From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932218AbbCQNpG (ORCPT ); Tue, 17 Mar 2015 09:45:06 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42079 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753764AbbCQNpE (ORCPT ); Tue, 17 Mar 2015 09:45:04 -0400 Date: Tue, 17 Mar 2015 14:43:09 +0100 From: Oleg Nesterov To: Andy Lutomirski Cc: Hugh Dickins , Linus Torvalds , Jan Kratochvil , Sergio Durigan Junior , GDB Patches , Pedro Alves , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" Subject: Re: install_special_mapping && vm_pgoff (Was: vvar, gup && coredump) Message-ID: <20150317134309.GA365@redhat.com> References: <87zj7r5fpz.fsf@redhat.com> <20150305205744.GA13165@host1.jankratochvil.net> <20150311200052.GA22654@redhat.com> <20150312143438.GA4338@redhat.com> <20150312165423.GA10073@redhat.com> <20150312174653.GA13086@redhat.com> <20150316190154.GA18472@redhat.com> <20150316194446.GA21791@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150316194446.GA21791@redhat.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/16, Oleg Nesterov wrote: > > On 03/16, Andy Lutomirski wrote: > > > > Ick, you're probably right. For what it's worth, the vdso *seems* to > > be okay (on 64-bit only, and only if you don't poke at it too hard) if > > you mremap it in one piece. CRIU does that. > > I need to run away till tomorrow, but looking at this code even if "one piece" > case doesn't look right if it was cow'ed. I'll verify tomorrow. And I am still not sure this all is 100% correct, but I got lost in this code. Probably this is fine... But at least the bug exposed by the test-case looks clear: do_linear_fault: vmf->pgoff = (((address & PAGE_MASK) - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; ... special_mapping_fault: pgoff = vmf->pgoff - vma->vm_pgoff; So special_mapping_fault() can only work if this mapping starts from the first page in ->pages[]. So perhaps we need _something like_ the (wrong/incomplete) patch below... Or, really, perhaps we can create vdso_mapping ? So that map_vdso() could simply mmap the anon_inode file... Oleg. --- x/mm/mmap.c +++ x/mm/mmap.c @@ -2832,6 +2832,8 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) return 0; } +bool is_special_vma(struct vm_area_struct *vma); + /* * Copy the vma structure to a new location in the same mm, * prior to moving page table entries, to effect an mremap move. @@ -2851,7 +2853,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. */ - if (unlikely(!vma->vm_file && !vma->anon_vma)) { + if (unlikely(!vma->vm_file && !is_special_vma(vma) && !vma->anon_vma)) { pgoff = addr >> PAGE_SHIFT; faulted_in_anon_vma = false; } @@ -2953,6 +2955,11 @@ static const struct vm_operations_struct legacy_special_mapping_vmops = { .fault = special_mapping_fault, }; +bool is_special_vma(struct vm_area_struct *vma) +{ + return vma->vm_ops == &special_mapping_vmops; +} + static int special_mapping_fault(struct vm_area_struct *vma, struct vm_fault *vmf) { @@ -2965,7 +2972,7 @@ static int special_mapping_fault(struct vm_area_struct *vma, * We are allowed to do this because we are the mm; do not copy * this code into drivers! */ - pgoff = vmf->pgoff - vma->vm_pgoff; + pgoff = vmf->pgoff; if (vma->vm_ops == &legacy_special_mapping_vmops) pages = vma->vm_private_data; @@ -3014,6 +3021,7 @@ static struct vm_area_struct *__install_special_mapping( if (ret) goto out; + vma->vm_pgoff = 0; mm->total_vm += len >> PAGE_SHIFT; perf_event_mmap(vma);