From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65D67C48BF6 for ; Mon, 4 Mar 2024 21:44:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D85EB6B0081; Mon, 4 Mar 2024 16:44:25 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D0ED36B0083; Mon, 4 Mar 2024 16:44:25 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B617E6B0088; Mon, 4 Mar 2024 16:44:25 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id A0E056B0081 for ; Mon, 4 Mar 2024 16:44:25 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 708DE4076C for ; Mon, 4 Mar 2024 21:44:25 +0000 (UTC) X-FDA: 81860685690.24.1031696 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by imf01.hostedemail.com (Postfix) with ESMTP id 304D84000A for ; Mon, 4 Mar 2024 21:44:22 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=quicinc.com header.s=qcppdkim1 header.b=akR5iVBL; spf=pass (imf01.hostedemail.com: domain of quic_eberman@quicinc.com designates 205.220.180.131 as permitted sender) smtp.mailfrom=quic_eberman@quicinc.com; dmarc=pass (policy=none) header.from=quicinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1709588663; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=El06DMQvHJyxIKKDY/bs9Vo40o7B7hw2Rs+SBJ2tHBM=; b=W6fzYyMsRSftLmmhPyNHhXcJ0tpUvwB+fzRlINWsT8d5oIDv4VQORfGTz2DCHQTndTSPxu ygRP8Ks8Vpt5NtieeCqLOZf+ik10MLns4ekQx+Pe2xgEUvTb2p/m465gE94uUe0SyyyH2A ozwUhq48tlTu5LkbVC1dVeFhYapI400= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1709588663; a=rsa-sha256; cv=none; b=UStUd7b5XdcQnoQAi4kcRZcC2WFz9epmtY7y3ULPunmR7oRyueAhOPbU1fu+RiOnmJepS4 jIpmp5ZgE/u17jAw8VHWic4LPBPZ6Gu+13JsiEbo0Feg23fpaUJppWzLzqD9mcuPDqnwbW xHMjU7Ddh5ftES4RXgHk9H0s51x9DWc= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=quicinc.com header.s=qcppdkim1 header.b=akR5iVBL; spf=pass (imf01.hostedemail.com: domain of quic_eberman@quicinc.com designates 205.220.180.131 as permitted sender) smtp.mailfrom=quic_eberman@quicinc.com; dmarc=pass (policy=none) header.from=quicinc.com Received: from pps.filterd (m0279868.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 424LdMin022408; Mon, 4 Mar 2024 21:43:46 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=qcppdkim1; bh=El06DMQvHJyxIKKDY/bs9 Vo40o7B7hw2Rs+SBJ2tHBM=; b=akR5iVBLVaNC8y5fU4hH5Mgk90A3k97IMb4we dHz6+q1x+Z+m7NgtcasBWZxQP1/02BxVRfVhDbtOiIUpxmi0dVvrmC06EagOPiV0 /KZZOBtc2MCFYPqGAdvCjTO6ZeKWzTbZmq5hgjc6BNKYYzvEDsZYTzDj6OYFmTKf bRVlkduLMPnH8DK5eGPsE91xMis4Y2Jtr+MQm+YHgQRicPNW+s2c8V6h9yE742iz X9zZ2wRLgi4T6Y3YVK5b2plfLhVFNv2khTefd8o+K8IQDxvmrcoys3Vyq1uFhXfC XceZWS9cOUaqdp5Ts0S2CFC4OX6PH/ercyPO8wBI2rqyB+gLA== Received: from nasanppmta01.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3wn6qx234s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 21:43:45 +0000 (GMT) Received: from nasanex01b.na.qualcomm.com (nasanex01b.na.qualcomm.com [10.46.141.250]) by NASANPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 424Lhik8015397 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 4 Mar 2024 21:43:44 GMT Received: from hu-eberman-lv.qualcomm.com (10.49.16.6) by nasanex01b.na.qualcomm.com (10.46.141.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Mon, 4 Mar 2024 13:43:43 -0800 Date: Mon, 4 Mar 2024 13:43:43 -0800 From: Elliot Berman To: David Hildenbrand CC: Sean Christopherson , Quentin Perret , Matthew Wilcox , Fuad Tabba , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: Re: Re: folio_mmapped Message-ID: <20240304132732963-0800.eberman@hu-eberman-lv.qualcomm.com> Mail-Followup-To: David Hildenbrand , Sean Christopherson , Quentin Perret , Matthew Wilcox , Fuad Tabba , kvm@vger.kernel.org, kvmarm@lists.linux.dev, pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, viro@zeniv.linux.org.uk, brauner@kernel.