From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1A587C6FA82
	for <linux-mm@archiver.kernel.org>; Tue, 13 Sep 2022 06:36:47 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 3797A6B0072; Tue, 13 Sep 2022 02:36:47 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3035E6B0073; Tue, 13 Sep 2022 02:36:47 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 107CE8D0001; Tue, 13 Sep 2022 02:36:47 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id EF4346B0072
	for <linux-mm@kvack.org>; Tue, 13 Sep 2022 02:36:46 -0400 (EDT)
Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id B8D581C638B
	for <linux-mm@kvack.org>; Tue, 13 Sep 2022 06:36:46 +0000 (UTC)
X-FDA: 79906104012.08.1208E5D
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32])
	by imf12.hostedemail.com (Postfix) with ESMTP id 2C6AF400B7
	for <linux-mm@kvack.org>; Tue, 13 Sep 2022 06:36:45 +0000 (UTC)
Received: from pps.filterd (m0246629.ppops.net [127.0.0.1])
	by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28D3n1GZ016564;
	Tue, 13 Sep 2022 06:36:37 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc :
 subject : date : message-id : references : in-reply-to : content-type :
 content-id : content-transfer-encoding : mime-version; s=corp-2022-7-12;
 bh=lc7JFwDod5aZnuH1P9vNZOc2g09pPIGILo6eybbsBZo=;
 b=s4fh/63sHbkQ2QoMgztErbwHa/VCSA45FP4ZWnudNba7UfJcFBZBlYT/jWhRcnDU2J1Z
 4NgnI0evryov7zmmpA1MlXw9MyvzIMfbwWWEoWqiOmA/9WmAJUX15QK3mJGzM803F9Cq
 eDbBNBK6TXW4LDljj7Dyt+ZnsiCdQ8Br31anlvfXKKEQSMQxEypm59QB/m6yHR7CgcXB
 ReROdnN3skktJpvBP1ZTvQ531E0KwWhY479rEJ/oWVNoKOocL5bYpRHt8G49P0sbhCOE
 VgUcmvX5PFHFPBzRhpGjHpOfr9qZaFrTCUJrfRd9vNCugCJAfKjsF9xotUD104gqwoDc Bw== 
Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129])
	by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3jgjf9whbe-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 13 Sep 2022 06:36:37 +0000
Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
	by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 28D3XEvC016802;
	Tue, 13 Sep 2022 06:36:36 GMT
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2169.outbound.protection.outlook.com [104.47.59.169])
	by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3jgh13bcgg-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 13 Sep 2022 06:36:36 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ICecMQF7ef0ZuNCJj6BRE880llbcKHY+hy4xaHe/ffWEcmal+bBlycqo5gzP/gnFBlqILlVR3cx8/MlBIszKQV0fB+5uPNFnGaLJhhSL8VLoC2MolMh3PxYQGn1fAMhNqLy7BD/Bipa+Z/hn90NDfS7SLeDqV51JVsA+5fa7vCIzAubtjmT6Pw78mA7Ev78aYlX/pbS+m9ebNe5/YlBAQMcS31S4Wa2Sy8FrO2BSqK0BHCa7g99mM46Oqque9bZKsrMsUyL95sh8jbkN/tokMpLiBHkByeHAe42ypOjXHD0hnXRYKMQH13qTAGTe91CBCTVT+OTt0RKxLBNTpuKMig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=lc7JFwDod5aZnuH1P9vNZOc2g09pPIGILo6eybbsBZo=;
