From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5A8DFC369DC
	for <linux-mm@archiver.kernel.org>; Tue, 29 Apr 2025 17:15:08 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 90C0D6B0007; Tue, 29 Apr 2025 13:15:06 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8B9276B000A; Tue, 29 Apr 2025 13:15:06 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 7813B6B000C; Tue, 29 Apr 2025 13:15:06 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 503BC6B0007
	for <linux-mm@kvack.org>; Tue, 29 Apr 2025 13:15:06 -0400 (EDT)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 69934140AED
	for <linux-mm@kvack.org>; Tue, 29 Apr 2025 17:15:07 +0000 (UTC)
X-FDA: 83387731854.25.DD705EA
Received: from mail-qt1-f182.google.com (mail-qt1-f182.google.com [209.85.160.182])
	by imf09.hostedemail.com (Postfix) with ESMTP id 814A0140010
	for <linux-mm@kvack.org>; Tue, 29 Apr 2025 17:15:05 +0000 (UTC)
Authentication-Results: imf09.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=MfHdahWH;
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf09.hostedemail.com: domain of surenb@google.com designates 209.85.160.182 as permitted sender) smtp.mailfrom=surenb@google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745946905; a=rsa-sha256;
	cv=none;
	b=QOsAABf6PfmfLNEJi6AUC06Gh+Nl0vAgqkKhjvj7F6r0tFjEbFbxGSyUEA0LTPaR/VHA0w
	lmIsgN2FyDAVCao0KLdkQQlbsRHdZ+H79nJJEASimEZsNwfTD3b4StyjKDdAmu7jtMCYeY
	2sg4reGU3uC0BWLTnBKE0tyD+B9J1sE=
ARC-Authentication-Results: i=1;
	imf09.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=MfHdahWH;
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf09.hostedemail.com: domain of surenb@google.com designates 209.85.160.182 as permitted sender) smtp.mailfrom=surenb@google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1745946905;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=8N3PFLJdo2BL64kwpJnok05xXM6XlOssovMurdNnZcM=;
	b=JVXSvMKnsWdAvpDtzYHLpCyjcdLBdE8qtpB+CFThu6ioqku/3+IxRD64AwKEKAHeCHvAB3
	V7s1qmwNcOqluRydE1AvqlMsMQPOF8jG6cBMQvrZ+8hkAfEehmibsGK7eK+3MXD8ujpPNS
	HJakSt37o43dfpcHuJ2JaGD/iEBrx2g=
Received: by mail-qt1-f182.google.com with SMTP id d75a77b69052e-47666573242so360131cf.0
        for <linux-mm@kvack.org>; Tue, 29 Apr 2025 10:15:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1745946904; x=1746551704; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=8N3PFLJdo2BL64kwpJnok05xXM6XlOssovMurdNnZcM=;
        b=MfHdahWHZ63yf/G6Y4cK5UPNtXbozYegsNk/RZUU54hDzywILipVAI6iiFUvo5LmPv
         wLm2qaBqXx9cdImrLhn/W+8/v2/JGuz4YNpa5NsYcB0Lh/zz7pzGTkTwk6bh2tosnRRF
         61QxjEFf26j6ECeH6n2mR0jicqgYykDdWOR+YIrOIX1KpPqwNOWBeVzjKTlM9QkUzzCA
         ZLb75JfDuQB08ZlZvO2hxiYr0ARGIBAEo8fetfmBlLqSTVbx3DSVhdZHojjV/fj+Oouz
         RpxMlrFB6p8tC75xGnTPYoJDyX84/OXtDsGPR1T4b/E41meggggO4MrVZ45sBzF3Bh8+
         6G5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1745946904; x=1746551704;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=8N3PFLJdo2BL64kwpJnok05xXM6XlOssovMurdNnZcM=;
        b=fBpzEoRFyjbW3hC2YhLjEiUHvksZL22p7MiUrIMiDTn88EHiJkRNs4h07ea0qcYUoT
         Oy+zuvwT414gtqwkKXgoFlnOAI7Yx04+Nic06fNZ87Vl33Ct36AHXgo/H3ovOh7zd4Ik
         GWLQ2bqYfulOtpNU4Rrt3V9rngSGuVNcyDKFmVTh/Om+LNh+7XYtJX30Hc0e879s3Sgv
