Re: [PATCH RFC] mm: entirely reuse the whole anon mTHP in do_wp_page

From: David Hildenbrand
Date: Sat Aug 31 2024 - 05:59:28 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v5 3/8] dt-bindings: clock: add Qualcomm IPQ5332 NSSCC clock and reset definitions"
Previous message: Barry Song: "Re: [PATCH RFC] mm: entirely reuse the whole anon mTHP in do_wp_page"
In reply to: David Hildenbrand: "Re: [PATCH RFC] mm: entirely reuse the whole anon mTHP in do_wp_page"
Next in thread: Barry Song: "Re: [PATCH RFC] mm: entirely reuse the whole anon mTHP in do_wp_page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+ idx = folio_page_idx(folio, vmf->page);
+ folio_start = address - idx * PAGE_SIZE;
+ folio_end = folio_start + nr * PAGE_SIZE;
+
+ if (unlikely(folio_start < max(address & PMD_MASK, vma->vm_start)))
+ return false;
+ if (unlikely(folio_end > pmd_addr_end(address, vma->vm_end)))
+ return false;
+ folio_ptep = vmf->pte - idx;
+ folio_pte = ptep_get(folio_ptep);
+ if (!pte_present(folio_pte) || pte_pfn(folio_pte) != folio_pfn(folio))
+ return false;
+ if (folio_pte_batch(folio, folio_start, folio_ptep, folio_pte, nr, 0,
+ NULL, NULL, NULL) != nr)
+ return false;
+ if (folio_mapcount(folio) != nr)
+ return false;

BTW, you're not checking against the refcount (and it's all a bit racy on concurrent unmapping!). So you're re-introducing the vmsplice child->parent attak.

--
Cheers,

David / dhildenb

Next message: Krzysztof Kozlowski: "Re: [PATCH v5 3/8] dt-bindings: clock: add Qualcomm IPQ5332 NSSCC clock and reset definitions"
Previous message: Barry Song: "Re: [PATCH RFC] mm: entirely reuse the whole anon mTHP in do_wp_page"
In reply to: David Hildenbrand: "Re: [PATCH RFC] mm: entirely reuse the whole anon mTHP in do_wp_page"
Next in thread: Barry Song: "Re: [PATCH RFC] mm: entirely reuse the whole anon mTHP in do_wp_page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]