From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FE2FC4332F for ; Mon, 28 Nov 2022 16:58:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 746BB6B0072; Mon, 28 Nov 2022 11:58:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6F6C96B0073; Mon, 28 Nov 2022 11:58:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5BE746B0074; Mon, 28 Nov 2022 11:58:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 49F936B0072 for ; Mon, 28 Nov 2022 11:58:43 -0500 (EST) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 0533E1403D2 for ; Mon, 28 Nov 2022 16:58:42 +0000 (UTC) X-FDA: 80183460126.11.7BF6CC6 Received: from mail-io1-f46.google.com (mail-io1-f46.google.com [209.85.166.46]) by imf03.hostedemail.com (Postfix) with ESMTP id ACE012000D for ; Mon, 28 Nov 2022 16:58:42 +0000 (UTC) Received: by mail-io1-f46.google.com with SMTP id g26so7386322iob.11 for ; Mon, 28 Nov 2022 08:58:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+XtmF+OzS7nFi9b07/wW7bomxRaZmCEdAG1Z2XFqwAY=; b=AXGGBtTZZeB2swJZQBELTWmiPA8pj8I3Q1LZqOLE10Iz8lCMM81B0fiuHbOI11x+X5 BnaNrk2Mew7ohyaX0JVoFfItrW5SOB+bmUtBp7/KCNACrtj99aZ00kBtxNFR9SyK1Xhs GPQf7PxpJ8G2Vgl/L+mFv3E6odqSjlAdmnLBLz+okJzMBstDvYounzzruuRrAZkbHm1o VJRNhepdHm8KxQHu/i5eJILXY9sRH9bFKPCIIQtbTlmo8WaX1BvH+Wxazm7YtRCbRf1L i+FONKlS+jip7B14FAq2wVD7q96HHGjQFzd7V/ZxQytOZxi5uF2MGGMH++rIEDazy21+ ajfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+XtmF+OzS7nFi9b07/wW7bomxRaZmCEdAG1Z2XFqwAY=; b=ezSQq5HkjbYZgazdqyGaT9mdA4d5DNKvmbE+jFkePEyFFxKO2FwheHr6Aj1/oQmsfg l7sILqH/Lbfg9Ihi8zlSOTkRPwE3jk0IoFdEOuMvQdIyjHyJorzldB5V6IrmS4O5tA47 C2I1eqTZHHbqRwJK3zgRT5NHxfS7SdCNrj6Xz1d9uwcqJP6pVSIdILUDrNZOECtl6veP i3H+LW6ZmKcB2l0ljikn/ErrtpUWPxPiXvLdHUiJPYTBCHrHRt7aYnva1AVnJa4pu5j7 RqT5FmWPUQJpMn8KfqvRwWn2LcpY2p1D9PLzFRGVTcrmbtu+1cnXHawPcr5aRFnM4vV+ f96Q== X-Gm-Message-State: ANoB5plsUuPpDBA2YrqBQeovoSUbPvzHTzzb9HEjNmSesWV3h93NN8aJ 9tQfPm/CHVdbDBKdQzPfCmaooHWqyEeLYGgw14bIEA== X-Google-Smtp-Source: AA0mqf5v0ngWgQIvgqIexF0b6XB5LvYtOnZ9Gz25Q4hd4Qyfk0HowI7MMK4VKlEF4qr22tW9aq49RBU8KNzK0i0wM0g= X-Received: by 2002:a02:b691:0:b0:389:af9:4860 with SMTP id i17-20020a02b691000000b003890af94860mr9905696jam.164.1669654721738; Mon, 28 Nov 2022 08:58:41 -0800 (PST) MIME-Version: 1.0 References: <20221125213714.4115729-1-jannh@google.com> <20221125213714.4115729-2-jannh@google.com> In-Reply-To: From: Jann Horn Date: Mon, 28 Nov 2022 17:58:05 +0100 Message-ID: Subject: Re: [PATCH v3 2/3] mm/khugepaged: Fix GUP-fast interaction by sending IPI To: David Hildenbrand Cc: security@kernel.org, Andrew Morton , Yang Shi , Peter Xu , John Hubbard , linux-kernel@vger.kernel.org, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1669654722; a=rsa-sha256; cv=none; b=Vw+N2l98o9dm2nz/38Aaj25iCIZtQdJQcIsukQRrax4eYRQrcz5kVYmImbgH+ZYSzO/DT3 vWzKBKkxCQwuw+LMir+rAqeaQ4gKp8Rro8G2byrENgPZuv0NIrl6Fv2/RTm/AkuEW5jJ5Z JwhQZaE8MUPrWDmm/AwyfFSGh0au4LU= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=AXGGBtTZ; spf=pass (imf03.hostedemail.com: domain of jannh@google.com designates 209.85.166.46 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1669654722; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+XtmF+OzS7nFi9b07/wW7bomxRaZmCEdAG1Z2XFqwAY=; b=cYhHMV6BHZQNCkk/KzjrfUnd2GK2e3VU2oct6SltQFsGiVgnh9zyo9N7tY6uHtApj9xNUY fcr9LYyo9WcT2i3WXz4/67haTqcFR67Dz7KGslNrxDLobzrkRqv1RP19bAIdEGae94lEbU z5z6Hp7xQvLzLjizLTGsTdoYe4vXr5I= X-Rspam-User: Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=AXGGBtTZ; spf=pass (imf03.hostedemail.com: domain of jannh@google.com designates 209.85.166.46 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com X-Stat-Signature: fdzjmk8jiqidb1xbkmpr5sxm8y1hc5gb X-Rspamd-Queue-Id: ACE012000D X-Rspamd-Server: rspam12 X-HE-Tag: 1669654722-438042 X-Bogosity: Ham, tests=bogofilter, spamicity=0.001390, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Nov 28, 2022 at 2:46 PM David Hildenbrand wrote: > On 25.11.22 22:37, Jann Horn wrote: > > Since commit 70cbc3cc78a99 ("mm: gup: fix the fast GUP race against THP > > collapse"), the lockless_pages_from_mm() fastpath rechecks the pmd_t to > > ensure that the page table was not removed by khugepaged in between. > > > > However, lockless_pages_from_mm() still requires that the page table is not > > concurrently freed. > > That's an interesting point. For anon THPs, the page table won't get > immediately freed, but instead will be deposited in the "pgtable list" > stored alongside the THP. > > From there, it might get withdrawn (pgtable_trans_huge_withdraw()) and > > a) Reused as a page table when splitting the THP. That should be fine, > no garbage in it, simply a page table again. Depends on the definition of "fine" - it will be a page table again, but deposited page tables are not associated with a specific address, so it might be reused at a different address. If GUP-fast on address A races with a page table from address A being deposited and reused at address B, and then GUP-fast returns something from address B, that's not exactly great either. > b) Freed when zapping the THP (zap_deposited_table()). that would be bad. > > ... but I just realized that e.g., radix__pgtable_trans_huge_deposit > uses actual page content to link the deposited page tables, which means > we'd already storing garbage in there when depositing the page, not when > freeing+reusing the page .... > > Maybe worth adding to the description. Yeah, okay, I'll change the commit message and resend... [...] > With CONFIG_MMU_GATHER_RCU_TABLE_FREE this will most certainly do the > right thing. I assume with CONFIG_MMU_GATHER_RCU_TABLE_FREE, the > assumption is that there will be an implicit IPI. > > That implicit IPI has to happen before we deposit. I assume that is > expected to happen during pmdp_collapse_flush() ? Yeah, pmdp_collapse_flush() does a TLB flush, as the name says. And as documented in a comment in mm/gup.c: * Before activating this code, please be aware that the following assumptions * are currently made: * * *) Either MMU_GATHER_RCU_TABLE_FREE is enabled, and tlb_remove_table() is used to * free pages containing page tables or TLB flushing requires IPI broadcast. I'll go sprinkle that in a comment somewhere, either in the file or in the commit message...