From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 720A0C77B61
	for <linux-mm@archiver.kernel.org>; Mon, 24 Apr 2023 12:38:53 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0543F6B0075; Mon, 24 Apr 2023 08:38:53 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 004096B0078; Mon, 24 Apr 2023 08:38:52 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id DC0376B007B; Mon, 24 Apr 2023 08:38:52 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id C99B46B0075
	for <linux-mm@kvack.org>; Mon, 24 Apr 2023 08:38:52 -0400 (EDT)
Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 9D53380195
	for <linux-mm@kvack.org>; Mon, 24 Apr 2023 12:38:52 +0000 (UTC)
X-FDA: 80716238904.16.F1DFCB9
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	by imf15.hostedemail.com (Postfix) with ESMTP id 50F3DA000F
	for <linux-mm@kvack.org>; Mon, 24 Apr 2023 12:38:50 +0000 (UTC)
Authentication-Results: imf15.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b="oxHS7/of";
	spf=none (imf15.hostedemail.com: domain of BATV+e16e2fc4419b117693a1+7183+infradead.org+hch@bombadil.srs.infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=BATV+e16e2fc4419b117693a1+7183+infradead.org+hch@bombadil.srs.infradead.org;
	dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682339930; a=rsa-sha256;
	cv=none;
	b=HSW2br8nzcNXm9p9YIfNOjhMb/Nj+mcF6QjwvXjnpGqptK/OLIX+acSTDXo4ncfdy9NHlt
	wFcFQcPdPIYuqw75gFOSl+XIxINbz/tkqQRHmIK0KlKNHCmAwoWpOTmQbS8Ql6NTfGCpwH
	q531tt761dmZpWFyahoOMt7WUW8hMGc=
ARC-Authentication-Results: i=1;
	imf15.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b="oxHS7/of";
	spf=none (imf15.hostedemail.com: domain of BATV+e16e2fc4419b117693a1+7183+infradead.org+hch@bombadil.srs.infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=BATV+e16e2fc4419b117693a1+7183+infradead.org+hch@bombadil.srs.infradead.org;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1682339930;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=5OALIrDldLQfwHP9p2ndyFBK2lC4EsP1Af7zzRq70HI=;
	b=8DdeyWM5tBM/CfzM8m0PHFN0vWixA3jbXl+7q+znvaS2DFZyTABSEau6hd65Pd7hNto2zM
	z+U67NXdr7NvYpFAqoBEnOyooh21NPfzt/PFyWqo9VxbwTOYL0l5W2Vvl2kTKFsSc/J5Ll
	1AlSmqHE+/xK4t9VpyA0dLunWtfGx1w=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=bombadil.20210309; h=In-Reply-To:Content-Type:MIME-Version
	:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description;
	bh=5OALIrDldLQfwHP9p2ndyFBK2lC4EsP1Af7zzRq70HI=; b=oxHS7/offNNywVCnbgn859E+Z8
	SYCfU4xYyhNEUEds393rO5wINqj82AoYAyZTELk7z80VjU8UPitXrHw03lV+WplVb4yALgivN41pN
	3aAEc5YC9KzREtP9upgcMYQc0N1KKAPLZ+z7FvfV1ViOfdWkXk1T7ngxz+2iNiYxm3PlS21Uq1hoM
	TtTu0HzL22OV0k6O9ljV5DFyhahABI4iimBMUVndpCMvOixeI4d5PXXRr7csMwBevz9x4TWq6CjF7
	5Alb3RSlH+Df1e2w7PqY2OImD79V0gvwKqS0t9scRcDw3V5AaSCNlNNQmQoVgNsajPeCH4lVvFWrB
	HpqlZJjQ==;
Received: from hch by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux))
	id 1pqvSu-00GKZp-1o;
	Mon, 24 Apr 2023 12:38:44 +0000
Date: Mon, 24 Apr 2023 05:38:44 -0700
From: Christoph Hellwig <hch@infradead.org>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Lorenzo Stoakes <lstoakes@gmail.com>,
	Christoph Hellwig <hch@infradead.org>, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	Jens Axboe <axboe@kernel.dk>, Matthew Wilcox <willy@infradead.org>,
	Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>,
	Leon Romanovsky <leon@kernel.org>,
	Christian Benvenuti <benve@cisco.com>,
	Nelson Escobar <neescoba@cisco.com>,
	Bernard Metzler <bmt@zurich.ibm.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
	Ian Rogers <irogers@google.com>,
	Adrian Hunter <adrian.hunter@intel.com>,
	Bjorn Topel <bjorn@kernel.org>,
	Magnus Karlsson <magnus.karlsson@intel.com>,
	Maciej Fijalkowski <maciej.fijalkowski@intel.com>,
	Jonathan Lemon <jonathan.lemon@gmail.com>,
	"David S . Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Christian Brauner <brauner@kernel.org>,
	Richard Cochran <richardcochran@gmail.com>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Jesper Dangaard Brouer <hawk@kernel.org>,
	John Fastabend <john.fastabend@gmail.com>,
	linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org,
	netdev@vger.kernel.org, bpf@vger.kernel.org,
	Oleg Nesterov <oleg@redhat.com>, Jan Kara <jack@suse.cz>,
	Chris Mason <clm@fb.com>, John Hubbard <jhubbard@nvidia.com>
Subject: Re: [PATCH v2] mm/gup: disallow GUP writing to file-backed mappings
 by default
Message-ID: <ZEZ4VCyfRNCZOO8/@infradead.org>
References: <c8ee7e02d3d4f50bb3e40855c53bda39eec85b7d.1682321768.git.lstoakes@gmail.com>
 <ZEZPXHN4OXIYhP+V@infradead.org>
 <90a54439-5d30-4711-8a86-eba816782a66@lucifer.local>
 <ZEZ117OMCi0dFXqY@nvidia.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZEZ117OMCi0dFXqY@nvidia.com>
X-SRS-Rewrite: SMTP reverse-path rewritten from <hch@infradead.org> by bombadil.infradead.org. See http://www.infradead.org/rpr.html
X-Rspam-User: 
X-Rspamd-Queue-Id: 50F3DA000F
X-Rspamd-Server: rspam01
X-Stat-Signature: et7zt3pm6znu7cgz3yroud6j53mhbebi
X-HE-Tag: 1682339930-316001
X-HE-Meta: U2FsdGVkX1887lr0mlzOeqNP7Occec6DZdzbDEhsvHtx7N6MiiT9JFH3CeiNRZaAVQNSFN7yluOMwpIl4/ygX+aTr8T+3lUeJLuWgkaQTXMVPqv8C46zeDqru1c9NFdD/XUfQ8N1OX4TdVIgtLa8AXl0ksvGPtnaWsWqVS5wyVbzHh14GeUfx1u5Nu8M7uGyGMPRi9LOYIFPzX/Yx72h8A9AXgUnsQmeFjUFs0HFmkZZ7etkcJhp8dp0lv/Y4tF3TSxEDT3tCJsSn5odGGqe9en2OZ5WKDzLonqfjl4/5JsjaBV5hKGPUwvrR8Yam6R50jkuCXvabcpTvyvwRWFcQW7v41ssYcuwujBnE4F4FKrcM04GGTEAqglr1rn9KAXkCKA8r5GNzBoEGhBR3/5OQlDK2WAYhITGGTUhffW9IPe9ncMXbWyATQjzQc53p0X2/AqAmhFzyOVN47yKudIPTQ1OUS8xhVujr5iYW0mO9ZMOE9yPNm3WxJ7lx3Dojqqa/rPnnGGxldQWQDFFzQgoV4Q6mm18U4BIyo9WK79GREhtt3rpovnJWs8QWWfboDMJyU28jzZ8Pp4VyUk7a7jQVjRnASP1+eI1BUE5/635iWSpzbzhI6eUNC9UKMOnlZ5hdL8r6nLlqsax+3rniaCamgLq8+dQMxcWeIqYYpzCwwOewL28maBLoVvh4RmOx1zyWmRqbk42zM9vw9UIwz3f+YG6IYQKNfwwgaRn28/faBqrt/l7xCP4h/sqSWSdzPpHsxl8SmUEcLWqhu6NttbjErxAhy/qHCZVH5eQYfdOd7IAtHgH4k8pJbR1L0MkKVGX9VkEpPcCXQhlNTxHtEMpOYq3JcCVXLPZlT0+nOFTvyyjnZwXjguEQahhc6md//JyFUHUi9SxZc76cfkRMiVwe86gZA1Rpum8Pb10ZOt46K2BTedz3gtSVJp+m6FUezsAAJIgwLVgfGewCpn419T
 FGS2x6yq
 yAS6bjiip9bbr9NPRoJlZScRHPwcPlFmUzYH7MBUeyO+B+Gh3ZLXrAznPLL3/FnHCpq2S6EeBcWfVGG60kC7VGKslxxRxWwTPkJzqx2wGgW0aX0+VqQ+wIGn5AvWApfh8AzIk0PKoP9PCLRtcHtDxouXkXOtPLD4feGmuScEx3gTyStVp4PKJvMEyE1AjYAEDWEx088N4s2u8t2nBT3piZxE+ySgQA5TATJHyeuusYdo+NNRdFquereDZNNewOTmVPbUD0Ts10vO0dr67wnN+TN1FqYcMJbJ7qEKwG08Qqcext7cl6ZXnU3Od+odtow9mitUj0tXO48WMiqfxyn6SiJAeHyP9rB7RORr3Kl+Xeb8ZHvnCyujWTrhX8igSmIkmEnnMzPAmYtXRJ0lKfEQxa5+l/cy5Kn/Fx0pNdeY/hKty6fbz98t0iGoNZuC3KsaTQhNPJ6FLR4IftAhKzpdCeTQVhA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Apr 24, 2023 at 09:28:07AM -0300, Jason Gunthorpe wrote:
> On Mon, Apr 24, 2023 at 11:17:55AM +0100, Lorenzo Stoakes wrote:
> > On Mon, Apr 24, 2023 at 02:43:56AM -0700, Christoph Hellwig wrote:
> > > I'm pretty sure DIRECT I/O reads that write into file backed mappings
> > > are out there in the wild.
> 
> I wonder if that is really the case? I know people tried this with
> RDMA and it didn't get very far before testing uncovered data
> corruption and kernel crashes.. Maybe O_DIRECT has a much smaller race
> window so people can get away with it?

It absolutely causes all kinds of issues even with O_DIRECT.  I'd be
all for trying to disallow it as it simplies a lot of things, but I fear
it's not going to stick.

> So, my suggestion was to mark the places where we want to allow this,
> eg O_DIRECT, and block everwhere else. Lorenzo, I would significantly
> par back the list you have.

I think an opt-in is a good idea no matter how many places end up
needing it.  I'd prefer a less dramatic name and a better explanation
on why it should only be set when needed.

> I also suggest we force block it at some kernel lockdown level..
> 
> Alternatively, perhaps we abuse FOLL_LONGTERM and prevent it from
> working with filebacked pages since, I think, the ease of triggering a
> bug goes up the longer the pages are pinned.

FOLL_LONGTERM on file backed pages is a nightmare.  If you think you
can get away with prohibiting it for RDMA, and KVM doesn't need it
I'd be all for not allowing that at all.