From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=6rh8=FZ=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 08EDDC433E0
	for <linux-mm@archiver.kernel.org>; Mon, 21 Dec 2020 23:46:43 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 6801B22AED
	for <linux-mm@archiver.kernel.org>; Mon, 21 Dec 2020 23:46:42 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6801B22AED
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 6C5F76B0073; Mon, 21 Dec 2020 18:46:41 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 64F9B6B0074; Mon, 21 Dec 2020 18:46:41 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4A2816B0075; Mon, 21 Dec 2020 18:46:41 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0088.hostedemail.com [216.40.44.88])
	by kanga.kvack.org (Postfix) with ESMTP id 2CF7E6B0073
	for <linux-mm@kvack.org>; Mon, 21 Dec 2020 18:46:41 -0500 (EST)
Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id EDEDE824999B
	for <linux-mm@kvack.org>; Mon, 21 Dec 2020 23:46:40 +0000 (UTC)
X-FDA: 77618926560.29.juice17_390eff32745b
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin29.hostedemail.com (Postfix) with ESMTP id D4BC3180868FB
	for <linux-mm@kvack.org>; Mon, 21 Dec 2020 23:46:40 +0000 (UTC)
X-HE-Tag: juice17_390eff32745b
X-Filterd-Recvd-Size: 5453
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178])
	by imf14.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon, 21 Dec 2020 23:46:40 +0000 (UTC)
Received: by mail-pf1-f178.google.com with SMTP id v2so7380595pfm.9
        for <linux-mm@kvack.org>; Mon, 21 Dec 2020 15:46:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=L+0JEMaoTQhD9jy4Rl8XAyjJSgO9j0YTaiOmnYpP02Y=;
        b=Ps04niOpFbu+NWVSJoYqYU1JpLcgUiedzqB4MZuSPChfBJj/qY2eq2FGHkG0oWY9Nz
         kPpkJ2l+8Q0ELMgCFzdpXGecfsBG6esd18k6EcrVRxAieSNuoVW0N3R6f8ko9NhtYk0s
         seX3dpcCiKXmfJnLRc1CC14BG6i+4AagCQAphesrN9ZGpU8ly4JPsq2jNvcvwy+EJNRJ
         ZhBE16Qhstk0MTTkYXrjueAHTbheqJ1qlnUvG8r0VhM6bQryq9uhC8E/zWBdC1s3LIdQ
         wygq/eNdZPucwNs/ES9BBRJfDhE6o6SWD9P2SgEo9d1RemPjjPhSB7wUqt4Zta2E8Tox
         htrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=L+0JEMaoTQhD9jy4Rl8XAyjJSgO9j0YTaiOmnYpP02Y=;
        b=lmThct6Kdfq/CbkyiPpKFIhG7GKhEpSq1D/A7HM9UqOc9qg9TJNWFQxrfdK/4/CjES
         6ADUksLcHQjYYeOFpC4YIWRU5s5mdkIki+YkI4usyVz1n9Q9gZOXFvDYTV/Pz1y3K4L5
         w/vBmLnz/i7aBc3mEm6n0tami5KdwMIqWib74Jp3ub8xt4pAY838CXaddBt2ouJXRy4z
         tIc2bWY/539XzOYFXH3md/hpLqh56OUBseObZwza2CgzAGpLeLsDcnqrvOpz7Yx40qPJ
         oe6L3FtCzHu6hVz3jExM3/FKVAQmBX5cKKT5BflZOrbrE+I6Zfr8qPHdeoEqbUOJL0gm
         tEYA==
X-Gm-Message-State: AOAM531aSovWAQJNHXgdAqw1rpbO2MJ+01PlCz6eIN3WIaseHJfnOqGv
	JP00tJ0EzB+A0FrsU+npTfo=
X-Google-Smtp-Source: ABdhPJyiRX/b5fEsU/ic1PlWfthrlm7MZHAoPC4HSmZNiGOvTuMo4An+knAyb8zfIJ+Mbm+bTMXSBQ==
X-Received: by 2002:a62:61c5:0:b029:1a9:5a82:4227 with SMTP id v188-20020a6261c50000b02901a95a824227mr17693431pfb.61.1608594399329;
        Mon, 21 Dec 2020 15:46:39 -0800 (PST)
Received: from ?IPv6:2601:647:4700:9b2:104c:8d35:de28:b8dc? ([2601:647:4700:9b2:104c:8d35:de28:b8dc])
        by smtp.gmail.com with ESMTPSA id c62sm17710501pfa.116.2020.12.21.15.46.37
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 21 Dec 2020 15:46:38 -0800 (PST)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: [PATCH] mm/userfaultfd: fix memory corruption due to writeprotect
From: Nadav Amit <nadav.amit@gmail.com>
In-Reply-To: <CAHk-=wihkGVvXXQL_qSPWF6s4NJYWyEkq+D3CUWQf9H5V1jqtg@mail.gmail.com>
Date: Mon, 21 Dec 2020 15:46:33 -0800
Cc: Peter Xu <peterx@redhat.com>,
 Yu Zhao <yuzhao@google.com>,
 Andrea Arcangeli <aarcange@redhat.com>,
 linux-mm <linux-mm@kvack.org>,
 lkml <linux-kernel@vger.kernel.org>,
 Pavel Emelyanov <xemul@openvz.org>,
 Mike Kravetz <mike.kravetz@oracle.com>,
 Mike Rapoport <rppt@linux.vnet.ibm.com>,
 stable <stable@vger.kernel.org>,
 Minchan Kim <minchan@kernel.org>,
 Andy Lutomirski <luto@kernel.org>,
 Will Deacon <will@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BCB833E2-B5CD-4FE6-B788-43E5925F70DF@gmail.com>
References: <X97pprdcRXusLGnq@google.com>
 <DDA15360-D6D4-46A8-95A4-5EE34107A407@gmail.com>
 <20201221172711.GE6640@xz-x1>
 <76B4F49B-ED61-47EA-9BE4-7F17A26B610D@gmail.com>
 <X+D0hTZCrWS3P5Pi@google.com>
 <CAHk-=wg_UBuo7ro1fpEGkMyFKA1+PxrE85f9J_AhUfr-nJPpLQ@mail.gmail.com>
 <9E301C7C-882A-4E0F-8D6D-1170E792065A@gmail.com>
 <CAHk-=wg-Y+svNy3CDkJjj0X_CJkSbpERLg64-Vqwq5u7SC4z0g@mail.gmail.com>
 <X+ESkna2z3WjjniN@google.com>
 <1FCC8F93-FF29-44D3-A73A-DF943D056680@gmail.com>
 <20201221223041.GL6640@xz-x1>
 <B8095F3C-81E3-4AF9-A6A5-F597D51264BD@gmail.com>
 <CAHk-=wihkGVvXXQL_qSPWF6s4NJYWyEkq+D3CUWQf9H5V1jqtg@mail.gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

> On Dec 21, 2020, at 3:30 PM, Linus Torvalds =
<torvalds@linux-foundation.org> wrote:
>=20
> On Mon, Dec 21, 2020 at 2:55 PM Nadav Amit <nadav.amit@gmail.com> =
wrote:
>> So as an alternative solution, I can do copying under the PTL after
>> flushing, which seems to solve the problem.
>=20
> ...
> Note that the "Re-validate under PTL" code in cow_user_page() is *not*
> the "now we are installing the copy". No, that's actually for the
> "uhhuh, the copy using the virtual address outside the ptl failed, now
> we need to do something special=E2=80=9D.
> ...
> So are we sure the COW case is so special?
>=20
> I really think this is clearly just a userfaultfd bug that we hadn't
> realized until now, and had possibly been hidden by timings or other
> random stuff before.

Thanks for the detailed explanation. I think I got the COW parts =
correct,
but as you said, I am completely not sure that COW is so special.

Seems as if some general per page-table mechanism for detection of stale
PTEs is needed, so by default anyone that acquires the PTL is guaranteed
that the PTEs in memory are coherent across all the TLBs.

But I still did not figure out how to do so without introducing =
overheads,
and the question is indeed if people care about mprotect and uffd-wp
performance.