{"id":811790,"url":"http://patchwork.ozlabs.org/api/1.2/patches/811790/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/1504894024-2750-9-git-send-email-ldufour@linux.vnet.ibm.com/","project":{"id":2,"url":"http://patchwork.ozlabs.org/api/1.2/projects/2/?format=json","name":"Linux PPC development","link_name":"linuxppc-dev","list_id":"linuxppc-dev.lists.ozlabs.org","list_email":"linuxppc-dev@lists.ozlabs.org","web_url":"https://github.com/linuxppc/wiki/wiki","scm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git","webscm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/","list_archive_url":"https://lore.kernel.org/linuxppc-dev/","list_archive_url_format":"https://lore.kernel.org/linuxppc-dev/{}/","commit_url_format":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}"},"msgid":"<1504894024-2750-9-git-send-email-ldufour@linux.vnet.ibm.com>","list_archive_url":"https://lore.kernel.org/linuxppc-dev/1504894024-2750-9-git-send-email-ldufour@linux.vnet.ibm.com/","date":"2017-09-08T18:06:52","name":"[v3,08/20] mm: Protect SPF handler against anon_vma changes","commit_ref":null,"pull_url":null,"state":"not-applicable","archived":false,"hash":"fc495bc0f5573eb9b0e2fb1c2f99bce21e8ad98d","submitter":{"id":40248,"url":"http://patchwork.ozlabs.org/api/1.2/people/40248/?format=json","name":"Laurent Dufour","email":"ldufour@linux.vnet.ibm.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/1504894024-2750-9-git-send-email-ldufour@linux.vnet.ibm.com/mbox/","series":[{"id":2269,"url":"http://patchwork.ozlabs.org/api/1.2/series/2269/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=2269","date":"2017-09-08T18:06:44","name":"Speculative page faults","version":3,"mbox":"http://patchwork.ozlabs.org/series/2269/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/811790/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/811790/checks/","tags":{},"related":[],"headers":{"Return-Path":"<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>","X-Original-To":["patchwork-incoming@ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":["patchwork-incoming@ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Received":["from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xpmHD2VHrz9s7f\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat,  9 Sep 2017 04:36:08 +1000 (AEST)","from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3xpmHD1Zy8zDqZ7\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat,  9 Sep 2017 04:36:08 +1000 (AEST)","from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com\n\t[148.163.158.5])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3xplfS5QnZzDrYd\n\tfor <linuxppc-dev@lists.ozlabs.org>;\n\tSat,  9 Sep 2017 04:07:44 +1000 (AEST)","from pps.filterd (m0098414.ppops.net [127.0.0.1])\n\tby mx0b-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id\n\tv88I4Q8Y013600\n\tfor <linuxppc-dev@lists.ozlabs.org>; Fri, 8 Sep 2017 14:07:42 -0400","from e06smtp15.uk.ibm.com (e06smtp15.uk.ibm.com [195.75.94.111])\n\tby mx0b-001b2d01.pphosted.com with ESMTP id 2cux39p47r-1\n\t(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)\n\tfor <linuxppc-dev@lists.ozlabs.org>; Fri, 08 Sep 2017 14:07:42 -0400","from localhost\n\tby e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use\n\tOnly! Violators will be prosecuted\n\tfor <linuxppc-dev@lists.ozlabs.org> from <ldufour@linux.vnet.ibm.com>;\n\tFri, 8 Sep 2017 19:07:40 +0100","from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198)\n\tby e06smtp15.uk.ibm.com (192.168.101.145) with IBM ESMTP SMTP\n\tGateway: Authorized Use Only! Violators will be prosecuted; \n\tFri, 8 Sep 2017 19:07:32 +0100","from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60])\n\tby b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with\n\tESMTP id v88I7WaI15794194; Fri, 8 Sep 2017 18:07:32 GMT","from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1])\n\tby IMSVA (Postfix) with ESMTP id 532BC4203F;\n\tFri,  8 Sep 2017 19:03:59 +0100 (BST)","from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1])\n\tby IMSVA (Postfix) with ESMTP id 8738842041;\n\tFri,  8 Sep 2017 19:03:57 +0100 (BST)","from nimbus.lab.toulouse-stg.fr.ibm.com (unknown [9.145.31.125])\n\tby d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP;\n\tFri,  8 Sep 2017 19:03:57 +0100 (BST)"],"Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=linux.vnet.ibm.com\n\t(client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com;\n\tenvelope-from=ldufour@linux.vnet.ibm.com; receiver=<UNKNOWN>)","From":"Laurent Dufour <ldufour@linux.vnet.ibm.com>","To":"paulmck@linux.vnet.ibm.com, peterz@infradead.org,\n\takpm@linux-foundation.org, kirill@shutemov.name, ak@linux.intel.com, \n\tmhocko@kernel.org, dave@stgolabs.net, jack@suse.cz,\n\tMatthew Wilcox <willy@infradead.org>, benh@kernel.crashing.org,\n\tmpe@ellerman.id.au, paulus@samba.org,\n\tThomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, \n\thpa@zytor.com, Will Deacon <will.deacon@arm.com>,\n\tSergey Senozhatsky <sergey.senozhatsky@gmail.com>","Subject":"[PATCH v3 08/20] mm: Protect SPF handler against anon_vma changes","Date":"Fri,  8 Sep 2017 20:06:52 +0200","X-Mailer":"git-send-email 2.7.4","In-Reply-To":"<1504894024-2750-1-git-send-email-ldufour@linux.vnet.ibm.com>","References":"<1504894024-2750-1-git-send-email-ldufour@linux.vnet.ibm.com>","X-TM-AS-GCONF":"00","x-cbid":"17090818-0020-0000-0000-000003B69F3C","X-IBM-AV-DETECTION":"SAVI=unused REMOTE=unused XFE=unused","x-cbparentid":"17090818-0021-0000-0000-00004247AAA8","Message-Id":"<1504894024-2750-9-git-send-email-ldufour@linux.vnet.ibm.com>","X-Proofpoint-Virus-Version":"vendor=fsecure engine=2.50.10432:, ,\n\tdefinitions=2017-09-08_12:, , signatures=0","X-Proofpoint-Spam-Details":"rule=outbound_notspam policy=outbound score=0\n\tspamscore=0 suspectscore=2\n\tmalwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam\n\tadjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000\n\tdefinitions=main-1709080270","X-BeenThere":"linuxppc-dev@lists.ozlabs.org","X-Mailman-Version":"2.1.23","Precedence":"list","List-Id":"Linux on PowerPC Developers Mail List\n\t<linuxppc-dev.lists.ozlabs.org>","List-Unsubscribe":"<https://lists.ozlabs.org/options/linuxppc-dev>,\n\t<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=unsubscribe>","List-Archive":"<http://lists.ozlabs.org/pipermail/linuxppc-dev/>","List-Post":"<mailto:linuxppc-dev@lists.ozlabs.org>","List-Help":"<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=help>","List-Subscribe":"<https://lists.ozlabs.org/listinfo/linuxppc-dev>,\n\t<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=subscribe>","Cc":"linuxppc-dev@lists.ozlabs.org, x86@kernel.org,\n\tlinux-kernel@vger.kernel.org, npiggin@gmail.com, linux-mm@kvack.org,\n\tTim Chen <tim.c.chen@linux.intel.com>, \n\tharen@linux.vnet.ibm.com, khandual@linux.vnet.ibm.com","Errors-To":"linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org","Sender":"\"Linuxppc-dev\"\n\t<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>"},"content":"The speculative page fault handler must be protected against anon_vma\nchanges. This is because page_add_new_anon_rmap() is called during the\nspeculative path.\n\nIn addition, don't try speculative page fault if the VMA don't have an\nanon_vma structure allocated because its allocation should be\nprotected by the mmap_sem.\n\nIn __vma_adjust() when importer->anon_vma is set, there is no need to\nprotect against speculative page faults since speculative page fault\nis aborted if the vma->anon_vma is not set.\n\nWhen calling page_add_new_anon_rmap() vma->anon_vma is necessarily\nvalid since we checked for it when locking the pte and the anon_vma is\nremoved once the pte is unlocked. So even if the speculative page\nfault handler is running concurrently with do_unmap(), as the pte is\nlocked in unmap_region() - through unmap_vmas() - and the anon_vma\nunlinked later, because we check for the vma sequence counter which is\nupdated in unmap_page_range() before locking the pte, and then in\nfree_pgtables() so when locking the pte the change will be detected.\n\nSigned-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>\n---\n mm/memory.c | 4 ++++\n 1 file changed, 4 insertions(+)","diff":"diff --git a/mm/memory.c b/mm/memory.c\nindex f008042ab24e..401b13cbfc3c 100644\n--- a/mm/memory.c\n+++ b/mm/memory.c\n@@ -617,7 +617,9 @@ void free_pgtables(struct mmu_gather *tlb, struct vm_area_struct *vma,\n \t\t * Hide vma from rmap and truncate_pagecache before freeing\n \t\t * pgtables\n \t\t */\n+\t\twrite_seqcount_begin(&vma->vm_sequence);\n \t\tunlink_anon_vmas(vma);\n+\t\twrite_seqcount_end(&vma->vm_sequence);\n \t\tunlink_file_vma(vma);\n \n \t\tif (is_vm_hugetlb_page(vma)) {\n@@ -631,7 +633,9 @@ void free_pgtables(struct mmu_gather *tlb, struct vm_area_struct *vma,\n \t\t\t       && !is_vm_hugetlb_page(next)) {\n \t\t\t\tvma = next;\n \t\t\t\tnext = vma->vm_next;\n+\t\t\t\twrite_seqcount_begin(&vma->vm_sequence);\n \t\t\t\tunlink_anon_vmas(vma);\n+\t\t\t\twrite_seqcount_end(&vma->vm_sequence);\n \t\t\t\tunlink_file_vma(vma);\n \t\t\t}\n \t\t\tfree_pgd_range(tlb, addr, vma->vm_end,\n","prefixes":["v3","08/20"]}