From: Suren Baghdasaryan <surenb@google.com>
To: stable@vger.kernel.org
Cc: gregkh@linuxfoundation.org, jannh@google.com,
ktkhai@virtuozzo.com, torvalds@linux-foundation.org, shli@fb.com,
namit@vmware.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, kernel-team@android.com,
surenb@google.com
Subject: [PATCH 0/5] 4.19 backports of fixes for "CoW after fork() issue"
Date: Thu, 1 Apr 2021 11:21:20 -0700 [thread overview]
Message-ID: <20210401182125.171484-1-surenb@google.com> (raw)
We received a report that the copy-on-write issue repored by Jann Horn in
https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 is still
reproducible on 4.14 and 4.19 kernels (the first issue with the reproducer
coded in vmsplice.c). I confirmed this and also that the issue was not
reproducible with 5.10 kernel. I tracked the fix to the following patch
introduced in 5.9 which changes the do_wp_page() logic:
09854ba94c6a 'mm: do_wp_page() simplification'
I backported this patch (#2 in the series) along with 2 prerequisite patches
(#1 and #4) that keep the backports clean and two followup fixes to the main
patch (#3 and #5). I had to skip the following fix:
feb889fb40fa 'mm: don't put pinned pages into the swap cache'
because it uses page_maybe_dma_pinned() which does not exists in earlier
kernels. Because pin_user_pages() does not exist there as well, I *think*
we can safely skip this fix on older kernels, but I would appreciate if
someone could confirm that claim.
The patchset cleanly applies over: stable linux-4.19.y, tag: v4.19.184
Note: 4.14 and 4.19 backports are very similar, so while I backported
only to these two versions I think backports for other versions can be
done easily.
Kirill Tkhai (1):
mm: reuse only-pte-mapped KSM page in do_wp_page()
Linus Torvalds (2):
mm: do_wp_page() simplification
mm: fix misplaced unlock_page in do_wp_page()
Nadav Amit (1):
mm/userfaultfd: fix memory corruption due to writeprotect
Shaohua Li (1):
userfaultfd: wp: add helper for writeprotect check
include/linux/ksm.h | 7 ++++
include/linux/userfaultfd_k.h | 10 ++++++
mm/ksm.c | 30 ++++++++++++++++--
mm/memory.c | 60 ++++++++++++++++-------------------
4 files changed, 73 insertions(+), 34 deletions(-)
--
2.31.0.291.g576ba9dcdaf-goog
next reply other threads:[~2021-04-01 19:22 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-01 18:21 Suren Baghdasaryan [this message]
2021-04-01 18:21 ` [PATCH 0/5] 4.19 backports of fixes for "CoW after fork() issue" Suren Baghdasaryan
2021-04-01 18:21 ` [PATCH 1/5] mm: reuse only-pte-mapped KSM page in do_wp_page() Suren Baghdasaryan
2021-04-01 18:21 ` Suren Baghdasaryan
2021-04-01 18:21 ` [PATCH 2/5] mm: do_wp_page() simplification Suren Baghdasaryan
2021-04-01 18:21 ` Suren Baghdasaryan
2021-04-01 18:21 ` [PATCH 3/5] mm: fix misplaced unlock_page in do_wp_page() Suren Baghdasaryan
2021-04-01 18:21 ` Suren Baghdasaryan
2021-04-01 18:21 ` [PATCH 4/5] userfaultfd: wp: add helper for writeprotect check Suren Baghdasaryan
2021-04-01 18:21 ` Suren Baghdasaryan
2021-04-01 18:21 ` [PATCH 5/5] mm/userfaultfd: fix memory corruption due to writeprotect Suren Baghdasaryan
2021-04-01 18:21 ` Suren Baghdasaryan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210401182125.171484-1-surenb@google.com \
--to=surenb@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=kernel-team@android.com \
--cc=ktkhai@virtuozzo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=namit@vmware.com \
--cc=shli@fb.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.