From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D4D98C5475B
	for <linux-mm@archiver.kernel.org>; Mon, 11 Mar 2024 21:27:11 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 502BE6B009D; Mon, 11 Mar 2024 17:27:11 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 4B3B56B00A1; Mon, 11 Mar 2024 17:27:11 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 37AD56B00A5; Mon, 11 Mar 2024 17:27:11 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 28F356B009D
	for <linux-mm@kvack.org>; Mon, 11 Mar 2024 17:27:11 -0400 (EDT)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id F36938058F
	for <linux-mm@kvack.org>; Mon, 11 Mar 2024 21:27:10 +0000 (UTC)
X-FDA: 81886043820.03.9A7ABAE
Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169])
	by imf11.hostedemail.com (Postfix) with ESMTP id 5F80B40022
	for <linux-mm@kvack.org>; Mon, 11 Mar 2024 21:27:09 +0000 (UTC)
Authentication-Results: imf11.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b="cuUg//Lx";
	spf=pass (imf11.hostedemail.com: domain of jthoughton@google.com designates 209.85.160.169 as permitted sender) smtp.mailfrom=jthoughton@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710192429; a=rsa-sha256;
	cv=none;
	b=3K+ERFMXoiGJ0ireT32lG9v5Ax4g710KWGRPQvKz0EnM84W7kwDk3eSRQIdTa3LkXRgnqA
	jJN7f+IlEUnmYh2WyIJo2DH3lEbAMGbgs/CCk+Hyv3HbaDNGHMMxedkIrq9eHEiwWQvwed
	3vYroZU4TODZ3sejQ6TELPgEOfckY5c=
ARC-Authentication-Results: i=1;
	imf11.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b="cuUg//Lx";
	spf=pass (imf11.hostedemail.com: domain of jthoughton@google.com designates 209.85.160.169 as permitted sender) smtp.mailfrom=jthoughton@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1710192429;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=m48wge07cFCwEV0aIRK1/eMraB2WL2eyhOFlH9G55x8=;
	b=6IhoiwwImSydFQLyx5T0ImZ5cXJPPrFZnUk3yaItIS71tua7vtOzMyKGdeG1Wy6EFr8ijN
	H3PopXWXnUw2Nk8RykApflBZ0uCrIWSuaJvw7eGerDIMlS0qMsrNhwq7cGmDjpLiqYNPaA
	SisPXDjRN4oTbLoz6NYhbtAcANq1D30=
Received: by mail-qt1-f169.google.com with SMTP id d75a77b69052e-428405a0205so26741cf.1
        for <linux-mm@kvack.org>; Mon, 11 Mar 2024 14:27:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1710192428; x=1710797228; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=m48wge07cFCwEV0aIRK1/eMraB2WL2eyhOFlH9G55x8=;
        b=cuUg//LxVYG3WK7iDKYijYGhalFElxEE3zoZ/l9LIM8Ii8oK2MF9TwUCymynziC/Nb
         995IGJtu15xeFE4t1hC/IQnTKWQTAFfSf6sZAwRKm4PUadkz7NqPFd6aoe1wGZvwpfrR
         fN2qRxlQGYrjghh2AMk4BW6UaZv1TbnlMcCias77L3E9/laFbcj9KcsYv5I3oBa0Uqjw
         rYpHzJ7pHY1dB0Vi/t24mDcvHyBAq80hokyEKixQ1AwKEsGrwMqhnudqcu9iOLwyOYpz
         dkdzJbu4SMDP74Zh67KSVRnmsI6Fsw9N8TWQuvO0vGSP3K9L8uS8rE9lpzt7ARTFIQzm
         n2Zg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710192428; x=1710797228;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=m48wge07cFCwEV0aIRK1/eMraB2WL2eyhOFlH9G55x8=;
        b=b2IAYMxeH5InOF+LBaoPNhjMkLgey63K6nYJFAZyzAIwVrglxkD0KfKpHQ47yOJjyN
         HT+6GbdbgHQUq2ttLuw20/vmeLpOku/tZufdLJVqlobwUxHboF9HZwj1DJa6f9al5wFk
         FZ5IqYz5wNpA3jwNk/djTPsvWS2MVDlkZ2zMLFE9E3P9lhYSgyH+Y3vixL0s6TY5KmJs
         Fh2joBrBfgtG38PAnB1/aLjukQRMmBLd5u0GfDKkmmv0VLJgedhq801qRAVvCV7r/7ag
         QHLo0WT0SOLdBGfZJh3SknqNrpdLN0QlLK9gwPTqH7sIYlqBcf4Pne/L8K6qF6pqHbjZ
         ue3w==
X-Forwarded-Encrypted: i=1; AJvYcCWpzD+PiSlQwfak+hU6IAs1JoKbOl+2cTEs0VjERzmAlfWzOZRZdC3zyfRt1NYCgs5RxemhLgKsI8OsHRPdaGgEbaQ=
X-Gm-Message-State: AOJu0YyC8MdVvc5eJyu5/sd3lTbLL0MUzx7dxtB2V1OcRVHaWu25XFXH
	c5MVS5fjlq2kV3j+CgJUWO4QFT2e+eZZAescohA8elbb0DVPJw5VqMrbuKx2qOWMUrqtjbfW4+C
	y+sDg3DgzNeHuN7Ipq9pmp7pb3TYzXED//HI6
X-Google-Smtp-Source: AGHT+IENS5NfjfXK7lN5Bkxy+P/3Qds/aQw6f0kFGWmkfLobVusHnbA/vMcsIs5jQjYU26B8DLKAFQMYIyJE+GAoPU4=
X-Received: by 2002:a05:622a:4481:b0:42f:a3c:2d4f with SMTP id
 kb1-20020a05622a448100b0042f0a3c2d4fmr61762qtb.16.1710192428294; Mon, 11 Mar
 2024 14:27:08 -0700 (PDT)
MIME-Version: 1.0
References: <a9e3120d-8b79-4435-b113-ceb20aa45ee2@alu.unizg.hr>
 <4a5c8d28-7f73-4c15-b288-641f0ccc91c2@redhat.com> <Ze8Wr2qH8V0LMi_5@x1n>
 <b5ff4c70-6379-4cc7-8c92-778d80a6a658@redhat.com> <Ze8fYF5I4mlUGHd9@x1n>
 <CAJHvVcie+N+4j60m_Dxh7QzbZLmsjnq2-04peuqE8VkkMq984A@mail.gmail.com> <Ze9bWkrD6UBZ2ErV@x1n>
In-Reply-To: <Ze9bWkrD6UBZ2ErV@x1n>
From: James Houghton <jthoughton@google.com>
Date: Mon, 11 Mar 2024 14:26:32 -0700
Message-ID: <CADrL8HW59nt4ztY3x5G3VgpmaXQbXoXZeAjvzMp7SpsqxgDCxw@mail.gmail.com>
Subject: Re: BUG selftests/mm]
To: Peter Xu <peterx@redhat.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>, David Hildenbrand <david@redhat.com>, 
	Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>, linux-mm@kvack.org, 
	Andrew Morton <akpm@linux-foundation.org>, Shuah Khan <shuah@kernel.org>, 
	linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, 
	Jiaqi Yan <jiaqiyan@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: 5F80B40022
X-Stat-Signature: 4bpuwbzgzszdf664qxc7etdiwkudxncf
X-Rspam-User: 
X-HE-Tag: 1710192429-350739
X-HE-Meta: U2FsdGVkX1+2CXbKarVMUmuFI+bImWubJDwABCP3c0K6hZT7sUc96Saq/g2Im+8/vXjKouWxMqZFQktp4P/05vgIcRAoN2BN+UKM8fjrbRpOSxj1irxrOU0VoshsyfTNIIhu6FD7Z5ZqoffMuNxauBX9/svm7y0r24sKMYVFEYDIuuGTlH3nSt6IgF+l3VBaAVFbdRD1/9rJd8bi/1zdHXjr4DSpL8DR+ZB0BRf5iu8xlfene4zsAswFcDlnW2c1beuL5ae9gp4nBobanmItVesOQlrc0lLrowCvt7TBIAHoXvjXWkLXcNQjlOuLmh6rCWwD0kvhPtUZPYHB53zXBKj3dpN9kjhklJFd9I2AOa7OLBUJ0vsdgp6gZmpzyjQAtfbvTgSmPay4Z9EeQvn1a4XmUBDwIJPm4onjmn+P9V4HmxgELhGhdJRC3HxbEwInj1bt9l9RueNyUyNbthRsjiUTSsxGiaAg3IvwwxVsiPzqUFQRdnOt6SlIxx2Z+f4/DXGk5byJ9EJvssRTlM0IjpwcEPYJsbkRIt22+o+2yP+vqaX1SKO9SB+lbchPrRn+rKmTOkKvA7rCfq4klEEXD3pn71AO0GH2cvNy3oFtNUDRHj+YpAHs7OzG1oTeGF+EHiJ5TFeDVVB96QogZ9xw4Nd3zhEpCCYlPnJiGswpqxicCmxlNfjLmZKCMADHnexAhN38XWub7I/mPwpZtORisuUggtB3ADgOlh7RQpCLT7myylI7XZaBmAg2jajPY7ai9V3P7GxNSz1LMqaM85yRDSPsX2wx3R0S1FkHrH8QFoOEA2od99Jcb00B0hinUNRijtdgBfQnho0J6asMyckYfWiSDNpgZBhojWyFLWN01PcZkQo/ReSNHEOrJiXD1UKS5d03YF7y343ntBpej1xyN0c3eqnASjJlCDwVcbK/Is6ztJ09Zq7X+8fjSGZAaC+OxegEpdlmv7jjdqMSSju
 TamGx0Jr
 d9HOK
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000970, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Mon, Mar 11, 2024 at 12:28=E2=80=AFPM Peter Xu <peterx@redhat.com> wrote=
:
>
> On Mon, Mar 11, 2024 at 11:59:59AM -0700, Axel Rasmussen wrote:
> > I'd prefer not to require root or CAP_SYS_ADMIN or similar for
> > UFFDIO_POISON, because those control access to lots more things
> > besides, which we don't necessarily want the process using UFFD to be
> > able to do. :/

I agree; UFFDIO_POISON should not require CAP_SYS_ADMIN.

> >
> > Ratelimiting seems fairly reasonable to me. I do see the concern about
> > dropping some addresses though.
>
> Do you know how much could an admin rely on such addresses?  How frequent
> would MCE generate normally in a sane system?

I'm not sure about how much admins rely on the address themselves. +cc
Jiaqi Yan

It's possible for a sane hypervisor dealing with a buggy guest / guest
userspace to trigger lots of these pr_errs. Consider the case where a
guest userspace uses HugeTLB-1G, finds poison (which HugeTLB used to
ignore), and then ignores SIGBUS. It will keep getting MCEs /
SIGBUSes.

The sane hypervisor will use UFFDIO_POISON to prevent the guest from
re-accessing *real* poison, but we will still get the pr_err, and we
still keep injecting MCEs into the guest. We have observed scenarios
like this before.

>
> > Perhaps we can mitigate that concern by defining our own ratelimit
> > interval/burst configuration?
>
> Any details?
>
> > Another idea would be to only ratelimit it if !CONFIG_DEBUG_VM or
> > similar. Not sure if that's considered valid or not. :)
>
> This, OTOH, sounds like an overkill..
>
> I just checked again on the detail of ratelimit code, where we by default
> it has:
>
> #define DEFAULT_RATELIMIT_INTERVAL      (5 * HZ)
> #define DEFAULT_RATELIMIT_BURST         10
>
> So it allows a 10 times burst rather than 2.. IIUC it means even if
> there're continous 10 MCEs it won't get suppressed, until the 11th came, =
in
> 5 seconds interval.  I think it means it's possibly even less of a concer=
n
> to directly use pr_err_ratelimited().

I'm okay with any rate limiting everyone agrees on. IMO, silencing
these pr_errs if they came from UFFDIO_POISON (or, perhaps, if they
did not come from real hardware MCE events) sounds like the most
correct thing to do, but I don't mind. Just don't make UFFDIO_POISON
require CAP_SYS_ADMIN. :)

Thanks.