From: Nadav Amit <nadav.amit@gmail.com>
To: Peter Xu <peterx@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Andrea Arcangeli <aarcange@redhat.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] userfaultfd: mark uffd_wp regardless of VM_WRITE flag
Date: Thu, 17 Feb 2022 18:23:14 -0800 [thread overview]
Message-ID: <BDBC90F4-22E1-48CC-9DB8-773C044F0231@gmail.com> (raw)
In-Reply-To: <Yg79WMuYLS1sxASL@xz-m1.local>
> On Feb 17, 2022, at 5:58 PM, Peter Xu <peterx@redhat.com> wrote:
>
> Hello, Nadav,
>
> On Thu, Feb 17, 2022 at 09:16:02PM +0000, Nadav Amit wrote:
>> From: Nadav Amit <namit@vmware.com>
>>
>> When a PTE is set by UFFD operations such as UFFDIO_COPY, the PTE is
>> currently only marked as write-protected if the VMA has VM_WRITE flag
>> set. This seems incorrect or at least would be unexpected by the users.
>>
>> Consider the following sequence of operations that are being performed
>> on a certain page:
>>
>> mprotect(PROT_READ)
>> UFFDIO_COPY(UFFDIO_COPY_MODE_WP)
>> mprotect(PROT_READ|PROT_WRITE)
>
> No objection to the patch, however I'm wondering why this is a valid use
> case because mprotect seems to be conflict with uffd, because AFAICT
> mprotect(PROT_READ|PROT_WRITE) can already grant write bit.
>
> In change_pte_range():
>
> if (dirty_accountable && pte_dirty(ptent) &&
> (pte_soft_dirty(ptent) ||
> !(vma->vm_flags & VM_SOFTDIRTY))) {
> ptent = pte_mkwrite(ptent);
> }
I think you are right, and an additional patch is needed to prevent
mprotect() from making an entry writable if the PTE has _PAGE_UFFD_WP
set and uffd_wp_resolve was not provided. I missed that.
I’ll post another patch for this one.
>
> PS: I always think here the VM_SOFTDIRTY check is wrong, IMHO it should be:
>
> if (dirty_accountable && pte_dirty(ptent) &&
> (pte_soft_dirty(ptent) ||
> (vma->vm_flags & VM_SOFTDIRTY))) {
> ptent = pte_mkwrite(ptent);
> }
>
> Because when VM_SOFTDIRTY is cleared it means soft dirty enabled. I wanted
> to post a patch but I never yet.
Seems that you are right. Yet, having this wrong code around for
some time raises the concern whether something will break. By the
soft-dirty I saw so far, it seems that it is not commonly used.
> Could I ask why you need mprotect() with uffd?
Sure. I think I mentioned it before, that I want to use userfaultfd
for other processes [1], by having one monitor UFFD for multiple
processes that handles their swap/prefetch activities based on custom
policies.
I try to set the least amount of constraints on what these processes
might do, and mprotect() is something they are allowed to do.
I would hopefully send the patches that are required for all of that
and open source my code soon. In the meanwhile I try to upstream the
least controversial parts.
[1] https://lore.kernel.org/linux-mm/YWZCClDorCCM7KMG@t490s/t/
next prev parent reply other threads:[~2022-02-18 2:23 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220217211602.2769-1-namit@vmware.com>
2022-02-17 21:28 ` Nadav Amit
2022-02-18 1:58 ` Peter Xu
2022-02-18 2:23 ` Nadav Amit [this message]
2022-02-18 3:56 ` Peter Xu
2022-02-18 4:00 ` Nadav Amit
2022-02-18 4:05 ` Nadav Amit
2022-03-16 22:05 ` Andrew Morton
2022-03-17 0:11 ` Peter Xu
2022-03-17 0:20 ` Andrew Morton
2022-02-21 6:23 ` Peter Xu
2022-02-28 18:31 ` Nadav Amit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BDBC90F4-22E1-48CC-9DB8-773C044F0231@gmail.com \
--to=nadav.amit@gmail.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linux-mm@kvack.org \
--cc=peterx@redhat.com \
--cc=rppt@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox