From: Peter Zijlstra <a.p.zijlstra@chello.nl> To: Andrea Arcangeli <aarcange@redhat.com>, Avi Kivity <avi@redhat.com>, Thomas Gleixner <tglx@linutronix.de>, Rik van Riel <riel@redhat.com>, Ingo Molnar <mingo@elte.hu>, akpm@linux-foundation.org, Linus Torvalds <torvalds@linux-foundation.org> Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Benjamin Herrenschmidt <benh@kernel.crashing.org>, David Miller <davem@davemloft.net>, Hugh Dickins <hugh.dickins@tiscali.co.uk>, Mel Gorman <mel@csn.ul.ie>, Nick Piggin <npiggin@suse.de>, Peter Zijlstra <a.p.zijlstra@chello.nl> Subject: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_anon_vma() Date: Thu, 08 Apr 2010 21:17:39 +0200 [thread overview] Message-ID: <20100408192722.687144862@chello.nl> (raw) In-Reply-To: 20100408191737.296180458@chello.nl [-- Attachment #1: mm-page_lock_anon_vma.patch --] [-- Type: text/plain, Size: 1779 bytes --] There is nothing preventing the anon_vma from being detached while we are spinning to acquire the lock. Most (all?) current users end up calling something like vma_address(page, vma) on it, which has a fairly good chance of weeding out wonky vmas. However suppose the anon_vma got freed and re-used while we were waiting to acquire the lock, and the new anon_vma fits with the page->index (because that is the only thing vma_address() uses to determine if the page fits in a particular vma, we could end up traversing faulty anon_vma chains. Close this hole for good by re-validating that page->mapping still holds the very same anon_vma pointer after we acquire the lock, if not be utterly paranoid and retry the whole operation (which will very likely bail, because it's unlikely the page got attached to a different anon_vma in the meantime). Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: Linus Torvalds <torvalds@linux-foundation.org> --- mm/rmap.c | 7 +++++++ 1 file changed, 7 insertions(+) Index: linux-2.6/mm/rmap.c =================================================================== --- linux-2.6.orig/mm/rmap.c +++ linux-2.6/mm/rmap.c @@ -294,6 +294,7 @@ struct anon_vma *page_lock_anon_vma(stru unsigned long anon_mapping; rcu_read_lock(); +again: anon_mapping = (unsigned long) ACCESS_ONCE(page->mapping); if ((anon_mapping & PAGE_MAPPING_FLAGS) != PAGE_MAPPING_ANON) goto out; @@ -302,6 +303,12 @@ struct anon_vma *page_lock_anon_vma(stru anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON); spin_lock(&anon_vma->lock); + + if (page_rmapping(page) != anon_vma) { + spin_unlock(&anon_vma->lock); + goto again; + } + return anon_vma; out: rcu_read_unlock();
WARNING: multiple messages have this Message-ID (diff)
From: Peter Zijlstra <a.p.zijlstra@chello.nl> To: Andrea Arcangeli <aarcange@redhat.com>, Avi Kivity <avi@redhat.com>, Thomas Gleixner <tglx@linutronix.de>, Rik van Riel <riel@redhat.com>, Ingo Molnar <mingo@elte.hu>, akpm@linux-fou Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Benjamin Herrenschmidt <benh@kernel.crashing.org>, David Miller <davem@davemloft.net>, Hugh Dickins <hugh.dickins@tiscali.co.uk>, Mel Gorman <mel@csn.ul.ie>, Nick Piggin <npiggin@suse.de>, Peter Zijlstra <a.p.zijlstra@chello.nl> Subject: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_anon_vma() Date: Thu, 08 Apr 2010 21:17:39 +0200 [thread overview] Message-ID: <20100408192722.687144862@chello.nl> (raw) In-Reply-To: 20100408191737.296180458@chello.nl [-- Attachment #1: mm-page_lock_anon_vma.patch --] [-- Type: text/plain, Size: 1777 bytes --] There is nothing preventing the anon_vma from being detached while we are spinning to acquire the lock. Most (all?) current users end up calling something like vma_address(page, vma) on it, which has a fairly good chance of weeding out wonky vmas. However suppose the anon_vma got freed and re-used while we were waiting to acquire the lock, and the new anon_vma fits with the page->index (because that is the only thing vma_address() uses to determine if the page fits in a particular vma, we could end up traversing faulty anon_vma chains. Close this hole for good by re-validating that page->mapping still holds the very same anon_vma pointer after we acquire the lock, if not be utterly paranoid and retry the whole operation (which will very likely bail, because it's unlikely the page got attached to a different anon_vma in the meantime). Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: Linus Torvalds <torvalds@linux-foundation.org> --- mm/rmap.c | 7 +++++++ 1 file changed, 7 insertions(+) Index: linux-2.6/mm/rmap.c =================================================================== --- linux-2.6.orig/mm/rmap.c +++ linux-2.6/mm/rmap.c @@ -294,6 +294,7 @@ struct anon_vma *page_lock_anon_vma(stru unsigned long anon_mapping; rcu_read_lock(); +again: anon_mapping = (unsigned long) ACCESS_ONCE(page->mapping); if ((anon_mapping & PAGE_MAPPING_FLAGS) != PAGE_MAPPING_ANON) goto out; @@ -302,6 +303,12 @@ struct anon_vma *page_lock_anon_vma(stru anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON); spin_lock(&anon_vma->lock); + + if (page_rmapping(page) != anon_vma) { + spin_unlock(&anon_vma->lock); + goto again; + } + return anon_vma; out: rcu_read_unlock();
next prev parent reply other threads:[~2010-04-08 19:32 UTC|newest] Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top 2010-04-08 19:17 [PATCH 00/13] mm: preemptibility -v2 Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-08 19:17 ` [PATCH 01/13] powerpc: Add rcu_read_lock() to gup_fast() implementation Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-08 20:31 ` Rik van Riel 2010-04-09 3:11 ` Nick Piggin 2010-04-13 1:05 ` Benjamin Herrenschmidt 2010-04-13 3:43 ` Paul E. McKenney 2010-04-14 13:51 ` Peter Zijlstra 2010-04-15 14:28 ` Paul E. McKenney 2010-04-16 6:54 ` Benjamin Herrenschmidt 2010-04-16 13:43 ` Paul E. McKenney 2010-04-16 13:43 ` Paul E. McKenney 2010-04-16 23:25 ` Benjamin Herrenschmidt 2010-04-16 13:51 ` Peter Zijlstra 2010-04-16 14:17 ` Paul E. McKenney 2010-04-16 14:23 ` Peter Zijlstra 2010-04-16 14:32 ` Paul E. McKenney 2010-04-16 14:56 ` Peter Zijlstra 2010-04-16 15:09 ` Paul E. McKenney 2010-04-16 15:14 ` Peter Zijlstra 2010-04-16 16:45 ` Paul E. McKenney 2010-04-16 19:37 ` Peter Zijlstra 2010-04-16 20:28 ` Paul E. McKenney 2010-04-18 3:06 ` James Bottomley 2010-04-18 13:55 ` Paul E. McKenney 2010-04-18 18:55 ` James Bottomley 2010-04-16 6:51 ` Benjamin Herrenschmidt 2010-04-16 8:18 ` Nick Piggin 2010-04-16 8:29 ` Benjamin Herrenschmidt 2010-04-16 9:22 ` Nick Piggin 2010-04-08 19:17 ` Peter Zijlstra [this message] 2010-04-08 19:17 ` [PATCH 02/13] mm: Revalidate anon_vma in page_lock_anon_vma() Peter Zijlstra 2010-04-08 20:50 ` Rik van Riel 2010-04-08 21:20 ` Andrew Morton 2010-04-08 21:54 ` Peter Zijlstra 2010-04-08 21:54 ` Peter Zijlstra 2010-04-09 2:19 ` KOSAKI Motohiro 2010-04-09 2:19 ` Minchan Kim 2010-04-09 3:16 ` Nick Piggin 2010-04-09 4:56 ` KAMEZAWA Hiroyuki 2010-04-09 6:34 ` KOSAKI Motohiro 2010-04-09 6:47 ` KAMEZAWA Hiroyuki 2010-04-09 7:29 ` KOSAKI Motohiro 2010-04-09 7:57 ` KAMEZAWA Hiroyuki 2010-04-09 8:03 ` KAMEZAWA Hiroyuki 2010-04-09 8:24 ` KAMEZAWA Hiroyuki 2010-04-09 8:01 ` Minchan Kim 2010-04-09 8:17 ` KOSAKI Motohiro 2010-04-09 14:41 ` mlock and pageout race? Minchan Kim 2010-04-09 8:44 ` [PATCH 02/13] mm: Revalidate anon_vma in page_lock_anon_vma() Peter Zijlstra 2010-05-24 19:32 ` Andrew Morton 2010-05-25 9:01 ` Peter Zijlstra 2010-04-09 12:57 ` Peter Zijlstra 2010-04-08 19:17 ` [PATCH 03/13] x86: Remove last traces of quicklist usage Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-08 20:51 ` Rik van Riel 2010-04-08 19:17 ` [PATCH 04/13] mm: Move anon_vma ref out from under CONFIG_KSM Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-09 12:35 ` Rik van Riel 2010-04-08 19:17 ` [PATCH 05/13] mm: Make use of the anon_vma ref count Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-09 7:04 ` Christian Ehrhardt 2010-04-09 9:57 ` Peter Zijlstra 2010-04-08 19:17 ` [PATCH 06/13] mm: Preemptible mmu_gather Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-09 3:25 ` Nick Piggin 2010-04-09 8:18 ` Peter Zijlstra 2010-04-09 20:36 ` Peter Zijlstra 2010-04-19 19:16 ` Peter Zijlstra 2010-04-08 19:17 ` [PATCH 07/13] powerpc: " Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-09 4:07 ` Nick Piggin 2010-04-09 8:14 ` Peter Zijlstra 2010-04-09 8:46 ` Nick Piggin 2010-04-09 9:22 ` Peter Zijlstra 2010-04-13 2:06 ` Benjamin Herrenschmidt 2010-04-13 1:56 ` Benjamin Herrenschmidt 2010-04-13 1:23 ` Benjamin Herrenschmidt 2010-04-13 10:22 ` Peter Zijlstra 2010-04-14 13:34 ` Peter Zijlstra 2010-04-14 13:51 ` Peter Zijlstra 2010-04-08 19:17 ` [PATCH 08/13] sparc: " Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-08 19:17 ` [PATCH 09/13] mm, powerpc: Move the RCU page-table freeing into generic code Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-09 3:35 ` Nick Piggin 2010-04-09 8:08 ` Peter Zijlstra 2010-04-08 19:17 ` [PATCH 10/13] lockdep, mutex: Provide mutex_lock_nest_lock Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-09 15:36 ` Rik van Riel 2010-04-08 19:17 ` [PATCH 11/13] mutex: Provide mutex_is_contended Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-09 15:37 ` Rik van Riel 2010-04-08 19:17 ` [PATCH 12/13] mm: Convert i_mmap_lock and anon_vma->lock to mutexes Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-08 19:17 ` [PATCH 13/13] mm: Optimize page_lock_anon_vma Peter Zijlstra 2010-04-08 19:17 ` Peter Zijlstra 2010-04-08 22:18 ` Paul E. McKenney 2010-04-09 8:35 ` Peter Zijlstra 2010-04-09 19:22 ` Paul E. McKenney 2010-04-08 20:29 ` [PATCH 00/13] mm: preemptibility -v2 David Miller 2010-04-08 20:35 ` Peter Zijlstra 2010-04-09 1:00 ` David Miller 2010-04-09 4:14 ` Nick Piggin 2010-04-09 8:35 ` Peter Zijlstra 2010-04-09 8:50 ` Nick Piggin 2010-04-09 8:58 ` Peter Zijlstra 2010-04-09 8:58 ` Martin Schwidefsky 2010-04-09 9:53 ` Peter Zijlstra 2010-04-09 9:03 ` David Howells 2010-04-09 9:22 ` Peter Zijlstra
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20100408192722.687144862@chello.nl \ --to=a.p.zijlstra@chello.nl \ --cc=aarcange@redhat.com \ --cc=akpm@linux-foundation.org \ --cc=avi@redhat.com \ --cc=benh@kernel.crashing.org \ --cc=davem@davemloft.net \ --cc=hugh.dickins@tiscali.co.uk \ --cc=linux-arch@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mel@csn.ul.ie \ --cc=mingo@elte.hu \ --cc=npiggin@suse.de \ --cc=riel@redhat.com \ --cc=tglx@linutronix.de \ --cc=torvalds@linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.