From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14296C433DB for ; Fri, 12 Feb 2021 19:34:20 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 84D6F64DF0 for ; Fri, 12 Feb 2021 19:34:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 84D6F64DF0 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 0F3B16B0123; Fri, 12 Feb 2021 14:34:19 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 07E1E8D0086; Fri, 12 Feb 2021 14:34:19 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E85E28D0060; Fri, 12 Feb 2021 14:34:18 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0068.hostedemail.com [216.40.44.68]) by kanga.kvack.org (Postfix) with ESMTP id CCD866B0123 for ; Fri, 12 Feb 2021 14:34:18 -0500 (EST) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 89F8218051E06 for ; Fri, 12 Feb 2021 19:34:18 +0000 (UTC) X-FDA: 77810616996.10.235FB82 Received: from mail-il1-f176.google.com (mail-il1-f176.google.com [209.85.166.176]) by imf22.hostedemail.com (Postfix) with ESMTP id 9CF0AC000C44 for ; Fri, 12 Feb 2021 19:34:17 +0000 (UTC) Received: by mail-il1-f176.google.com with SMTP id o15so230829ilt.6 for ; Fri, 12 Feb 2021 11:34:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NLZPNYnA3AyiBztsXKbg7RI/5esV5yRJCEOdm8wwCX8=; b=wRRRmV59U2npYIEnXk/btZHw9YaT7dYbRUcFWvK9W319z+se8VRdCewgiNJ9LtEt6L a6juf1qi8a7hT97M95DhT/SJ/zuEQ9IlvAdBDoh92TbyknlpgDo3oDi8iyxpx8aZNOMg Zh7JVsf3uTnEU9xRt1r+SwbXEZn9GbuZD2D9zwCyBdC4wQd40q3IN4aLp8rDb05H654+ kHTQcbgraSuQhymzaErH5ZYuyOwodGbAj00OfZYJl2ClpMYPshQALp5ZeXzNf6OsOh6N xKn2IewT6v9MifTnBLn+kU5+b7o+JM7IcYgBtdcTuYKGkXeWQaujrGx4UMQRpjqjqQlr hXPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NLZPNYnA3AyiBztsXKbg7RI/5esV5yRJCEOdm8wwCX8=; b=oxueQv3EjlP4GhJZvxB1FgtQIaxJVqU8Bp0wVuqb4EfkfMqIXShX+HZs1uXB8kxaYH JN8BBj7ug4RAt2U58J5LQrNsPOOnApoARL/NrDIdPytiYXyxgXMGvcchAMRQBY28/qGe 2Y5l1Wzz10SO/0h3DDkwZ8dQHJpFH6dxXTVvE+zz09ztlBdgTlnt2rYoESS7F/jWF0u9 JMxV5pOj1lQvrK1ZHDeCbxFmRciJZJjPW+faRM3rH/6pG3bTWSpMyEuKajUGVdicE4fL G9B0pU18mhWQevHl2IuSrpFvcqNCQP5p7YoZFFb/wJo3nB5wLViDsIHx7KSRHNys4uoS VO1A== X-Gm-Message-State: AOAM533CHFgeWvYLo5irjwlAddplu9vPrIzr4UUjeBj+NNKfVIKUdWzu xiGcnC2/0nZNvKzm+BuI+vRRzumXa8Oh302/oiNJrQ== X-Google-Smtp-Source: ABdhPJzUOZHK+nJxYDrNFxI4JSdUt9lx51FEfV/DFOi0Mx5l6BAKCb1h8pfc3n/nrhrc2JnvEvbOI5fQ2Wulw9S9XOM= X-Received: by 2002:a05:6e02:194a:: with SMTP id x10mr3628193ilu.165.1613158457152; Fri, 12 Feb 2021 11:34:17 -0800 (PST) MIME-Version: 1.0 References: <20210210212200.1097784-1-axelrasmussen@google.com> <20210210212200.1097784-6-axelrasmussen@google.com> In-Reply-To: From: Axel Rasmussen Date: Fri, 12 Feb 2021 11:33:39 -0800 Message-ID: Subject: Re: [PATCH v5 05/10] userfaultfd: add minor fault registration mode To: Mike Kravetz Cc: Alexander Viro , Alexey Dobriyan , Andrea Arcangeli , Andrew Morton , Anshuman Khandual , Catalin Marinas , Chinwen Chang , Huang Ying , Ingo Molnar , Jann Horn , Jerome Glisse , Lokesh Gidra , "Matthew Wilcox (Oracle)" , Michael Ellerman , =?UTF-8?Q?Michal_Koutn=C3=BD?= , Michel Lespinasse , Mike Rapoport , Nicholas Piggin , Peter Xu , Shaohua Li , Shawn Anastasio , Steven Rostedt , Steven Price , Vlastimil Babka , LKML , linux-fsdevel@vger.kernel.org, Linux MM , Adam Ruprecht , Cannon Matthews , "Dr . David Alan Gilbert" , David Rientjes , Mina Almasry , Oliver Upton Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 9CF0AC000C44 X-Stat-Signature: zranp98nijcpx8qnb31xmbz1m5chpdeq Received-SPF: none (google.com>: No applicable sender policy available) receiver=imf22; identity=mailfrom; envelope-from=""; helo=mail-il1-f176.google.com; client-ip=209.85.166.176 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1613158457-329062 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Feb 12, 2021 at 11:18 AM Mike Kravetz wrote: > > On 2/10/21 1:21 PM, Axel Rasmussen wrote: > > This feature allows userspace to intercept "minor" faults. By "minor" > > faults, I mean the following situation: > > > > Let there exist two mappings (i.e., VMAs) to the same page(s). One of > > the mappings is registered with userfaultfd (in minor mode), and the > > other is not. Via the non-UFFD mapping, the underlying pages have > > already been allocated & filled with some contents. The UFFD mapping > > has not yet been faulted in; when it is touched for the first time, > > this results in what I'm calling a "minor" fault. As a concrete > > example, when working with hugetlbfs, we have huge_pte_none(), but > > find_lock_page() finds an existing page. > > Do we want to intercept the fault if it is for a private mapping that > will COW the page in the page cache? I think 'yes' but just want to > confirm. The code added to hugetlb_no_page will intercept these COW > accesses. I can at least say this is intentional, although I admit I don't have a precise use case in mind for the UFFD mapping being private. I suppose it's something like, the UFFD poll thread is supposed to (maybe) update the page contents, *before* I CoW it, and then once it's been CoW-ed I don't want that poll thread to be able to see whatever changes I've made? Unless there's some different use case for this, I believe this is the behavior we want. > > > > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > > index e41b77cf6cc2..f150b10981a8 100644 > > --- a/mm/hugetlb.c > > +++ b/mm/hugetlb.c > > @@ -4366,6 +4366,38 @@ static vm_fault_t hugetlb_no_page(struct mm_struct *mm, > > VM_FAULT_SET_HINDEX(hstate_index(h)); > > goto backout_unlocked; > > } > > + > > + /* Check for page in userfault range. */ > > + if (userfaultfd_minor(vma)) { > > + u32 hash; > > + struct vm_fault vmf = { > > + .vma = vma, > > + .address = haddr, > > + .flags = flags, > > + /* > > + * Hard to debug if it ends up being used by a > > + * callee that assumes something about the > > + * other uninitialized fields... same as in > > + * memory.c > > + */ > > + }; > > + > > + unlock_page(page); > > + > > + /* > > + * hugetlb_fault_mutex and i_mmap_rwsem must be dropped > > + * before handling userfault. Reacquire after handling > > + * fault to make calling code simpler. > > + */ > > + > > + hash = hugetlb_fault_mutex_hash(mapping, idx); > > + mutex_unlock(&hugetlb_fault_mutex_table[hash]); > > + i_mmap_unlock_read(mapping); > > After dropping all the locks, we only hold a reference to the page in the > page cache. I 'think' someone else could hole punch the page and remove it > from the cache. IIUC, state changing while processing uffd faults is something > that users need to deal with? Just need to make sure there are no assumptions > in the kernel code. Yeah, this seems possible. What I'd expect to happen in that case is something like: 1. hugetlb_no_page() calls into handle_userfault(). 2. Someone hole punches the page, removing it from the page cache. 3. The UFFD poll thread gets the fault event, and issues a UFFDIO_CONTINUE. (Say we instead were going to write an update, and *then* UFFDIO_CONTINUE: I think the hole punch by another thread could also happen between those two events.) 4. This calls down into hugetlb_mcopy_atomic_pte, where we try to find_lock_page(). This returns NULL, so we bail with -EFAULT. 5. Userspace detects and deals with this error - maybe by writing to the non-UFFD mapping, thereby putting a page back in the page cache, or by issuing a UFFDIO_COPY or such? Which, as far as I can see is fine? But, I am by no means an expert yet so please correct me if this seems problematic. :) > > > + ret = handle_userfault(&vmf, VM_UFFD_MINOR); > > + i_mmap_lock_read(mapping); > > + mutex_lock(&hugetlb_fault_mutex_table[hash]); > > + goto out; > > + } > > } > > > > /* > > > > -- > Mike Kravetz