From: Peter Xu <peterx@redhat.com>
To: Axel Rasmussen <axelrasmussen@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Brian Geffon <bgeffon@google.com>,
Christian Brauner <brauner@kernel.org>,
David Hildenbrand <david@redhat.com>,
Gaosheng Cui <cuigaosheng1@huawei.com>,
Huang Ying <ying.huang@intel.com>,
Hugh Dickins <hughd@google.com>,
James Houghton <jthoughton@google.com>,
"Jan Alexander Steffens (heftig)" <heftig@archlinux.org>,
Jiaqi Yan <jiaqiyan@google.com>, Jonathan Corbet <corbet@lwn.net>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Miaohe Lin <linmiaohe@huawei.com>,
Mike Kravetz <mike.kravetz@oracle.com>,
"Mike Rapoport (IBM)" <rppt@kernel.org>,
Muchun Song <muchun.song@linux.dev>,
Nadav Amit <namit@vmware.com>,
Naoya Horiguchi <naoya.horiguchi@nec.com>,
Ryan Roberts <ryan.roberts@arm.com>,
Shuah Khan <shuah@kernel.org>,
Suleiman Souhlal <suleiman@google.com>,
Suren Baghdasaryan <surenb@google.com>,
"T.J. Alumbaugh" <talumbau@google.com>,
Yu Zhao <yuzhao@google.com>, ZhangPeng <zhangpeng362@huawei.com>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v3 4/8] mm: userfaultfd: add new UFFDIO_POISON ioctl
Date: Fri, 7 Jul 2023 09:37:37 -0400 [thread overview]
Message-ID: <ZKgVISe0vkRKVZuG@x1n> (raw)
In-Reply-To: <20230706225037.1164380-5-axelrasmussen@google.com>
On Thu, Jul 06, 2023 at 03:50:32PM -0700, Axel Rasmussen wrote:
> The basic idea here is to "simulate" memory poisoning for VMs. A VM
> running on some host might encounter a memory error, after which some
> page(s) are poisoned (i.e., future accesses SIGBUS). They expect that
> once poisoned, pages can never become "un-poisoned". So, when we live
> migrate the VM, we need to preserve the poisoned status of these pages.
>
> When live migrating, we try to get the guest running on its new host as
> quickly as possible. So, we start it running before all memory has been
> copied, and before we're certain which pages should be poisoned or not.
>
> So the basic way to use this new feature is:
>
> - On the new host, the guest's memory is registered with userfaultfd, in
> either MISSING or MINOR mode (doesn't really matter for this purpose).
> - On any first access, we get a userfaultfd event. At this point we can
> communicate with the old host to find out if the page was poisoned.
> - If so, we can respond with a UFFDIO_POISON - this places a swap marker
> so any future accesses will SIGBUS. Because the pte is now "present",
> future accesses won't generate more userfaultfd events, they'll just
> SIGBUS directly.
>
> UFFDIO_POISON does not handle unmapping previously-present PTEs. This
> isn't needed, because during live migration we want to intercept
> all accesses with userfaultfd (not just writes, so WP mode isn't useful
> for this). So whether minor or missing mode is being used (or both), the
> PTE won't be present in any case, so handling that case isn't needed.
>
> Similarly, UFFDIO_POISON won't replace existing PTE markers. This might
> be okay to do, but it seems to be safer to just refuse to overwrite any
> existing entry (like a UFFD_WP PTE marker).
>
> Signed-off-by: Axel Rasmussen <axelrasmussen@google.com>
I agree the current behavior is not as clear, especially after hwpoison
introduced.
uffdio-copy is special right now that it can overwrite a marker, so a buggy
userapp can also overwrite a poisoned entry, but it also means the userapp
is broken already, so may not really matter much.
While zeropage wasn't doing that. I think that was just overlooked - i
assume it has the same reasoning as uffdio-copy otherwise.. and no one just
used zeropage over a wp marker yet, or just got it work-arounded by
unprotect+zeropage.
Not yet sure whether it'll make sense to unify this a bit, but making the
new poison api to be strict look fine. If you have any thoughts after
reading feel free to keep the discussion going, I can ack this one I think
(besides my rename request in 1st patch):
Acked-by: Peter Xu <peterx@redhat.com>
--
Peter Xu
next prev parent reply other threads:[~2023-07-07 13:38 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-06 22:50 [PATCH v3 0/8] add UFFDIO_POISON to simulate memory poisoning with UFFD Axel Rasmussen
2023-07-06 22:50 ` [PATCH v3 1/8] mm: make PTE_MARKER_SWAPIN_ERROR more general Axel Rasmussen
2023-07-07 13:10 ` Peter Xu
2023-07-06 22:50 ` [PATCH v3 2/8] mm: userfaultfd: check for start + len overflow in validate_range Axel Rasmussen
2023-07-07 13:14 ` Peter Xu
2023-07-06 22:50 ` [PATCH v3 3/8] mm: userfaultfd: extract file size check out into a helper Axel Rasmussen
2023-07-07 13:15 ` Peter Xu
2023-07-06 22:50 ` [PATCH v3 4/8] mm: userfaultfd: add new UFFDIO_POISON ioctl Axel Rasmussen
2023-07-07 13:37 ` Peter Xu [this message]
2023-07-07 19:56 ` Axel Rasmussen
2023-07-06 22:50 ` [PATCH v3 5/8] mm: userfaultfd: support UFFDIO_POISON for hugetlbfs Axel Rasmussen
2023-07-07 13:39 ` Peter Xu
2023-07-06 22:50 ` [PATCH v3 6/8] mm: userfaultfd: document and enable new UFFDIO_POISON feature Axel Rasmussen
2023-07-06 22:50 ` [PATCH v3 7/8] selftests/mm: refactor uffd_poll_thread to allow custom fault handlers Axel Rasmussen
2023-07-07 13:42 ` Peter Xu
2023-07-07 17:03 ` Axel Rasmussen
2023-07-07 20:38 ` Axel Rasmussen
2023-07-07 21:00 ` Peter Xu
2023-07-06 22:50 ` [PATCH v3 8/8] selftests/mm: add uffd unit test for UFFDIO_POISON Axel Rasmussen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZKgVISe0vkRKVZuG@x1n \
--to=peterx@redhat.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=axelrasmussen@google.com \
--cc=bgeffon@google.com \
--cc=brauner@kernel.org \
--cc=corbet@lwn.net \
--cc=cuigaosheng1@huawei.com \
--cc=david@redhat.com \
--cc=heftig@archlinux.org \
--cc=hughd@google.com \
--cc=jiaqiyan@google.com \
--cc=jthoughton@google.com \
--cc=linmiaohe@huawei.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mike.kravetz@oracle.com \
--cc=muchun.song@linux.dev \
--cc=namit@vmware.com \
--cc=naoya.horiguchi@nec.com \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=shuah@kernel.org \
--cc=suleiman@google.com \
--cc=surenb@google.com \
--cc=talumbau@google.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wangkefeng.wang@huawei.com \
--cc=ying.huang@intel.com \
--cc=yuzhao@google.com \
--cc=zhangpeng362@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).