Re: [PATCH v3 2/2] ksm: Optimize rmap_walk_ksm by passing a suitable address range

Next message: Breno Leitao: "Re: [PATCH v8 5/6] kho: kexec-metadata: track previous kernel chain"
Previous message: Miroslav Benes: "Re: [RFC PATCH 0/4] trace, livepatch: Allow kprobe return overriding for livepatched functions"
In reply to: xu.xin16: "Re: [PATCH v3 2/2] ksm: Optimize rmap_walk_ksm by passing a suitable address range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lorenzo Stoakes

Date: Thu Apr 09 2026 - 06:13:55 EST

On Thu, Apr 09, 2026 at 06:06:05PM +0800, xu.xin16@xxxxxxxxxx wrote:
> Can we just replace the stored anon_vma of "ksm_rmap_item" with the orig_vma
> when KSM merging? Then, from rmap_item->orig_vma, we can directly obtain both
> the anon_vma and the vm_pgoff, thereby enabling the location of all PTEs mapping
> this page without any ambiguity.

Please no :) that's a UAF waiting to happen, VMAs are highly dynamic objects
that can change at any given time if appropriate locks aren't held, nor are they
refcounted.

David suggested a way of storing the vm_pgoff without increasing rmap item
struct size, hopefully that's viable and then we can get the benefits here
without breaking anything!

Cheers, Lorenzo