From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96AF5C352A3 for ; Thu, 13 Feb 2020 20:46:32 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 3E077206DB for ; Thu, 13 Feb 2020 20:46:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3E077206DB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 9AB4A6B05AB; Thu, 13 Feb 2020 15:46:31 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 95BAE6B05AD; Thu, 13 Feb 2020 15:46:31 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 873006B05AE; Thu, 13 Feb 2020 15:46:31 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0188.hostedemail.com [216.40.44.188]) by kanga.kvack.org (Postfix) with ESMTP id 6C4BC6B05AB for ; Thu, 13 Feb 2020 15:46:31 -0500 (EST) Received: from smtpin06.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 1045A180AD811 for ; Thu, 13 Feb 2020 20:46:31 +0000 (UTC) X-FDA: 76486286982.06.wash01_72f883089915f X-HE-Tag: wash01_72f883089915f X-Filterd-Recvd-Size: 3633 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by imf05.hostedemail.com (Postfix) with ESMTP for ; Thu, 13 Feb 2020 20:46:29 +0000 (UTC) X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Feb 2020 12:46:28 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,437,1574150400"; d="scan'208";a="313849043" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.202]) by orsmga001.jf.intel.com with ESMTP; 13 Feb 2020 12:46:28 -0800 Date: Thu, 13 Feb 2020 12:46:28 -0800 From: Sean Christopherson To: Christian Borntraeger Cc: Janosch Frank , Andrew Morton , Marc Zyngier , Tom Lendacky , KVM , Cornelia Huck , David Hildenbrand , Thomas Huth , Ulrich Weigand , Claudio Imbrenda , Andrea Arcangeli , linux-s390 , Michael Mueller , Vasily Gorbik , linux-mm@kvack.org, kvm-ppc@vger.kernel.org, Paolo Bonzini Subject: Re: [PATCH 01/35] mm:gup/writeback: add callbacks for inaccessible pages Message-ID: <20200213204628.GE18610@linux.intel.com> References: <20200207113958.7320-1-borntraeger@de.ibm.com> <20200207113958.7320-2-borntraeger@de.ibm.com> <28792269-e053-ac70-a344-45612ee5c729@de.ibm.com> <20200213195602.GD18610@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Feb 13, 2020 at 09:13:35PM +0100, Christian Borntraeger wrote: > > On 13.02.20 20:56, Sean Christopherson wrote: > > On Mon, Feb 10, 2020 at 06:27:04PM +0100, Christian Borntraeger wrote: > > Am I missing a need to do this for the swap/reclaim case? Or is there a > > completely different use case I'm overlooking? > > This is actually to protect the host against a malicious user space. For > example a bad QEMU could simply start direct I/O on such protected memory. > We do not want userspace to be able to trigger I/O errors and thus we > implemented the logic to "whenever somebody accesses that page (gup) or > doing I/O, make sure that this page can be accessed. When the guest tries > to access that page we will wait in the page fault handler for writeback to > have finished and for the page_ref to be the expected value. Ah. I was assuming the pages would unmappable by userspace, enforced by some other mechanism > > > > Tangentially related, hooks here could be quite useful for sanity checking > > the kernel/KVM and/or debugging kernel/KVM bugs. Would it make sense to > > pass a param to arch_make_page_accessible() to provide some information as > > to why the page needs to be made accessible? > > Some kind of enum that can be used optionally to optimize things? Not just optimize, in the case above it'd probably preferable for us to reject a userspace mapping outright, e.g. return -EFAULT if called from gup()/follow(). Debug scenarios might also require differentiating between writeback and "other".