From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED, USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A82EC10F0E for ; Thu, 18 Apr 2019 20:03:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 63655214DA for ; Thu, 18 Apr 2019 20:03:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390089AbfDRUDw (ORCPT ); Thu, 18 Apr 2019 16:03:52 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50984 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726581AbfDRUDv (ORCPT ); Thu, 18 Apr 2019 16:03:51 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9965588AC0; Thu, 18 Apr 2019 20:03:50 +0000 (UTC) Received: from redhat.com (unknown [10.20.6.236]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0957A19C79; Thu, 18 Apr 2019 20:03:44 +0000 (UTC) Date: Thu, 18 Apr 2019 16:03:43 -0400 From: Jerome Glisse To: Peter Xu Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, David Hildenbrand , Hugh Dickins , Maya Gokhale , Pavel Emelyanov , Johannes Weiner , Martin Cracauer , Shaohua Li , Andrea Arcangeli , Mike Kravetz , Denis Plotnikov , Mike Rapoport , Marty McFadden , Mel Gorman , "Kirill A . Shutemov" , "Dr . David Alan Gilbert" Subject: Re: [PATCH v3 07/28] userfaultfd: wp: hook userfault handler to write protection fault Message-ID: <20190418200342.GI3288@redhat.com> References: <20190320020642.4000-1-peterx@redhat.com> <20190320020642.4000-8-peterx@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20190320020642.4000-8-peterx@redhat.com> User-Agent: Mutt/1.11.3 (2019-02-01) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 18 Apr 2019 20:03:51 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 20, 2019 at 10:06:21AM +0800, Peter Xu wrote: > From: Andrea Arcangeli > > There are several cases write protection fault happens. It could be a > write to zero page, swaped page or userfault write protected > page. When the fault happens, there is no way to know if userfault > write protect the page before. Here we just blindly issue a userfault > notification for vma with VM_UFFD_WP regardless if app write protects > it yet. Application should be ready to handle such wp fault. > > v1: From: Shaohua Li > > v2: Handle the userfault in the common do_wp_page. If we get there a > pagetable is present and readonly so no need to do further processing > until we solve the userfault. > > In the swapin case, always swapin as readonly. This will cause false > positive userfaults. We need to decide later if to eliminate them with > a flag like soft-dirty in the swap entry (see _PAGE_SWP_SOFT_DIRTY). > > hugetlbfs wouldn't need to worry about swapouts but and tmpfs would > be handled by a swap entry bit like anonymous memory. > > The main problem with no easy solution to eliminate the false > positives, will be if/when userfaultfd is extended to real filesystem > pagecache. When the pagecache is freed by reclaim we can't leave the > radix tree pinned if the inode and in turn the radix tree is reclaimed > as well. > > The estimation is that full accuracy and lack of false positives could > be easily provided only to anonymous memory (as long as there's no > fork or as long as MADV_DONTFORK is used on the userfaultfd anonymous > range) tmpfs and hugetlbfs, it's most certainly worth to achieve it > but in a later incremental patch. > > v3: Add hooking point for THP wrprotect faults. > > CC: Shaohua Li > Signed-off-by: Andrea Arcangeli > [peterx: don't conditionally drop FAULT_FLAG_WRITE in do_swap_page] > Reviewed-by: Mike Rapoport > Signed-off-by: Peter Xu Reviewed-by: Jérôme Glisse > --- > mm/memory.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/mm/memory.c b/mm/memory.c > index e11ca9dd823f..567686ec086d 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -2483,6 +2483,11 @@ static vm_fault_t do_wp_page(struct vm_fault *vmf) > { > struct vm_area_struct *vma = vmf->vma; > > + if (userfaultfd_wp(vma)) { > + pte_unmap_unlock(vmf->pte, vmf->ptl); > + return handle_userfault(vmf, VM_UFFD_WP); > + } > + > vmf->page = vm_normal_page(vma, vmf->address, vmf->orig_pte); > if (!vmf->page) { > /* > @@ -3684,8 +3689,11 @@ static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf) > /* `inline' is required to avoid gcc 4.1.2 build error */ > static inline vm_fault_t wp_huge_pmd(struct vm_fault *vmf, pmd_t orig_pmd) > { > - if (vma_is_anonymous(vmf->vma)) > + if (vma_is_anonymous(vmf->vma)) { > + if (userfaultfd_wp(vmf->vma)) > + return handle_userfault(vmf, VM_UFFD_WP); > return do_huge_pmd_wp_page(vmf, orig_pmd); > + } > if (vmf->vma->vm_ops->huge_fault) > return vmf->vma->vm_ops->huge_fault(vmf, PE_SIZE_PMD); > > -- > 2.17.1 >