From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B29DC77B78 for ; Tue, 2 May 2023 19:07:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F3CF7900002; Tue, 2 May 2023 15:07:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EECC06B0075; Tue, 2 May 2023 15:07:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB3FD900002; Tue, 2 May 2023 15:07:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by kanga.kvack.org (Postfix) with ESMTP id BD4AE6B0072 for ; Tue, 2 May 2023 15:07:39 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683054459; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zGWUypSlNFUZ+/3q2aJ5NcsID04VpGZOZxH889+oKvA=; b=CGVpyhTUXRFHUkjVC8A2APEjmrP6TY6cLwd0dyZUWsAXk95lyFvmtbylmz3xBLPEsv/Ryl RVFdmhICO3zibkTbY8Nug6BGYR8G6elG1+jTfJ6V17jtsK+yaV/yNpn7f3KQNjURT6Ob7m I4ecOwvSaTIt5hjZRCLiesDvIc4tPcw= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-635-iVIsXOYGMRuf7ZZdFv5pfQ-1; Tue, 02 May 2023 15:07:38 -0400 X-MC-Unique: iVIsXOYGMRuf7ZZdFv5pfQ-1 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-306286b3573so1995618f8f.2 for ; Tue, 02 May 2023 12:07:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683054457; x=1685646457; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zGWUypSlNFUZ+/3q2aJ5NcsID04VpGZOZxH889+oKvA=; b=CHDSi3wuj55NblK5DScLIL79nYhfqrwtv9TW3xMAE95LRsQCD5kRkTYpU+VqYlUe/M wErFPtZGd4QZoKZBzN9KkczFT5GKcu7MvkUOpPTbxiw0HWiNGic2dPRDGMT76+T4d8hX +Fpe9D90n2upchoNWN4JSB7dBNmpZTRCZ6P56D3BYw1ft5cDQh5/MuYCw2CuuZ5krTrR hCquhbB7YvEN9gl8eyg2cJz0vO1klrM8tp/TOnvvQOIGCVwlr5MSMZJJ3Hm+bfUg26KR UOynkWGzXkzajd1q2GWXFgtD+1bIomnpBfRRMhFBcg7Ipl60IpprBIKkElbgvu07wPPj s2hA== X-Gm-Message-State: AC+VfDzBHr1xmZy0aCM+wXWHL12Ks6Ke76I+mdC97zCKAS2ebhB9q6N6 6ozdGfSJlw192xathaPnHaoWb7csAwMjWLd8ZYTyhKzWvQIPAV1VLmIy4y7oq0a+c11o97vB8jw iAXXXSzFdc/k= X-Received: by 2002:a5d:6850:0:b0:306:3a1c:daf3 with SMTP id o16-20020a5d6850000000b003063a1cdaf3mr1866219wrw.64.1683054457260; Tue, 02 May 2023 12:07:37 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7+bxVLJbHb4fzO1H8M4bTiWPGLyxb72ysQR7FyMkByTzQ2GEygyTzZRvqjoL+7XafXPBD/Bg== X-Received: by 2002:a5d:6850:0:b0:306:3a1c:daf3 with SMTP id o16-20020a5d6850000000b003063a1cdaf3mr1866155wrw.64.1683054456817; Tue, 02 May 2023 12:07:36 -0700 (PDT) Received: from ?IPV6:2003:cb:c700:2400:6b79:2aa:9602:7016? (p200300cbc70024006b7902aa96027016.dip0.t-ipconnect.de. [2003:cb:c700:2400:6b79:2aa:9602:7016]) by smtp.gmail.com with ESMTPSA id j3-20020a5d6183000000b002faaa9a1721sm31783536wru.58.2023.05.02.12.07.34 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 May 2023 12:07:36 -0700 (PDT) Message-ID: <4c032450-7184-fdb9-7b50-670ff06fc225@redhat.com> Date: Tue, 2 May 2023 21:07:34 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [PATCH v7 3/3] mm/gup: disallow FOLL_LONGTERM GUP-fast writing to file-backed mappings To: Lorenzo Stoakes Cc: Peter Zijlstra , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jason Gunthorpe , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov , Jason Gunthorpe , John Hubbard , Jan Kara , "Kirill A . Shutemov" , Pavel Begunkov , Mika Penttila , Dave Chinner , Theodore Ts'o , Peter Xu , Matthew Rosato , "Paul E . McKenney" , Christian Borntraeger , Mike Rapoport References: <1691115d-dba4-636b-d736-6a20359a67c3@redhat.com> <20230502172231.GH1597538@hirez.programming.kicks-ass.net> <406fd43a-a051-5fbe-6f66-a43f5e7e7573@redhat.com> <3a8c672d-4e6c-4705-9d6c-509d3733eb05@lucifer.local> From: David Hildenbrand Organization: Red Hat In-Reply-To: <3a8c672d-4e6c-4705-9d6c-509d3733eb05@lucifer.local> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 02.05.23 20:17, Lorenzo Stoakes wrote: > On Tue, May 02, 2023 at 07:34:06PM +0200, David Hildenbrand wrote: >> On 02.05.23 19:22, Peter Zijlstra wrote: >>> On Tue, May 02, 2023 at 07:13:49PM +0200, David Hildenbrand wrote: >>>> [...] >>>> >>>>> +{ >>>>> + struct address_space *mapping; >>>>> + >>>>> + /* >>>>> + * GUP-fast disables IRQs - this prevents IPIs from causing page tables >>>>> + * to disappear from under us, as well as preventing RCU grace periods >>>>> + * from making progress (i.e. implying rcu_read_lock()). >>>>> + * >>>>> + * This means we can rely on the folio remaining stable for all >>>>> + * architectures, both those that set CONFIG_MMU_GATHER_RCU_TABLE_FREE >>>>> + * and those that do not. >>>>> + * >>>>> + * We get the added benefit that given inodes, and thus address_space, >>>>> + * objects are RCU freed, we can rely on the mapping remaining stable >>>>> + * here with no risk of a truncation or similar race. >>>>> + */ >>>>> + lockdep_assert_irqs_disabled(); >>>>> + >>>>> + /* >>>>> + * If no mapping can be found, this implies an anonymous or otherwise >>>>> + * non-file backed folio so in this instance we permit the pin. >>>>> + * >>>>> + * shmem and hugetlb mappings do not require dirty-tracking so we >>>>> + * explicitly whitelist these. >>>>> + * >>>>> + * Other non dirty-tracked folios will be picked up on the slow path. >>>>> + */ >>>>> + mapping = folio_mapping(folio); >>>>> + return !mapping || shmem_mapping(mapping) || folio_test_hugetlb(folio); >>>> >>>> "Folios in the swap cache return the swap mapping" -- you might disallow >>>> pinning anonymous pages that are in the swap cache. >>>> >>>> I recall that there are corner cases where we can end up with an anon page >>>> that's mapped writable but still in the swap cache ... so you'd fallback to >>>> the GUP slow path (acceptable for these corner cases, I guess), however >>>> especially the comment is a bit misleading then. >>>> >>>> So I'd suggest not dropping the folio_test_anon() check, or open-coding it >>>> ... which will make this piece of code most certainly easier to get when >>>> staring at folio_mapping(). Or to spell it out in the comment (usually I >>>> prefer code over comments). >>> >>> So how stable is folio->mapping at this point? Can two subsequent reads >>> get different values? (eg. an actual mapping and NULL) >>> >>> If so, folio_mapping() itself seems to be missing a READ_ONCE() to avoid >>> the compiler from emitting the load multiple times. >> >> I can only talk about anon pages in this specific call order here (check >> first, then test if the PTE changed in the meantime): we don't care if we >> get two different values. If we get a different value the second time, >> surely we (temporarily) pinned an anon page that is no longer mapped (freed >> in the meantime). But in that case (even if we read garbage folio->mapping >> and made the wrong call here), we'll detect afterwards that the PTE changed, >> and unpin what we (temporarily) pinned. As folio_test_anon() only checks two >> bits in folio->mapping it's fine, because we won't dereference garbage >> folio->mapping. >> >> With folio_mapping() on !anon and READ_ONCE() ... good question. Kirill said >> it would be fairly stable, but I suspect that it could change (especially if >> we call it before validating if the PTE changed as I described further >> below). >> >> Now, if we read folio->mapping after checking if the page we pinned is still >> mapped (PTE unchanged), at least the page we pinned cannot be reused in the >> meantime. I suspect that we can still read "NULL" on the second read. But >> whatever we dereference from the first read should still be valid, even if >> the second read would have returned NULL ("rcu freeing"). >> > > On a specific point - if mapping turns out to be NULL after we confirm > stable PTE, I'd be inclined to reject and let the slow path take care of > it, would you agree that that's the correct approach? If it's not an anon page and the mapping is NULL, I'd say simply fallback to the slow path. -- Thanks, David / dhildenb