From: Linus Torvalds <torvalds@linux-foundation.org>
To: David Hildenbrand <david@redhat.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Hugh Dickins <hughd@google.com>,
David Rientjes <rientjes@google.com>,
Shakeel Butt <shakeelb@google.com>,
John Hubbard <jhubbard@nvidia.com>,
Jason Gunthorpe <jgg@nvidia.com>,
Mike Kravetz <mike.kravetz@oracle.com>,
Mike Rapoport <rppt@linux.ibm.com>,
Yang Shi <shy828301@gmail.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Matthew Wilcox <willy@infradead.org>,
Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>,
Michal Hocko <mhocko@kernel.org>, Nadav Amit <namit@vmware.com>,
Rik van Riel <riel@surriel.com>, Roman Gushchin <guro@fb.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Peter Xu <peterx@redhat.com>, Donald Dutile <ddutile@redhat.com>,
Christoph Hellwig <hch@lst.de>, Oleg Nesterov <oleg@redhat.com>,
Jan Kara <jack@suse.cz>, Linux-MM <linux-mm@kvack.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>
Subject: Re: [PATCH v1 06/11] mm: support GUP-triggered unsharing via FAULT_FLAG_UNSHARE (!hugetlb)
Date: Fri, 17 Dec 2021 14:58:56 -0800 [thread overview]
Message-ID: <CAHk-=wgKACiq4sygvRwvJ7bE+dnbMVftoudEVvcbyws6G_FDyw@mail.gmail.com> (raw)
In-Reply-To: <0aa27d7d-0db6-94ee-ca16-91d19997286b@redhat.com>
On Fri, Dec 17, 2021 at 2:29 PM David Hildenbrand <david@redhat.com> wrote:
>
> While I do care about future use cases, I cannot possibly see fork() not
> requiring the mmap_lock in the foreseeable future. Just so much depends
> on it as of now.
It's not that *fork()* depends on it.
Of course fork() takes the mmap_sem.
It's that fast-gup really really doesn't want it, and can't take it.
So any fast-gup user fundamentally cannot look at mapcount(), because
that would be fundamentally wrong and racy, and could race with fork.
And yet, as far as I can tell, that's *exactly* what your gup patches
do, with gup_pte_range() adding
+ if (!pte_write(pte) && gup_must_unshare(flags, page, false)) {
+ put_compound_head(head, 1, flags);
+ goto pte_unmap;
+ }
which looks at the page mapcount without holding the mmap sem at all.
And see my other email - I think there are other examples of your
patches looking at data that isn't stable because you don't hold the
right locks.
And you can't even do the optimistic case without taking the lock,
because in your world, a COW that optimistically copies in the case of
a race condition is fundamentally *wrong* and buggy. Because in your
world-view, GUP and COW are very different and have different rules,
but you need things to be *exact*, and they aren't.
And none of this is anything at least I can think about, because I
don't see what the "design" is.
I really have a hard time following what the rules actually are. You
seem to think that "page_mapcount()" is a really simple rule, and I
fundamentally disagree. It's a _very_ complicated thing indeed, with
locking issues, AND YOU ACTIVELY VIOLATE THE LOCKING RULES!
See why I'm so unhappy?
We *did* do the page_mapcount() thing. It was bad. It forced COW to
always take the page lock. There's a very real reason why I'm pushing
my "let's have a _design_ here", instead of your "let's look at
page_mapcount without even doing the locking".
And yes, I *know* that fork() takes the mmap_sem, and likely always
will. That really isn't the problem here. The problem is that your
page_mapcount() paths DO NOT take that lock.
Btw, maybe I'm misreading things. I looked at the individual patches,
I didn't apply them, maybe I missed something. But I don't think I am.
Linus
next prev parent reply other threads:[~2021-12-17 22:59 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-17 11:30 [PATCH v1 00/11] mm: COW fixes part 1: fix the COW security issue for THP and hugetlb David Hildenbrand
2021-12-17 11:30 ` [PATCH v1 01/11] seqlock: provide lockdep-free raw_seqcount_t variant David Hildenbrand
2021-12-17 17:02 ` Nadav Amit
2021-12-17 17:29 ` David Hildenbrand
2021-12-17 17:49 ` David Hildenbrand
2021-12-17 18:01 ` Nadav Amit
2021-12-17 21:28 ` Thomas Gleixner
2021-12-17 22:02 ` David Hildenbrand
2021-12-17 11:30 ` [PATCH v1 02/11] mm: thp: consolidate mapcount logic on THP split David Hildenbrand
2021-12-17 19:06 ` Yang Shi
2021-12-18 14:24 ` Kirill A. Shutemov
2021-12-17 11:30 ` [PATCH v1 03/11] mm: simplify hugetlb and file-THP handling in __page_mapcount() David Hildenbrand
2021-12-17 17:16 ` Nadav Amit
2021-12-17 17:30 ` David Hildenbrand
2021-12-17 18:06 ` Mike Kravetz
2021-12-17 18:11 ` David Hildenbrand
2021-12-17 19:07 ` Yang Shi
2021-12-18 14:31 ` Kirill A. Shutemov
2021-12-17 11:30 ` [PATCH v1 04/11] mm: thp: simlify total_mapcount() David Hildenbrand
2021-12-17 19:12 ` Yang Shi
2021-12-18 14:35 ` Kirill A. Shutemov
2021-12-17 11:30 ` [PATCH v1 05/11] mm: thp: allow for reading the THP mapcount atomically via a raw_seqlock_t David Hildenbrand
2021-12-17 11:30 ` [PATCH v1 06/11] mm: support GUP-triggered unsharing via FAULT_FLAG_UNSHARE (!hugetlb) David Hildenbrand
2021-12-17 19:04 ` Linus Torvalds
2021-12-17 19:22 ` Linus Torvalds
2021-12-17 20:17 ` David Hildenbrand
2021-12-17 20:36 ` Linus Torvalds
2021-12-17 20:39 ` Linus Torvalds
2021-12-17 20:43 ` Linus Torvalds
2021-12-17 20:42 ` David Hildenbrand
2021-12-17 20:45 ` Linus Torvalds
2021-12-18 22:52 ` Kirill A. Shutemov
2021-12-18 23:05 ` Linus Torvalds
2021-12-17 20:47 ` Jason Gunthorpe
2021-12-17 20:56 ` Linus Torvalds
2021-12-17 21:17 ` David Hildenbrand
2021-12-17 21:04 ` David Hildenbrand
2021-12-18 0:50 ` Jason Gunthorpe
2021-12-17 21:15 ` Nadav Amit
2021-12-17 21:20 ` David Hildenbrand
2021-12-18 0:50 ` Jason Gunthorpe
2021-12-18 1:53 ` Linus Torvalds
2021-12-18 2:17 ` Linus Torvalds
2021-12-18 2:42 ` Linus Torvalds
2021-12-18 3:36 ` Linus Torvalds
2021-12-18 3:05 ` Jason Gunthorpe
2021-12-18 3:30 ` Nadav Amit
2021-12-18 3:38 ` Linus Torvalds
2021-12-18 18:42 ` Jason Gunthorpe
2021-12-18 21:48 ` Nadav Amit
2021-12-18 22:53 ` Linus Torvalds
2021-12-19 0:19 ` Nadav Amit
2021-12-19 0:35 ` Linus Torvalds
2021-12-19 6:02 ` Nadav Amit
2021-12-19 8:01 ` John Hubbard
2021-12-19 11:30 ` Matthew Wilcox
2021-12-19 17:27 ` Linus Torvalds
2021-12-19 17:44 ` David Hildenbrand
2021-12-19 17:44 ` Linus Torvalds
2021-12-19 17:59 ` David Hildenbrand
2021-12-19 21:12 ` Matthew Wilcox
2021-12-19 21:27 ` Linus Torvalds
2021-12-19 21:47 ` Matthew Wilcox
2021-12-19 21:53 ` Linus Torvalds
2021-12-19 22:02 ` Matthew Wilcox
2021-12-19 22:12 ` Linus Torvalds
2021-12-19 22:26 ` Matthew Wilcox
2021-12-20 18:37 ` Matthew Wilcox
2021-12-20 18:52 ` Matthew Wilcox
2021-12-20 19:38 ` Linus Torvalds
2021-12-20 19:15 ` Linus Torvalds
2021-12-20 21:02 ` Matthew Wilcox
2021-12-20 21:27 ` Linus Torvalds
2021-12-21 1:03 ` Jason Gunthorpe
2021-12-21 3:29 ` Matthew Wilcox
2021-12-21 8:58 ` David Hildenbrand
2021-12-21 14:28 ` Jason Gunthorpe
[not found] ` <303f21d3-42b4-2f11-3f22-28f89f819080@redhat.com>
2021-12-21 23:54 ` Jason Gunthorpe
2021-12-21 17:05 ` Linus Torvalds
2021-12-21 17:40 ` David Hildenbrand
2021-12-21 18:00 ` Linus Torvalds
[not found] ` <dda021c8-69ec-c660-46be-793ae345a5bb@redhat.com>
2021-12-21 21:11 ` John Hubbard
2021-12-21 18:07 ` Jan Kara
2021-12-21 18:30 ` Linus Torvalds
[not found] ` <d23ede12-5df7-2f28-00fd-ea58d85ae400@redhat.com>
2021-12-21 18:58 ` Linus Torvalds
2021-12-21 21:16 ` John Hubbard
2021-12-21 19:07 ` Jason Gunthorpe
[not found] ` <3e0868e6-c714-1bf8-163f-389989bf5189@redhat.com>
[not found] ` <dfe1c8d5-6fac-9040-0272-6d77bafa6a16@redhat.com>
2021-12-22 12:41 ` Jan Kara
[not found] ` <4a28e8a0-2efa-8b5e-10b5-38f1fc143a98@redhat.com>
2021-12-22 14:42 ` Jan Kara
[not found] ` <505d3d0f-23ee-0eec-0571-8058b8eedb97@redhat.com>
2021-12-22 16:08 ` Jan Kara
2021-12-22 16:44 ` Matthew Wilcox
2021-12-22 18:40 ` Linus Torvalds
2021-12-23 12:54 ` Jan Kara
2021-12-23 17:18 ` Linus Torvalds
2021-12-23 0:21 ` Matthew Wilcox
2021-12-24 2:53 ` Jason Gunthorpe
2021-12-24 4:53 ` Matthew Wilcox
2022-01-04 0:33 ` Jason Gunthorpe
2021-12-21 23:59 ` Jason Gunthorpe
2021-12-22 12:44 ` Jan Kara
2021-12-17 20:45 ` David Hildenbrand
2021-12-17 20:51 ` Linus Torvalds
2021-12-17 20:55 ` David Hildenbrand
2021-12-17 21:36 ` Linus Torvalds
2021-12-17 21:47 ` David Hildenbrand
2021-12-17 21:50 ` Linus Torvalds
2021-12-17 22:29 ` David Hildenbrand
2021-12-17 22:58 ` Linus Torvalds [this message]
2021-12-17 23:29 ` David Hildenbrand
2021-12-17 23:53 ` Nadav Amit
2021-12-18 4:02 ` Linus Torvalds
2021-12-18 4:52 ` Nadav Amit
2021-12-18 5:03 ` Matthew Wilcox
2021-12-18 5:23 ` Nadav Amit
2021-12-18 18:37 ` Linus Torvalds
2021-12-17 22:18 ` Linus Torvalds
2021-12-17 22:43 ` David Hildenbrand
2021-12-17 23:20 ` Linus Torvalds
2021-12-18 9:57 ` David Hildenbrand
2021-12-18 19:21 ` Linus Torvalds
2021-12-18 19:52 ` Linus Torvalds
2021-12-19 8:43 ` David Hildenbrand
2021-12-17 11:30 ` [PATCH v1 07/11] mm: gup: trigger unsharing via FAULT_FLAG_UNSHARE when required (!hugetlb) David Hildenbrand
2021-12-17 11:30 ` [PATCH v1 08/11] mm: hugetlb: support GUP-triggered unsharing via FAULT_FLAG_UNSHARE David Hildenbrand
2021-12-17 11:30 ` [PATCH v1 09/11] mm: gup: trigger unsharing via FAULT_FLAG_UNSHARE when required (hugetlb) David Hildenbrand
2021-12-17 11:30 ` [PATCH v1 10/11] mm: thp: introduce and use page_trans_huge_anon_shared() David Hildenbrand
2021-12-17 11:30 ` [PATCH v1 11/11] selftests/vm: add tests for the known COW security issues David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wgKACiq4sygvRwvJ7bE+dnbMVftoudEVvcbyws6G_FDyw@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=ddutile@redhat.com \
--cc=guro@fb.com \
--cc=hch@lst.de \
--cc=hughd@google.com \
--cc=jack@suse.cz \
--cc=jannh@google.com \
--cc=jgg@nvidia.com \
--cc=jhubbard@nvidia.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=namit@vmware.com \
--cc=oleg@redhat.com \
--cc=peterx@redhat.com \
--cc=riel@surriel.com \
--cc=rientjes@google.com \
--cc=rppt@linux.ibm.com \
--cc=shakeelb@google.com \
--cc=shy828301@gmail.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox