From: Jan Kara <jack@suse.cz>
To: Jerome Glisse <j.glisse@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
linux-nvdimm@lists.01.org, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org
Subject: Re: [PATCH 17/18] dax: Use radix tree entry lock to protect cow faults
Date: Tue, 19 Apr 2016 16:33:43 +0200 [thread overview]
Message-ID: <20160419143343.GC22413@quack2.suse.cz> (raw)
In-Reply-To: <20160419114609.GA13932@gmail.com>
On Tue 19-04-16 07:46:09, Jerome Glisse wrote:
> On Mon, Apr 18, 2016 at 11:35:40PM +0200, Jan Kara wrote:
> > diff --git a/mm/memory.c b/mm/memory.c
> > index 93897f23cc11..f09cdb8d48fa 100644
> > --- a/mm/memory.c
> > +++ b/mm/memory.c
> > @@ -63,6 +63,7 @@
> > #include <linux/dma-debug.h>
> > #include <linux/debugfs.h>
> > #include <linux/userfaultfd_k.h>
> > +#include <linux/dax.h>
> >
> > #include <asm/io.h>
> > #include <asm/mmu_context.h>
> > @@ -2785,7 +2786,8 @@ oom:
> > */
> > static int __do_fault(struct vm_area_struct *vma, unsigned long address,
> > pgoff_t pgoff, unsigned int flags,
> > - struct page *cow_page, struct page **page)
> > + struct page *cow_page, struct page **page,
> > + void **entry)
> > {
> > struct vm_fault vmf;
> > int ret;
> > @@ -2800,8 +2802,10 @@ static int __do_fault(struct vm_area_struct *vma, unsigned long address,
> > ret = vma->vm_ops->fault(vma, &vmf);
> > if (unlikely(ret & (VM_FAULT_ERROR | VM_FAULT_NOPAGE | VM_FAULT_RETRY)))
> > return ret;
> > - if (!vmf.page)
> > - goto out;
>
> Removing the above sounds seriously bogus to me as it means that below
> if (unlikely(PageHWPoison(vmf.page))) could dereference a NULL pointer.
If you do not return a valid page, you must return appropriate return code
from the ->fault handler. That being VM_FAULT_NOPAGE, VM_FAULT_DAX_LOCKED,
or some error. That has always been the case except for DAX abuse which was
added by commit 2e4cdab0584f "mm: allow page fault handlers to perform the
COW" about an year ago. And my patch fixes this abuse.
I'm not aware of any other code that would start abusing the return value
from the ->fault handler. If some such code indeed got merged during the
last year, it should be fixed as well.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
WARNING: multiple messages have this Message-ID (diff)
From: Jan Kara <jack@suse.cz>
To: Jerome Glisse <j.glisse@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-mm@kvack.org, Ross Zwisler <ross.zwisler@linux.intel.com>,
Dan Williams <dan.j.williams@intel.com>,
linux-nvdimm@lists.01.org, Matthew Wilcox <willy@linux.intel.com>
Subject: Re: [PATCH 17/18] dax: Use radix tree entry lock to protect cow faults
Date: Tue, 19 Apr 2016 16:33:43 +0200 [thread overview]
Message-ID: <20160419143343.GC22413@quack2.suse.cz> (raw)
In-Reply-To: <20160419114609.GA13932@gmail.com>
On Tue 19-04-16 07:46:09, Jerome Glisse wrote:
> On Mon, Apr 18, 2016 at 11:35:40PM +0200, Jan Kara wrote:
> > diff --git a/mm/memory.c b/mm/memory.c
> > index 93897f23cc11..f09cdb8d48fa 100644
> > --- a/mm/memory.c
> > +++ b/mm/memory.c
> > @@ -63,6 +63,7 @@
> > #include <linux/dma-debug.h>
> > #include <linux/debugfs.h>
> > #include <linux/userfaultfd_k.h>
> > +#include <linux/dax.h>
> >
> > #include <asm/io.h>
> > #include <asm/mmu_context.h>
> > @@ -2785,7 +2786,8 @@ oom:
> > */
> > static int __do_fault(struct vm_area_struct *vma, unsigned long address,
> > pgoff_t pgoff, unsigned int flags,
> > - struct page *cow_page, struct page **page)
> > + struct page *cow_page, struct page **page,
> > + void **entry)
> > {
> > struct vm_fault vmf;
> > int ret;
> > @@ -2800,8 +2802,10 @@ static int __do_fault(struct vm_area_struct *vma, unsigned long address,
> > ret = vma->vm_ops->fault(vma, &vmf);
> > if (unlikely(ret & (VM_FAULT_ERROR | VM_FAULT_NOPAGE | VM_FAULT_RETRY)))
> > return ret;
> > - if (!vmf.page)
> > - goto out;
>
> Removing the above sounds seriously bogus to me as it means that below
> if (unlikely(PageHWPoison(vmf.page))) could dereference a NULL pointer.
