From: Carlos Llamas <cmllamas@google.com>
To: Suren Baghdasaryan <surenb@google.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Michal Hocko <mhocko@suse.com>,
Guenter Roeck <groeck@chromium.org>,
Douglas Anderson <dianders@chromium.org>,
Christian Brauner <brauner@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-mm@kvack.org
Subject: Re: BUG in binder_vma_close() at mmap_assert_locked() in stable v5.15
Date: Mon, 12 Sep 2022 19:11:10 +0000 [thread overview]
Message-ID: <Yx+ETrzRWGZSIq+m@google.com> (raw)
In-Reply-To: <CAJuCfpE-UirnCEzQGeREGnA08QA2rUwnoB8VNT23+C9Ktwr4+A@mail.gmail.com>
On Fri, Sep 09, 2022 at 01:03:08PM -0700, Suren Baghdasaryan wrote:
> On Fri, Sep 9, 2022 at 12:35 PM Carlos Llamas <cmllamas@google.com> wrote:
> >
> > Does this mean that users of async calls such as find_vma() can't rely
> > on mmap_lock to avoid racing with remove_vma()? I see the following
> > pattern is used quite often:
> >
> > mmap_read_lock(mm);
> > vma = find_vma(mm, addr);
> > [...]
> > mmap_read_unlock(mm);
> >
> > Is this not a real concern? I'd drop the asserts from binder and call it
> > a day. However, we would also need to fix our race with vm_ops->close().
>
> I think by the time exit_mmap() calls remove_vma() there can be no
> other user of that mm to race with, even oom-reaper would have
> finished by then (see:
> https://elixir.bootlin.com/linux/v5.15.67/source/mm/mmap.c#L3157).
> So, generally remove_vma() would be done under mmap_lock write
> protection but in case of exit_mmap() that's not necessary. Michal,
> please correct me if I'm wrong.
I see, that makes more sense.
Then it sounds to me like binder should be using mmget_not_zero() to
serialize against exit_mmap() during these async calls. I'll have a
closer look at this change.
Also, we should drop the mmap_lock asserts in binder from v5.15 as the
expectations there are incorrect. Again, this was done in [1], but for
different reasons. We could simply amend a small note to the commit log
with an accurate reason for the backport.
Liam, wdyt?
[1] https://lore.kernel.org/all/20220829201254.1814484-5-cmllamas@google.com/
next prev parent reply other threads:[~2022-09-12 19:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-08 20:28 BUG in binder_vma_close() at mmap_assert_locked() in stable v5.15 Carlos Llamas
2022-09-08 22:33 ` Suren Baghdasaryan
2022-09-09 19:35 ` Carlos Llamas
2022-09-09 20:03 ` Suren Baghdasaryan
2022-09-12 19:11 ` Carlos Llamas [this message]
2022-09-13 6:36 ` Liam Howlett
2022-09-23 20:50 ` Carlos Llamas
2022-09-28 23:21 ` Suren Baghdasaryan
2022-09-29 14:39 ` Carlos Llamas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yx+ETrzRWGZSIq+m@google.com \
--to=cmllamas@google.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=dianders@chromium.org \
--cc=gregkh@linuxfoundation.org \
--cc=groeck@chromium.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=surenb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.