From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B26BAD6ACC0 for ; Wed, 27 Nov 2024 12:01:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DDEA36B0082; Wed, 27 Nov 2024 07:01:47 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D8DC46B0083; Wed, 27 Nov 2024 07:01:47 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C7D9F6B0085; Wed, 27 Nov 2024 07:01:47 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id A0EEA6B0082 for ; Wed, 27 Nov 2024 07:01:47 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 5C797AEB92 for ; Wed, 27 Nov 2024 12:01:47 +0000 (UTC) X-FDA: 82831735728.16.0DF582A Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by imf22.hostedemail.com (Postfix) with ESMTP id 7362AC0025 for ; Wed, 27 Nov 2024 12:01:38 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=S9qwajuM; spf=pass (imf22.hostedemail.com: domain of aliceryhl@google.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=aliceryhl@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732708900; a=rsa-sha256; cv=none; b=8qU7peoI0WFnmVtMUPXMgr//jz8qo82vUYOZO0ZaplWUJIxyq9aMhqJzDDngu4LVIzKEJm K+syhm82fSncoh9awkCQaF6zPgYjdVCW4szDOFWCqQ6xWNMjEHy0ucZ+Rj/MvsfvHT3z1D 8OImB1tEWrqaxPBjNS3+p9krpxv6ApU= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=S9qwajuM; spf=pass (imf22.hostedemail.com: domain of aliceryhl@google.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=aliceryhl@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732708900; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LttQy60/kWcqxExcUEWFDW36cE0UWcTmyvNbFBXdz84=; b=uGuOOAaaCHvtqBfPMsh/b6U7RSuIj9GrgiH8nFDmw1BXF8321EDH27rLcGJgtduklo+Jve Yer9pOz4hi6t1j54MHTL+xEI+39w+7JfNdkGP7nkqHOpNN2wh+Hef/OcoKm7dtEopjKqkL 5nzHNw+MERUR13BHnKgQpXoUyti/NuA= Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-434ab938e37so2777715e9.0 for ; Wed, 27 Nov 2024 04:01:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732708904; x=1733313704; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=LttQy60/kWcqxExcUEWFDW36cE0UWcTmyvNbFBXdz84=; b=S9qwajuMLkHX67jHT8rCDcw39Bc4cpmQyRc19KX3MpDxmhqJtnjIl+xQ6NXk1uWhFZ rAh5qvxtMFDqWP1x9sizPuuXlkzG8t6Up72DcPOpcpiP9GjZDt1P+Cn5YGWGj8Yon1k1 YhB6IE/+e3x627kouV4Im5G9fHAbTkI9+SUs283/C9hBMhF4l+9j5PnEFrG9iyrV0e3f LfTvtJ1JnSMjqiWOf63VwOIrSRPwDHqW1gyXW7jKDB6rBT6K1TZ1yEyOrmw/d1wA/27R msF3AfLRysOyQaXiXAdJyXvKyeEs9EEeuWuliaGB8rYkevJNU7nDkTGaIabA+ihI/DQe UMNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732708904; x=1733313704; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LttQy60/kWcqxExcUEWFDW36cE0UWcTmyvNbFBXdz84=; b=sCXeopkMXe35sNGUJ1Lc98XRQZN1cVwTqr2MODJxqs1o+ALFeNDAlhdZdrVYlfvc+s tzfp66L7+B5WUxcNubiZO1myU+wpADY3HYzBkQMo1jpP56GtcjTgT0Ec/k6IkV2xjgHp xfqi/tZdsMBE0Y+df6MJIirTEXlEzTgpUSvIE3pWXDiPuEoBn+VKWFQ/bQuUZJ0FTfcc Go6Yc3YRLkk6Tg+usYwDk3BVjJn+DwlFs3QhwK8EvB2jJbZ8QOKUa+hBeRmSLnfD/ts1 EDXNi2rtkx1HouRlg1lCfYThDs/JQqIcz1cz5yd1T41wzSdD4RoO3nWhXfKLvo0TXRtT PgQw== X-Forwarded-Encrypted: i=1; AJvYcCUQHHXn8KBde621qTemVafhlJFdp4rW15YsEyVuQPD9/ezvy03IWZv5qUSdjPhGuykt1L3jav8oeA==@kvack.org X-Gm-Message-State: AOJu0Yxtg+fss0Z08eUQ5Eapgn7uZXfgJnNVBZO5bWra9xDfsDggFMLr OaVaW8+JrYpB2J8PbW4ueQfbl2Spp0gz6tAGO+wDYfOtABrV/R7IPjovgaWREXK5VrPx9czKtUM SW4MxVk4IUDQ4rIhWkXoKIA/zqOH54p3NdfYG X-Gm-Gg: ASbGnct7oNiRe70sVQu+OzG4KoDrmgha+EB3G5JiTp2ItScVVtfw7oXQUQhcQfiV7Jr lFC8md++ORAN8nFZ54gr/6ZMLZPYIg87e1Wvca6GKP3reYTnaiGnx/yx3G5jF+w== X-Google-Smtp-Source: AGHT+IHqg6CrZWcGbjXGFSKqCo16d2ZolJeyMhRXXeaa5dMC7DrpyRxOtPnCH2W00kCXyLasTa2O9cyFsPYSfR0A0N8= X-Received: by 2002:a05:6000:4402:b0:382:5088:936a with SMTP id ffacd0b85a97d-385c6ec029amr1647814f8f.28.1732708903384; Wed, 27 Nov 2024 04:01:43 -0800 (PST) MIME-Version: 1.0 References: <20241122-vma-v9-0-7127bfcdd54e@google.com> <20241122-vma-v9-2-7127bfcdd54e@google.com> In-Reply-To: From: Alice Ryhl Date: Wed, 27 Nov 2024 13:01:31 +0100 Message-ID: Subject: Re: [PATCH v9 2/8] mm: rust: add vm_area_struct methods that require read access To: Jann Horn Cc: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Christian