From: Andrea Arcangeli <aarcange@redhat.com>
To: Jerome Glisse <jglisse@redhat.com>
Cc: Jan Kara <jack@suse.cz>,
kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org, linux-mm@kvack.org
Subject: Re: [RFC PATCH V2 5/5] vhost: access vq metadata through kernel virtual address
Date: Thu, 7 Mar 2019 14:38:38 -0500 [thread overview]
Message-ID: <20190307193838.GQ23850@redhat.com> (raw)
In-Reply-To: <20190307190910.GE3835@redhat.com>
On Thu, Mar 07, 2019 at 02:09:10PM -0500, Jerome Glisse wrote:
> I thought this patch was only for anonymous memory ie not file back ?
Yes, the other common usages are on hugetlbfs/tmpfs that also don't
need to implement writeback and are obviously safe too.
> If so then set dirty is mostly useless it would only be use for swap
> but for this you can use an unlock version to set the page dirty.
It's not a practical issue but a security issue perhaps: you can
change the KVM userland to run on VM_SHARED ext4 as guest physical
memory, you could do that with the qemu command line that is used to
place it on tmpfs or hugetlbfs for example and some proprietary KVM
userland may do for other reasons. In general it shouldn't be possible
to crash the kernel with this, and it wouldn't be nice to fail if
somebody decides to put VM_SHARED ext4 (we could easily allow vhost
ring only backed by anon or tmpfs or hugetlbfs to solve this of
course).
It sounds like we should at least optimize away the _lock from
set_page_dirty if it's anon/hugetlbfs/tmpfs, would be nice if there
was a clean way to do that.
Now assuming we don't nak the use on ext4 VM_SHARED and we stick to
set_page_dirty_lock for such case: could you recap how that
__writepage ext4 crash was solved if try_to_free_buffers() run on a
pinned GUP page (in our vhost case try_to_unmap would have gotten rid
of the pins through the mmu notifier and the page would have been
freed just fine).
The first two things that come to mind is that we can easily forbid
the try_to_free_buffers() if the page might be pinned by GUP, it has
false positives with the speculative pagecache lookups but it cannot
give false negatives. We use those checks to know when a page is
pinned by GUP, for example, where we cannot merge KSM pages with gup
pins etc... However what if the elevated refcount wasn't there when
try_to_free_buffers run and is there when __remove_mapping runs?
What I mean is that it sounds easy to forbid try_to_free_buffers for
the long term pins, but that still won't prevent the same exact issue
for a transient pin (except the window to trigger it will be much smaller).
I basically don't see how long term GUP pins breaks stuff in ext4
while transient short term GUP pins like O_DIRECT don't. The VM code
isn't able to disambiguate if the pin is short or long term and it
won't even be able to tell the difference between a GUP pin (long or
short term) and a speculative get_page_unless_zero run by the
pagecache speculative pagecache lookup. Even a random speculative
pagecache lookup that runs just before __remove_mapping, can cause
__remove_mapping to fail despite try_to_free_buffers() succeeded
before it (like if there was a transient or long term GUP
pin). speculative lookup that can happen across all page struct at all
times and they will cause page_ref_freeze in __remove_mapping to
fail.
I'm sure I'm missing details on the ext4 __writepage problem and how
set_page_dirty_lock broke stuff with long term GUP pins, so I'm
asking...
Thanks!
Andrea
next prev parent reply other threads:[~2019-03-07 19:38 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-06 7:18 [RFC PATCH V2 0/5] vhost: accelerate metadata access through vmap() Jason Wang
2019-03-06 7:18 ` [RFC PATCH V2 1/5] vhost: generalize adding used elem Jason Wang
2019-03-06 7:18 ` [RFC PATCH V2 2/5] vhost: fine grain userspace memory accessors Jason Wang
2019-03-06 7:18 ` [RFC PATCH V2 3/5] vhost: rename vq_iotlb_prefetch() to vq_meta_prefetch() Jason Wang
2019-03-06 7:18 ` [RFC PATCH V2 4/5] vhost: introduce helpers to get the size of metadata area Jason Wang
2019-03-06 7:18 ` [RFC PATCH V2 5/5] vhost: access vq metadata through kernel virtual address Jason Wang
[not found] ` <1551856692-3384-3-git-send-email-jasowang@redhat.com>
2019-03-06 10:45 ` [RFC PATCH V2 2/5] vhost: fine grain userspace memory accessors Christophe de Dinechin
[not found] ` <4C1386C5-F153-43DD-8B14-CC752FA5A07A@dinechin.org>
2019-03-07 2:38 ` Jason Wang
[not found] ` <1551856692-3384-5-git-send-email-jasowang@redhat.com>
2019-03-06 10:56 ` [RFC PATCH V2 4/5] vhost: introduce helpers to get the size of metadata area Christophe de Dinechin
[not found] ` <608E47C2-5130-41DE-9D52-02807EBCDD43@dinechin.org>
2019-03-07 2:40 ` Jason Wang
[not found] ` <CAFqt6zYynfCn_SG6w98dHMA5rS6euPb+ihXtQcALE47K0LQb7g@mail.gmail.com>
2019-03-07 2:42 ` Jason Wang
[not found] ` <1551856692-3384-6-git-send-email-jasowang@redhat.com>
2019-03-06 16:31 ` [RFC PATCH V2 5/5] vhost: access vq metadata through kernel virtual address Michael S. Tsirkin
[not found] ` <20190306092837-mutt-send-email-mst@kernel.org>
2019-03-07 2:45 ` Jason Wang
[not found] ` <15105894-4ec1-1ed0-1976-7b68ed9eeeda@redhat.com>
2019-03-07 15:34 ` Michael S. Tsirkin
[not found] ` <20190307101708-mutt-send-email-mst@kernel.org>
2019-03-07 19:09 ` Jerome Glisse
[not found] ` <20190307190910.GE3835@redhat.com>
2019-03-07 19:38 ` Andrea Arcangeli [this message]
2019-03-07 20:17 ` Jerome Glisse
[not found] ` <20190307201722.GG3835@redhat.com>
2019-03-07 21:27 ` Andrea Arcangeli
[not found] ` <20190307212717.GS23850@redhat.com>
2019-03-08 9:13 ` Jason Wang
[not found] ` <671c4a98-4699-836e-79fc-0ce650c7f701@redhat.com>
2019-03-08 19:11 ` Andrea Arcangeli
[not found] ` <20190308191108.GA26923@redhat.com>
2019-03-11 7:21 ` Jason Wang
2019-03-11 14:45 ` Jan Kara
2019-03-08 8:31 ` Jason Wang
2019-03-07 15:47 ` Michael S. Tsirkin
[not found] ` <20190307103503-mutt-send-email-mst@kernel.org>
2019-03-07 17:56 ` Michael S. Tsirkin
[not found] ` <20190307124700-mutt-send-email-mst@kernel.org>
2019-03-07 19:16 ` Andrea Arcangeli
2019-03-07 19:17 ` Jerome Glisse
[not found] ` <20190307191622.GP23850@redhat.com>
2019-03-08 8:50 ` Jason Wang
2019-03-08 14:58 ` Jerome Glisse
2019-03-08 19:48 ` Andrea Arcangeli
[not found] ` <20190308194845.GC26923@redhat.com>
2019-03-08 20:06 ` Jerome Glisse
2019-03-11 7:40 ` Jason Wang
2019-03-11 12:48 ` Michael S. Tsirkin
[not found] ` <20190311084525-mutt-send-email-mst@kernel.org>
2019-03-11 13:43 ` Andrea Arcangeli
2019-03-12 2:52 ` Jason Wang
2019-03-12 3:50 ` Michael S. Tsirkin
[not found] ` <20190311234956-mutt-send-email-mst@kernel.org>
2019-03-12 7:15 ` Jason Wang
