From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C707C54E41 for ; Wed, 28 Feb 2024 11:11:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5AAAE6B007D; Wed, 28 Feb 2024 06:11:40 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 533446B009A; Wed, 28 Feb 2024 06:11:40 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 387036B009B; Wed, 28 Feb 2024 06:11:40 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 237226B007D for ; Wed, 28 Feb 2024 06:11:40 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id A5C5F140F12 for ; Wed, 28 Feb 2024 11:11:39 +0000 (UTC) X-FDA: 81840947118.06.1CD7E56 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf22.hostedemail.com (Postfix) with ESMTP id 46A4CC0010 for ; Wed, 28 Feb 2024 11:11:37 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="jLFxQ/rU"; spf=pass (imf22.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1709118697; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aUQ9sWDupyMNgIyawFwqXCHJWRUg3SyzP5KUns9QT5Y=; b=n4tWHFs4FvyA/i2XGjfmpq0OawI1MMFtoJlECqkzhITxieFpTMyC32O5KTi/R1NJ2HsOtd wxvXM5wh9W8eUinzwJ83VTidLDEHB8l3UBTPje2Pz9kaZeScvXT3Ujdq1VJZzjY6HYg9pZ BvaMYgoIqSVQmyIzLFE2AglE+g6j1jM= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="jLFxQ/rU"; spf=pass (imf22.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1709118697; a=rsa-sha256; cv=none; b=MEb1N/G+FZbuROekHIVG92ewAWiEK94S65ZZvrb1mF6RRfT5Q6Vls8iwnZFcsLvkFqR04k puA83rZKvZILgjSv2X9J+L6OznHrsqvMQMmY/H4rWkaZPvndIZgXW4COika2OFbmhTtdol eLysGiDm4AUGNi4YBehGPIKBbfaJCA8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709118696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=aUQ9sWDupyMNgIyawFwqXCHJWRUg3SyzP5KUns9QT5Y=; b=jLFxQ/rUFQvKvTE5QCYabOXE6DgdcN8ZGePQGpjffVWHlrkvqowsc4SxpAitrAilvR/i4X sNlVWfHofb2FBT4+Jv2vP4jLnFsRKnu3PiqiskGPbkuhywqSj38ah4LVO+kjpzIcCJ8Y1a OHwFmc+jJn0XIDy/9LA6ETOzyM6eG0s= Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com [209.85.208.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-10-QpYsimXkNMSt6cFqx6rG6g-1; Wed, 28 Feb 2024 06:11:34 -0500 X-MC-Unique: QpYsimXkNMSt6cFqx6rG6g-1 Received: by mail-lj1-f198.google.com with SMTP id 38308e7fff4ca-2d2cab09c27so4438121fa.1 for ; Wed, 28 Feb 2024 03:11:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709118693; x=1709723493; h=content-transfer-encoding:in-reply-to:organization:autocrypt:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=aUQ9sWDupyMNgIyawFwqXCHJWRUg3SyzP5KUns9QT5Y=; b=d0Q8KhYe0w/ZQYWYZ24lhuczD+U/FlwdF85ci4M+b01DXR2X9apPVGm8IBbHuZl+vN Tw4pPA/j4kjnnxQOsnA0FAVg7KBk1QocCd7pUYk8GapDkZWG2VG2G7goday6AcmiKNsG ofpw/jkxbkgMsifzPMyR8a1gcAHsCk7k4jSXA+R6+TvA8PA2P11UX48vMY2Zf5v7IMFv uAN/WCUE3K0G8eXEQCwQXsRLlfUkiLhg9+irFDr8fN9Eqg1rh3rcuwt/uwqjbd3R9TSw 6i62/e53Ebpf7H3eGwI59CaRiBYlAeJN9WLsVcv8DPqmcxWYTK4b1541Q+OkXZsX5VBJ mp3A== X-Forwarded-Encrypted: i=1; AJvYcCX6V3wdmNSn2V1vB5bEDUku/NAl4gr9wkWVO+SCEC3R0JzmGxlICUKF5SnFWcq6GSWE0NcxGIhZsUufc+K1euYUAaE= X-Gm-Message-State: AOJu0Yx2dbpq7FZZwNuCIitHCE8hfpqCqJZ9xyXN3C9ghY/AJFVinWUx u+/taelu0dqm85DcQv85bjo6Of6KhH6fXh15OL5TRBCODTUlBzSEoAil+vVPw73JP+HRNp5IcJq RaMKs1Thk5fAU+3YzvWH4ybcuNyfxvtFXJOWypi5ZeXpPfsJp X-Received: by 2002:a2e:a7c6:0:b0:2d2:3b18:6ffd with SMTP id x6-20020a2ea7c6000000b002d23b186ffdmr9973337ljp.41.1709118693359; Wed, 28 Feb 2024 03:11:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IHqOhbD2iOLY+ugTcvnejnosxm0uWRyxRkcMKFvjB5ZSJwMYQ9xMyT7/OZhG22VLJQSEK3wcA== X-Received: by 2002:a2e:a7c6:0:b0:2d2:3b18:6ffd with SMTP id x6-20020a2ea7c6000000b002d23b186ffdmr9973300ljp.41.1709118692897; Wed, 28 Feb 2024 03:11:32 -0800 (PST) Received: from [10.32.64.237] (nat-pool-muc-t.redhat.com. [149.14.88.26]) by smtp.gmail.com with ESMTPSA id q16-20020adffed0000000b0033ce06c303csm14185846wrs.40.2024.02.28.03.11.31 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 28 Feb 2024 03:11:32 -0800 (PST) Message-ID: <755911e5-8d4a-4e24-89c7-a087a26ec5f6@redhat.com> Date: Wed, 28 Feb 2024 12:11:30 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: folio_mmapped To: Quentin Perret Cc: Matthew Wilcox , Fuad Tabba , kvm@vger.kernel.org, kvmarm@lists.linux.dev, pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, keirf@google.com, linux-mm@kvack.org References: <20240222161047.402609-1-tabba@google.com> <20240222141602976-0800.eberman@hu-eberman-lv.qualcomm.com> <40a8fb34-868f-4e19-9f98-7516948fc740@redhat.com> <20240226105258596-0800.eberman@hu-eberman-lv.qualcomm.com> <925f8f5d-c356-4c20-a6a5-dd7efde5ee86@redhat.com> From: David Hildenbrand Autocrypt: addr=david@redhat.com; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW AgMBAh4BAheAAhkBFiEEG9nKrXNcTDpGDfzKTd4Q9wD/g1oFAl8Ox4kFCRKpKXgACgkQTd4Q 9wD/g1oHcA//a6Tj7SBNjFNM1iNhWUo1lxAja0lpSodSnB2g4FCZ4R61SBR4l/psBL73xktp rDHrx4aSpwkRP6Epu6mLvhlfjmkRG4OynJ5HG1gfv7RJJfnUdUM1z5kdS8JBrOhMJS2c/gPf wv1TGRq2XdMPnfY2o0CxRqpcLkx4vBODvJGl2mQyJF/gPepdDfcT8/PY9BJ7FL6Hrq1gnAo4 3Iv9qV0JiT2wmZciNyYQhmA1V6dyTRiQ4YAc31zOo2IM+xisPzeSHgw3ONY/XhYvfZ9r7W1l pNQdc2G+o4Di9NPFHQQhDw3YTRR1opJaTlRDzxYxzU6ZnUUBghxt9cwUWTpfCktkMZiPSDGd KgQBjnweV2jw9UOTxjb4LXqDjmSNkjDdQUOU69jGMUXgihvo4zhYcMX8F5gWdRtMR7DzW/YE BgVcyxNkMIXoY1aYj6npHYiNQesQlqjU6azjbH70/SXKM5tNRplgW8TNprMDuntdvV9wNkFs 9TyM02V5aWxFfI42+aivc4KEw69SE9KXwC7FSf5wXzuTot97N9Phj/Z3+jx443jo2NR34XgF 89cct7wJMjOF7bBefo0fPPZQuIma0Zym71cP61OP/i11ahNye6HGKfxGCOcs5wW9kRQEk8P9 M/k2wt3mt/fCQnuP/mWutNPt95w9wSsUyATLmtNrwccz63XOwU0EVcufkQEQAOfX3n0g0fZz Bgm/S2zF/kxQKCEKP8ID+Vz8sy2GpDvveBq4H2Y34XWsT1zLJdvqPI4af4ZSMxuerWjXbVWb T6d4odQIG0fKx4F8NccDqbgHeZRNajXeeJ3R7gAzvWvQNLz4piHrO/B4tf8svmRBL0ZB5P5A 2uhdwLU3NZuK22zpNn4is87BPWF8HhY0L5fafgDMOqnf4guJVJPYNPhUFzXUbPqOKOkL8ojk CXxkOFHAbjstSK5Ca3fKquY3rdX3DNo+EL7FvAiw1mUtS+5GeYE+RMnDCsVFm/C7kY8c2d0G NWkB9pJM5+mnIoFNxy7YBcldYATVeOHoY4LyaUWNnAvFYWp08dHWfZo9WCiJMuTfgtH9tc75 7QanMVdPt6fDK8UUXIBLQ2TWr/sQKE9xtFuEmoQGlE1l6bGaDnnMLcYu+Asp3kDT0w4zYGsx 5r6XQVRH4+5N6eHZiaeYtFOujp5n+pjBaQK7wUUjDilPQ5QMzIuCL4YjVoylWiBNknvQWBXS lQCWmavOT9sttGQXdPCC5ynI+1ymZC1ORZKANLnRAb0NH/UCzcsstw2TAkFnMEbo9Zu9w7Kv AxBQXWeXhJI9XQssfrf4Gusdqx8nPEpfOqCtbbwJMATbHyqLt7/oz/5deGuwxgb65pWIzufa N7eop7uh+6bezi+rugUI+w6DABEBAAHCwXwEGAEIACYCGwwWIQQb2cqtc1xMOkYN/MpN3hD3 AP+DWgUCXw7HsgUJEqkpoQAKCRBN3hD3AP+DWrrpD/4qS3dyVRxDcDHIlmguXjC1Q5tZTwNB boaBTPHSy/Nksu0eY7x6HfQJ3xajVH32Ms6t1trDQmPx2iP5+7iDsb7OKAb5eOS8h+BEBDeq 3ecsQDv0fFJOA9ag5O3LLNk+3x3q7e0uo06XMaY7UHS341ozXUUI7wC7iKfoUTv03iO9El5f XpNMx/YrIMduZ2+nd9Di7o5+KIwlb2mAB9sTNHdMrXesX8eBL6T9b+MZJk+mZuPxKNVfEQMQ a5SxUEADIPQTPNvBewdeI80yeOCrN+Zzwy/Mrx9EPeu59Y5vSJOx/z6OUImD/GhX7Xvkt3kq Er5KTrJz3++B6SH9pum9PuoE/k+nntJkNMmQpR4MCBaV/J9gIOPGodDKnjdng+mXliF3Ptu6 3oxc2RCyGzTlxyMwuc2U5Q7KtUNTdDe8T0uE+9b8BLMVQDDfJjqY0VVqSUwImzTDLX9S4g/8 kC4HRcclk8hpyhY2jKGluZO0awwTIMgVEzmTyBphDg/Gx7dZU1Xf8HFuE+UZ5UDHDTnwgv7E th6RC9+WrhDNspZ9fJjKWRbveQgUFCpe1sa77LAw+XFrKmBHXp9ZVIe90RMe2tRL06BGiRZr jPrnvUsUUsjRoRNJjKKA/REq+sAnhkNPPZ/NNMjaZ5b8Tovi8C0tmxiCHaQYqj7G2rgnT0kt WNyWQQ== Organization: Red Hat In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 46A4CC0010 X-Rspam-User: X-Stat-Signature: jsgdn3nerm6a8pgmwrqiattdpqcb74pq X-Rspamd-Server: rspam01 X-HE-Tag: 1709118697-178861 X-HE-Meta: U2FsdGVkX1+iP0RZZRFVZExjivXAHqhWPHfLFFKuNHV7Jp8WZHSBeBxfHVZBnkzXFiV+u0cSvjqmH0eK0infP7kmM8jQ/3vkPhfRHdFFgHysEnG5RhvkeI+46RVJRf5VrRz77+ArgxgKj3nrBpS3S9DJHQXmhIMz1VshUDak0mCEQQEuVrH32U6MHrAgR3TogxiXHU0w1Pu0gN5cU2Kt83L9S01+5SFdcO3Fj67zGATbRGCDxniDDYVYF3FGh4ZMyt/0ZACen3WMbFLSX6Gc5/NKoJaEcyIWLI6wHIUI0SfwicfmBgY0DcncuBK9meQ1vS4egy92tI8nny4aFHCAac3Sg+lPps47M7Uh85PPd8UwPouIcpLdceJ4mFtmzSTC788fgL24CYbGci1qSIFa+HYmLH/l3N5uvKyoPMippnVfguAH2s5aVx7OR4fpBoOAZSBaJhckE38sFPF+k40dh391uoqlz+321PoWpIINnVs7tgh7jEpkNfIgCgzJunUDJLdP/C58Sm+CsneZ6CRlgOhMz36wP2kViscqoywZlSzW+2bgTAVCOx4zpPWHY1OpUOwmXtrF0yWCIPUMSo1z5YlVsj3RdiT3LVZMd5GNSkOjqTCfWK/hW0OOAbqonyrItrH1mjxbe+nbsHeUIIUsfrIvW5i08R53/gEnBJvXM1gLBe8oS/noHu8eyheu0ju9uThe0XGhVJfs1ALsIWe160QmsMyzXnCOeAvlQTX06VEtakeHpu0ccw7nVeKyQpALDk2iqLMmMup0Fax59ZuxIFEnyqyTvC13wh8PCsYerbNho4teHqQefblRwUqeeGY8sr4ojBvW2GiVUcUHpYRMrT/Ex34ayPKruJ3tmu32zuJgsJx6IG0UknqSVZAdHC98lMFp/rfa6IGPphDIPiAzGHjIbgyX5hJLC2W7Wx8Ph77WGZeyCe9+XsG7qJT9XL3vMRZlmx+S8IjDbTGSfOP 3kWgg+i7 