 b=kPOuR5FeOQd91VHT8ZXv0LsHzVcthz5hdtkKIvwocrLyP28oAUzlNQbgCQNDfnMXXoPRz+fowX/oOJZlPZXv6/w8AOEu/e/U3dvrIshzjpXX9n0pKLC6xQUhxeRfZ2EHmbOmIECOoqwUdjjovQHzSlJdgxdHxWgSYnkxYYMb24UCTJYxP4pV524hIYPo4gmHVvjLRP6vZYLEK+TGdK8A9kbilC2ViXogfUi73KWUwI7LsUWihRH8kC/qgEIukfoCKYCu6K/05Et8g1+ccat3vS8BuqolvZdzYEcZd0b4OdvIgqQ8iT5tZb5R2NISz9G8T7OXrFEOto+O7jjgmeKuNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com;
 dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=lc7JFwDod5aZnuH1P9vNZOc2g09pPIGILo6eybbsBZo=;
 b=rAxeuWw4d9vAwefohQpa5OBFLD4qYhKcjNPaeGV5uh8AtSN3MlXzmTQGKVvdOWOsClF6mdGOPm7fLQOPyD6dlBqgxhB6nVxoA238rGfRE/Fgfo2FYBRu+StlMVySAs7/7UyC9a7+VyGOk+8ZGJ9rqwQHzXGfa69HykvMVxBQnJ4=
Received: from SN6PR10MB3022.namprd10.prod.outlook.com (2603:10b6:805:d8::25)
 by DS0PR10MB6824.namprd10.prod.outlook.com (2603:10b6:8:11f::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.20; Tue, 13 Sep
 2022 06:36:34 +0000
Received: from SN6PR10MB3022.namprd10.prod.outlook.com
 ([fe80::a420:3107:436d:d223]) by SN6PR10MB3022.namprd10.prod.outlook.com
 ([fe80::a420:3107:436d:d223%5]) with mapi id 15.20.5612.022; Tue, 13 Sep 2022
 06:36:34 +0000
From: Liam Howlett <liam.howlett@oracle.com>
To: Carlos Llamas <cmllamas@google.com>
CC: Suren Baghdasaryan <surenb@google.com>,
        Andrew Morton
	<akpm@linux-foundation.org>,
        Michal Hocko <mhocko@suse.com>, Guenter Roeck
	<groeck@chromium.org>,
        Douglas Anderson <dianders@chromium.org>,
        Christian
 Brauner <brauner@kernel.org>,
        Greg Kroah-Hartman
	<gregkh@linuxfoundation.org>,
        "linux-mm@kvack.org" <linux-mm@kvack.org>
Subject: Re: BUG in binder_vma_close() at mmap_assert_locked() in stable v5.15
Thread-Topic: BUG in binder_vma_close() at mmap_assert_locked() in stable
 v5.15
Thread-Index: AQHYw8GSRu3S8yYI4UuNi0xoSTeCwa3WHqEAgAFghYCAAAezAIAEqHkAgAC/dYA=
Date: Tue, 13 Sep 2022 06:36:33 +0000
Message-ID: <20220913063625.3hgghufytudm6x4p@revolver>
References: <YxpQaio7xm3z9TUw@google.com>
 <CAJuCfpEtQKb3UKuWBxE+S=PrcYyLRe1jF8ashjAXm+9kxAuERg@mail.gmail.com>
 <YxuVh9lhMKKO0qW+@google.com>
 <CAJuCfpE-UirnCEzQGeREGnA08QA2rUwnoB8VNT23+C9Ktwr4+A@mail.gmail.com>
 <Yx+ETrzRWGZSIq+m@google.com>
In-Reply-To: <Yx+ETrzRWGZSIq+m@google.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN6PR10MB3022:EE_|DS0PR10MB6824:EE_
x-ms-office365-filtering-correlation-id: a5e75d38-55ba-4f7d-b2b5-08da95524d26
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 JViyuD1EtnHZaCDUf8thmaxu+ArLsv+hS3e/BfA9kl9Hd9Pdo2jTtdIWZHLRwo/+nM44czt+KYVh3buDfAqvZ30VzmXglj0Jt/EUci2nQ3O3LZu+WMJlWvA5FoQBIrpH1cqXUKHXhp/6o5IiKy8wH4WGW4pWrRuWPvSZpD15Q/vp1tQY6l4/HKB0sJBdRmQ1r63A5gKYsk85ht8NvaZ+czkjlP0/EF44lWD4MF878LvJAf6H8GZiZ9G8un7n8tVVPaJt+QbV/ZnIl/Yl08pr54Gk8M/ymeY/M/wYTH82wP5oLcMkkk3xUFyuaMYrpV1Zwwx9VA0+tnVxxs6f8IERUsxF5r2z7h2nf70nUgXNuH3kaufyV52+FCpT0S5i1gTWK+j0iwpr3XX19GEGQN3qu0FtepbK5euW5d9AJayiskqXIOqvYMyNSdSqjew8vAao4ss5fBpUTwpLgh5iks2Fd6dz8ktjgCmeKLSdJSeXGFG4mVBBPXpqVngmXfbf/wADY7JxS7hkEZpX32wMrETYWLP0kAMdxys/tfBQB8HNn34XqzNpF5dUtVkT7iOLy30Sz24WPduNn2FLwcttY8jOb0WpWggNAeFdcY/sLkX9SylV23aRXdCuCCtOudCpmYF8hJyIYm2TFlBqpzfTpB3ZJiog7Kiwb/iQw7mN2B0gFsBc4MDCCtc9aqp7RGMurfED7X069dyYjdWxg8V5IjM2k1sGA3x6l0pUx/bCWJ9D50lhQE9Aajb+tsrI5JwPbGBqt2MNolcFzNy/t4vod/XeGf7vqh09/yvBBPSlBi67lO0=
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR10MB3022.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(7916004)(396003)(39860400002)(136003)(346002)(376002)(366004)(451199015)(122000001)(53546011)(26005)(5660300002)(316002)(186003)(83380400001)(38070700005)(478600001)(9686003)(6512007)(86362001)(6916009)(966005)(6486002)(4326008)(64756008)(8676002)(1076003)(41300700001)(66476007)(44832011)(76116006)(66946007)(66446008)(66556008)(91956017)(6506007)(33716001)(8936002)(38100700002)(54906003)(2906002)(71200400001);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?us-ascii?Q?OPiAPCsnAXP5AgqdDgaYSxIiTvT41HL/ITHS6IWQrMDyLRte16J7OKNnSizk?=
 =?us-ascii?Q?d/sZ+uQGv4YI2BbzmGcHIBeC04t95316h6J5AJ0Gvdoq0A4O+3SnaHLLeZVC?=
 =?us-ascii?Q?SlT5uXJtaMS6IyyF7WpDa2QH9MtLh2+MVbO3y2c4dBD493XXQofZIlntcohw?=
 =?us-ascii?Q?b19ZHCBR3VXnECrAMNMaaRyMgjhXSO7PHYuSoxjTY4Vb5Fmj7D1Rl6M673MS?=
 =?us-ascii?Q?zmiYnX+Ib5py+r/2OchLPb7Ojidm4T4iJEsH8/6Db3B97ajl3G3cacXgTahY?=
 =?us-ascii?Q?WnUZZgLk/VCUeb0llQHAqOdY4gFcJqDUNU/3x5CzFP9Dua4ztax7aol0Xprj?=
 =?us-ascii?Q?o0dhs+9zehxw+EWZO74oimNIv2Yy5iRhXwSQHTrsM9ijS3ZlXLxWYDUsRvn0?=
 =?us-ascii?Q?p+33FTWKtX7A4OwRvgLD3gWAWx9K0/fQzmpsRQBaTSFTWGsNfs+TG76eac8n?=
 =?us-ascii?Q?uueadiRmhs38ZVKwQsWN3jGkQWKkGHkAOeGjVM10KOPZCEGqabu3Z3FtdBTI?=
 =?us-ascii?Q?ztY7nwT39Qzhx9K5VOXq09XwCrIaBpwur/se3chC10RA+Ii6054cjq04E/HE?=
 =?us-ascii?Q?m/4V/N/WW5JVLzusLgGW/UGjZ9P7FPOQFEmZLEKsMnytOyvF1xQtzFJFz81G?=
 =?us-ascii?Q?ZGLwqTJuwMlnw3orY8IIbZu3RI8/fwCoJX/RQ3gm1510v8z7XMx5oRS/8w7q?=
 =?us-ascii?Q?EDgRYP81o27/IcgOXhDy9fImvaBUrS1LEzP/Q9cOWB2Xhoc6MzX6B5i9SAcN?=
 =?us-ascii?Q?6Ypn7cOsOTL5ExUrrEX3kKGe2waeN6CRBvV6UUy0q4cgVui22Ne0GEy5BvfJ?=
 =?us-ascii?Q?yZsJV3Cp87k/Pg2mFQYK1agI9Uj/UVlPwzcMHvdUpV2N2jMZaFZI6sugJ/4H?=
 =?us-ascii?Q?v6RGzIb9IE/aEXXOoE+EUBelHB7Sweeity5LLEhJBwCj1QlKoSxQ4/w047w8?=
 =?us-ascii?Q?2QuT24g81LsEkNYQYKk8Rx+9J29evQyzGyUuUpN5UUBS+hsHAag/ZicwVy+Y?=
 =?us-ascii?Q?3UC0bDPZSw2oPtQJdzboY/s3e9VrscfZDORUMpcH+i+HMyX8pcWmAD7skPBY?=
 =?us-ascii?Q?nq92q7CgjMwcf+d0YtrC3AN8gF5NyYF5NRWmdWqVbWfm6VF8O2PXZ1tb9TA6?=
 =?us-ascii?Q?3uvRWQNJgb1u9ORVwFGYJT1e4z7iCjwsz2tp3tQOtm6Ky08IrakXFRt921XW?=
 =?us-ascii?Q?57ogAot8LLO8u87ZlWtFNspVOIc8i/haPgSbUGmyQUCOadM4L6n2/HmtD1fP?=
 =?us-ascii?Q?jyGGZE3PiajYFiiMcGdpnLFicVdSFYtFvub18Lh4jkbOHg4jxPXHP0GNthI4?=
 =?us-ascii?Q?hKGItI1FFuKpLkrxb4+1TphXc1ePvy6JU5C6lKZG6YQpy/2cMnZL/JqO49kg?=
 =?us-ascii?Q?eJ5NsZtED08Jud6Z0iT8C9evYx4UOivhcWbmU/BL8T8t8G5rBauB0Ehl7S/D?=
 =?us-ascii?Q?zCq+177qo4/eKSrbvHUE6D9zTHbKPk91mkcq2681MuTCFXNdKWBXIO+gHiVJ?=
 =?us-ascii?Q?VwiY9tlTThCmRbmdlaj1/Noxaarrez9tXgztEizmdQvWaaxl1NQ3LLCcqwjx?=
 =?us-ascii?Q?qzwPC6zuNDgLYACSiI2RUpYjezf7wO7iQPQD1vvZXSGaC5t4b5lvpS6MTdBb?=
 =?us-ascii?Q?ZQ=3D=3D?=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <B675747BA1BE134DA4FE1C17B69F1E40@namprd10.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR10MB3022.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a5e75d38-55ba-4f7d-b2b5-08da95524d26
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2022 06:36:33.9960
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iZ4qExHtoFR9L8J7U7loUhV8Gq6cp4e7n09TRD0vtlh6FXYkDHJXFaA8KT+ddeKa/KVJSV+CZKduOQzOlYpD+Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR10MB6824
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1
 definitions=2022-09-13_02,2022-09-12_02,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 suspectscore=0
 mlxscore=0 spamscore=0 mlxlogscore=999 adultscore=0 phishscore=0
 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2207270000 definitions=main-2209130028
X-Proofpoint-GUID: hltxOwIEc7cu2VOlsXBODT0X0pgC02f4
X-Proofpoint-ORIG-GUID: hltxOwIEc7cu2VOlsXBODT0X0pgC02f4
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1663051006;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=lc7JFwDod5aZnuH1P9vNZOc2g09pPIGILo6eybbsBZo=;
	b=I2tGsm0Nv1nhC49LkgAjnPfL8lKFglcBMIjvd6CKEfEkMshCKAgEuFbW8HHEjXHADjVCMp
	dXUvxO212/EQxyjjMCgmKcwTOiccekzJUaHi9uHBSOB/4uCniAAmHl/fVHkgtmTKYYO/Kn
	jL3k3Oo65FkOJt+MTz57jSsZUu+H2co=
ARC-Authentication-Results: i=2;
	imf12.hostedemail.com;
	dkim=pass header.d=oracle.com header.s=corp-2022-7-12 header.b="s4fh/63s";
	dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=rAxeuWw4;
	spf=pass (imf12.hostedemail.com: domain of liam.howlett@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=liam.howlett@oracle.com;
	arc=pass ("microsoft.com:s=arcselector9901:i=1");
	dmarc=pass (policy=none) header.from=oracle.com
ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1663051006; a=rsa-sha256;
	cv=pass;
	b=CJTYLmf5nmmK1XFfadqF55rz4/gfF6osL4d4K4+u4UXqhS6ElCvL6jGmKgkmmNSAXoKhHp
	hc8Y2rLCy1HeF2RFvKmvAfuVWVUfAr06hOahU34yszsM/VB4PVGoo+sJcJBdUFFgDs1Z/K
	IRuJOOAUz3nPXROuqHmzj6ohJQqII3s=
X-Stat-Signature: b7r9xzzjquffr3kosa4b86syc91z4i64
X-Rspamd-Queue-Id: 2C6AF400B7
Authentication-Results: imf12.hostedemail.com;
	dkim=pass header.d=oracle.com header.s=corp-2022-7-12 header.b="s4fh/63s";
	dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=rAxeuWw4;
	spf=pass (imf12.hostedemail.com: domain of liam.howlett@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=liam.howlett@oracle.com;
	arc=pass ("microsoft.com:s=arcselector9901:i=1");
	dmarc=pass (policy=none) header.from=oracle.com
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-HE-Tag: 1663051005-854781
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

* Carlos Llamas <cmllamas@google.com> [220912 15:11]:
> On Fri, Sep 09, 2022 at 01:03:08PM -0700, Suren Baghdasaryan wrote:
> > On Fri, Sep 9, 2022 at 12:35 PM Carlos Llamas <cmllamas@google.com> wro=
te:
> > >
> > > Does this mean that users of async calls such as find_vma() can't rel=
y
> > > on mmap_lock to avoid racing with remove_vma()? I see the following
> > > pattern is used quite often:
> > >
> > >         mmap_read_lock(mm);
> > >         vma =3D find_vma(mm, addr);
> > >         [...]
> > >         mmap_read_unlock(mm);
> > >
> > > Is this not a real concern? I'd drop the asserts from binder and call=
 it
> > > a day. However, we would also need to fix our race with vm_ops->close=
().
> >=20
> > I think by the time exit_mmap() calls remove_vma() there can be no
> > other user of that mm to race with, even oom-reaper would have
> > finished by then (see:
> > https://elixir.bootlin.com/linux/v5.15.67/source/mm/mmap.c#L3157).
> > So, generally remove_vma() would be done under mmap_lock write
> > protection but in case of exit_mmap() that's not necessary. Michal,
> > please correct me if I'm wrong.
>=20
> I see, that makes more sense.
>=20
> Then it sounds to me like binder should be using mmget_not_zero() to
> serialize against exit_mmap() during these async calls. I'll have a
> closer look at this change.
>=20
> Also, we should drop the mmap_lock asserts in binder from v5.15 as the
> expectations there are incorrect. Again, this was done in [1], but for
> different reasons. We could simply amend a small note to the commit log
> with an accurate reason for the backport.
>=20
> Liam, wdyt?

It sounds like the binder_alloc vma_vm_mm is being used unsafely as
well?  I'd actually go the other way with this and try to add more
validation that are optimized out on production builds.  Since binder is
saving a pointer to the mm struct and was saving the vma ponter, we
should be very careful around how we use them. Is the mutex in
binder_alloc protection enough for the vma binder buffers uses?  How is
the close() not being called before the exit_mmap() path?

When you look at the mmget_not_zero() stuff, have a look at
binder_alloc_new_buf_locked().  I think it is unsafely using the
vma_vm_mm pointer without calling mmget_not_zero(), but the calling
function is rather large so I'm not sure.


>=20
> [1] https://lore.kernel.org/all/20220829201254.1814484-5-cmllamas@google.=
com/=