From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Dsun=FY=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0D652C4361B
	for <linux-mm@archiver.kernel.org>; Sun, 20 Dec 2020 05:09:11 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id A7D3123A5E
	for <linux-mm@archiver.kernel.org>; Sun, 20 Dec 2020 05:09:10 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A7D3123A5E
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 28EC36B0068; Sun, 20 Dec 2020 00:09:10 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 23DF76B006C; Sun, 20 Dec 2020 00:09:10 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 153D86B006E; Sun, 20 Dec 2020 00:09:10 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0163.hostedemail.com [216.40.44.163])
	by kanga.kvack.org (Postfix) with ESMTP id F1B336B0068
	for <linux-mm@kvack.org>; Sun, 20 Dec 2020 00:09:09 -0500 (EST)
Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id BB76C3654
	for <linux-mm@kvack.org>; Sun, 20 Dec 2020 05:09:09 +0000 (UTC)
X-FDA: 77612481618.12.army66_1011e272744c
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin12.hostedemail.com (Postfix) with ESMTP id 9306918016EAE
	for <linux-mm@kvack.org>; Sun, 20 Dec 2020 05:09:09 +0000 (UTC)
X-HE-Tag: army66_1011e272744c
X-Filterd-Recvd-Size: 3411
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by imf05.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Sun, 20 Dec 2020 05:09:09 +0000 (UTC)
X-Gm-Message-State: AOAM530rx6VdSiRXhqgPmpYUxbZYodhCLOMB0t3E8rsZJOjkN5mJ8ZTf
	g0nnPn0VWOjbZqiOnCFL3tmm8p6mpOwUXAjIWJaOrA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1608440948;
	bh=GNcHtmmK5oaVHaZAxSYIqYGpmWW61XjeRJLDrDtv2VI=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=T/epbYFYuycN0qKI9D1avY2WbZqHTdNEyWd0n+45yZ+ZrgTeKIf4qwe4wRec+1cbZ
	 EUq3Cm3p+vNfq+0qmde90fCRwzvqopBgFPssOVNikkmMZLrnMWpM8jz41NRm7UzJhO
	 grzi98MO+nrmOBIUeCvz/x449p/xPnxPXyL1fY9NB6Wuwk7/RIANbGyO0VWe4QR/vu
	 gzetq+3WDKTw743MVuGIImcnzj2j0egswYC/ZksOeh6p63rREFnkJ35qRrQ/WvBIPO
	 MFYgZHSaE256ZjoEFpunCatVrHTuUGaKfE/mykdjvfpL5UHkqiTa4dUUKAaGTKf6K5
	 KEO2HdQnp+3Kw==
X-Google-Smtp-Source: ABdhPJzRfUXXtBNRVLdrQskI9tuQL5lQhyNiDuGzVHYJBbQJs+oYq9S8tszPEoNxK7BkmOZtu8050lTm+wugzRPAAhc=
X-Received: by 2002:adf:e64b:: with SMTP id b11mr11996469wrn.257.1608440946397;
 Sat, 19 Dec 2020 21:09:06 -0800 (PST)
MIME-Version: 1.0
References: <20201219043006.2206347-1-namit@vmware.com> <X95RRZ3hkebEmmaj@redhat.com>
 <EDC00345-B46E-4396-8379-98E943723809@gmail.com> <CALCETrVtsdeOtGWMUcmT1dzDBxRpecpZDe02L61qEmJmFxSvYw@mail.gmail.com>
 <X967yWAoaTejRk5y@redhat.com>
In-Reply-To: <X967yWAoaTejRk5y@redhat.com>
From: Andy Lutomirski <luto@kernel.org>
Date: Sat, 19 Dec 2020 21:08:55 -0800
X-Gmail-Original-Message-ID: <CALCETrVVa-cfogKZirRrP5tmy-gCDtb=jTpLk648BpBQsK9Z5A@mail.gmail.com>
Message-ID: <CALCETrVVa-cfogKZirRrP5tmy-gCDtb=jTpLk648BpBQsK9Z5A@mail.gmail.com>
Subject: Re: [PATCH] mm/userfaultfd: fix memory corruption due to writeprotect
To: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>, Nadav Amit <nadav.amit@gmail.com>, 
	Dave Hansen <dave.hansen@intel.com>, linux-mm <linux-mm@kvack.org>, Peter Xu <peterx@redhat.com>, 
	lkml <linux-kernel@vger.kernel.org>, Pavel Emelyanov <xemul@openvz.org>, 
	Mike Kravetz <mike.kravetz@oracle.com>, Mike Rapoport <rppt@linux.vnet.ibm.com>, 
	stable <stable@vger.kernel.org>, Minchan Kim <minchan@kernel.org>, Yu Zhao <yuzhao@google.com>, 
	Will Deacon <will@kernel.org>, Peter Zijlstra <peterz@infradead.org>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Sat, Dec 19, 2020 at 6:49 PM Andrea Arcangeli <aarcange@redhat.com> wrote:
>
> On Sat, Dec 19, 2020 at 06:01:39PM -0800, Andy Lutomirski wrote:
> > I missed the beginning of this thread, but it looks to me like
> > userfaultfd changes PTEs with not locking except mmap_read_lock().  It
>
> There's no mmap_read_lock, I assume you mean mmap_lock for reading.

Yes.

>
> The ptes are changed always with the PT lock, in fact there's no
> problem with the PTE updates. The only difference with mprotect
> runtime is that the mmap_lock is taken for reading. And the effect
> contested for this change doesn't affect the PTE, but supposedly the
> tlb flushing deferral.

Can you point me at where the lock ends up being taken in this path?
I apparently missed it somewhere.

> Anyway to wait the wrprotect to do the deferred flush, before the
> unprotect can even start, one more mutex in the mm to take in all
> callers of change_protection_range with the mmap_lock for reading may
> be enough.

I'll read the code again tomorrow.