Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_anon_vma()

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Nick Piggin

Subject: Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_anon_vma()

Date: Thursday, April 8, 2010 - 8:16 pm

On Thu, Apr 08, 2010 at 09:17:39PM +0200, Peter Zijlstra wrote:
quoted text> There is nothing preventing the anon_vma from being detached while we
> are spinning to acquire the lock. Most (all?) current users end up
> calling something like vma_address(page, vma) on it, which has a
> fairly good chance of weeding out wonky vmas.
> 
> However suppose the anon_vma got freed and re-used while we were
> waiting to acquire the lock, and the new anon_vma fits with the
> page->index (because that is the only thing vma_address() uses to
> determine if the page fits in a particular vma, we could end up
> traversing faulty anon_vma chains.
> 
> Close this hole for good by re-validating that page->mapping still
> holds the very same anon_vma pointer after we acquire the lock, if not
> be utterly paranoid and retry the whole operation (which will very
> likely bail, because it's unlikely the page got attached to a different
> anon_vma in the meantime).

Hm, looks like a bugfix? How was this supposed to be safe?

 
quoted text> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> ---
>  mm/rmap.c |    7 +++++++
>  1 file changed, 7 insertions(+)
> 
> Index: linux-2.6/mm/rmap.c
> ===================================================================
> --- linux-2.6.orig/mm/rmap.c
> +++ linux-2.6/mm/rmap.c
> @@ -294,6 +294,7 @@ struct anon_vma *page_lock_anon_vma(stru
>  	unsigned long anon_mapping;
>  
>  	rcu_read_lock();
> +again:
>  	anon_mapping = (unsigned long) ACCESS_ONCE(page->mapping);
>  	if ((anon_mapping & PAGE_MAPPING_FLAGS) != PAGE_MAPPING_ANON)
>  		goto out;
> @@ -302,6 +303,12 @@ struct anon_vma *page_lock_anon_vma(stru
>  
>  	anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON);
>  	spin_lock(&anon_vma->lock);
> +
> +	if (page_rmapping(page) != anon_vma) {

very unlikely()?

quoted text> +		spin_unlock(&anon_vma->lock);
> +		goto again;
> +	}
> +
>  	return anon_vma;
>  out:
>  	rcu_read_unlock();
> 
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 02/13] mm: Revalidate anon_vma in page_lock_anon_vma(), Peter Zijlstra, (Thu Apr 8, 12:17 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Rik van Riel, (Thu Apr 8, 1:50 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Andrew Morton, (Thu Apr 8, 2:20 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Peter Zijlstra, (Thu Apr 8, 2:54 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Minchan Kim, (Thu Apr 8, 7:19 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KOSAKI Motohiro, (Thu Apr 8, 7:19 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Nick Piggin, (Thu Apr 8, 8:16 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KAMEZAWA Hiroyuki, (Thu Apr 8, 9:56 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KOSAKI Motohiro, (Thu Apr 8, 11:34 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KAMEZAWA Hiroyuki, (Thu Apr 8, 11:47 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KOSAKI Motohiro, (Fri Apr 9, 12:29 am)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KAMEZAWA Hiroyuki, (Fri Apr 9, 12:57 am)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Minchan Kim, (Fri Apr 9, 1:01 am)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KAMEZAWA Hiroyuki, (Fri Apr 9, 1:03 am)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KOSAKI Motohiro, (Fri Apr 9, 1:17 am)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., KAMEZAWA Hiroyuki, (Fri Apr 9, 1:24 am)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Peter Zijlstra, (Fri Apr 9, 1:44 am)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Peter Zijlstra, (Fri Apr 9, 5:57 am)

mlock and pageout race?, Minchan Kim, (Fri Apr 9, 7:41 am)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Andrew Morton, (Mon May 24, 12:32 pm)

Re: [PATCH 02/13] mm: Revalidate anon_vma in page_lock_ano ..., Peter Zijlstra, (Tue May 25, 2:01 am)

Navigation

Popular discussions


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Matthew Garrett	Re: [PATCH] Enable speedstep for sonoma processors.
Mauro Carvalho Chehab	Re: [PATCH 1/2] media: Add timberdale video-in driver
Peter Zijlstra	[PATCH 23/30] netvm: skb processing
Greg Kroah-Hartman	[PATCH 21/28] cgroupfs: create /sys/fs/cgroup to mount cgroupfs on
git:
Jan Hudec	Re: GIT push to sftp (feature request)
Steffen Prohaska	[PATCH 0/4] core.ignorecase
Johannes Schindelin	Re: Git checkout preserve timestamp?
Linus Torvalds	[PATCH 1/7] Make unpack_trees_options bit flags actual bitfields
Johan Herland	Re: What's cooking in git.git (Oct 2010, #01; Wed, 13)
linux-netdev:
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Richard Cochran	Re: [PATCH v3 3/3] ptp: Added a clock that uses the eTSEC found on the MPC85xx.
Jan Engelhardt	Re: [PATCH] Fix netfilter xt_time's time_mt()'s use of do_div()
Herbert Xu	Re: [RFC PATCH 00/17] virtual-bus
Jeff Kirsher	Re: [net-next-2.6 PATCH] e1000e: don't inadvertently re-set INTX_DISABLE
git-commits-head:
Linux Kernel Mailing List	ALSA: hda - Enable beep on Realtek codecs with PCI SSID override
Linux Kernel Mailing List	Use path_put() in a few places instead of {mnt,d}put()
Linux Kernel Mailing List	mv643xx_eth: use sw csum for big packets
Linux Kernel Mailing List	arm: fix HAVE_CLK merge goof
Linux Kernel Mailing List	arm: convert pcm037 platform to use smsc911x
freebsd-current:
David Wolfskill	"interrupt storm..."; seems associated with an0 NIC
Andriy Gapon	Re: letting glabel recognise a media change
Garrett Cooper	Re: Only display ACPI bootmenu key if ACPI is present
Pyun YongHyeon	CFT: msk(4) Rx checksum offloading support
FreeBSD Tinderbox	[head tinderbox] failure on sparc64/sparc64

Colocation donated by:

Syndicate