Commit 95fc16b6 authored by Kalesh Singh's avatar Kalesh Singh Committed by Robin Peng
Browse files

ANDROID: Make SPF aware of fast mremaps 



SPF attempts page faults without taking the mmap lock, but takes the
PTL. If there is a concurrent fast mremap (at PMD/PUD level), this
can lead to a UAF as fast mremap will only take the PTL locks at the
PMD/PUD level. SPF cannot take the PTL locks at the larger subtree
granularity since this introduces much contention in the page fault
paths.

To address the race:
  1) Fast mremaps wait until there are no users of the VMA.
  2) Speculative faults detect ongoing fast mremaps and fallback
    to conventional fault handling (taking mmap read lock).

Since this race condition is very rare the performance impact is
negligible.

Bug: 263177905
Bug: 263435074
Change-Id: If9755aa4261337fe180e3093a3cefaae8ac9ff1a
Signed-off-by: default avatarKalesh Singh <kaleshsingh@google.com>
(cherry picked from commit 206a66b5)
parent 0feb54bb
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment