From: David Hildenbrand <david@redhat.com>
To: Peter Xu <peterx@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Andrea Arcangeli <aarcange@redhat.com>,
Axel Rasmussen <axelrasmussen@google.com>,
Ives van Hoorne <ives@codesandbox.io>,
Nadav Amit <nadav.amit@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
stable@vger.kernel.org
Subject: Re: [PATCH v2 1/2] mm/migrate: Fix read-only page got writable when recover pte
Date: Tue, 15 Nov 2022 18:54:09 +0100 [thread overview]
Message-ID: <2ed12722-2359-cb07-53e7-566d959d311e@redhat.com> (raw)
In-Reply-To: <82d7a142-8c78-4168-37e9-7b677b18987a@redhat.com>
On 15.11.22 18:22, David Hildenbrand wrote:
>>> I consider UFFD-wp a special case: while the default VMA protection might
>>> state that it is writable, you actually want individual PTEs to be
>>> write-protected and have to manually remove the protection.
>>>
>>> softdirty tracking is another special case: however, softdirty tracking is
>>> enabled for the whole VMA. For remove_migration_pte() that should be fine (I
>>> guess) because writenotify is active when the VMA needs to track softdirty
>>> bits, and consequently vma->vm_page_prot has the proper default permissions.
>>>
>>>
>>> I wonder if the following (valid), for example is possible:
>>>
>>>
>>> 1) clear_refs() clears VM_SOFTDIRTY and pte_wrprotect() the pte.
>>> -> writenotify is active and vma->vm_page_prot updated accordingly
>>>
>>> VM_SOFTDIRTY is reset due to VMA merging and vma->vm_page_prot is updated
>>> accordingly. See mmap_region() where we set VM_SOFTDIRTY.
>>>
>>> If you now migrate the (still write-protected in the PTE) page, it was not
>>> writable, but it can be writable on the destination.
>>
>> I didn't even notice merging could work with soft-dirty enabled, that's
>> interesting to know.
>>
>> Yes I think it's possible and I agree it's safe, as VM_SOFTDIRTY is set for
>> the merged vma so afaiu the write bit is safe to set. We get a bunch of
>> false positives but that's how soft-dirty works.
>>
>> I think the whole problem is easier if we see this at a higher level.
>> You're discussing this from vma pov and it's fair to do so, at least I
>> agree with what you mentioned so far and I can't see anything outside
>> uffd-wp that can be affected. However, it is also true when you noticed we
>> already have quite a few paragraphs trying to discuss the safety for this
>> and that, that's the part where I think we need justification and it's not
>> that "natural".
Forgot to reply to that part:
No it isn't natural. But sneaking such a change into your fix seems
wrong. Touching !uffd-wp code should be separate, if we want to do this
at all (as we discussed, maybe the better/cleaner approach is to
eliminate writable migration entries if possible).
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2022-11-15 17:54 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-10 20:31 [PATCH v2 0/2] mm/migrate: Fix writable pte for read migration entry Peter Xu
2022-11-10 20:31 ` [PATCH v2 1/2] mm/migrate: Fix read-only page got writable when recover pte Peter Xu
2022-11-10 21:28 ` Nadav Amit
2022-11-10 22:09 ` Peter Xu
2022-11-10 21:53 ` Ives van Hoorne
2022-11-10 22:08 ` Peter Xu
2022-11-10 23:42 ` Alistair Popple
2022-11-13 23:56 ` Peter Xu
2022-11-14 6:22 ` Alistair Popple
2022-11-14 16:09 ` David Hildenbrand
2022-11-14 20:09 ` Peter Xu
2022-11-15 9:13 ` David Hildenbrand
2022-11-15 16:08 ` Peter Xu
2022-11-15 17:22 ` David Hildenbrand
2022-11-15 17:54 ` David Hildenbrand [this message]
2022-11-15 18:11 ` Peter Xu
2022-11-15 18:16 ` David Hildenbrand
2022-11-15 18:03 ` Peter Xu
2022-11-15 18:08 ` David Hildenbrand
2022-11-10 20:31 ` [PATCH v2 2/2] mm/uffd: Sanity check write bit for uffd-wp protected ptes Peter Xu
2022-11-11 22:06 ` kernel test robot
2022-11-13 22:33 ` Peter Xu
2022-11-12 2:59 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2ed12722-2359-cb07-53e7-566d959d311e@redhat.com \
--to=david@redhat.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=axelrasmussen@google.com \
--cc=ives@codesandbox.io \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nadav.amit@gmail.com \
--cc=peterx@redhat.com \
--cc=rppt@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox