From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF506C6FD1D for ; Tue, 21 Mar 2023 19:36:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 51D106B007B; Tue, 21 Mar 2023 15:36:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4A6606B007D; Tue, 21 Mar 2023 15:36:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 320006B007E; Tue, 21 Mar 2023 15:36:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2084E6B007B for ; Tue, 21 Mar 2023 15:36:03 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id E22054013D for ; Tue, 21 Mar 2023 19:36:02 +0000 (UTC) X-FDA: 80593910964.08.FE00B0A Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf20.hostedemail.com (Postfix) with ESMTP id E68271C0017 for ; Tue, 21 Mar 2023 19:35:59 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=LWQMBpLT; spf=pass (imf20.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1679427360; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PkHbf1v/TeW0kF6HmTdS9KScSLUYYXyk622NGMWYMjE=; b=BIrWUfwp2Tef819WHYH3avUPL+M6YJacjb/VJwEQsng5SIB364HiU4YqX8sN69Hnz/lKqf nbyaaUnJCN6Pdb9qMB1TKD3Mix8KzW7bBpnvM8rstr+S+AMjsHDQ7JBAvRjeD6Wh/tuzjd JhvBFtDppWkEIyXI7YZwDU/Q3wW7Sm0= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=LWQMBpLT; spf=pass (imf20.hostedemail.com: domain of peterx@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1679427360; a=rsa-sha256; cv=none; b=uvB1ox0qtV2wbFk1P2TNM8/qa3Vab34xiTs8BLL8jyK5lgW1XaeXVSVJ8CaCXJffl5EX68 TsANq/0UZ5xUnOkieUDZ3Yjzg0x4dneVADEICa/WyGTEoHIPpBP7c4H3Up0IMxtvfASxBO K6CPIYrzWhjC48SGlD07/DIsLzYPot4= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1679427359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=PkHbf1v/TeW0kF6HmTdS9KScSLUYYXyk622NGMWYMjE=; b=LWQMBpLTgG8pbL7yfJbfOp2qMpCq+S/1Egau7HHCHWfF81kh3i76CUOn+cRL73CiWG0zf5 biiaNiCNKRKR/8YGorjHDquh9BXQaHrYl6MUJOD4iKEZQ5wttIM9Cb3pHH+KDDmiCRomSz vK3UCaEO9NdAhf37OA84VA4657yJy4s= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-376-34lwj9XQNHyR3BLJosuyJA-1; Tue, 21 Mar 2023 15:35:58 -0400 X-MC-Unique: 34lwj9XQNHyR3BLJosuyJA-1 Received: by mail-qk1-f198.google.com with SMTP id e14-20020a05620a208e00b0074270b9960dso7561179qka.22 for ; Tue, 21 Mar 2023 12:35:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679427357; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PkHbf1v/TeW0kF6HmTdS9KScSLUYYXyk622NGMWYMjE=; b=i2f3iWhA/fKgVD/6an4rHvDkh+i4dg8nd8VN6mnxgM+uQ17+VkElGt706rZ3iM5L/Z 1pAGi2X0a7d5tzAbHzu9I8+y5NJAtPec9rKYdq3HJUxgXfpM0icKsifSy9wz2pO/O+y/ pooL0NNNEr+6o6YcM5lUCiqnbG4udlJ6d8Z1Qa5cqHp4pNSc6GKW0MAejTOWb47w4+dC i53r6x6iQqqb9AM1os3bms3THM8O5s/vcVr71a27xPcqxirEl9bTYf0F5IIFXrMY21Cm d5IxqMxAjEBxpnY3SD3KtOJrB7hs41fMRUQos8DmxYwDH7jfJ5jv5+FCkMzA/ufx4v8q 5cFA== X-Gm-Message-State: AO0yUKU3Jo6uoR620X1q0Kje7A+2svB8sgPs3+WouczYNLxlHrxzX4pV YZLd4ET40B1UnqiTMzqeKtx3Lj8TmpcW0CFakFS+1dxLNLfqrrkR6p2l4SGpPYF6gae20A+sPGu wcJOwa8bCZqE9G+3Bif3XdvK6mEKyQ4QvZ+Rw0edIRepLLZELKxVVQ9CeSbnAtJoHdFgI X-Received: by 2002:a05:622a:1a17:b0:3e3:7ed0:d6df with SMTP id f23-20020a05622a1a1700b003e37ed0d6dfmr7146957qtb.6.1679427356752; Tue, 21 Mar 