From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18D2AC36018 for ; Wed, 2 Apr 2025 21:35:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DC67E280003; Wed, 2 Apr 2025 17:35:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D751B280001; Wed, 2 Apr 2025 17:35:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C3CBA280003; Wed, 2 Apr 2025 17:35:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A4092280001 for ; Wed, 2 Apr 2025 17:35:03 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 08323C0960 for ; Wed, 2 Apr 2025 21:35:04 +0000 (UTC) X-FDA: 83290409328.29.7F272C6 Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169]) by imf08.hostedemail.com (Postfix) with ESMTP id 1BAF1160009 for ; Wed, 2 Apr 2025 21:35:01 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=jxuUHk4e; spf=pass (imf08.hostedemail.com: domain of joannelkoong@gmail.com designates 209.85.160.169 as permitted sender) smtp.mailfrom=joannelkoong@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1743629702; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wXV/4KLKryL+mkVEiJtNLsehrS83f48ro1ic7SlOiFE=; b=4or/wCYBL2G+7zWmA+WFR8dNTSOzfhIUJu6JmOHeTid9kGVvSKD3SPPQOo2yIX191DjE5i sMLKKygpdYqB/234HN1vPmSAvU259ZiCUDs+uJWtrUcbFKtA9hR0iScc+3fv3HqO9GcXfs Jevh0jyHtoXZhoeC+hJasXGlNjQ7BMU= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=jxuUHk4e; spf=pass (imf08.hostedemail.com: domain of joannelkoong@gmail.com designates 209.85.160.169 as permitted sender) smtp.mailfrom=joannelkoong@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1743629702; a=rsa-sha256; cv=none; b=Z6qcR95q+JjfpipVQWAO02dLaUC+qc6MGUsGLwd3j6N8YwkQJ8j4n0HX7CzGsAa+7SIgVq WAVWkYvYKfASnQRsUGMgtOdqJdSc/MmHTIqq3Iylb7P1NQJa24fbcbBXcHSDJaDZZT/hd4 NbQspismHO3rHNNN4n97sY/Egi+YD7Q= Received: by mail-qt1-f169.google.com with SMTP id d75a77b69052e-4775ce8a4b0so3228911cf.1 for ; Wed, 02 Apr 2025 14:35:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743629701; x=1744234501; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=wXV/4KLKryL+mkVEiJtNLsehrS83f48ro1ic7SlOiFE=; b=jxuUHk4egrGta95ekRvLwn+MVepB7rMjzYy0hfUyZGVw8KPqw1S6fVHL+hlLeoLCO7 WEw1QrBDOW0cu4ll1TX/vbnzd3km7Kpwacoa0+RzCWyfLwZNHF2r6gkkI7VcmhHOGvrh BsacCm8nYitBqdIDTsbQUJrYZP2KXgFgc7vrjqiRB3Cii7WmWaV8izMEPmdvFLWC8d9Z zT4kZUlEdwedxZBp67dT3E1M4mFOLrqEBTOG/Kd5+iJST0AIEuvx82Q3qwrrMBglNnjl xVKs8TRUF6XZ1WKppfkiaEMJdHMTNqxF91FPuamLOWbmVqwNpfrHDGTw0nPINVP5Nw/W usxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743629701; x=1744234501; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wXV/4KLKryL+mkVEiJtNLsehrS83f48ro1ic7SlOiFE=; b=VoKTDnvHdTvjcG1H+RtYVRVO8NJKoQg9VX/ClZ76DH3cwp36yQ1ORLUdFNzeOGPZuq z0cfXO3FAMGuAysglJ0/h/7OTBzUzqIeXOshB8arLgixu+TipUBwSVYVs7rhNxC2k3B8 3UqeWq3Lc8hWddbbbug9dGf8AXdlAFtyx1p1R45R+wCKeo7ETUjdJjCFyyq2uFjMcNRi 79MP3fcy2+ZQpQSxvUIWcRamtK0XLmo2jdMudpx3l4xtP7fnOTCGeXbhL/9yFCY8eq/u 2aer1Tfpm0zfg45ygXMGHH6uKVs2JGVKQRbv4+OA5/WxUZSspmXFaboSMgXKX5+Ye+3v nLXA== X-Forwarded-Encrypted: i=1; AJvYcCWZDfkYYVgXL78tJvj77NsEXx9l0dQCA8uFmwys0kOwE8MTRb/9r8pW8zR1wnZoBtLXG2kusFSUlw==@kvack.org X-Gm-Message-State: AOJu0Yz9scfLx14kx9obrISlo7b7BgX+pkhXGJv9GKA5AQxKZbShRVxW bJhUVFFCCiNQ+lH+2FBk5Hs5h5c9DGtp1scLK88lHlFpKzl/zoAc5QSHBh8lWyw6b8IFR4M4n2P lUqOyTTyI++iwYcs3Sd4VlhBb2s4= X-Gm-Gg: ASbGncu+zKvol4qMO5kTi7p5jkSxAvZ1hUNyMERuqW0EHiZVLLwv5d3CNd/mX9SIHXn E8BqQNwtUe1CQS1gmAinDJ9/1Krd4scVltPnC5AGwlA87UbQixr4kXnQXUj8mNvyuXPK7f/QqGX X/20AUx7Q70FnW/9OdbS8c9kHCut9mIhqBBLjaRR2sRw== X-Google-Smtp-Source: AGHT+IH9RyuryqLYFr0sIwVsygMGNs86XJCPy1oK+2U+8CmMAUnEX5hK4KYSSBIuRZHQCki5QzjSDdLx2KVBYQ2iQyI= X-Received: by 2002:a05:622a:281:b0:476:9377:17aa with SMTP id d75a77b69052e-4791961be70mr3772321cf.52.1743629701194; Wed, 02 Apr 2025 14:35:01 -0700 (PDT) MIME-Version: 1.0 References: <20241122232359.429647-1-joannelkoong@gmail.com> <20241122232359.429647-5-joannelkoong@gmail.com> In-Reply-To: From: Joanne Koong Date: Wed, 2 Apr 2025 14:34:49 -0700 X-Gm-Features: AQ5f1JrYVHMlDWZJxH4-18lt1qU_d4NlCtPkRQrCGOovJWEhE1ANrmdC3YBUzu8 Message-ID: Subject: Re: [PATCH v6 4/5] mm/migrate: skip migrating folios under writeback with AS_WRITEBACK_INDETERMINATE mappings To: David Hildenbrand Cc: miklos@szeredi.hu, linux-fsdevel@vger.kernel.org, shakeel.butt@linux.dev, jefflexu@linux.alibaba.com, josef@toxicpanda.com, bernd.schubert@fastmail.fm, linux-mm@kvack.org, kernel-team@meta.com, Matthew Wilcox , Zi Yan , Oscar Salvador , Michal Hocko Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 1BAF1160009 X-Stat-Signature: tyum3wh5of679nwehmuqnob4pqqwtw8a X-Rspam-User: X-Rspamd-Server: rspam12 X-HE-Tag: 1743629701-998541 X-HE-Meta: U2FsdGVkX19eKsK+QkQ7S1jfyJwePpkLtPDt0lU7o9NANREK+JWrAd2TYvmYknHKSiAnes7ar8ip6Pqa5Rf8uMvbdbF6Jq5vJljfvOQYYWgDstfw0+a4e+svovu7uOuO1/3hykK7+bR+gHe72PfchYk3b1a45NhjkgeEjBUUmaCFiI3SOLeYUUqfh+uNkSJNWRK+dAU8TCx7BRC+uqwv5DQuYGPvgr2M2z+ksZIdxOo3Kjfm83XTLU88vMbth0EujGBP+TjiZPLaRRv4BBdjcw9Ccda31TfJvxi+KANLygCM+Tim4Gvk5gUA/4Gjvz4leeyLXpA0v/v/n5kNXnhvaU1Vo2vh4wjlLYXxnsD8dN4pTj7ufpANw+IIXy8ccpvnA6UYNuJQbxFA8j7UCpQ2KLlVkmfrsvt44oYp+G95aL/Vbs46H8ZpYPyx1ESm/+inRT36xO0W//9lT7aLQ0H1OKnGFh4Ua/cnCwP0mgSCVWJ+kmUKAowsTi6HJZk7IqahL5jSa6Iru57VZ2VyZ4TNJjM3r6ycaQG7FZfg0fli1WlZFDWItV2FcDLgVVbXip0+LE1up+iAWyWC0NgTmvLitrcGfS/LgkvaFM7T5vsvDW77yZle8jB0wkHh5tZcDhMzejp0+yd6yZD2cofwu0hbPqbSkfKcLjYHevyiI2/xIvTWtN5H1ymZOjwW+VhEcbzNd8VqXi2U9eb/eRlGi0aAECuL0C7ArM8lkruaCwKfDtQzDjx79Wd/SWeJQvzr+RTE3nxd+0MDZtCX/zuXujX/5Nm7nZTQOzygIn4PXCiM7/zbn8FjL2Ylwl4zCB4sp+F7BLUSzsKJMsVry7g8oopN1RlCXjUxlzYP9XuIrh4+p5m3V/IorUiNSIfmlDLvMkvIY93jvoyywDdK5Ft/mC9rPLh+cjWvzZDg2RAC/gtJV1yROicKvc6pArxMpXk+Nnw1+cbquFLlgWlP+j4iUBM 9Vp8vDJp 3vosbWdKrsnpGKl+J3unqci+Pv2wySgdcJF3IFkYMWcbJvIxbZYvGlDSq3Ua203Iaq98rfcJZk+8F6GP4lZptONuxhHLGzb7BNhYwYyVuOYQfXPUMK+M5yo+LpO0sRqKtwIkF6mCOlzfAWT88AzgVHCZciFo/MsYIfLowYGmR2bpRVne9P8FGvMTpi7TS6Mx/7IsdKMZsQBFTIMV+NWvkgHpomMKDA4xkisKpnTdU+BLTo5KgmZEmitCNUg/iUW8n3JP0ql8gwULEFQCljr/ktDvGTULZIj7tkpzNpYggQCzR4vYGXHLSD7wEKIUyS4EKbn/j0exfjHE51Ikx4khEbQI35aiMJbAzexbZtCAiTM3oR3Hn2jwPkTiQefBNMusup9YivHoLrNdJimxve10/dp+uqgJGvYRS8OBx X-Bogosity: Ham, tests=bogofilter, spamicity=0.000037, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Dec 19, 2024 at 5:05=E2=80=AFAM David Hildenbrand wrote: > > On 23.11.24 00:23, Joanne Koong wrote: > > For migrations called in MIGRATE_SYNC mode, skip migrating the folio if > > it is under writeback and has the AS_WRITEBACK_INDETERMINATE flag set o= n its > > mapping. If the AS_WRITEBACK_INDETERMINATE flag is set on the mapping, = the > > writeback may take an indeterminate amount of time to complete, and > > waits may get stuck. > > > > Signed-off-by: Joanne Koong > > Reviewed-by: Shakeel Butt > > --- > > mm/migrate.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/mm/migrate.c b/mm/migrate.c > > index df91248755e4..fe73284e5246 100644 > > --- a/mm/migrate.c > > +++ b/mm/migrate.c > > @@ -1260,7 +1260,10 @@ static int migrate_folio_unmap(new_folio_t get_n= ew_folio, > > */ > > switch (mode) { > > case MIGRATE_SYNC: > > - break; > > + if (!src->mapping || > > + !mapping_writeback_indeterminate(src->mapping= )) > > + break; > > + fallthrough; > > default: > > rc =3D -EBUSY; > > goto out; > > Ehm, doesn't this mean that any fuse user can essentially completely > block CMA allocations, memory compaction, memory hotunplug, memory > poisoning... ?! > > That sounds very bad. I took a closer look at the migration code and the FUSE code. In the migration code in migrate_folio_unmap(), I see that any MIGATE_SYNC mode folio lock holds will block migration until that folio is unlocked. This is the snippet in migrate_folio_unmap() I'm looking at: if (!folio_trylock(src)) { if (mode =3D=3D MIGRATE_ASYNC) goto out; if (current->flags & PF_MEMALLOC) goto out; if (mode =3D=3D MIGRATE_SYNC_LIGHT && !folio_test_uptodate(= src)) goto out; folio_lock(src); } If this is all that is needed for a malicious FUSE server to block migration, then it makes no difference if AS_WRITEBACK_INDETERMINATE mappings are skipped in migration. A malicious server has easier and more powerful ways of blocking migration in FUSE than trying to do it through writeback. For a malicious fuse server, we in fact wouldn't even get far enough to hit writeback - a write triggers aops->write_begin() and a malicious server would deliberately hang forever while the folio is locked in write_begin(). I looked into whether we could eradicate all the places in FUSE where we may hold the folio lock for an indeterminate amount of time, because if that is possible, then we should not add this writeback way for a malicious fuse server to affect migration. But I don't think we can, for example taking one case, the folio lock needs to be held as we read in the folio from the server when servicing page faults, else the page cache would contain stale data if there was a concurrent write that happened just before, which would lead to data corruption in the filesystem. Imo, we need a more encompassing solution for all these cases if we're serious about preventing FUSE from blocking migration, which probably looks like a globally enforced default timeout of some sort or an mm solution for mitigating the blast radius of how much memory can be blocked from migration, but that is outside the scope of this patchset and is its own standalone topic. I don't see how this patch has any additional negative impact on memory migration for the case of malicious servers that the server can't already (and more easily) do. In fact, this patchset if anything helps memory given that malicious servers now can't also trigger page allocations for temp pages that would never get freed. Thanks, Joanne > > -- > Cheers, > > David / dhildenb >