Brauner , Suren Baghdasaryan , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Andreas Hindborg Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 7362AC0025 X-Stat-Signature: q745j9rbgq9ty7368f764gnbra948y8q X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1732708898-357696 X-HE-Meta: U2FsdGVkX18JlJ5iXeUBYhzknu2JJk0++aWDx0U7M99wKkO0aW7DEBLXlLNJ3NUA2ng/qc3s0Z6Pn4Dv8QD2pXVLxerIed2rns8MpBZzSxUrGM3wWYeWsSrxWPcl+0eULhwiPrmhqq7YvnyfNwp3w9+4a0hPHHTF18QQosn2da2tV/EjFWVj509hvFhB9fVLc9ug2W2iipp8DBfBUBnfBBE93hv7xHeCzuNf1icPRZKptU7MGSQzQH+8ZyrEKPfXLE6KU6gFjto8/y3Ve+IyUGMhVCAmMga0vVJLeKgrlBEmn0ftY3dxIWBnti/DJgc9bWJuT2diaLPG5jpQrI0hA5SwCoBiaDFzzWkGYgUzrIXg4szoIxoopz9XAQgUwKUhSmKH8QaYFkomHjBC4W+JNy5ElhVvBeNBc1uSA+O8Q4O1PYbA+M0/xPQLwUCbZCzG48GxjLd8gQC11VBnZZrHEXGzrdGblUM7gohddAdYLTEoA6rK851U0BlbxuLO2zIcxaL49JSpsoNC+cadgh+s91cI3ZNvo190k6mBxipfYzJIx4UIuZ4+Nh+lpwXXRqy7P9MtvsicLaCqaxbmKVYAdKkLaPtcJ8ESPE+cpr3nU4ETuQg/rVtCsVOM3loG5GCsoSLYgDP2z066ohV7FmnU6KyqHA3X6Nayzx+jpEvyqi8dB2D59IGkZJCbaVyBrkKTRqdCGrgvPPKce3920NcL9zChlX1yG8HTSTgJgy0BAoXiKRwVse5ohVyPpef66apQD360aA+G7h4+YCEFH1MzuD41X6wipwDnxjrxG7+4ACbdxZDFL4rX+GNxkaRnfKuIZFHQx0gJ9ut+JQ9v2TB+vu7kuedNMt8j8gl+JzrCH+O4Xu4Z4bXLUscErV+jrNw7AUxiQMahLTsnw4Je7XMc4B9qM5FTdFtu1PKKv7tU6dWRlmw9bkuYjDa4PnIga5WXR/c5JMp53oj6wa64xMv C+nDdjQS 7h94KJ+lB6iY6DPHw244O1C4+drZRgVwVMFwj455m+tM9s5inZFSVImgpFadluFjT2UCDFzjBQmbejKbtCxAWUSovejHR0TANWOud0Rzyw6PGvobCKrQLe5iwYs9gO6Dko2rd41nQriwh317a+y9f+Z2GcoR6jfTPvTiIN2HHjXvdDPR0ubhal3gBUt+MIT0+qrjehvp4Z3T6TBdtnLvOlvBidGLkZqLfpbZOX9q5GwMMY8gaoI5XYESFGzUDRsB9WEoPiL1mp4FGQvYD0L3sYXkqOyLQ+uU4HxKKAPxw/fbIuIs6N+XGuHudWzIteWGUtVwoZlQeDsppXnDx24VLJmb89DHI+BfhlUO0vyyhgFRwTwo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Nov 26, 2024 at 11:10=E2=80=AFPM Jann Horn wrote= : > > On Fri, Nov 22, 2024 at 4:41=E2=80=AFPM Alice Ryhl = wrote: > > This adds a type called VmAreaRef which is used when referencing a vma > > that you have read access to. Here, read access means that you hold > > either the mmap read lock or the vma read lock (or stronger). > > > > Additionally, a vma_lookup method is added to the mmap read guard, whic= h > > enables you to obtain a &VmAreaRef in safe Rust code. > > > > This patch only provides a way to lock the mmap read lock, but a > > follow-up patch also provides a way to just lock the vma read lock. > > > > Acked-by: Lorenzo Stoakes (for mm bits) > > Signed-off-by: Alice Ryhl > > Reviewed-by: Jann Horn Thanks! > with one comment: > > > + /// Zap pages in the given page range. > > + /// > > + /// This clears page table mappings for the range at the leaf leve= l, leaving all other page > > + /// tables intact, and freeing any memory referenced by the VMA in= this range. That is, > > + /// anonymous memory is completely freed, file-backed memory has i= ts reference count on page > > + /// cache folio's dropped, any dirty data will still be written ba= ck to disk as usual. > > + #[inline] > > + pub fn zap_page_range_single(&self, address: usize, size: usize) { > > + // SAFETY: By the type invariants, the caller has read access = to this VMA, which is > > + // sufficient for this method call. This method has no require= ments on the vma flags. Any > > + // value of `address` and `size` is allowed. > > If we really want to allow any address and size, we might want to add > an early bailout in zap_page_range_single(). The comment on top of > zap_page_range_single() currently says "The range must fit into one > VMA", and it looks like by the point we reach a bailout, we could have > gone through an interval tree walk via > mmu_notifier_invalidate_range_start()->__mmu_notifier_invalidate_range_st= art()->mn_itree_invalidate() > for a range that ends before it starts; I don't know how safe that is. I could change the comment on zap_page_range_single() to say: "The range should be contained within a single VMA. Otherwise an error is returned." And then I can add an overflow check at the top of zap_page_range_single(). Sounds ok? Alice