From: David Hildenbrand <david@redhat.com>
To: Peter Xu <peterx@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Andrew Morton <akpm@linux-foundation.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Muchun Song <songmuchun@bytedance.com>,
Peter Feiner <pfeiner@google.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: [PATCH v1 2/2] mm/hugetlb: support write-faults in shared mappings
Date: Mon, 8 Aug 2022 18:25:21 +0200 [thread overview]
Message-ID: <8b317ac7-f80e-4aab-4ad1-4e19a1a0740f@redhat.com> (raw)
In-Reply-To: <YvE0OwsyQEL3K5Hm@xz-m1.local>
>> Relying on VM_SHARED to detect MAP_PRIVATE vs. MAP_SHARED is
>> unfortunately wrong.
>>
>> If you're curious, take a look at f83a275dbc5c ("mm: account for
>> MAP_SHARED mappings using VM_MAYSHARE and not VM_SHARED in hugetlbfs")
>> and mmap() code.
>>
>> Long story short: if the file is read-only, we only have VM_MAYSHARE but
>> not VM_SHARED (and consequently also not VM_MAYWRITE).
>
> To ask in another way: if file is RO but mapped RW (mmap() will have
> VM_SHARED cleared but VM_MAYSHARE set), then if we check VM_MAYSHARE here
> won't we grant write bit errornously while we shouldn't? As the user
> doesn't really have write permission to the file.
Thus the VM_WRITE check. :)
I wonder if we should just do it cleanly and introduce the maybe_mkwrite
semantics here as well. Then there is no need for additional VM_WRITE
checks and hugetlb will work just like !hugetlb.
Thoughts?
>
>>
>>>
>>>> + if (unshare)
>>>> + return 0;
>>>
>>> Curious when will this happen especially if we switch to VM_SHARED above.
>>> Shouldn't "unshare" not happen at all on a shared region?
>>
>> FAULT_FLAG_UNSHARE is documented to behave like:
>>
>> "FAULT_FLAG_UNSHARE is ignored and treated like an ordinary read fault
>> when no existing R/O-mapped anonymous page is encountered."
>>
>> It should currently not happen. Focus on should ;)
>
> OK. :)
>
> Then does it also mean that it should be better to turn into
> WARN_ON_ONCE()? It's just that it looks like a valid path if without it.
Well, it should work (and we handle the !hugetlb path) like that as
well. So I'd want to avoid WARN_ON_ONCE() at least for that check.
>
>>
>>>
>>>> + if (WARN_ON_ONCE(!(vma->vm_flags & VM_WRITE)))
>>>> + return VM_FAULT_SIGSEGV;
>>>
>>> I had a feeling that you just want to double check we have write
>>> permission, but IIUC this should be checked far earlier or we'll have
>>> problem. No strong opinion if so, but I'd suggest dropping this one,
>>> otherwise we could add tons of WARN_ON_ONCE() in anywhere in the page fault
>>> stack and they mostly won't trigger at all.
>>
>> Not quite. We usually (!hugetlb) have maybe_mkwrite() all over the
>> place. This is just an indication that we don't have maybe semantics
>> here. But as we also don't have it for hugetlb anon code below, maybe I
>> can just drop it. (or check it for both call paths)
>
> Hmm, this reminded me to wonder how hugetlb handles FOLL_FORCE|FOLL_WRITE
> on RO regions.
>
> Maybe that check is needed, but however instead of warning and sigbus, we
> need to handle it?
We don't support FOLL_FORCE|FOLL_WRITE for hugetlb, but if we would,
we'd need the maybe_mkwrite semantics.
Fortunately I detest private hugetlb mappings / anon hugetlb pages and
couldn't care less about debug access until it's actually a problem for
someone :)
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2022-08-08 16:25 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-05 11:03 [PATCH v1 0/2] mm/hugetlb: fix write-fault handling for " David Hildenbrand
2022-08-05 11:03 ` [PATCH v1 1/2] mm/hugetlb: fix hugetlb not supporting write-notify David Hildenbrand
2022-08-05 18:14 ` Peter Xu
2022-08-05 18:22 ` David Hildenbrand
2022-08-05 18:23 ` Mike Kravetz
2022-08-05 18:25 ` David Hildenbrand
2022-08-05 18:33 ` Mike Kravetz
2022-08-05 18:57 ` David Hildenbrand
2022-08-05 20:48 ` Mike Kravetz
2022-08-05 23:13 ` Peter Xu
2022-08-05 23:33 ` Mike Kravetz
2022-08-08 16:10 ` Peter Xu
2022-08-08 16:36 ` David Hildenbrand
2022-08-08 19:28 ` Peter Xu
2022-08-10 9:29 ` David Hildenbrand
2022-08-05 11:03 ` [PATCH v1 2/2] mm/hugetlb: support write-faults in shared mappings David Hildenbrand
2022-08-05 18:12 ` Peter Xu
2022-08-05 18:20 ` David Hildenbrand
2022-08-08 16:05 ` Peter Xu
2022-08-08 16:25 ` David Hildenbrand [this message]
2022-08-08 20:21 ` Peter Xu
2022-08-08 22:08 ` Peter Xu
2022-08-10 9:37 ` David Hildenbrand
2022-08-10 9:45 ` David Hildenbrand
2022-08-10 19:29 ` Peter Xu
2022-08-10 19:40 ` David Hildenbrand
2022-08-10 19:52 ` Peter Xu
2022-08-10 23:55 ` Mike Kravetz
2022-08-11 8:48 ` David Hildenbrand
2022-08-05 23:08 ` Mike Kravetz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8b317ac7-f80e-4aab-4ad1-4e19a1a0740f@redhat.com \
--to=david@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mike.kravetz@oracle.com \
--cc=peterx@redhat.com \
--cc=pfeiner@google.com \
--cc=songmuchun@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox