQ+vI+fGnvtm0B/wgMrFajIs6T3WR1BJf4DxPuNns/AYl2lM0cNsj546DfhFxnMAaJEjCzgnKkQYIgl7jVVhl4Do+/agd16GT03aBDIEGjLVuSi6PFZr7wiVmS5Fxp+ccyZGPxwn6WaYh8RrTIKeEp/im4iXXxyhBOhUNOATMe+OO6/6nxAB7EQFTF1xsT5EGQ+hFdhEv
 adAYn0H8
 rGQtPoLTHlWzWuFdf1H/Eo64ICoJ8IOnK15M/eisQ6Xc4bNdeOO9niMuRX0vfUEDB6VSCsoOIwSO7L+U3RTmtTltWscJkUQF3d3P4OAiMJrXzF5QoU07bAca7M1N60doEWJOZyLpxZ6ypQXzvuJnyqOv26uYKCILxFQydr428czIxtKsPzoX/8br6jvZlHDo+qcOvOb8UlfzWLdkGzbPU+TzfmXU4A0kM5Ko7Pr++PLyv4qFlWwXPedhHa9wuAOAf2GSDeZcZhuvXvevr+9gcNPBs/yAJm1TeQHKhqUxlVQQFk3szv0M8YA0NA26zGYkG+dwc3iFi9Raw0QqB7lE7SP3YMacWX+Is2Mvh
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Thu, Jun 05, 2025 at 09:33:24AM +0200, Vlastimil Babka wrote:
> On 6/3/25 20:21, Jann Horn wrote:
> > When fork() encounters possibly-pinned pages, those pages are immediately
> > copied instead of just marking PTEs to make CoW happen later. If the parent
> > is multithreaded, this can cause the child to see memory contents that are
> > inconsistent in multiple ways:
> > 
> > 1. We are copying the contents of a page with a memcpy() while userspace
> >    may be writing to it. This can cause the resulting data in the child to
> >    be inconsistent.
> > 2. After we've copied this page, future writes to other pages may
> >    continue to be visible to the child while future writes to this page are
> >    no longer visible to the child.
> > 
> > This means the child could theoretically see incoherent states where
> > allocator freelists point to objects that are actually in use or stuff like
> > that. A mitigating factor is that, unless userspace already has a deadlock
> > bug, userspace can pretty much only observe such issues when fancy lockless
> > data structures are used (because if another thread was in the middle of
> > mutating data during fork() and the post-fork child tried to take the mutex
> > protecting that data, it might wait forever).
> > 
> > On top of that, this issue is only observable when pages are either
> > DMA-pinned or appear false-positive-DMA-pinned due to a page having >=1024
> > references and the parent process having used DMA-pinning at least once
> > before.
> 
> Seems the changelog seems to be missing the part describing what it's doing
> to fix the issue? Some details are not immediately obvious (the writing
> threads become blocked in page fault) as the conversation has shown.
> 
> > Fixes: 70e806e4e645 ("mm: Do early cow for pinned pages during fork() for ptes")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Jann Horn <jannh@google.com>
> 
> Given how the fix seems to be localized to the already rare slowpath and
> doesn't require us to pessimize every trivial fork(), it seems reasonable to
> me even if don't have a concrete example of a sane code in the wild that's
> broken by the current behavior, so:
> 
> Acked-by: Vlastimil Babka <vbabka@suse.cz>

Acked-by: Pedro Falcato <pfalcato@suse.de>

-- 
Pedro