Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-04-04 Thread Laurent Dufour
On 28/03/2018 23:21, David Rientjes wrote: > On Wed, 28 Mar 2018, Laurent Dufour wrote: > @@ -326,7 +336,10 @@ static unsigned long move_vma(struct vm_area_struct *vma, mremap_userfaultfd_prep(new_vma, uf); arch_remap(mm, old_addr, old_addr + old_len,

Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-04-04 Thread Laurent Dufour
On 28/03/2018 23:21, David Rientjes wrote: > On Wed, 28 Mar 2018, Laurent Dufour wrote: > @@ -326,7 +336,10 @@ static unsigned long move_vma(struct vm_area_struct *vma, mremap_userfaultfd_prep(new_vma, uf); arch_remap(mm, old_addr, old_addr + old_len,

Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-03-28 Thread David Rientjes
On Wed, 28 Mar 2018, Laurent Dufour wrote: > >> @@ -326,7 +336,10 @@ static unsigned long move_vma(struct vm_area_struct > >> *vma, > >>mremap_userfaultfd_prep(new_vma, uf); > >>arch_remap(mm, old_addr, old_addr + old_len, > >> new_addr, new_addr +

Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-03-28 Thread David Rientjes
On Wed, 28 Mar 2018, Laurent Dufour wrote: > >> @@ -326,7 +336,10 @@ static unsigned long move_vma(struct vm_area_struct > >> *vma, > >>mremap_userfaultfd_prep(new_vma, uf); > >>arch_remap(mm, old_addr, old_addr + old_len, > >> new_addr, new_addr +

Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-03-28 Thread Laurent Dufour
On 28/03/2018 00:12, David Rientjes wrote: > On Tue, 13 Mar 2018, Laurent Dufour wrote: > >> diff --git a/include/linux/mm.h b/include/linux/mm.h >> index 88042d843668..ef6ef0627090 100644 >> --- a/include/linux/mm.h >> +++ b/include/linux/mm.h >> @@ -2189,16 +2189,24 @@ void

Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-03-28 Thread Laurent Dufour
On 28/03/2018 00:12, David Rientjes wrote: > On Tue, 13 Mar 2018, Laurent Dufour wrote: > >> diff --git a/include/linux/mm.h b/include/linux/mm.h >> index 88042d843668..ef6ef0627090 100644 >> --- a/include/linux/mm.h >> +++ b/include/linux/mm.h >> @@ -2189,16 +2189,24 @@ void

Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-03-27 Thread David Rientjes
On Tue, 13 Mar 2018, Laurent Dufour wrote: > diff --git a/include/linux/mm.h b/include/linux/mm.h > index 88042d843668..ef6ef0627090 100644 > --- a/include/linux/mm.h > +++ b/include/linux/mm.h > @@ -2189,16 +2189,24 @@ void anon_vma_interval_tree_verify(struct > anon_vma_chain *node); > extern

Re: [PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-03-27 Thread David Rientjes
On Tue, 13 Mar 2018, Laurent Dufour wrote: > diff --git a/include/linux/mm.h b/include/linux/mm.h > index 88042d843668..ef6ef0627090 100644 > --- a/include/linux/mm.h > +++ b/include/linux/mm.h > @@ -2189,16 +2189,24 @@ void anon_vma_interval_tree_verify(struct > anon_vma_chain *node); > extern

[PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-03-13 Thread Laurent Dufour
If a thread is remapping an area while another one is faulting on the destination area, the SPF handler may fetch the vma from the RB tree before the pte has been moved by the other thread. This means that the moved ptes will overwrite those create by the page fault handler leading to page leaked.

[PATCH v9 09/24] mm: protect mremap() against SPF hanlder

2018-03-13 Thread Laurent Dufour
If a thread is remapping an area while another one is faulting on the destination area, the SPF handler may fetch the vma from the RB tree before the pte has been moved by the other thread. This means that the moved ptes will overwrite those create by the page fault handler leading to page leaked.