From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D825C001DF for ; Thu, 19 Oct 2023 21:45:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D1A3B800C1; Thu, 19 Oct 2023 17:45:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CC97C800BC; Thu, 19 Oct 2023 17:45:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B69E8800C1; Thu, 19 Oct 2023 17:45:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A8242800BC for ; Thu, 19 Oct 2023 17:45:37 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 873351CC27C for ; Thu, 19 Oct 2023 21:45:37 +0000 (UTC) X-FDA: 81363543114.22.9162F75 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) by imf29.hostedemail.com (Postfix) with ESMTP id C275212001E for ; Thu, 19 Oct 2023 21:45:35 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=UHAUBkfz; spf=pass (imf29.hostedemail.com: domain of surenb@google.com designates 209.85.128.182 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697751935; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=IP1bC7NbhmF2aawA3oJIPd9v1uWsSkcLhLCPtpX0r0A=; b=E+eqPwz3pcD+C72ktFEckKZqgqI4TjH50M4gOUz6UzT0xsGQ7LlsRKiiE3va28vCrseRZs 05zSD5MMMyCIZ0/ReYaS3DxPPm8jQ0jMnXBvBvhueHdnQNWAwoGS2NYYClcCXzfcTGCh7M 8mEAqaY4Y4fyXrdE8kKivfJ/XgdtiSg= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=UHAUBkfz; spf=pass (imf29.hostedemail.com: domain of surenb@google.com designates 209.85.128.182 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697751935; a=rsa-sha256; cv=none; b=2A2IR1uc3idBWiBWeIVPuVBvS8PJ2a3fw5qnh11IraSUOqbhWMtyAemfhHqaTGUo9V85/d 9NZJSHt9cQWfR0EeeZd/h9YBLfkfomUVJfuQ/ZxRdSxeYaEjvzCvHbic3U/tKEcqC3TcpK 8FjB7i2qzcobx5ZBBoryH5cCmuFcEP8= Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-5a7af52ee31so1134597b3.2 for ; Thu, 19 Oct 2023 14:45:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697751935; x=1698356735; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=IP1bC7NbhmF2aawA3oJIPd9v1uWsSkcLhLCPtpX0r0A=; b=UHAUBkfzTSTuJeZFoLjhmfittneKTNC+npH1tM2T8YbGSEXGFm81kzsy135aZlneK1 WDwiJ2sOfjqFOT28k1KfndNub2SSqCjWExGzQqu6MZDhARQo3zmZJuEuw1VuU1NCNUxh q8EC3L9vRzRNV64cgHBc1X4rN3ZOMQeV2u9fa3ORx4pasvKQwF3T2RgqPev7HUqJaRCT 9+7Ebt5YHRxZsxlESV+PFSnigfOqWgkzj7XUiTW7+/5r5ot44wCLtCFC3VNdwpVZqFWP Z7TsSsnWRxdIzBavyp002gQN/CPK+A1InaAOQiNC9J0znQSYfRjf85sGTxln24fgdvOC xNKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697751935; x=1698356735; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IP1bC7NbhmF2aawA3oJIPd9v1uWsSkcLhLCPtpX0r0A=; b=vZyrtYNuSMuyNzLuHZiGM1bwv512bmoop0DjFAgesI1jXh9+fh3v4AW7qjmhTp+VaT sZe13EQcCYTpif65ZpBnFu/K04mLvz+cmatHKKnjXYI8z4LEbosBjQUWKjvIyEBsZrnV VqTbCYLODpLzgTvPxABRYAhoDPBzKIOVcNU3VzDSRxb9K3i7CE9FlsD5AUCiQmYih27H KZtiI7vbcMlSx0rXVO1VHZeZgDHDeA425gH7tzQH9RdtIuZ831TOenfXQLtukmyg6Cp+ nLGPlKMv3zeuRa2HOEaGoCU9o81mYLuiWpB3wgolPq6DHiiB6I1lpCqIVYwsqyCrng2T FojQ== X-Gm-Message-State: AOJu0Yzlo8t+jvJ0MgimF1I08dxxmFur5UGF4Xf0XGnGmQz3mLnIQaEF GurKW/0niKQ0liPJ3A6Vl7ny8i5yNoad4sXZQsCV8Q== X-Google-Smtp-Source: AGHT+IHQpr9/cMMwjS8gEZfULIlFEZn8lj2REtPfIGp2Kvw1E3AiUkFVt2rx8GUHTWRSFcl/VKr/jwON6+BOgeRudfE= X-Received: by 2002:a0d:ccc6:0:b0:5a7:af7d:cee7 with SMTP id o189-20020a0dccc6000000b005a7af7dcee7mr164618ywd.6.1697751934417; Thu, 19 Oct 2023 14:45:34 -0700 (PDT) MIME-Version: 1.0 References: <20231009064230.2952396-1-surenb@google.com> <20231009064230.2952396-3-surenb@google.com> <214b78ed-3842-5ba1-fa9c-9fa719fca129@redhat.com> <478697aa-f55c-375a-6888-3abb343c6d9d@redhat.com> <205abf01-9699-ff1c-3e4e-621913ada64e@redhat.com> In-Reply-To: From: Suren Baghdasaryan Date: Thu, 19 Oct 2023 14:45:21 -0700 Message-ID: Subject: Re: [PATCH v3 2/3] userfaultfd: UFFDIO_MOVE uABI To: Peter Xu Cc: David Hildenbrand , Lokesh Gidra , akpm@linux-foundation.org, viro@zeniv.linux.org.uk, brauner@kernel.org, shuah@kernel.org, aarcange@redhat.com, hughd@google.com, mhocko@suse.com, axelrasmussen@google.com, rppt@kernel.org, willy@infradead.org, Liam.Howlett@oracle.com, jannh@google.com, zhangpeng362@huawei.com, bgeffon@google.com, kaleshsingh@google.com, ngeoffray@google.com, jdduke@google.com, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, kernel-team@android.