mm: gup: fix synchronicity of all GUP pins universally
This makes O_DIRECT+thread+fork work completely safe with posix
semantics retained at subpagesize hardblocksize granularity just like
!O_DIRECT without the need of FOLL_PIN.
It further closes any potential discussion about the vmsplice in
parent followed by fork that should more likely -EFAULT if the parent
munmaps the memory backing the previous vmsplice, just before the pipe
reads it.
Another view could be that if vmsplice must decouple itself from the
virtual memory, then it shouldn't show any of the memory modifications
done with the CPU on the pinned memory either, but it does.
This change is not done for vmsplice, but it covers vmsplice before
fork too just because it covers it all. In fact any sign of vmsplice
usage in an app is a sign of inefficiency and it should be replaced
with higher perf IPC methods based on shared memory. Last but not the
least the vmsplice implementation is still not safe to use even after
this change because it can still take long term gup pins without any
privilege and without using FOLL_LONGTERM and without mmu notifiers
which can cause a resource DoS.
This commit is also deemed unnecessary for all security purposes.
There's no expectation userland can takes advantage of the new
semantics of short term FOLL_WRITE GUP pins taken before fork either.
This is done for no practical reason, but just because this is the way.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
3 files changed
