From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E613ED6ACED for ; Wed, 27 Nov 2024 15:41:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2003F6B0083; Wed, 27 Nov 2024 10:41:33 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 189366B0085; Wed, 27 Nov 2024 10:41:33 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 002B46B0088; Wed, 27 Nov 2024 10:41:32 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D31456B0083 for ; Wed, 27 Nov 2024 10:41:32 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 5B84EC110B for ; Wed, 27 Nov 2024 15:41:32 +0000 (UTC) X-FDA: 82832289498.16.EA40C9F Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) by imf05.hostedemail.com (Postfix) with ESMTP id 68756100015 for ; Wed, 27 Nov 2024 15:41:19 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Phyrqeet; spf=pass (imf05.hostedemail.com: domain of jannh@google.com designates 209.85.208.48 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732722086; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xOp+x0lSSqAbodyySD8EebFArHIya2dNPwG3ZPMkL8Y=; b=kOgguWUks4vApcOky//c7I5mfXSDBkeS1blERyC0CG76TEf348/NQQP53NfxeUW7kwgqVe us88F7/9lbPyH6o5W/KFCbTuVnzfMz9po4gF5oLMb9FaWOmk4+kVTysqocij5hkLCGnRdW IkWlWWrwObfS15ArC8s3WX5glQXf4oA= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Phyrqeet; spf=pass (imf05.hostedemail.com: domain of jannh@google.com designates 209.85.208.48 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732722086; a=rsa-sha256; cv=none; b=slwxBJm1Fk+QdBrb5HH5WP5/aK/5Of4bX+WUt9UeD3ZdMKtwrMg2lB/cbn6zcb2Se6eAjR 7j+m5MmKOiIpQFORaX4d80rWJx8Oz1AM1tC+5pv+n/2GOx0u3b38dwtjpw+RMn4bi18gw8 EVWCOpVoPYY6I40NO5qNlTRMpJVA+JQ= Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-5cfc264b8b6so9978a12.0 for ; Wed, 27 Nov 2024 07:41:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732722089; x=1733326889; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=xOp+x0lSSqAbodyySD8EebFArHIya2dNPwG3ZPMkL8Y=; b=PhyrqeetBmRKiapaWRk0PPKC4ibF2ok3g/KrilJ3HohdIQSg5Rc+R2y7Ff0r2zZPzo FUkMj3en22gfkqDJTUBpaGJkIdVxhht5d4H6rohU4Yu4Pn9RDZRY00vjujnW5Wjg36kp lUgzitHxl923b22uljw6UtQfBEVnQQysLFpbUIV1W9iKbY9wSCRN55Q2G3sKV0QBp2MX KPG93sWi4zRVlgSEPy4ZaD+jSiGMPyeTy3uM6XgJ4noc0AFsZbKTMbmdXS3cNJ9m8WX0 biXFCJ6M3XFnsbBbZrk3/4YkuUnPLfw1Bq5PNcGH20Zei1uYlE0t9dl4C8wSexV0ilE9 AAYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732722089; x=1733326889; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xOp+x0lSSqAbodyySD8EebFArHIya2dNPwG3ZPMkL8Y=; b=SBp35j/DwWS9IWgUceMUjtLvtiBIznd/fMe/eHDcWP4IBqcl04E9VP7Njk2iAyI+If UXSuNcVPWFE1C9v2c3UOYlKW8VTSDKVg99vyF3BuHajHc/bddG215a9K68VEEwVpcJrZ oWInEz4QT3VOWu7pvFlmn2OJHDz6hChDibOabHIUfY1f55dRdEGAnVXsk+gjUdXT8WvH 6/gx1+utU5b7TtBmYiDXKKVFYEUegbhFLwurhv09I0Zikn/MY3h8CTsWrYebxSpqM3ha 2Iq92rd6QmZ1Nb2nvnLaWpQtNA5wxlFEIeK/Y26noGdP5EOdPYQm/nwmpK5tv2yDWcJo uD7A== X-Forwarded-Encrypted: i=1; AJvYcCXr5rsF9kZzPsij92AJKh4/x6KIOoJZS/ufNqPvnRnkoDGKVby6mfemFmAAdtwpZyZqko8THN/ikg==@kvack.org X-Gm-Message-State: AOJu0YzMIhxqL9YQTgW+CzhKh18PZW4nAFzsVk5Y8IoBISqoX19tWgYx 17BJQ4hdJJ0wlt3JBJBVEKUj9D5jfJhQ58IkNF6a8AhGwjf4+4jcwhVTC5HmiYbdN/JKkaWNUw8 F6QCnKDwJH2dyLxRJTO8EvH7ljr4SRlLixiAM X-Gm-Gg: ASbGncsNhxhQXqeyJcM38WEb+GUhcv5U2Ztqy5sHySd1rzu6ZHdWP4vA+KLhMOkfX6W sFtD+74Dz/pJY4gFdeANXB1pj7T4GVGxy9OKjPMMOLbU4qpenUOcUQNYTrgU= X-Google-Smtp-Source: AGHT+IGSxiMWpP0s/sQAaaFQzjTLl+Nv+eTmOa0mh0CF6SOrWd/yecanyWkZSe+M48mi+Aq+sg1yIMNNTsFok47rbAA= X-Received: by 2002:a05:6402:394:b0:5cf:c23c:2bee with SMTP id 4fb4d7f45d1cf-5d0810ab5cemr83997a12.0.1732722088392; Wed, 27 Nov 2024 07:41:28 -0800 (PST) MIME-Version: 1.0 References: <20241122-vma-v9-0-7127bfcdd54e@google.com> <20241122-vma-v9-2-7127bfcdd54e@google.com> In-Reply-To: From: Jann Horn Date: Wed, 27 Nov 2024 16:40:52 +0100 Message-ID: Subject: Re: [PATCH v9 2/8] mm: rust: add vm_area_struct methods that require read access To: Alice Ryhl Cc: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Christian Brauner , Suren Baghdasaryan , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Andreas Hindborg Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam05 X-Stat-Signature: yyhjnah1i3ktuyrz9n4gzimdyfyk17hu X-Rspamd-Queue-Id: 68756100015 X-Rspam-User: X-HE-Tag: 1732722079-146888 X-HE-Meta: U2FsdGVkX1/eq5ZuVgkwIX4+ermJr+xIYDXq/Jr2VL3suJQauvlS3XziYdo2hA3WCljQPwtfOselOaIrs1ayWCA7hoov16gmG6jS+LMtlMx9kVlwD+qQjG/84TvkB8jcDs7Hy7NkoF7qBgrIpsZTaXyiO4WA1CWsJHk3rwWZcBOoL31hJ+UVRg4hO0CASVu9pJOkv5BEmoQo3XPxEqj4Yx3wF1GV53Udj1HOENW8M6bJI1wu8uBN7u1E3uzgUTM8c6rTKGq0c76iCNN+Z5iSlavoUIwe5QvzF0HvKGk9IJOR/RSOv9XByRAwQ/eXlODsuoPmEYheSwurykjUAksSAKpExxwH0/ltftr4oOCAZGMB/JH9PFL0zJyIdbK2/EOjjyy6Y7lVxILTrfgoG+pU4HZDmMcPf1/tHRSpP89IqGe2x8TGxYCIaIHcuMbdhCL2a0wzIZNOtLPEOqFlT1LEjZe1G59ObYacZM6oqNnhK9MSKhMxRUhuYZEpySvxNxSAalpohULrT0Y8vQNkb92c4dtyI+5DV/zMnbxwkzdvgVnb8sOKfQfP6svX1i2d3jvxkpiQFHzizmJGf2sKEeFOg5bxy4WhafTqFyc5fOezzHtroUPiWY8ZXvrSdEiDjVovnX85pTlPEBica2kgQUsLsWM/vbFUta9RA0sPRsMI9DbT3iPonLWLQxoq8bDvqDQIafUfbn3oYmC4gEctdGjrOtROgHnkc9jZsAhE0BPpFobEblcnBEBD+gVAYOJsu3iFVvOPLZRe3DxOBTy4PX34TMLbGjduqgrBzElzxhajlC+U3FxuwtxRhSxhItdd2tpFPIVlCTKC62cmUg7fEELQlzSNGnLOzAT+gRYcsGoAb2w/vUpOaNKNQn9p9OLC2P4A4EB9oac6LeED8k2S8nP0gXfMGv+BgTwKb9ybf30LHJvGit/PDMVqvNO7+JtUeE1M3BQvYtuiwefCNQMxx1I YpmLJkKB 7/OEFeNG2byoeDmW9CbPSm7fadEhKC7s+tq7SPhz7QMH/67Shvib4kCq81Vo95Zf9Yrzimbkih5yvYjbE3FAW16lJQlQL52fxXnArTJWa6jqs6pS94mMH6+bxsJ5j7yVdMHDYHBKLMtY0lOV8CfCBK2NrC9yp3anVVscigEaOr6PO19vcYwpZFQZF6XP4eFkG36E+7sSBjULCaU+UbkB6s1xMd3uQ43KEwcfIH/Qzr3gTcUL2mnPEbizEU3bt1wEqPFl7OldtnvHYKvURYG1ACioeIFSLJjyBvcPh3gimmaHunisbIrlJ3AsCmVhWh570dWFIEBFu2TWKAouz976aVsqYNoL0qNqHz1hNUodN4xdgon0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Nov 27, 2024 at 1:01=E2=80=AFPM Alice Ryhl w= rote: > On Tue, Nov 26, 2024 at 11:10=E2=80=AFPM Jann Horn wro= te: > > > > On Fri, Nov 22, 2024 at 4:41=E2=80=AFPM Alice Ryhl wrote: > > > This adds a type called VmAreaRef which is used when referencing a vm= a > > > that you have read access to. Here, read access means that you hold > > > either the mmap read lock or the vma read lock (or stronger). > > > > > > Additionally, a vma_lookup method is added to the mmap read guard, wh= ich > > > enables you to obtain a &VmAreaRef in safe Rust code. > > > > > > This patch only provides a way to lock the mmap read lock, but a > > > follow-up patch also provides a way to just lock the vma read lock. > > > > > > Acked-by: Lorenzo Stoakes (for mm bits) > > > Signed-off-by: Alice Ryhl > > > > Reviewed-by: Jann Horn > > Thanks! > > > with one comment: > > > > > + /// Zap pages in the given page range. > > > + /// > > > + /// This clears page table mappings for the range at the leaf le= vel, leaving all other page > > > + /// tables intact, and freeing any memory referenced by the VMA = in this range. That is, > > > + /// anonymous memory is completely freed, file-backed memory has= its reference count on page > > > + /// cache folio's dropped, any dirty data will still be written = back to disk as usual. > > > + #[inline] > > > + pub fn zap_page_range_single(&self, address: usize, size: usize)= { > > > + // SAFETY: By the type invariants, the caller has read acces= s to this VMA, which is > > > + // sufficient for this method call. This method has no requi= rements on the vma flags. Any > > > + // value of `address` and `size` is allowed. > > > > If we really want to allow any address and size, we might want to add > > an early bailout in zap_page_range_single(). The comment on top of > > zap_page_range_single() currently says "The range must fit into one > > VMA", and it looks like by the point we reach a bailout, we could have > > gone through an interval tree walk via > > mmu_notifier_invalidate_range_start()->__mmu_notifier_invalidate_range_= start()->mn_itree_invalidate() > > for a range that ends before it starts; I don't know how safe that is. > > I could change the comment on zap_page_range_single() to say: > > "The range should be contained within a single VMA. Otherwise an error > is returned." > > And then I can add an overflow check at the top of > zap_page_range_single(). Sounds ok? Yes, I think changing the comment like that and adding a check for whether address+size wraps around there addresses this.