         b7IIunAmSO375eF05gOTq7nBdw1z7Z16cKqT3Qjg58STE9rHVx2ImJ6zEc8HNhV4jywR
         ERIevWZ9FWVCoSgOHWuSh4jJzMxxUKdcPccLF+oI8Xa0b44Igg6qjstOS6XJG+3dqVLU
         QUBQ==
X-Forwarded-Encrypted: i=1; AJvYcCXBbORWgl+RxWpPNzc1sklqreL7AMmYtzxNG5VfrS4b8Egm8rjXbCmDagZC1zCT9/r45fr3RqSc+Q==@kvack.org
X-Gm-Message-State: AOJu0YxlRpzkJiMv5JXDR2uQn1pDAmlA9bbvLCT/Vi/jzqSu2OY3/Vk3
	Y7wqA31kVzCLjv4KwHpoW+t+Pji7PphzdIp4eR423WydSkh6GR+GExe2WGaZXO7Jj2pyasZud4N
	DR2O+siBltOw5uDBAHQHnyt5+fqjbMGBcJH2x
X-Gm-Gg: ASbGncuFuk6weoQ4sIic9b4rCQihwi9af7uljg2WPb/WZOOtgTNBdlhq6j/DVdq6OwZ
	jCjKtNpmkitbJVNtQDbYg7aC2Mb9Tx+QPcUXS5rX5XBNVKC+eo0f1u2Lo83isbf1aR9goTnDbDW
	DbVtvTdLyi6QLAg2aBrjQX+usRBBanJrTCfrpy8LFbv4Qa7B5nYSrE
X-Google-Smtp-Source: AGHT+IHc2d7Lags5IXA2jqjdd8Wrmu7oiMjs4V+SDYbkXeZnsbeXFEB5FbDmi3+9UCay73uMesmQXy8B2gOJYxFd2N0=
X-Received: by 2002:a05:622a:1ba7:b0:47d:cdd2:8290 with SMTP id
 d75a77b69052e-488a5dee905mr4983031cf.9.1745946904330; Tue, 29 Apr 2025
 10:15:04 -0700 (PDT)
MIME-Version: 1.0
References: <20250418174959.1431962-1-surenb@google.com> <20250418174959.1431962-9-surenb@google.com>
 <CAEf4BzabPLJTy1U=aBrGZqKpskNYvj5MYuhPHSh_=hjmVJMvrg@mail.gmail.com> <CAG48ez29frEbJG+ySVARX-bO_QWe8eUbZiV8Jq2sqYemfuqP_g@mail.gmail.com>
In-Reply-To: <CAG48ez29frEbJG+ySVARX-bO_QWe8eUbZiV8Jq2sqYemfuqP_g@mail.gmail.com>
From: Suren Baghdasaryan <surenb@google.com>
Date: Tue, 29 Apr 2025 10:14:52 -0700
X-Gm-Features: ATxdqUGDGzBEh9QYdQgSp_gL9D3xJRJOqR7cGNBprwi1rNdXNpRqj3ts5tZZ_ww
Message-ID: <CAJuCfpGxw7L67CvDnTiHN0kdVjFcPoZZ4ZsOHi0=wR7Y2umk0Q@mail.gmail.com>
Subject: Re: [PATCH v3 8/8] mm/maps: execute PROCMAP_QUERY ioctl under RCU
To: Jann Horn <jannh@google.com>
Cc: Andrii Nakryiko <andrii.nakryiko@gmail.com>, akpm@linux-foundation.org, 
	Liam.Howlett@oracle.com, lorenzo.stoakes@oracle.com, david@redhat.com, 
	vbabka@suse.cz, peterx@redhat.com, hannes@cmpxchg.org, mhocko@kernel.org, 
	paulmck@kernel.org, shuah@kernel.org, adobriyan@gmail.com, brauner@kernel.org, 
	josef@toxicpanda.com, yebin10@huawei.com, linux@weissschuh.net, 
	willy@infradead.org, osalvador@suse.de, andrii@kernel.org, 
	ryan.roberts@arm.com, christophe.leroy@csgroup.eu, 
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, 
	linux-mm@kvack.org, linux-kselftest@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspam-User: 
X-Rspamd-Queue-Id: 814A0140010
X-Rspamd-Server: rspam04
X-Stat-Signature: zdkpaojea8wtf34hj38bnq5s6xhz1ypj
X-HE-Tag: 1745946905-636552
X-HE-Meta: U2FsdGVkX1/X9FQn5uaZbwlP/w/Zhkf51goi5vEYk8fRcRLfpgGtVQWCpSERYHuA/ECDmPYrGFWL0q35F/J0GeRCWaVraqcdiYtu5ZgWzfM/+ZrKGUx8c3bqbmI78hS0FaSbxcpkmstZlBZTVTl6p2PET397qGuVGpm/OZgb+K7TwnxpUyq35MPv4I1f2aY/qXw3W1SU4gLEKhGri5Et4lwIq2z2vUwYccUTtBV6DnOsOoUmdldYMtfgRslInJLTbfwK8/A7AyUF6x4y86MG4nUf74cn/5ARZVOpHSk+6pD0KEwKdOSFJcQLaiqlg/ofkxBjyzwqEjshwchimmZ8v5PR4auc/nDw3NXFEbC9t8oTuRqSN4B/BjOZ47JLg0vcg3NXq53/wsxYGiC41HWczmIZukriigHRGyZEe4IgaG8WxtkERzDaqwT8tc0QWo2eFfLRi+XN5R+zecmsdrrUXzjrmeqSGdlt/17ryKrPbeoRGtGtqyWmBMyl0oftxPT402BJorwyUkDUmHzqcknqa1QC2QeuKSvqAYs4qAH6uQlwpAzYE7NGxT14fAxSVbAZjkt6zb/RqzSSenUIYNLxjT1MyM/JK2j+p9MTIQW7Yfks58kZOJiU/+nsHovmtTZQVmtTQ0btFiqXdgFayE0EyfNaZs3oYMFFQUutJjysiQPi1qBM7QcYitxpjFeYfNetGvpJhx/U/F5sEvR7JLt2q//BY48kbHU/6bqieM/SrMwQP46LcBuC3fda+mGfQ1f566I/NBIDqjQSf1w6Bg/Gcm9x+lGYYNikQI0Lf2Yxdyk54guQQayMjraV2bYrGUDDTVxbYlP+gnMDcc9vc7vk7nZUlF+aDHq97FxBK7cf00yPnJQbnUWh/J2/Ue7+gJbBdh29hJc2IJoA3O0I9wQygGh8wtL22Dqk6+YS+pw1SiP131hHhFhKX0b+Dn+VjV/1qMvRSVUVUvF/ro9PhOa