If you do not return a valid page, you must return appropriate return code
from the ->fault handler. That being VM_FAULT_NOPAGE, VM_FAULT_DAX_LOCKED,
or some error. That has always been the case except for DAX abuse which was
added by commit 2e4cdab0584f "mm: allow page fault handlers to perform the
COW" about an year ago. And my patch fixes this abuse.
I'm not aware of any other code that would start abusing the return value
from the ->fault handler. If some such code indeed got merged during the
last year, it should be fixed as well.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Jan Kara <jack@suse.cz>
To: Jerome Glisse <j.glisse@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-mm@kvack.org, Ross Zwisler <ross.zwisler@linux.intel.com>,
Dan Williams <dan.j.williams@intel.com>,
linux-nvdimm@lists.01.org, Matthew Wilcox <willy@linux.intel.com>
Subject: Re: [PATCH 17/18] dax: Use radix tree entry lock to protect cow faults
Date: Tue, 19 Apr 2016 16:33:43 +0200 [thread overview]
Message-ID: <20160419143343.GC22413@quack2.suse.cz> (raw)
In-Reply-To: <20160419114609.GA13932@gmail.com>
On Tue 19-04-16 07:46:09, Jerome Glisse wrote:
> On Mon, Apr 18, 2016 at 11:35:40PM +0200, Jan Kara wrote:
> > diff --git a/mm/memory.c b/mm/memory.c
> > index 93897f23cc11..f09cdb8d48fa 100644
> > --- a/mm/memory.c
> > +++ b/mm/memory.c
> > @@ -63,6 +63,7 @@
> > #include <linux/dma-debug.h>
> > #include <linux/debugfs.h>
> > #include <linux/userfaultfd_k.h>
> > +#include <linux/dax.h>
> >
> > #include <asm/io.h>
> > #include <asm/mmu_context.h>
> > @@ -2785,7 +2786,8 @@ oom:
> > */
> > static int __do_fault(struct vm_area_struct *vma, unsigned long address,
> > pgoff_t pgoff, unsigned int flags,
> > - struct page *cow_page, struct page **page)
> > + struct page *cow_page, struct page **page,
> > + void **entry)
> > {
> > struct vm_fault vmf;
> > int ret;
> > @@ -2800,8 +2802,10 @@ static int __do_fault(struct vm_area_struct *vma, unsigned long address,
> > ret = vma->vm_ops->fault(vma, &vmf);
> > if (unlikely(ret & (VM_FAULT_ERROR | VM_FAULT_NOPAGE | VM_FAULT_RETRY)))
> > return ret;
> > - if (!vmf.page)
> > - goto out;
>
> Removing the above sounds seriously bogus to me as it means that below
> if (unlikely(PageHWPoison(vmf.page))) could dereference a NULL pointer.
If you do not return a valid page, you must return appropriate return code
from the ->fault handler. That being VM_FAULT_NOPAGE, VM_FAULT_DAX_LOCKED,
or some error. That has always been the case except for DAX abuse which was
added by commit 2e4cdab0584f "mm: allow page fault handlers to perform the
COW" about an year ago. And my patch fixes this abuse.
I'm not aware of any other code that would start abusing the return value
from the ->fault handler. If some such code indeed got merged during the
last year, it should be fixed as well.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2016-04-19 14:33 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-18 21:35 [RFC v3] [PATCH 0/18] DAX page fault locking Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` [PATCH 01/18] ext4: Handle transient ENOSPC properly for DAX Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` [PATCH 02/18] ext4: Fix race in transient ENOSPC detection Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` [PATCH 03/18] DAX: move RADIX_DAX_ definitions to dax.c Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` [PATCH 04/18] dax: Remove complete_unwritten argument Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` [PATCH 05/18] ext2: Avoid DAX zeroing to corrupt data Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 16:30 ` Ross Zwisler
2016-04-29 16:30 ` Ross Zwisler
2016-04-29 16:30 ` Ross Zwisler
2016-04-18 21:35 ` [PATCH 06/18] dax: Remove dead zeroing code from fault handlers Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 16:48 ` Ross Zwisler
2016-04-18 21:35 ` [PATCH 07/18] ext4: Refactor direct IO code Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` [PATCH 08/18] ext4: Pre-zero allocated blocks for DAX IO Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 18:01 ` Ross Zwisler
2016-04-29 18:01 ` Ross Zwisler
2016-04-29 18:01 ` Ross Zwisler
2016-05-02 13:09 ` Jan Kara
2016-05-02 13:09 ` Jan Kara
2016-04-18 21:35 ` [PATCH 09/18] dax: Remove zeroing from dax_io() Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 18:56 ` Ross Zwisler
2016-04-29 18:56 ` Ross Zwisler
2016-04-18 21:35 ` [PATCH 10/18] dax: Remove pointless writeback from dax_do_io() Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 19:00 ` Ross Zwisler
2016-04-29 19:00 ` Ross Zwisler
2016-04-29 19:00 ` Ross Zwisler
2016-04-18 21:35 ` [PATCH 11/18] dax: Fix condition for filling of PMD holes Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 19:08 ` Ross Zwisler
2016-04-29 19:08 ` Ross Zwisler
2016-04-29 19:08 ` Ross Zwisler
2016-05-02 13:16 ` Jan Kara
2016-05-02 13:16 ` Jan Kara
2016-04-18 21:35 ` [PATCH 12/18] dax: Remove redundant inode size checks Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` [PATCH 13/18] dax: Make huge page handling depend of CONFIG_BROKEN Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 19:53 ` Ross Zwisler
2016-04-29 19:53 ` Ross Zwisler
2016-05-02 13:19 ` Jan Kara
2016-05-02 13:19 ` Jan Kara
2016-05-02 13:19 ` Jan Kara
2016-04-18 21:35 ` [PATCH 14/18] dax: Define DAX lock bit for radix tree exceptional entry Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 20:03 ` Ross Zwisler
2016-04-29 20:03 ` Ross Zwisler
2016-04-29 20:03 ` Ross Zwisler
2016-04-18 21:35 ` [PATCH 15/18] dax: Allow DAX code to replace exceptional entries Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-29 20:29 ` Ross Zwisler
2016-04-29 20:29 ` Ross Zwisler
2016-04-18 21:35 ` [PATCH 16/18] dax: New fault locking Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-27 4:27 ` NeilBrown
2016-04-27 4:27 ` NeilBrown
2016-05-06 4:13 ` Ross Zwisler
2016-05-06 4:13 ` Ross Zwisler
2016-05-06 4:13 ` Ross Zwisler
2016-05-10 12:27 ` Jan Kara
2016-05-10 12:27 ` Jan Kara
2016-05-11 19:26 ` Ross Zwisler
2016-05-11 19:26 ` Ross Zwisler
2016-05-12 7:58 ` Jan Kara
2016-05-12 7:58 ` Jan Kara
2016-04-18 21:35 ` [PATCH 17/18] dax: Use radix tree entry lock to protect cow faults Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-19 11:46 ` Jerome Glisse
2016-04-19 11:46 ` Jerome Glisse
2016-04-19 11:46 ` Jerome Glisse
2016-04-19 14:33 ` Jan Kara [this message]
2016-04-19 14:33 ` Jan Kara
2016-04-19 14:33 ` Jan Kara
2016-04-19 15:19 ` Jerome Glisse
2016-04-19 15:19 ` Jerome Glisse
2016-04-19 15:19 ` Jerome Glisse
2016-04-19 15:19 ` Jerome Glisse
2016-04-18 21:35 ` [PATCH 18/18] dax: Remove i_mmap_lock protection Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-04-18 21:35 ` Jan Kara
2016-05-06 3:35 ` [RFC v3] [PATCH 0/18] DAX page fault locking Ross Zwisler
2016-05-06 3:35 ` Ross Zwisler
2016-05-06 20:33 ` Ross Zwisler
2016-05-06 20:33 ` Ross Zwisler
2016-05-09 9:38 ` Jan Kara
2016-05-09 9:38 ` Jan Kara
2016-05-09 9:38 ` Jan Kara
2016-05-10 15:28 ` Jan Kara
2016-05-10 15:28 ` Jan Kara
2016-05-10 15:28 ` Jan Kara
2016-05-10 20:30 ` Ross Zwisler
2016-05-10 20:30 ` Ross Zwisler
2016-05-10 20:30 ` Ross Zwisler
2016-05-10 22:39 ` Ross Zwisler
2016-05-10 22:39 ` Ross Zwisler
2016-05-11 9:19 ` Jan Kara
2016-05-11 9:19 ` Jan Kara
2016-05-11 9:19 ` Jan Kara
2016-05-11 15:52 ` Ross Zwisler
2016-05-11 15:52 ` Ross Zwisler
2016-05-11 15:52 ` Ross Zwisler
2016-05-09 21:28 ` Verma, Vishal L
2016-05-10 11:52 ` Jan Kara
2016-05-10 11:52 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160419143343.GC22413@quack2.suse.cz \
--to=jack@suse.cz \
--cc=j.glisse@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.