WKbYztX3piTq2i86Tt66B5ovz6ymqQwbajRPn5Hc7Sc5dsuSClwquYdkD8ryj5y2Tq3zr3JcjVhcSFnHKBeOaOLIqyAHLniBwJIj3NUHdMlhs80AsuhuIKGqZARGhRSYFDOkL6VqUJ2SVB+OclfgEF9MK9T3X3H6Pwo/j3CIF7mHFRrDZLr1DYAabItTQSdlKqrmHecDHGYUhICkAv1WUS2MTt7tPv6OOJA0Ypl7AMomww2Kybshc2QHF/Xy3wsiMLFlXGDc/BNUAP7QBR+GD5NjxH6HxGfaQdViYzZad6eUG4Q9/y8dKlcb9WLo2TYVmWfvCjyj+Z5KjW0p9JXKhMFTP5yb9pABqh7mg986O9cSVKk4CpopLdq6q9i6iDwf9Jj1xDG+k0Zi4I4DJxNfvwjijRN1y0KTxc/KBfl9ov3F7ZVnTF/xYG1k6l0fChs9F+w5bkcrmOZKHb6qIN0kNoZnqGr4i8MFCb1n6vZNwUovT9mj2LyGawW/iqWTmRtqJwN/HBonTWJQsjzyi6e0KsLPPB+c/DsM+yC7whDwKZ1kLGL6t3dfjkmFdjw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 28.02.24 11:48, Quentin Perret wrote: > On Tuesday 27 Feb 2024 at 15:59:37 (+0100), David Hildenbrand wrote: >>> >>> Ah, this was something I hadn't thought about. I think both Fuad and I >>> need to update our series to check the refcount rather than mapcount >>> (kvm_is_gmem_mapped for Fuad, gunyah_folio_lend_safe for me). >> >> An alternative might be !folio_mapped() && !folio_maybe_dma_pinned(). But >> checking for any unexpected references might be better (there are still some >> GUP users that don't use FOLL_PIN). > > As a non-mm person I'm not sure to understand to consequences of holding > a GUP pin to a page that is not covered by any VMA. The absence of VMAs > imply that userspace cannot access the page right? Presumably the kernel > can't be coerced into accessing that page either? Is that correct? Simple example: register the page using an iouring fixed buffer, then unmap the VMA. iouring now has the page pinned and can read/write it using an address in the kernel vitual address space (direct map). Then, you can happily make the kernel read/write that page using iouring, even though no VMA still covers/maps that page. [...] >> Instead of >> >> 1) Converting a page to private only if there are no unexpected >> references (no mappings, GUP pins, ...) and no VMAs covering it where >> we could fault it in later >> 2) Disallowing mmap when the range would contain any private page >> 3) Handling races between mmap and page conversion > > The one thing that makes the second option cleaner from a userspace > perspective (IMO) is that the conversion to private is happening lazily > during guest faults. So whether or not an mmapped page can indeed be > accessed from userspace will be entirely undeterministic as it depends > on the guest faulting pattern which userspace is entirely unaware of. > Elliot's suggestion would prevent spurious crashes caused by that > somewhat odd behaviour, though arguably sane userspace software > shouldn't be doing that to start with. The last sentence is the important one. User space should not access that memory. If it does, it gets a slap on the hand. Because it should not access that memory. We might even be able to export to user space which pages are currently accessible and which ones not (e.g., pagemap), although it would be racy as long as the VM is running and can trigger a conversion. > > To add a layer of paint to the shed, the usage of SIGBUS for > something that is really a permission access problem doesn't feel SIGBUS stands for "BUS error (bad memory access)." Which makes sense, if you try accessing something that can no longer be accessed. It's now inaccessible. Even if it is temporarily. Just like a page with an MCE error. Swapin errors. Etc. You cannot access it. It might be a permission problem on the pKVM side, but it's not the traditional "permission problem" as in mprotect() and friends. You cannot resolve that permission problem yourself. It's a higher entity that turned that memory inaccessible. > appropriate. Allocating memory via guestmem and donating that to a > protected guest is a way for userspace to voluntarily relinquish access > permissions to the memory it allocated. So a userspace process violating > that could, IMO, reasonably expect a SEGV instead of SIGBUS. By the > point that signal would be sent, the page would have been accounted > against that userspace process, so not sure the paging examples that > were discussed earlier are exactly comparable. To illustrate that > differently, given that pKVM and Gunyah use MMU-based protection, there > is nothing architecturally that prevents a guest from sharing a page > back with Linux as RO. Sure, then allow page faults that allow for reads and give a signal on write faults. In the scenario, it even makes more sense to not constantly require new mmap's from user space just to access a now-shared page. > Note that we don't currently support this, so I > don't want to conflate this use case, but that hopefully makes it a > little more obvious that this is a "there is a page, but you don't > currently have the permission to access it" problem rather than "sorry > but we ran out of pages" problem. We could user other signals, at least as the semantics are clear and it's documented. Maybe SIGSEGV would be warranted. I consider that a minor detail, though. Requiring mmap()/munmap() dances just to access a page that is now shared from user space sounds a bit suboptimal. But I don't know all the details of the user space implementation. "mmap() the whole thing once and only access what you are supposed to access" sounds reasonable to me. If you don't play by the rules, you get a signal. But I'm happy to learn more details. -- Cheers, David / dhildenb