From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E52DCF11F8 for ; Thu, 10 Oct 2024 14:29:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 379E16B0089; Thu, 10 Oct 2024 10:29:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 329F36B008A; Thu, 10 Oct 2024 10:29:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1F15D6B008C; Thu, 10 Oct 2024 10:29:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id EFAA76B0089 for ; Thu, 10 Oct 2024 10:29:20 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id DA01BC02EC for ; Thu, 10 Oct 2024 14:29:16 +0000 (UTC) X-FDA: 82657925280.18.D8BE3BB Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by imf27.hostedemail.com (Postfix) with ESMTP id 92A8240019 for ; Thu, 10 Oct 2024 14:29:17 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=GDavKA8D; spf=pass (imf27.hostedemail.com: domain of tabba@google.com designates 209.85.128.45 as permitted sender) smtp.mailfrom=tabba@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728570488; a=rsa-sha256; cv=none; b=LG9w+2rOT0qpF92WgxEEAPl+xFOEvt/Qh0WTo7IYpLmuvT0xS6x8X1XMDXJIXi2zhiSj1h RVLAkhd0pzyYekr/7mQLfn7gvWxfF92nQIHk/DAFmG8pXpLOQRxMFCWp+0lkwzL68GvnTy IhG18AmfNkQEcpItEwg+wbkfb87J0TY= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=GDavKA8D; spf=pass (imf27.hostedemail.com: domain of tabba@google.com designates 209.85.128.45 as permitted sender) smtp.mailfrom=tabba@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728570488; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8MdpTiU/8iDEZirrA0ytrwejnbRM73TiuqSnyMFm3AI=; b=JRs5lxQI/epjxNUwR6HFZGHcSMswoXOdxLtSXKljL4Uc99nWeE4TBoKPVEvTComn1WEceU 7TW0EL3OniQYM93it8wHKp+8naw0ajep3I/QBcHIE9PA0MnFqqSb3qolLstK+5fSsBeegx ea1CtVZwHFQpAwKFL9SHLlo+MoLCtpg= Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-431157f7e80so222125e9.1 for ; Thu, 10 Oct 2024 07:29:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728570557; x=1729175357; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8MdpTiU/8iDEZirrA0ytrwejnbRM73TiuqSnyMFm3AI=; b=GDavKA8DpOtD/00yfDNOjccAgHoCgwt8xjU0QpUumspAagNzBuUUGC5wwb2vziZWmR pW/cKrPo4NTxW2OtWKXerDXyXGfeLQeYGE2MREMgjDFlUBI0J+gO/mToZ2s9m+hi9M9Z 3cfG5FXheAiYjh8FPT/Q86Usgk3JCRL/AIFIcvuTqzufi8AkQBudrxm5hIR796YGWL8r MIcUDODrZHoEXteXyJT8t9FcpKXHWRXrubLXqk22D091b6HhtrFextgaCBHmYTd1TTKR DK3Ym8lljtlaMCptJmuy/ZDGGlrksrFl+GWfmtM4Ribnom8urfVliomWfOGc1L8LERzV iapA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728570557; x=1729175357; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8MdpTiU/8iDEZirrA0ytrwejnbRM73TiuqSnyMFm3AI=; b=fC552VN9oANeGenliiC9ZpEo7sxbxTZQe/QJogAxtEcWgW4PXRuiI8jv10ktf15ebE rYs4j6NZjK2sSY3sRdxclCIHde07Zm1aT84MzruN45UTHFoounbyHaRqPSkNOO9ZSb96 a9auBrV2atSzDYKuvg8lFu5T+ijyPB/9+a+NCgWY59fo+ceDNvX3A0jfUgdz3SVheXf1 sq4xP0W6wPHQUUARCL1eoF9LjH/tQG5HqXHBfupI1PdFEkO5fByNNIfi1RIMfyVrHMbc spGXK0V2s+Rgj9MUQX3OeOuyEDVd32nmaUSWt81IC31p8H3PjsF2NB3gH/L56dmbcIbK 4aRA== X-Forwarded-Encrypted: i=1; AJvYcCVWhUzZyWRkHunl2vW7C6c/l+nnFjuOY7NWZVF6OFjBy+OBDJuqd3STGF4775RMwr2rH320uwRNQQ==@kvack.org X-Gm-Message-State: AOJu0Yxlzduo/0V4LBN658JyHs8R0M06nBUEZg2WbAv8tDzdJsMHWBgd QTtHYuIsjTbrZ8Y4yAk3yj5UWHRef4r0s4dqIpzOew/5Wddofi/s8e0bdyKw59e7DKTXj1UCuGF B5/K3ZcG3m/R+D/yWiqt+OCK2Ku0rEabpwa4z X-Google-Smtp-Source: AGHT+IGDlV0po9Jumm88kvuGyKalS6PB54bj2tx+G/ByJVCxW8t/jUeSVdSnS+jsqlCX5oBA9QNKb96GtclSgTJJmBc= X-Received: by 2002:a05:600c:1e21:b0:42b:a8fc:3937 with SMTP id 5b1f17b1804b1-431161b4011mr4685945e9.4.1728570556312; Thu, 10 Oct 2024 07:29:16 -0700 (PDT) MIME-Version: 1.0 References: <20241010085930.1546800-1-tabba@google.com> <20241010085930.1546800-5-tabba@google.com> In-Reply-To: From: Fuad Tabba Date: Thu, 10 Oct 2024 15:28:38 +0100 Message-ID: Subject: Re: [PATCH v3 04/11] KVM: guest_memfd: Allow host to mmap guest_memfd() pages when shared To: "Kirill A. Shutemov" Cc: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org, pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: 6g1335cqchmgfyge37egh3uqc5ycchya X-Rspamd-Queue-Id: 92A8240019 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1728570557-205133 X-HE-Meta: U2FsdGVkX1+8Jo1npk+iVWvktT7+ktDj+s5ujxhNjr/mhoYb44E2NPHqwJHfqAJtsJuWIkftiksN2OfG0xAcKjG6+j0cg3b6vhjlp4Z5Szr9nsaqDgJC0bQWIGfM8tFr/Xoq6ee/P3z6jElRxHlf9ywF1ZW7ki3mteN6hrcY7OdvJDEktC0mP4YElDClA7vvnCEMZn8wOTPFgBs8LZFOHVO6Q0BoBKr+KpwCYX1fZyAlH4Ahekvrc/ZNFXs3NV0gmICFwty2D8rrKObzf6q40yJNt2wv7p+G1m4OXCPR3St9BT4Ac+MW6syTHGVV6oe+gJ2hvz1gtuRPVtgudcEG/6JdEB6dMZy6/NBUgkmCYRBcDedYsg8GaEJZlsw1tXVVyp3cUGt1Rx+IzT2T4iA/Wujm2YGBBxacdzFSTcbRl9kfIVzH6D9nEy8yAHHEuE69MLV/hTSvNkt+6V4XS0pgiw6K9N+hL8yuIu/1OvjVZQJDYppTcsT1IL3UPqHUD38XeL638Iv1qAVqx4G2V8mME0YD4zgLOsJDKocWaUofAf3hGxSWWiQk1A5GjVsVW2/O9gcD0lqWGYdzCLVb66AhtI4SbwwaUmQXgF3OHrFIJWMUsbkOLPDmo0dDdw1GekClmtgsB4mbo27k/hFpWn9utINUDvEjAyV6sWF7VZHBwzFxG+HQ8Bjl2YnzYz1qK6rBNGHbStHE04GNEPm9nQlktQghQjFYWUAegBkb5Of54wxx2qh8nnAriRyaoNxIMTDdICVKd8xI7h4Fx7ODJO+sToLbz8TU9V+rizCml2i5OasuNhkpTinr/6ruHNcxKSkHJKQCySiROLoWZvXAK9/0fn5GrmdaC0uInvx+rJlg5ciiIRTlk+dZ3vIKEj5kufmsyZ/1kwVBMiYBcmOx5hCycDmy8+5fLg0zbH5AbFNYr+wqQWRzBvlQjaZiGMfpVm+XIUGykk27AetNi6EGwJz cPzYDdlT YaVMTuK1uRFZAQB9J/KvPrbn/xpvE7Jo9sTJNfdTJxfGo7PfqifGn4+1G/9VjyYpIOFEic5gui7yxWQhhttg6iZek6reom6r43Hcz30E48yXdv1FzRoXTjFJDlLsja5QY0SGa+KeO2MuaEElcGr3t8i6PqBJQWxUCMOt/hbnpYNhP4HeeQ4ugtXSCq1jb6v4NTDO7FgBFrWi+HxH1gEBeiG82bunQvdValDT0/N8z6+dY4NM6Ea8C5J8K8gBt6186HmeZJkrXhztqHCNz4EbGW1xuQa1KwUQyOjSKIJTogtUTCVjY7PpQSqJzDg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.016054, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, 10 Oct 2024 at 13:21, Kirill A. Shutemov wrote: > > On Thu, Oct 10, 2024 at 11:23:55AM +0100, Fuad Tabba wrote: > > Hi Kirill, > > > > On Thu, 10 Oct 2024 at 11:14, Kirill A. Shutemov wrote: > > > > > > On Thu, Oct 10, 2024 at 09:59:23AM +0100, Fuad Tabba wrote: > > > > +out: > > > > + if (ret != VM_FAULT_LOCKED) { > > > > + folio_put(folio); > > > > + folio_unlock(folio); > > > > > > Hm. Here and in few other places you return reference before unlocking. > > > > > > I think it is safe because nobody can (or can they?) remove the page from > > > pagecache while the page is locked so we have at least one refcount on the > > > folie, but it *looks* like a use-after-free bug. > > > > > > Please follow the usual pattern: _unlock() then _put(). > > > > That is deliberate, since these patches rely on the refcount to check > > whether the host has any mappings, and the folio lock in order not to > > race. It's not that it's not safe to decrement the refcount after > > unlocking, but by doing that i cannot rely on the folio lock to ensure > > that there aren't any races between the code added to check whether a > > folio is mappable, and the code that checks whether the refcount is > > safe. It's a tiny window, but it's there. > > > > What do you think? > > I don't think your scheme is race-free either. gmem_clear_mappable() is > going to fail with -EPERM if there's any transient pin on the page. For > instance from any physical memory scanner. I remember discussing this before. One question that I have is, is it possible to get a transient pin while the folio lock is held, or would that have happened before taking the lock? Thanks, /fuad > -- > Kiryl Shutsemau / Kirill A. Shutemov