From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8155EC636CC for ; Thu, 16 Feb 2023 01:38:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F08C76B0071; Wed, 15 Feb 2023 20:38:02 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id EB9356B0072; Wed, 15 Feb 2023 20:38:02 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D32266B0073; Wed, 15 Feb 2023 20:38:02 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id C3B6C6B0071 for ; Wed, 15 Feb 2023 20:38:02 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 939B712090C for ; Thu, 16 Feb 2023 01:38:02 +0000 (UTC) X-FDA: 80471444004.10.BD37938 Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181]) by imf24.hostedemail.com (Postfix) with ESMTP id B8A09180013 for ; Thu, 16 Feb 2023 01:38:00 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b="g/BUs5lp"; spf=pass (imf24.hostedemail.com: domain of stevensd@chromium.org designates 209.85.208.181 as permitted sender) smtp.mailfrom=stevensd@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676511480; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=c1gb7pFA3uuNLr0QP1ybdNboYQWaBkpIJxyF97xQTSQ=; b=A4JE2PXmKXakHj9nQVX74438otz1csdN01tnV9B/g+WJ/d7n++bZ9RskPNaCW+5kbGMEFB VWw0r5kW0xOnxya3u43/Kl/Yt5aA+h0MlnP/pfDp/bLFhELTjGCXYO/4W9dMd7GQsEDqVG XqAqW96qcuAI8k/IcrShnAWOdzkTuDw= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b="g/BUs5lp"; spf=pass (imf24.hostedemail.com: domain of stevensd@chromium.org designates 209.85.208.181 as permitted sender) smtp.mailfrom=stevensd@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676511480; a=rsa-sha256; cv=none; b=6jHJj1IIonOpqv/tezDdxcBMHFCTyi3CSlc44Tbem2X6U64wg1q6aL7Boz6Cjcwb4kpBG8 4f6ypKRS4nLHK8Af3sjfCJ3uYcP2kGT3OgDZkeuRJfFdeQmvBaQZSAaliA/zCJNCHN/m4v AeyendaOrECR4NDcjYhc8TjXF7Bnm8s= Received: by mail-lj1-f181.google.com with SMTP id b30so422041ljf.1 for ; Wed, 15 Feb 2023 17:38:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=c1gb7pFA3uuNLr0QP1ybdNboYQWaBkpIJxyF97xQTSQ=; b=g/BUs5lpOlM9DNm2j0z9kM6mq4nPlfw2PXlqHeWAQL8yRnvjO8euZsTSNbbQ+ID0we w9xmD29L1hInhVSv8fcWOpEzCji0fFRGCEvav1l/APdHDrGGCNGfRYWyT3mQeLcr9DGM 6USH5aUqKvSyI658PcAddk0zaXrFuthTVYDPU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=c1gb7pFA3uuNLr0QP1ybdNboYQWaBkpIJxyF97xQTSQ=; b=IuOQ2Cvo+1Pl9bEGT7mynop5W3ViJCwUpR6P2iseTvk1LvrtR8CofmVy84zWGbyHBn BosCxYofXw3C9NyE7B/8nlotQYlVmgg61Z356XjdwDxtiZmX7LEPiqEsf5zd1rm/fo7I 0+vAGTWAGdXpoU5CR489PMpsjHpEjrhCSSm6HVeo8U+4LzQ7Dz1tJ2SkMm/Lwnqvb1P8 uY2txA/W6YfbhqD8v0BFbYUVaZtOP0sB1+GW8SCjZt+V9W0Ad4gKG4M/aHydbez3hoXv AdTZ24tTdz8BmOU24LwNrX+fbvu+mC/b88qurHzSCVeWk9zUvq2WW1ghwYxdukwFbiqG K29w== X-Gm-Message-State: AO0yUKUVPTWCVKuB4aWaxZmaNMQGxOAfIuWoC4qigjKj4PsyZZlfYMJa 8BwDBSX2/DLa/AHxbSHuRNEgv5lyr9l1mhmCr7zkyQ== X-Google-Smtp-Source: AK7set+gBJONBpA9Onnj/t8xDxrLPmJfa/WvF2REtJs1J/ZDTIgmDyQ91I/kmqvhcF0p4ue7+WOTpp/MH58bTwJRfYU= X-Received: by 2002:a05:651c:1714:b0:293:2d18:36a0 with SMTP id be20-20020a05651c171400b002932d1836a0mr1211893ljb.3.1676511478831; Wed, 15 Feb 2023 17:37:58 -0800 (PST) MIME-Version: 1.0 References: <20230214075710.2401855-1-stevensd@google.com> <20230214075710.2401855-2-stevensd@google.com> In-Reply-To: From: David Stevens Date: Thu, 16 Feb 2023 10:37:47 +0900 Message-ID: Subject: Re: [PATCH 2/2] mm/khugepaged: skip shmem with userfaultfd To: Peter Xu Cc: linux-mm@kvack.org, Matthew Wilcox , Andrew Morton , "Kirill A . Shutemov" , Yang Shi , David Hildenbrand , Hugh Dickins , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam03 X-Stat-Signature: 4cbhht1dra9tta1h6xwsxurojifcd7zb X-Rspamd-Queue-Id: B8A09180013 X-HE-Tag: 1676511480-781901 X-HE-Meta: U2FsdGVkX1/XXtcqA0vRr5xxcNJzaqgxgvwhm0oA1iG0ZBAS8fPn2dNZxlg3H9wvqU08bMsb+zE9U39k8TuJ5LA/GyYNUflbcuyNZLbQyZx6cSD1yqE69jG8QdzTzrbP2x7le8+JKBB8CkeCVXGe9GMYj0KWBNuvqnfnrn7qlyt6/9pxtPpkRBUgnaam0ZtiKx/ukooLs2zdxleItse0/srOUAMmOrrgeFBrQTulhAVPr1Bl69rhhEkU/V2LZ4Q/OKm0LzQczuc7t3y6xgsJEx35qZL5x+S+Roe7qEprXem1luKvL1vHbjUf9lboWD/aM3WAd3nOzPsVKBV4sfOxQHHNNhYOvSnNPQaX6VllKzfzzxh5S4bPkhwzFkDFS7h7eHzg/7oXFtvLPIEQi0/eFxQytsZtMy41iZlLQhAeiu2+1T4y9RCx5UDgIDVJVoM53goIwDeSianR4hLDGTfEsBADl9wWsSz7O92YOR0j/uiXGShJrme/26EjmoNm7pEyjww8Se4wxl3EAO77uASNWDemfwN55n66DsB9lAr2VNmddFOsfjt7s15yLmpGv9RwYp4VGjRQHoaLRLm3t9eB8h0WkToXSlOOwTslkmnzGr/DReY6apXln9CRvgjtTnoyLbOqtpw2ddl7saAgYUTccCTHsZeOjOxapWo0YI5hXHFVeFS85zXd8IJ1rujIknGhyoS1dCFXIczg0m6FTpQFCeyknL0GPao3pPARdUdWrPbWCalHwXM2nwVMoiQpuyeSycnBIFULUI6UcM8avfajzyN1hY84hrVJDMqqYLyMRlghyENusddTxYefr/nZST7dZWkpQPZeuDaY99s0LxpgRToqU4KZDT8KFNMfj88Nz3WbuKyT8AWflxneOrTaYnbyE8TvCZZmdR6krQpDapPAt8FDRvF7JIn5lY+MY32GHGDGWFESDesXsgMrmP7h4ilTyH7DdoXbhOAv0N6U3Nj 4ViF+UB0 3I/yBADKcU/rL/PVKBlSxepWpsYgphCmICp22rQSHGwLt0mg5YRXqINvu4S6h03858Gq+VAS0ccoyZJDyUAabHJkFJsZuIgcAMyHSsRahIpJ1Yu7vB+cGCL6rWnsrPibmZNPaXTt/ppzGonElDcW/gins1rGKiBfbSsNCKnAgT5NdXhMO04jwjRJYuphyuwJJBgMI4X+7zQ+XM+8cBnLM0fs6bGYvd1cagwyeCp4SKV4ZojKNptQn4vUUc5vewvmjmI7Xtb/h6g74xmQinHPotk04OcmKxe4rCaaIdS1PkUCghd6S8ETmt1fjP5XtcaoKGTNCvtPss9fnVAc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Feb 16, 2023 at 7:48 AM Peter Xu wrote: > > On Tue, Feb 14, 2023 at 04:57:10PM +0900, David Stevens wrote: > > From: David Stevens > > > > Make sure that collapse_file respects any userfaultfds registered with > > MODE_MISSING. If userspace has any such userfaultfds registered, then > > for any page which it knows to be missing, it may expect a > > UFFD_EVENT_PAGEFAULT. This means collapse_file needs to take care when > > collapsing a shmem range would result in replacing an empty page with a > > THP, so that it doesn't break userfaultfd. > > > > Synchronization when checking for userfaultfds in collapse_file is > > tricky because the mmap locks can't be used to prevent races with the > > registration of new userfaultfds. Instead, we provide synchronization by > > ensuring that userspace cannot observe the fact that pages are missing > > before we check for userfaultfds. Although this allows registration of a > > userfaultfd to race with collapse_file, it ensures that userspace cannot > > observe any pages transition from missing to present after such a race. > > This makes such a race indistinguishable to the collapse occurring > > immediately before the userfaultfd registration. > > > > The first step to provide this synchronization is to stop filling gaps > > during the loop iterating over the target range, since the page cache > > lock can be dropped during that loop. The second step is to fill the > > gaps with XA_RETRY_ENTRY after the page cache lock is acquired the final > > time, to avoid races with accesses to the page cache that only take the > > RCU read lock. > > > > This fix is targeted at khugepaged, but the change also applies to > > MADV_COLLAPSE. MADV_COLLAPSE on a range with a userfaultfd will now > > return EBUSY if there are any missing pages (instead of succeeding on > > shmem and returning EINVAL on anonymous memory). There is also now a > > window during MADV_COLLAPSE where a fault on a missing page will cause > > the syscall to fail with EAGAIN. > > > > The fact that intermediate page cache state can no longer be observed > > before the rollback of a failed collapse is also technically a > > userspace-visible change (via at least SEEK_DATA and SEEK_END), but it > > is exceedingly unlikely that anything relies on being able to observe > > that transient state. > > > > Signed-off-by: David Stevens > > --- > > mm/khugepaged.c | 66 +++++++++++++++++++++++++++++++++++++++++++------ > > 1 file changed, 58 insertions(+), 8 deletions(-) > > > > diff --git a/mm/khugepaged.c b/mm/khugepaged.c > > index b648f1053d95..8c2e2349e883 100644 > > --- a/mm/khugepaged.c > > +++ b/mm/khugepaged.c > > @@ -55,6 +55,7 @@ enum scan_result { > > SCAN_CGROUP_CHARGE_FAIL, > > SCAN_TRUNCATED, > > SCAN_PAGE_HAS_PRIVATE, > > + SCAN_PAGE_FILLED, > > PS: You may want to also touch SCAN_STATUS in huge_memory.h next time. > > > }; > > > > #define CREATE_TRACE_POINTS > > @@ -1725,8 +1726,8 @@ static int retract_page_tables(struct address_space *mapping, pgoff_t pgoff, > > * - allocate and lock a new huge page; > > * - scan page cache replacing old pages with the new one > > * + swap/gup in pages if necessary; > > - * + fill in gaps; > > IIUC it's not a complete removal, but just moved downwards: > > > * + keep old pages around in case rollback is required; > > + * - finalize updates to the page cache; > > + fill in gaps with RETRY entries > + detect race conditions with userfaultfds > > > * - if replacing succeeds: > > * + copy data over; > > * + free old pages; > > @@ -1805,13 +1806,12 @@ static int collapse_file(struct mm_struct *mm, unsigned long addr, > > result = SCAN_TRUNCATED; > > goto xa_locked; > > } > > - xas_set(&xas, index); > > + xas_set(&xas, index + 1); > > } > > if (!shmem_charge(mapping->host, 1)) { > > result = SCAN_FAIL; > > goto xa_locked; > > } > > - xas_store(&xas, hpage); > > nr_none++; > > continue; > > } > > @@ -1970,6 +1970,56 @@ static int collapse_file(struct mm_struct *mm, unsigned long addr, > > put_page(page); > > goto xa_unlocked; > > } > > + > > + if (nr_none) { > > + struct vm_area_struct *vma; > > + int nr_none_check = 0; > > + > > + xas_unlock_irq(&xas); > > + i_mmap_lock_read(mapping); > > + xas_lock_irq(&xas); > > + > > + xas_set(&xas, start); > > + for (index = start; index < end; index++) { > > + if (!xas_next(&xas)) { > > + xas_store(&xas, XA_RETRY_ENTRY); > > + nr_none_check++; > > + } > > + } > > + > > + if (nr_none != nr_none_check) { > > + result = SCAN_PAGE_FILLED; > > + goto immap_locked; > > + } > > + > > + /* > > + * If userspace observed a missing page in a VMA with an armed > > + * userfaultfd, then it might expect a UFFD_EVENT_PAGEFAULT for > > + * that page, so we need to roll back to avoid suppressing such > > + * an event. Any userfaultfds armed after this point will not be > > + * able to observe any missing pages due to the previously > > + * inserted retry entries. > > + */ > > + vma_interval_tree_foreach(vma, &mapping->i_mmap, start, start) { > > + if (userfaultfd_missing(vma)) { > > + result = SCAN_EXCEED_NONE_PTE; > > + goto immap_locked; > > + } > > + } > > + > > +immap_locked: > > + i_mmap_unlock_read(mapping); > > + if (result != SCAN_SUCCEED) { > > + xas_set(&xas, start); > > + for (index = start; index < end; index++) { > > + if (xas_next(&xas) == XA_RETRY_ENTRY) > > + xas_store(&xas, NULL); > > + } > > + > > + goto xa_locked; > > + } > > + } > > + > > Until here, all look fine to me (ignoring patch 1 for now; assuming the > hpage is always uptodate). > > My question is after here we'll release page cache lock again before > try_to_unmap_flush(), but is it safe to keep RETRY entries after releasing > page cache lock? It means other threads can be spinning. I assume page > lock is always safe and sleepable, but not sure about the page cache lock > here. We insert the multi-index entry for hpage before releasing the page cache lock, which should replace all of the XA_RETRY_ENTRYs. So the page cache will be fully up to date when we release the lock, at least in terms of which pages it contains. -David