Sorry for delay, I was distracted...
On 03/10, Davidlohr Bueso wrote:
>
> @@ -841,9 +841,6 @@ static struct mm_struct *dup_mm(struct task_struct *tsk)
> if (mm->binfmt && !try_module_get(mm->binfmt->module))
> goto free_pt;
>
> - /* initialize the new vmacache entries */
> - vmacache_flush(tsk);
> -
> return mm;
>
> free_pt:
> @@ -887,6 +884,9 @@ static int copy_mm(unsigned long clone_flags, struct
> task_struct *tsk)
> if (!oldmm)
> return 0;
>
> + /* initialize the new vmacache entries */
> + vmacache_flush(tsk);
> +
> if (clone_flags & CLONE_VM) {
> atomic_inc(&oldmm->mm_users);
> mm = oldmm;
Yes. But it seems that use_mm() and unuse_mm() should invalidate vmacache too.
Suppose that a kernel thread T does, say,
use_mm(foreign_mm);
get_user(...);
unuse_mm();
This can trigger a fault and populate T->vmacache[]. If this code is called
again vmacache_find() can use the stale entries.
Or, assuming that only a kernel thread can do use_mm(), we can change
vmacache_valid() to also check !PF_KTHREAD.
Hmm. Another problem is that use_mm() doesn't take ->mmap_sem and thus
it can race with vmacache_flush_all()...
Finally. Shouldn't vmacache_update() check current->mm == mm as well?
What if access_remote_vm/get_user_pages trigger find_vma() ??? Unless
I missed something this is not theoretical at all and can lead to the
corrupted vmacache, no?
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