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, keirf@google.com, linux-mm@kvack.org References: <925f8f5d-c356-4c20-a6a5-dd7efde5ee86@redhat.com> <755911e5-8d4a-4e24-89c7-a087a26ec5f6@redhat.com> <99a94a42-2781-4d48-8b8c-004e95db6bb5@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: X-Originating-IP: [10.49.16.6] X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nasanex01b.na.qualcomm.com (10.46.141.250) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: r2OsvqXDWNRuVAFSM5_fKjXXZ6SmFPTW X-Proofpoint-ORIG-GUID: r2OsvqXDWNRuVAFSM5_fKjXXZ6SmFPTW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-04_18,2024-03-04_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 suspectscore=0 bulkscore=0 priorityscore=1501 lowpriorityscore=0 phishscore=0 clxscore=1015 adultscore=0 spamscore=0 mlxlogscore=753 impostorscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2403040167 X-Rspamd-Queue-Id: 304D84000A X-Rspam-User: X-Stat-Signature: k61bcua6ythjzghr8sqyy6dhjbq6rxgx X-Rspamd-Server: rspam03 X-HE-Tag: 1709588662-505709 X-HE-Meta: U2FsdGVkX1+vRpGzYJTZqr5kkWyNXQdFYKTnPOQejvFxsw/0ele7FuBlxc/wP4x6qD1If+u65DYHtIKeSH7ObBJdeIsoTT8YhVh3PQ3zq/VDKGl6NcCKSMPPVSDj3REErJyg2CY7AqCT4SkpgacYlFIBsvDa8w7dpIQe6bb74lmYmd6cK4fwrvWtBc1J8Z6yJL/xbcm+LyPG1kOzRYu4h084z4BVgjNzJbkERQlKcxzgz7cTsVneJ9HUYD4IjUoWi2Qn7+61eiI5UoJyzc5mOSPdVli+88hZldMluu/r5BW4xUFCHmU5/MYH1/NANGqhy35sCXuGMV5v82a5WNGWO2w3uUfX1Gv59g919476OppZClarT5b3mQSflpfePaI3fCKdfCcFx63k4nnJoMXSZRS8BSRJogORCmac+ut6KZlXSxD4L9xElxPsYs4sgs8sJwcXJykt3Ixoix5BSn5E0Pf+VByHg4GTxo+JYmgc1nAzW6/HuTfs7mHVEGV0JX7Q/uLqAlFWfwmBeLWXMGj2c1wmCF1MFZmlhc+OLOMqccF5m0JHb5j0NAerOnQKvit9+n5dmcYYVV9YzHSn+8Vo/iMLRC4Qxyo9a+r/YRaC38HSf99app8H+dH6ZVLmXe+egJKSJloXuSR99ZeeI3VaIb44CkgpB/LVfMTQmJueKI+JcoJq9uTqDZSnneEDALU9haBgSnpupt5rM7v3fVp+Y9/zD3BNplUZZJr6Qv00RWaMji6Z082ljGcZzfPEVPNbT3fDVEtvn2JBz3IfYXhlAgE0TNuj/RRlFJJuTK4K3zX6pX1s4awStaComnFKhOzBLs07saolnRIn5xmXjPlC6YwSygWnX342onV0L0uZ0JcHj++V9/NaxpsIEKZdaaSXzg/32YWL5pxekL0pDr3Ry3NKw+kP748/MTI49yPFTHUhaj32RkSnyvchB1E5oZIOoxO9nTOx/gqYg/1VZIx IbA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.022490, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Mar 04, 2024 at 09:17:05PM +0100, David Hildenbrand wrote: > On 04.03.24 20:04, Sean Christopherson wrote: > > On Mon, Mar 04, 2024, Quentin Perret wrote: > > > > As discussed in the sub-thread, that might still be required. > > > > > > > > One could think about completely forbidding GUP on these mmap'ed > > > > guest-memfds. But likely, there might be use cases in the future where you > > > > want to use GUP on shared memory inside a guest_memfd. > > > > > > > > (the iouring example I gave might currently not work because > > > > FOLL_PIN|FOLL_LONGTERM|FOLL_WRITE only works on shmem+hugetlb, and > > > > guest_memfd will likely not be detected as shmem; 8ac268436e6d contains some > > > > details) > > > > > > Perhaps it would be wise to start with GUP being forbidden if the > > > current users do not need it (not sure if that is the case in Android, > > > I'll check) ? We can always relax this constraint later when/if the > > > use-cases arise, which is obviously much harder to do the other way > > > around. > > > > +1000. At least on the KVM side, I would like to be as conservative as possible > > when it comes to letting anything other than the guest access guest_memfd. > > So we'll have to do it similar to any occurrences of "secretmem" in gup.c. > We'll have to see how to marry KVM guest_memfd with core-mm code similar to > e.g., folio_is_secretmem(). > > IIRC, we might not be able to de-reference the actual mapping because it > could get free concurrently ... > > That will then prohibit any kind of GUP access to these pages, including > reading/writing for ptrace/debugging purposes, for core dumping purposes > etc. But at least, you know that nobody was able to optain page references > using GUP that might be used for reading/writing later. Do you have any concerns to add to enum mapping_flags, AS_NOGUP, and replacing folio_is_secretmem() with a test of this bit instead of comparing the a_ops? I think it scales better. Thanks, Elliot