Re: set_page_dirty vs set_page_dirty_lock

[Nick Piggin <nickpiggin@yahoo.com.au>]

Michael S. Tsirkin wrote:
> Quoting Nick Piggin <nickpiggin@yahoo.com.au>:
> 
>>>>>If that works, I can mostly do things directly,
>>>>>although I'm still stuck with the problem of an app performing
>>>>>a fork + write into the same page while I'm doing DMA there.
>>>>>
>>>>>I am currently solving this by doing a second get_user_pages after
>>>>>DMA is done and comparing the page lists, but this, of course,
>>>>>needs a task context ...
>>>>>
>>>>
>>>>Usually we don't care about these kinds of races happening. So long
>>>>as it doesn't oops the kernel or hang the hardware, it is up to
>>>>userspace not to do stuff like that.
>>>
>>>
>>>Note that I am, even, not necessarily talking about full pages
>>>here: an application could be writing to one part of a page
>>>while hardware DMAs another part of it.
>>>So the app is not necessarily buggy.
>>>
>>
>>Sorry, I might have misunderstdood: what's the race? And how does
>>a second get_user_pages solve it?
> 
> 
> Here's what I have in mind:
> 
> A multithreaded app calls recvmsg(2), (or io_submit with receive request),
> passing in a buffer that is not page aligned.
> This does get_user_pages on some page and blocks waiting for DMA to complete.
> 
> Another thread calls fork(2), marking the page for copy on write.
> After fork, it writes (even 1 byte) into one of the pages that were passed
> to recvmsg, possibly even outside the buffer passed to recvmsg.
> This triggers a page copy in the parent process.
> 

OK, yeah if a thread in the parent process writes into the buffer, then
yes this would leave the copy in the parent AFAIKS.

But this is going to do similar weird stuff when racing with copy_to_user
with ethernet recvmsg, is it not? (and direct-io and probably others). As
such, I don't think it would be something you in particular need to worry
about.

I guess to solve it, we could either retain mmap_sem for the duration to
prevent fork, or try to do something tricky with page_count to determine
if we need to do a copy in fork() rather than a COW.

-- 
SUSE Labs, Novell Inc.

Send instant messages to your online friends http://au.messenger.yahoo.com