2023 12:35:56 -0700 (PDT) X-Google-Smtp-Source: AK7set/1G9IE3BTdBMPqhFVArq51OpJH8MCFFhHpaUyXIe8c4hd5ykBJuU5X/upf6HakV7unCN1aoQ== X-Received: by 2002:a05:622a:1a17:b0:3e3:7ed0:d6df with SMTP id f23-20020a05622a1a1700b003e37ed0d6dfmr7146908qtb.6.1679427356422; Tue, 21 Mar 2023 12:35:56 -0700 (PDT) Received: from x1n (bras-base-aurron9127w-grc-40-70-52-229-124.dsl.bell.ca. [70.52.229.124]) by smtp.gmail.com with ESMTPSA id 15-20020a05620a048f00b0074636e35405sm2443163qkr.65.2023.03.21.12.35.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Mar 2023 12:35:55 -0700 (PDT) Date: Tue, 21 Mar 2023 15:35:54 -0400 From: Peter Xu To: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Mike Kravetz Cc: Andrea Arcangeli , Andrew Morton , Axel Rasmussen , Mike Rapoport , Nadav Amit , David Hildenbrand , Muhammad Usama Anjum , linux-stable Subject: Re: [PATCH] mm/hugetlb: Fix uffd wr-protection for CoW optimization path Message-ID: References: <20230321191840.1897940-1-peterx@redhat.com> MIME-Version: 1.0 In-Reply-To: <20230321191840.1897940-1-peterx@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: E68271C0017 X-Rspam-User: X-Stat-Signature: jm7io8n6y73ktckta87xt1xis8kfapbm X-HE-Tag: 1679427359-977562 X-HE-Meta: U2FsdGVkX1+mt65xzKTL5sY0rixZGyckqwingRJVeaDNZ/+Ty1GNMieIouWFpVvf7+FTsQAl9BQregTdRNZg4HWOxOdVRum1VhZz9cJEVbdbXTNgfbQhneoiLwtAN6W/A7ZkvxenRLQ17wDpoxq2WI4ivqepH8oOZ/7yXm3nsh/U1Av0BcZ3cHSFuVLEp5wdl6jQWo0TGirmz22Xw8SJflk/rTUs7nHSsWwSRD38zOvGWqgvoOlWWVmZ3Htk/tcOnS9CX30StmlS6ECx69RrEHOSyudXXANq6JjTtcTG0gM7zkvxbSyG1yUOtIVG1OBHDYQBvWVyhP2vp8Ebcs0ZQjLGOR674PmtTyfERiif3HZtC9i3evZsYl/xdyZPpBsoVricM1dbE7Ff0Y2TIojxtOi2S+MrLKlulsL3b0zLBs/N5vY80E5H9DOP/KSa/yBodbF4PqZLXMuE5of4kvErcaY80U5AOAs6ylXqTld+VrHMBIioGEvSoQBja1ISF6yzX0TMVEzQuv8dsrYXuzWQeo/Lb/fsRyNKNAUdBYLqEe5llZJ7D8FzVfsgCdShhyoDEHY7fj4GLZY8pwOOOqKkdCovoR14C72Ip+q3U6xkutygZkcF0w+LpWTsitR40HfIhjW05LnSCgVCRmgSWcvjtOECfA9tp/n+CwE/ZXm+DUzew8S6rdqqGpwQnEoPQ8t+Lo21UK2U6I6F9jWuWD5xrfdIscyavcu/23NhjoS+23D+/p6kudXuLGkZ2myDu13iYll2wWleFSR3k5YqJJigcmP7u06Ub/h6xUJ3rHKkLWCCI2+H2gJWXQ7FN4rLMmHP6sV1Bx6NmZvN5DIFksK1cYgQQZ+7K5L/jUc9M3dXdPmtoWq+SHKS9RcmPhfEPZpyCNwyvF3Brfp/Zuv2zjBokt7lnkY7B1e21qqStz0eWtkz1x68pn+Y60ePuxr3N8aLKg/AYJuSBt/i+jrycBJ Liw7HoAB F3MtnB/BPUXit7gy4xNN/m5T1es31/oNRZOtgKrlUoUyxdSu6sP/HvozFFb7lJ1MfEpkQuBQdzJKS/L6seMrqRZt2zVcYSpHyQHHXnfQ24dSOjTWML/+fpAvUxkAvTpWKayzSmQXDNjMLpFu2p0nkV/qR21lSiwO2AShu6SGVaCFU5+gTSMiKWWhwc+GPi/vVS+daTQ29Ka0+/2Wu3w7fCIhRzHM+mZ3Dhj/lmqaStPwLb431q4rQ8g//Jmut1kDCP2hUGnInTr67ciY89Y4O8Ce3lGBIcIKY9pP+M7cBpFvJskTj9sxGo9Kqdu8HtH4RWEe0c9cntGOToWa6DcgPPvZ23RXaLfJ6BAYtznAsMlq13MZuZ8vqNv3jLBlh/0mFuw5BG6eFEfFAgGPj0H5+cBBwvw/UgX2M+hYX9IP+0Pi5NlVXld2iH1SxRImUlqdwofKjoNjffzzIZ6aGh3CnhyMsOdvEeMF0thZi2TebltrItWhaD0OubStMFU7MUDIDvDq/lXfVeW09qPTtpcJGe1jVCHNFcZ03L9tNryaPoDMmUDT0zVIlWSgYfq25nBcc0sRE/QeTGyD4Cgo8Xhijuoi/StUqfa8UDw/MMxXt+UPJNWg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Mike, For some reason I forgot to copy you.. sorry. Here's the link: https://lore.kernel.org/linux-mm/20230321191840.1897940-1-peterx@redhat.com On Tue, Mar 