 UrB8Ajjm
 ftAbF28kC6vgMdc5Zd1QEH8W/iNs0WDwl+oIumDVIwDFL3M6apHguOseix5zbtuZlvFFkxBOYhHiN1bpnRwI4nAcNPIT2oWfHefJnZbPkIX4yHuResV3IcOFgby6cQXt1kgr7QVrgtoPvvO/VW8MSX1OOVQ3kHofVFPCLzPafZ3+OuPdQIcxrJZNyGpQzy8nq3thL322KDbeh0BJtBERMR0cwXKwUNwlj2Jg7WJpFBC8zhNw8+FPiuMyBCci9w+6AQMJSbbEPvDx1bpX1ETrhVsblL0RRVNSObTrsTfa8NsKeAfWzQQBdQsV/yVBQ/vPotwp483pAZ0CNY7JeECJkcYEokKXX7101mbnZEjD7mO+r1WQ=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Tue, Apr 29, 2025 at 8:56=E2=80=AFAM Jann Horn <jannh@google.com> wrote:
>
> On Wed, Apr 23, 2025 at 12:54=E2=80=AFAM Andrii Nakryiko
> <andrii.nakryiko@gmail.com> wrote:
> > On Fri, Apr 18, 2025 at 10:50=E2=80=AFAM Suren Baghdasaryan <surenb@goo=
gle.com> wrote:
> > > Utilize speculative vma lookup to find and snapshot a vma without
> > > taking mmap_lock during PROCMAP_QUERY ioctl execution. Concurrent
> > > address space modifications are detected and the lookup is retried.
> > > While we take the mmap_lock for reading during such contention, we
> > > do that momentarily only to record new mm_wr_seq counter.
> >
> > PROCMAP_QUERY is an even more obvious candidate for fully lockless
> > speculation, IMO (because it's more obvious that vma's use is
> > localized to do_procmap_query(), instead of being spread across
> > m_start/m_next and m_show as with seq_file approach). We do
> > rcu_read_lock(), mmap_lock_speculate_try_begin(), query for VMA (no
> > mmap_read_lock), use that VMA to produce (speculative) output, and
> > then validate that VMA or mm_struct didn't change with
> > mmap_lock_speculate_retry(). If it did - retry, if not - we are done.
> > No need for vma_copy and any gets/puts, no?
>
> I really strongly dislike this "fully lockless" approach because it
> means we get data races all over the place, and it gets hard to reason
> about what happens especially if we do anything other than reading
> plain data from the VMA. When reading the implementation of
> do_procmap_query(), at basically every memory read you'd have to think
> twice as hard to figure out which fields can be concurrently updated
> elsewhere and whether the subsequent sequence count recheck can
> recover from the resulting badness.
>
> Just as one example, I think get_vma_name() could (depending on
> compiler optimizations) crash with a NULL deref if the VMA's ->vm_ops
> pointer is concurrently changed to &vma_dummy_vm_ops by vma_close()
> between "if (vma->vm_ops && vma->vm_ops->name)" and
> "vma->vm_ops->name(vma)". And I think this illustrates how the "fully
> lockless" approach creates more implicit assumptions about the
> behavior of core MM code, which could be broken by future changes to
> MM code.

Yeah, I'll need to re-evaluate such an approach after your review. I
like having get_stable_vma() to obtain a completely stable version of
the vma in a localized place and then stop worrying about possible
races. If implemented correctly, would that be enough to address your
concern, Jann?