Re: [PATCH v3 1/3] mm/mprotect: Fix soft-dirty check in can_change_pte_writable()

[David Hildenbrand <david@redhat.com>]

On 21.07.22 20:33, Peter Xu wrote:
> The check wanted to make sure when soft-dirty tracking is enabled we won't
> grant write bit by accident, as a page fault is needed for dirty tracking.
> The intention is correct but we didn't check it right because VM_SOFTDIRTY
> set actually means soft-dirty tracking disabled.  Fix it.
> 
> There's another thing tricky about soft-dirty is that, we can't check the
> vma flag !(vma_flags & VM_SOFTDIRTY) directly but only check it after we
> checked CONFIG_MEM_SOFT_DIRTY because otherwise VM_SOFTDIRTY will be
> defined as zero, and !(vma_flags & VM_SOFTDIRTY) will constantly return
> true.  To avoid misuse, introduce a helper for checking whether vma has
> soft-dirty tracking enabled.
> 


[...]

> 
> Here we attach a Fixes to commit 64fe24a3e05e only for easy tracking, as
> this patch won't apply to a tree before that point.  However the commit
> wasn't the source of problem, it's just that then anonymous memory will
> also suffer from this problem with mprotect().

I'd remove that paragraph and also add

Fixes: 64e455079e1b ("mm: softdirty: enable write notifications on VMAs after VM_SOFTDIRTY cleared")

That introduced this wrong check for pagecache pages AFAIKS.

We don't care if the patch applies before 64fe24a3e05e, if someone wants to
backport the fix, they can just adjust it accordingly.

> 
> Fixes: 64fe24a3e05e ("mm/mprotect: try avoiding write faults for exclusive anonymous pages when changing protection")
> Signed-off-by: Peter Xu <peterx@redhat.com>
> ---
>  mm/internal.h | 18 ++++++++++++++++++
>  mm/mmap.c     |  2 +-
>  mm/mprotect.c |  2 +-
>  3 files changed, 20 insertions(+), 2 deletions(-)
> 
> diff --git a/mm/internal.h b/mm/internal.h
> index 15e8cb118832..e2d442e3c0b2 100644
> --- a/mm/internal.h
> +++ b/mm/internal.h
> @@ -860,4 +860,22 @@ struct folio *try_grab_folio(struct page *page, int refs, unsigned int flags);
>  
>  DECLARE_PER_CPU(struct per_cpu_nodestat, boot_nodestats);
>  
> +static inline bool vma_soft_dirty_enabled(struct vm_area_struct *vma)
> +{
> +	/*
> +	 * NOTE: we must check this before VM_SOFTDIRTY on soft-dirty
> +	 * enablements, because when without soft-dirty being compiled in,
> +	 * VM_SOFTDIRTY is defined as 0x0, then !(vm_flags & VM_SOFTDIRTY)
> +	 * will be constantly true.
> +	 */
> +	if (!IS_ENABLED(CONFIG_MEM_SOFT_DIRTY))
> +		return false;
> +
> +	/*
> +	 * Soft-dirty is kind of special: its tracking is enabled when the
> +	 * vma flags not set.
> +	 */
> +	return !(vma->vm_flags & VM_SOFTDIRTY);
> +}

That will come in handy in other patches I'm cooking.

> +
>  #endif	/* __MM_INTERNAL_H */
> diff --git a/mm/mmap.c b/mm/mmap.c
> index 125e8903c93c..93f9913409ea 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -1518,7 +1518,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma, pgprot_t vm_page_prot)
>  		return 0;
>  
>  	/* Do we need to track softdirty? */
> -	if (IS_ENABLED(CONFIG_MEM_SOFT_DIRTY) && !(vm_flags & VM_SOFTDIRTY))
> +	if (vma_soft_dirty_enabled(vma))
>  		return 1;
>  
>  	/* Specialty mapping? */
> diff --git a/mm/mprotect.c b/mm/mprotect.c
> index 0420c3ed936c..c403e84129d4 100644
> --- a/mm/mprotect.c
> +++ b/mm/mprotect.c
> @@ -49,7 +49,7 @@ static inline bool can_change_pte_writable(struct vm_area_struct *vma,
>  		return false;
>  
>  	/* Do we need write faults for softdirty tracking? */
> -	if ((vma->vm_flags & VM_SOFTDIRTY) && !pte_soft_dirty(pte))
> +	if (vma_soft_dirty_enabled(vma) && !pte_soft_dirty(pte))
>  		return false;
>  
>  	/* Do we need write faults for uffd-wp tracking? */


Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Thanks,

David / dhildenb