From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C9E1C4332F for ; Mon, 28 Nov 2022 17:28:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8B6A96B0073; Mon, 28 Nov 2022 12:28:56 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 867F46B0074; Mon, 28 Nov 2022 12:28:56 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 755E66B0078; Mon, 28 Nov 2022 12:28:56 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 69E6E6B0073 for ; Mon, 28 Nov 2022 12:28:56 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 3331480BB8 for ; Mon, 28 Nov 2022 17:28:56 +0000 (UTC) X-FDA: 80183536272.20.6A71947 Received: from mail-io1-f47.google.com (mail-io1-f47.google.com [209.85.166.47]) by imf12.hostedemail.com (Postfix) with ESMTP id D8D8840011 for ; Mon, 28 Nov 2022 17:28:54 +0000 (UTC) Received: by mail-io1-f47.google.com with SMTP id b2so8099122iof.12 for ; Mon, 28 Nov 2022 09:28:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=DhDrYg4g1x+JxtVDLaGWmIpSSuuuWjjuf9g438COr5g=; b=V6oH2pM16SHJb5m5KNmrVdpO4FrL7Y4wVIfpebMu4kCqottczpktAKma0V0y1h9tee L6bH98hxE3KP7G0lPPLwfKEx+guVO0WzcpbO7b3q92I7H+RQjKxOmVzBcaBpow9o7oq3 JO9W2rXlrPMmCXN5XAHLKCaz1erT/iLmFFR+ME69o41961RAPwSxQVMBc7TG6lusksXx 39AKWl5RSc3ritoFWO8Rv2ILZnXobHxwLwxwWr9AatmtbtlVE9XJIqTgZ7na6etvjWQ2 QpnOS4COvGxuCUQY6fw/U9BZ9UH3RjmECZ4JFDMKuJJ3LYCzaPMGavVM1supUhUIN6yw hg1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DhDrYg4g1x+JxtVDLaGWmIpSSuuuWjjuf9g438COr5g=; b=eSxEEVBQ7tX3qRHxAGjKSOkD8FeZo8ySBaHxoDRLPjQ78hTACPcQGF7jglNsnPKEvG 6WKCoCsq9gVq/I6AnfiWuEp9/Q0s/nbjnZWt7SsCPw2sqrMD9tS4EGvf46Kw0BICyDAx ch4n7tw62iRxUUNphiSNPdxiVVVSWwuhLJ4QOh3kNl2aDmncdf+k8EllQJcMfU5BwxU9 XY43Rq8JjXZ+QRVquROcCMyACNz46XWsEPyfuIIUrJd2YV0amqoX5NOHcjQpizbpDY1y pUG5Y4Hi9wOSw5YDq8TD8k+W2WN6k7n2a5MWByTB1h1EZj0V3hq7049aqji3o6T8tYQ4 QlgQ== X-Gm-Message-State: ANoB5pmxdiN/gzOn8QKIhskYDCvtfvB0Ovc5aqytn24VUIMpyRH4IYh7 1BUJU4S9TTKLaNJy9EDyLd67G4nALTBTaOhbE02LdA== X-Google-Smtp-Source: AA0mqf69YHGvGGlXd1/FdL1gB/jMpQ3dz5R9l9t94Din6TsW/O1fxlgR3v+ZSaI1yPYUaWmKVP4eUZpKpQ5qCET7Hew= X-Received: by 2002:a6b:e714:0:b0:6df:7332:70f0 with SMTP id b20-20020a6be714000000b006df733270f0mr4663320ioh.154.1669656534048; Mon, 28 Nov 2022 09:28:54 -0800 (PST) MIME-Version: 1.0 References: <20221125213714.4115729-1-jannh@google.com> In-Reply-To: From: Jann Horn Date: Mon, 28 Nov 2022 18:28:17 +0100 Message-ID: Subject: Re: [PATCH v3 1/3] mm/khugepaged: Take the right locks for page table retraction To: David Hildenbrand Cc: security@kernel.org, Andrew Morton , Yang Shi , Peter Xu , John Hubbard , linux-kernel@vger.kernel.org, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1669656534; a=rsa-sha256; cv=none; b=UyvbMsiXH4Jl4RR4+vvlquxYwDbhxJrMdI9Z/H+4SEPNyPSnkjPC1/JgcXs5vyK+gw9e2i HYAc86tPVwIvq+yOcfVbvcpZDJkrIoJsD3GBh2090/zWAgImgtA3ZqFemDToqI7V66mc4j HYx6wVYMgUroeGYfrNye7j8LlyJByLs= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=V6oH2pM1; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf12.hostedemail.com: domain of jannh@google.com designates 209.85.166.47 as permitted