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: C275212001E X-Rspam-User: X-Stat-Signature: euczkfkeap8of3na9u3pwiy75e75adzn X-Rspamd-Server: rspam01 X-HE-Tag: 1697751935-112246 X-HE-Meta: U2FsdGVkX19XegX6nTzHZDv1jJSuRLe6Hvo0CumxrgDCrFv8i5ouGuCxULq/IudYcY4cP7NIFlERRK7sKSNVgIlHidoFhYo+epyitpCR2WfDwoyvz3CS28f3OHyI6DrjZs/87H7klRkQEErDEZtXJZlojMO5+pStxSVaV45LzI0P72X7Igi9w7SMsdzdUd+huwVYEq7n4s7S1b91v5HdAfYBrWnwhc/JDVfVR7jvpqYJVbrzhMhdVdNJlVw7VcZ9nzmmXD3jqc8wPO3K9j5Z6sxiGY6rIkJAuLMegVg2AbxwGWcZkkvB9PX5ld7oSYQpPaCn2Nnpkhvl/7de6sb2w1p8Irgtksc68XqxP5VKFpfUgaKmCVciyJK8wAWHXxG7/5UtmP+hSS+e/4EGLyhCMOi9fPE15T9AxfPs70z5WSO+/mxpAiy6IGA/GEvhI3pFviF9bcD+KjA0JIaSkOLZBBGh9HU0McTEThRe3ZTj9rPXY7HfqGBbk28vH247Vri36vdXkc+VGtAkN7G3PNnE+58h5l4rwjrNhQyzvrxrpnZWI+RUZxvzDkW3GGGc2t8aEUspn4ZJiLWt+dnDP+gO3cISIYErmXp+Hx2C/wMx+hCXbRGWPynQAhPXWAtOqIlTzYlFePZ66LuYR48XWwkMd1WMO30blE45mYbma4IfgMRHkKJUJJ/rL1iZZMMO0c3BuaSvl8ITJTN/j3ukaBh4UVoSbMMBithROrQgiTBPr56KW9eGZDtGLK2sm3sr5rRTQNqFXgBcRUXQ8gjmmP9DbBpUG93/KRfmiviKRfiY+Ap7szhXaxDu0G9Rx8l3ntW8Kcw4V6rCmNe/IKsZOo10waOIURcwjUySgJVhw71BYMNDFuXNmNb3QPEOd2KsdyvHcLVvETYUzYKvrfZLExEzDCb9kmmkjue0TR50B18BNWySqR0uvD8Etxosa+w+tX2p9fls5GpCrRWK4hluu6W pmvT/QUa mgT2OG/KCXeyv6dNo08hVt1WfcyMPkQ0VXV9vGtFa9rSZT1saXmlle4Hk66ov+r64SlWKH0aZPgfMYufsul8F/sUwwWyzb972zYHyLm3uLa5YVhvs11YsJ2cVKyt8sSIPgamis+V/Gv6nUpFXi5POJhvfp9FCd14efdO0BfkThZb/B7t/uCZgxvkpA7YX+llfTJG4J0oSme+TN4F+Ob9XfRj/P06SrykeDh9VlI5j0drCQS/zZlejqs/2N67KnfM/9TiCjMA5MwWtgfv3ePezqqFRX3vM4dzYOA4Wp3VOSmXNTv6Z75Y4HvrxQGiIe+MMCDKUmVo/0XkrylPvrHWJZUS15bH8JFYEDa/5 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Oct 13, 2023 at 9:08=E2=80=AFAM Peter Xu wrote: > > On Fri, Oct 13, 2023 at 11:56:31AM +0200, David Hildenbrand wrote: > > Hi Peter, > > Hi, David, > > > > > > I used to have the same thought with David on whether we can simplify= the > > > design to e.g. limit it to single mm. Then I found that the trickies= t is > > > actually patch 1 together with the anon_vma manipulations, and the pr= oblem > > > is that's not avoidable even if we restrict the api to apply on singl= e mm. > > > > > > What else we can benefit from single mm? One less mmap read lock, bu= t > > > probably that's all we can get; IIUC we need to keep most of the rest= of > > > the code, e.g. pgtable walks, double pgtable lockings, etc. > > > > No existing mechanisms move anon pages between unrelated processes, tha= t > > naturally makes me nervous if we're doing it "just because we can". > > IMHO that's also the potential, when guarded with userfaultfd descriptor > being shared between two processes. > > See below with more comment on the raised concerns. > > > > > > > > > Actually, even though I have no solid clue, but I had a feeling that = there > > > can be some interesting way to leverage this across-mm movement, whil= e > > > keeping things all safe (by e.g. elaborately requiring other proc to = create > > > uffd and deliver to this proc). > > > > Okay, but no real use cases yet. > > I can provide a "not solid" example. I didn't mention it because it's > really something that just popped into my mind when thinking cross-mm, so= I > never discussed with anyone yet nor shared it anywhere. > > Consider VM live upgrade in a generic form (e.g., no VFIO), we can do tha= t > very efficiently with shmem or hugetlbfs, but not yet anonymous. We can = do > extremely efficient postcopy live upgrade now with anonymous if with REMA= P. > > Basically I see it a potential way of moving memory efficiently especiall= y > with thp. > > > > > > > > > Considering Andrea's original version already contains those bits and= all > > > above, I'd vote that we go ahead with supporting two MMs. > > > > You can do nasty things with that, as it stands, on the upstream codeba= se. > > > > If you pin the page in src_mm and move it to dst_mm, you successfully b= roke > > an invariant that "exclusive" means "no other references from other > > processes". That page is marked exclusive but it is, in fact, not exclu= sive. > > It is still exclusive to the dst mm? I see your point, but I think you'r= e > taking exclusiveness altogether with pinning, and IMHO that may not be > always necessary? > > > > > Once you achieved that, you can easily have src_mm not have MMF_HAS_PIN= NED, > > (I suppose you meant dst_mm here) > > > so you can just COW-share that page. Now you successfully broke the > > invariant that COW-shared pages must not be pinned. And you can even tr= igger > > VM_BUG_ONs, like in sanity_check_pinned_pages(). > > Yeah, that's really unfortunate. But frankly, I don't think it's the fau= lt > of this new feature, but the rest. > > Let's imagine if the MMF_HAS_PINNED wasn't proposed as a per-mm flag, but > per-vma, which I don't see why we can't because it's simply a hint so far= . > Then if we apply the same rule here, UFFDIO_REMAP won't even work for > single-mm as long as cross-vma. Then UFFDIO_REMAP as a whole feature will > be NACKed simply because of this.. > > And I don't think anyone can guarantee a per-vma MMF_HAS_PINNED can never > happen, or any further change to pinning solution that may affect this. = So > far it just looks unsafe to remap a pin page to me. > > I don't have a good suggestion here if this is a risk.. I'd think it risk= y > then to do REMAP over pinned pages no matter cross-mm or single-mm. It > means probably we just rule them out: folio_maybe_dma_pinned() may not ev= en > be enough to be safe with fast-gup. We may need page_needs_cow_for_dma() > with proper write_protect_seq no matter cross-mm or single-mm? > > > > > Can it all be fixed? Sure, with more complexity. For something without = clear > > motivation, I'll have to pass. > > I think what you raised is a valid concern, but IMHO it's better fixed no > matter cross-mm or single-mm. What do you think? > > In general, pinning lose its whole point here to me for an userspace eith= er > if it DONTNEEDs it or REMAP it. What would be great to do here is we unp= in > it upon DONTNEED/REMAP/whatever drops the page, because it loses its > coherency anyway, IMHO. > > > > > Once there is real demand, we can revisit it and explore what else we w= ould > > have to take care of (I don't know how memcg behaves when moving betwee= n > > completely unrelated processes, maybe that works as expected, I don't k= now > > and I have no time to spare on reviewing features with no real use case= s) > > and announce it as a new feature. > > Good point. memcg is probably needed.. > > So you reminded me to do a more thorough review against zap/fault paths, = I > think what's missing are (besides page pinning): > > - mem_cgroup_charge()/mem_cgroup_uncharge(): Good point. Will add in the next version. > > (side note: I think folio_throttle_swaprate() is only for when > allocating new pages, so not needed here) > > - check_stable_address_space() (under pgtable lock) Ack. > > - tlb flush > > Hmm???????????????? I can't see anywhere we did tlb flush, batched or > not, either single-mm or cross-mm should need it. Is this missing? As Lokesh pointed out we do that but we don't batch them. I'll try to add batching in the next version. > > > > > > > Note: that (with only reading the documentation) it also kept me wonder= ing > > how the MMs are even implied from > > > > struct uffdio_move { > > __u64 dst; /* Destination of move */ > > __u64 src; /* Source of move */ > > __u64 len; /* Number of bytes to move */ > > __u64 mode; /* Flags controlling behavior of move */ > > __s64 move; /* Number of bytes moved, or negated error */ > > }; > > > > That probably has to be documented as well, in which address space dst = and > > src reside. > > Agreed, some better documentation will never hurt. Dst should be in the = mm > address space that was bound to the userfault descriptor. Src should be = in > the current mm address space. Ack. Will add. Thanks! > > Thanks, > > -- > Peter Xu > > -- > To unsubscribe from this group and stop receiving emails from it, send an= email to kernel-team+unsubscribe@android.com. >