From: Lorenzo Stoakes <lstoakes@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Rik van Riel <riel@redhat.com>, Hugh Dickins <hughd@google.com>,
linux-mm <linux-mm@kvack.org>,
Mel Gorman <mgorman@techsingularity.net>,
tbsaunde@tbsaunde.org, robert@ocallahan.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing
Date: Fri, 7 Oct 2016 11:07:20 +0100 [thread overview]
Message-ID: <20161007100720.GA14859@lucifer> (raw)
In-Reply-To: <CA+55aFyL+qFsJpxQufgRKgWeB6Yj0e1oapdu5mdU9_t+zwtBjg@mail.gmail.com>
On Sun, Sep 25, 2016 at 03:50:21PM -0700, Linus Torvalds wrote:
> I'd really like to re-open the "drop FOLL_FORCE entirely" discussion,
> because the thing really is disgusting.
>
> I realize that debuggers etc sometimes would want to punch through
> PROT_NONE protections, and I also realize that right now we only have
> a read/write flag, and we have that whole issue with "what if it's
> executable but not readable", which currently FOLL_FORCE makes a
> non-issue.
So I've experimented with this a little locally, removing FOLL_FORCE altogether
and tracking places where it is used (it seems to be a fair few places
actually.)
I've rather naively replaced the FOLL_FORCE check in check_vma_flags() with a
check against 'tsk && tsk->ptrace && tsk->parent == current', I'm not sure how
valid or sane this is, however, but a quick check against gdb proves that it is
able to do its thing in this configuration. Is this a viable path, or is this
way off the mark here?
The places I've found that have invoked gup functions which eventually result in
FOLL_FORCE being set are:
Calls __get_user_pages():
mm/gup.c: populate_vma_page_range()
mm/gup.c: get_dump_page()
calls get_user_pages_unlocked():
drivers/media/pci/ivtv/ivtv-yuv.c: ivtv_yuv_prep_user_dma()
drivers/media/pci/ivtv/ivtv-udma.c: ivtv_udma_setup()
calls get_user_pages_remote():
mm/memory.c: __access_remote_vm() [ see below for callers ]
fs/exec.c: get_arg_page()
kernel/events/uprobes.c: uprobe_write_opcode()
kernel/events/uprobes.c: is_trap_at_addr()
security/tomoyo/domain.c: tomoyo_dump_page()
calls __access_remote_vm():
mm/memory.c: access_remote_vm() [ see below for callers ]
mm/memory.c: access_process_vm()
access_process_vm() is exclusively used for ptrace, omitting its callers here.
calls access_remote_vm():
fs/proc/base.c: proc_pid_cmdline_read()
fs/proc/base.c: memrw()
fs/proc/base.c: environ_read()
calls get_user_pages():
drivers/infiniband/core/umem.c: ib_umem_get()
drivers/infiniband/hw/qib/qib_user_pages.c: __qib_get_user_pages()
drivers/infiniband/hw/usnic/usnic_uiom.c: usnic_uiom_get_pages()
drivers/media/v4l2-core/videobuf-dma-sg.c: videobuf_dma_init_user_locked()
calls get_vaddr_frames():
drivers/media/v4l2-core/videobuf2-memops.c: vb2_create_framevec()
drivers/gpu/drm/exynos/exynos_drm_g2d.c: g2d_userptr_get_dma_addr()
So it seems the general areas where it is used are tracing, uprobes and DMA
initialisation what what I can tell. I'm thinking some extra provision/careful
checking will be needed in each of these cases to see if an alternative is
possible.
I'm happy to explore this some more if that is useful in any way, though of
course I defer to your expertise as to how a world without FOLL_FORCE might
look!
Cheers, Lorenzo
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-10-07 10:07 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-11 22:54 [PATCH] mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing Lorenzo Stoakes
2016-09-11 22:59 ` Lorenzo Stoakes
2016-09-25 18:47 ` Lorenzo Stoakes
2016-09-25 20:52 ` Linus Torvalds
2016-09-25 22:24 ` Linus Torvalds
2016-09-25 22:34 ` Rik van Riel
2016-09-25 22:50 ` Linus Torvalds
2016-09-25 23:28 ` Hugh Dickins
2016-09-26 0:49 ` Rik van Riel
2016-09-26 1:05 ` Linus Torvalds
2016-10-07 10:07 ` Lorenzo Stoakes [this message]
2016-10-07 15:34 ` Linus Torvalds
2016-10-07 16:22 ` Lorenzo Stoakes
2016-10-07 18:16 ` Hugh Dickins
2016-10-07 18:26 ` Lorenzo Stoakes
2016-10-10 7:47 ` Jan Kara
2016-10-10 8:28 ` Lorenzo Stoakes
2016-10-10 16:37 ` Jan Kara
2016-09-26 8:19 ` Mel Gorman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161007100720.GA14859@lucifer \
--to=lstoakes@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=riel@redhat.com \
--cc=robert@ocallahan.org \
--cc=tbsaunde@tbsaunde.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).