sender) smtp.mailfrom=jannh@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1669656534; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DhDrYg4g1x+JxtVDLaGWmIpSSuuuWjjuf9g438COr5g=; b=GqAg2mJaNJqGF4VpNNMKyVQhCMI1W8nVIN/6klHWRRRFzui8fHuV4jdgggtdiHPi+Ft3kH QDyj7SqxgDuyhbE/8DY7ieNczuoDeA3W+zf/mGVzPMsbbG3lnfkpD4oaLbAuQAUBiJh+tU tTQ7saYOdfYrc8ei9X6eQazbFmofAoA= X-Rspamd-Queue-Id: D8D8840011 X-Rspam-User: Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=V6oH2pM1; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf12.hostedemail.com: domain of jannh@google.com designates 209.85.166.47 as permitted sender) smtp.mailfrom=jannh@google.com X-Rspamd-Server: rspam09 X-Stat-Signature: n7rs7brs3zbw6timhfe4jou7c717aabp X-HE-Tag: 1669656534-804601 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Nov 28, 2022 at 2:53 PM David Hildenbrand wrote: > On 25.11.22 22:37, Jann Horn wrote: > > pagetable walks on address ranges mapped by VMAs can be done under the mmap > > lock, the lock of an anon_vma attached to the VMA, or the lock of the VMA's > > address_space. Only one of these needs to be held, and it does not need to > > be held in exclusive mode. > > > > Under those circumstances, the rules for concurrent access to page table > > entries are: > > > > - Terminal page table entries (entries that don't point to another page > > table) can be arbitrarily changed under the page table lock, with the > > exception that they always need to be consistent for > > hardware page table walks and lockless_pages_from_mm(). > > This includes that they can be changed into non-terminal entries. > > - Non-terminal page table entries (which point to another page table) > > can not be modified; readers are allowed to READ_ONCE() an entry, verify > > that it is non-terminal, and then assume that its value will stay as-is. > > > > Retracting a page table involves modifying a non-terminal entry, so > > page-table-level locks are insufficient to protect against concurrent > > page table traversal; it requires taking all the higher-level locks under > > which it is possible to start a page walk in the relevant range in > > exclusive mode. > > > > The collapse_huge_page() path for anonymous THP already follows this rule, > > but the shmem/file THP path was getting it wrong, making it possible for > > concurrent rmap-based operations to cause corruption. > > This sounds sane and correct to me. No expert on file-THP, though. > > For anon-THP it's the mmap lock and the rmap locks. I assume the only > difference for file-THP is that the rmap lock is actually the mapping > lock. Looking at rmap_walk_file(), that seems to be the case. Yeah. You can also have private file VMAs that are associated with both a mapping and a set of anon_vmas, and in that case you would need to lock the mmap, the mapping, and the anon_vma root; but the file THP code in khugepaged instead just bails on file VMAs with an anon_vma. > I wish at least PTE table removal could be done easier ... I already > experimented some time ago with some ideas (e.g., lock in PMD table > memmap) but it's all far from trivial and space in the memmap is rare. Because you want it to be faster? Is that for the THP usecase or something else?