[not found] ` <20190311134305.GC23321@redhat.com>
2019-03-12 2:56 ` Jason Wang
[not found] ` <4979eed5-9e3f-5ee0-f4f4-1a5e2a839b21@redhat.com>
2019-03-12 3:51 ` Michael S. Tsirkin
[not found] ` <20190308145800.GA3661@redhat.com>
2019-03-11 7:18 ` Jason Wang
[not found] ` <20190307191720.GF3835@redhat.com>
2019-03-08 2:21 ` Michael S. Tsirkin
2019-03-08 2:55 ` Jerome Glisse
[not found] ` <20190308025539.GA5562@redhat.com>
2019-03-08 3:16 ` Michael S. Tsirkin
[not found] ` <20190307221549-mutt-send-email-mst@kernel.org>
2019-03-08 3:40 ` Jerome Glisse
[not found] ` <20190308034053.GB5562@redhat.com>
2019-03-08 3:43 ` Michael S. Tsirkin
[not found] ` <20190307224143-mutt-send-email-mst@kernel.org>
2019-03-08 3:45 ` Jerome Glisse
[not found] ` <20190308034540.GC5562@redhat.com>
2019-03-08 9:15 ` Jason Wang
2019-03-08 8:58 ` Jason Wang
[not found] ` <43408100-84d9-a359-3e78-dc65fb7b0ad1@redhat.com>
2019-03-08 12:56 ` Michael S. Tsirkin
[not found] ` <20190308075506-mutt-send-email-mst@kernel.org>
2019-03-08 15:02 ` Jerome Glisse
2019-03-08 19:13 ` Andrea Arcangeli
2019-03-08 14:12 ` [RFC PATCH V2 0/5] vhost: accelerate metadata access through vmap() Christoph Hellwig
[not found] ` <20190308141220.GA21082@infradead.org>
2019-03-11 7:13 ` Jason Wang
[not found] ` <56374231-7ba7-0227-8d6d-4d968d71b4d6@redhat.com>
2019-03-11 13:59 ` Michael S. Tsirkin
[not found] ` <20190311095405-mutt-send-email-mst@kernel.org>
2019-03-11 18:14 ` David Miller
[not found] ` <20190311.111413.1140896328197448401.davem@davemloft.net>
2019-03-12 2:59 ` Jason Wang
[not found] ` <6b6dcc4a-2f08-ba67-0423-35787f3b966c@redhat.com>
2019-03-12 3:52 ` Michael S. Tsirkin
2019-03-12 7:17 ` Jason Wang
[not found] ` <76c353ed-d6de-99a9-76f9-f258074c1462@redhat.com>
2019-03-12 11:54 ` Michael S. Tsirkin
[not found] ` <20190312075033-mutt-send-email-mst@kernel.org>
[not found] ` <1552405610.3083.17.camel@HansenPartnership.com>
2019-03-12 20:04 ` Andrea Arcangeli
[not found] ` <1552424017.14432.11.camel@HansenPartnership.com>
2019-03-12 21:11 ` Andrea Arcangeli
[not found] ` <20190312211117.GB25147@redhat.com>
[not found] ` <1552425555.14432.14.camel@HansenPartnership.com>
2019-03-12 21:53 ` Andrea Arcangeli
[not found] ` <20190312215321.GC25147@redhat.com>
[not found] ` <1552428174.14432.39.camel@HansenPartnership.com>
2019-03-12 22:50 ` Andrea Arcangeli
2019-03-13 16:05 ` Christoph Hellwig
[not found] ` <20190313160529.GB15134@infradead.org>
[not found] ` <1552495028.3022.37.camel@HansenPartnership.com>
2019-03-14 10:42 ` Michael S. Tsirkin
[not found] ` <20190314064004-mutt-send-email-mst@kernel.org>
2019-03-14 13:49 ` Jason Wang
[not found] ` <74015196-2e18-4fe0-50ac-0c9d497315c7@redhat.com>
2019-03-14 19:33 ` Andrea Arcangeli
[not found] ` <20190314193333.GA24542@redhat.com>
2019-03-15 4:39 ` Jason Wang
[not found] ` <1552367685.23859.22.camel@HansenPartnership.com>
2019-03-12 7:51 ` Jason Wang
[not found] ` <f9e52313-0a06-22b6-140c-ded75eecde20@redhat.com>
2019-03-12 7:53 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190307193838.GQ23850@redhat.com \
--to=aarcange@redhat.com \
--cc=jack@suse.cz \
--cc=jglisse@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).