21, 2023 at 03:18:40PM -0400, Peter Xu wrote: > This patch fixes an issue that a hugetlb uffd-wr-protected mapping can be > writable even with uffd-wp bit set. It only happens with all these > conditions met: (1) hugetlb memory (2) private mapping (3) original mapping > was missing, then (4) being wr-protected (IOW, pte marker installed). Then > write to the page to trigger. > > Userfaultfd-wp trap for hugetlb was implemented in hugetlb_fault() before > even reaching hugetlb_wp() to avoid taking more locks that userfault won't > need. However there's one CoW optimization path for missing hugetlb page > that can trigger hugetlb_wp() inside hugetlb_no_page(), that can bypass the > userfaultfd-wp traps. > > A few ways to resolve this: > > (1) Skip the CoW optimization for hugetlb private mapping, considering > that private mappings for hugetlb should be very rare, so it may not > really be helpful to major workloads. The worst case is we only skip the > optimization if userfaultfd_wp(vma)==true, because uffd-wp needs another > fault anyway. > > (2) Move the userfaultfd-wp handling for hugetlb from hugetlb_fault() > into hugetlb_wp(). The major cons is there're a bunch of locks taken > when calling hugetlb_wp(), and that will make the changeset unnecessarily > complicated due to the lock operations. > > (3) Carry over uffd-wp bit in hugetlb_wp(), so it'll need to fault again > for uffd-wp privately mapped pages. > > This patch chose option (3) which contains the minimum changeset (simplest > for backport) and also make sure hugetlb_wp() itself will start to be > always safe with uffd-wp ptes even if called elsewhere in the future. > > This patch will be needed for v5.19+ hence copy stable. > > Reported-by: Muhammad Usama Anjum > Cc: linux-stable > Fixes: 166f3ecc0daf ("mm/hugetlb: hook page faults for uffd write protection") > Signed-off-by: Peter Xu > --- > mm/hugetlb.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index 8bfd07f4c143..22337b191eae 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -5478,7 +5478,7 @@ static vm_fault_t hugetlb_wp(struct mm_struct *mm, struct vm_area_struct *vma, > struct folio *pagecache_folio, spinlock_t *ptl) > { > const bool unshare = flags & FAULT_FLAG_UNSHARE; > - pte_t pte; > + pte_t pte, newpte; > struct hstate *h = hstate_vma(vma); > struct page *old_page; > struct folio *new_folio; > @@ -5622,8 +5622,10 @@ static vm_fault_t hugetlb_wp(struct mm_struct *mm, struct vm_area_struct *vma, > mmu_notifier_invalidate_range(mm, range.start, range.end); > page_remove_rmap(old_page, vma, true); > hugepage_add_new_anon_rmap(new_folio, vma, haddr); > - set_huge_pte_at(mm, haddr, ptep, > - make_huge_pte(vma, &new_folio->page, !unshare)); > + newpte = make_huge_pte(vma, &new_folio->page, !unshare); > + if (huge_pte_uffd_wp(pte)) > + newpte = huge_pte_mkuffd_wp(newpte); > + set_huge_pte_at(mm, haddr, ptep, newpte); > folio_set_hugetlb_migratable(new_folio); > /* Make the old page be freed below */ > new_folio = page_folio(old_page); > -- > 2.39.1 > -- Peter Xu