From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9B4CC7618E for ; Mon, 24 Apr 2023 17:36:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 676A66B0075; Mon, 24 Apr 2023 13:36:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 64CD96B0078; Mon, 24 Apr 2023 13:36:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4ED8A6B007B; Mon, 24 Apr 2023 13:36:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 3EACF6B0075 for ; Mon, 24 Apr 2023 13:36:59 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 1038D40209 for ; Mon, 24 Apr 2023 17:36:59 +0000 (UTC) X-FDA: 80716990158.09.F506C61 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2083.outbound.protection.outlook.com [40.107.220.83]) by imf28.hostedemail.com (Postfix) with ESMTP id 5AC5BC0003 for ; Mon, 24 Apr 2023 17:36:54 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=TBTtqZwK; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf28.hostedemail.com: domain of jgg@nvidia.com designates 40.107.220.83 as permitted sender) smtp.mailfrom=jgg@nvidia.com; dmarc=pass (policy=reject) header.from=nvidia.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1682357816; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TuIzqzxwk4rNBUXcOjx1dWMmwO4377C1NigcUXvF3/s=; b=Oc8F6VnJOAqczDqdn+5Jt8KprJmlK97ge28hdyAZ6noZ7OPO2rmELoOytaUVsBVQwwulAD czLW4Jsq7jol8JimylMaopKywYMZ/muDtOutWADPo0cwsTTarY4hLbI94ldjlLYHw7WUlb ABSKoPAm/pYe59tiIy8naHY31SLpSV4= ARC-Authentication-Results: i=2; imf28.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=TBTtqZwK; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf28.hostedemail.com: domain of jgg@nvidia.com designates 40.107.220.83 as permitted sender) smtp.mailfrom=jgg@nvidia.com; dmarc=pass (policy=reject) header.from=nvidia.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1682357816; a=rsa-sha256; cv=pass; b=L9sLREwmAmJL8VxrEOT0rnOIOlSFiBvUo1NXrzrrS99gnWxfmCLLFvI3zE6xsxwuYXDot3 QZSbe3l2NFWDdXhtJbBGq1ScUiUOqJd1XShkrFdc0wPLsETr2kBsCQ+jfRWi7JGYbv6Pem 4pm91fXhxra3k3RRbEToNNKP7AwdAGE= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nldD+G+ppU2R/zsYDBCHsWO1igr/13TBUKwID0TDdrtp9mDOCPAZQtw194aBfdQ1TNZBsvKdOnAjAwp1jLNCFcegUhOCImFLWrVwN4nxwgriv48ykSaTNGA+eSQNYkVh1UbtsDjlurmkQY/d85QXp1oKSEO8p22ZP3L14UqeBLDwhHPFqH8NAFnsHkOc0kwcHmipFfoOePiyLeO/PfpuSXEJL8ci9Vr5sgit5TLF9ch0uuUegheixnigKYU2GslcAzrs/wBhdZtaUfRr+3TwOaC2LKtB9Q4974HPEHs+Oab74MxiNhmyj9xkROx5OsoO8FXivTC8sG5TJMcYcoAC/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TuIzqzxwk4rNBUXcOjx1dWMmwO4377C1NigcUXvF3/s=; b=n/+RbkKFtY5/wjXcs0nQ14XvC5R8xZFzgHwC/lDHwxCUa4GcHxu77O0UfM8BYNK0R2SOeI3lwMHxvcBWwQBWfkyvoTte70B8RJWwRu4DH4GkgLZH96OfGWFFDAgGlhg2vnR9MPwLvwuI8j4gXTdsnQ0gtjd53BPgAsTmftfehbxh8w+5F9CqLRVORjrpjBWt9Hx5uB3NgEOg5vss6GhyMsoh26xAZ2Vjjk5910XBpmdC7puy7VdNbVtKa0RXM4ldZpx7VxJHSc+vGjQwYIrsVT4N+nS9BIU/LMl4bLwqXPqkWAgNp3wQ4LhCHoTc+u1LRjhX/biaBvCzkme0GIrlHA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TuIzqzxwk4rNBUXcOjx1dWMmwO4377C1NigcUXvF3/s=; b=TBTtqZwKUf/msEaFnBOknRsUrT1zwjrekuog2tc9gkfCIz4vGXEuXSH2rRSZ21xBugWIL2dOiN57Bd+BobpQBv9qrhT2+VRPf5S+r0ccGTD7fhpeobDshNoqW9O5sJWCwOdYHVEcfA/PQb9g4aNaQZlj3tY4XX2rpdha3cDvkgkzh3yXQ/On+Kbs2pImOjhBeqXX7kEd78/EpklAHAWz2p5I01bdtloFsjBHpvDm0wu7scOOVJNPo2hf9Opte4NudFnTztasJVY3AjvmSNXyjka+jbQElapwTeT8gI0aUoMtig4sUCrVkgvPXscNbHC/lwdXtKpt4ibtS4ynCK3cYA== Received: from LV2PR12MB5869.namprd12.prod.outlook.com (2603:10b6:408:176::16) by BL3PR12MB6523.namprd12.prod.outlook.com (2603:10b6:208:3bf::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Mon, 24 Apr 2023 17:36:51 +0000 Received: from LV2PR12MB5869.namprd12.prod.outlook.com ([fe80::f7a7:a561:87e9:5fab]) by LV2PR12MB5869.namprd12.prod.outlook.com ([fe80::f7a7:a561:87e9:5fab%5]) with mapi id 15.20.6319.033; Mon, 24 Apr 2023 17:36:51 +0000 Date: Mon, 24 Apr 2023 14:36:47 -0300 From: Jason Gunthorpe To: Lorenzo Stoakes Cc: Christoph Hellwig , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov Subject: Re: [PATCH v2] mm/gup: disallow GUP writing to file-backed mappings by default Message-ID: References: <90a54439-5d30-4711-8a86-eba816782a66@lucifer.local> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: YT4PR01CA0181.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:110::8) To LV2PR12MB5869.namprd12.prod.outlook.com (2603:10b6:408:176::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: LV2PR12MB5869:EE_|BL3PR12MB6523:EE_ X-MS-Office365-Filtering-Correlation-Id: 9a25ebf8-1819-489e-160c-08db44ea7cb1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uL8m6NlQxw3mOffdBaxu0SMIWa0o3MUSNIN1bclfhkyXinS89IPjZR80GD+TcEUyZ2bKtxcX124UCz95ffgUMbIGJr4udvzPQEj8mwn0FtXtHr2SRdWaUYZZsOgaY7ZBoD8nX4EPFATd1DKvdqcLutLxBzuKhkae+N+NxOUlpD3B0GPLvrxXSGeaa3usPk4R3iPdw9f5Ad2lshxPEHuBgdRk182x/pNgogYogcNapZvoFn3g+PBxIjCmtwp4n3euhtGI5YFF/Ikktyx84BnL9DF5HFtiu2QBmYUcXZuloL2Kvz2S4xxZLQRpB6jiOM2SsiKPl4Q6F/QFC0SSrq8bnHs3hlPzEnqlpqSEsoT5GCt59F51t5jx3zfrYDzmvQkhAsCGxrARmlmfgwf6VFSaa6wy0FhUJrAmJybtC46hX0NfFHHiK9xjKz+o1r/ELsIDw4qxzWwTVa6C8+g0HutqbjB1r4hWtdcUic57UR74wQomD9uScBYwC84eVWytKT//vQUhPPUh4o+gjCQuZ8JXGhQ2362n3feQGOAVBIRyWP1wj3wUvky/dlB51qBwT0Uh1Q2ph+ay/CZF28Zyt+lVnQBWQDwMn43ZQFmA3CTG9QI= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV2PR12MB5869.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(136003)(396003)(39860400002)(366004)(346002)(376002)(451199021)(6512007)(26005)(6506007)(8676002)(8936002)(4326008)(6916009)(66476007)(66556008)(66946007)(54906003)(316002)(36756003)(41300700001)(478600001)(7406005)(7416002)(6486002)(6666004)(5660300002)(38100700002)(86362001)(2906002)(2616005)(186003)(83380400001)(67856001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?mzjXt7yZY8DsN5Mb+yWWLnXgFhIdPkQva9YgzpbHmhADnOHTEwAdb6JmxYv8?= =?us-ascii?Q?RjH1fuNJDTjDis8I9V5DLV6VQL+7iO3ZgTdYUmGsFEVYZTMdRHRfi+MogJ2I?= =?us-ascii?Q?Thn6n/SacdL2bWi0GVA6AnxqCFRup9OY9oKXpfZecNXHlmndaz4rnkak75Hp?= =?us-ascii?Q?91cj3enaNtiLxo8TjS1HJqJvS6brUUCrEc7R+xJ6dAZaKnULe6UVob8owTJe?= =?us-ascii?Q?ziYkaIhS5CmgLlJGuRASGdtnFjBjd+SOooLF85/SSgI1ztksKVssUFBvDwq6?= =?us-ascii?Q?vGQxe8VGJOJcum+kuPFMYokU8sciyfpiPNyjWfhA/wsX0UBFQlUvANsyMBFE?= =?us-ascii?Q?o1aJp0SIRiAZkpw/qKcKvf8TEEXXO/BOvmCAWtZ+zU3mn6RPeuhe7P4Lwxul?= =?us-ascii?Q?WoRNjuui7L6XWRitsCBRjv0Uhp0Bz3QCefSRm4ghL/RuO8nil3aC0U/n0wzV?= =?us-ascii?Q?dnzgrY5h848GGM8mdcHuj8IbSZckHBiMWowWpXS2Aq7LGmvF854H/PFSpmHg?= =?us-ascii?Q?rSSjhPENhBUOeRWmkEWdAIkjxeDB2nAF516te3H+0u0fXZ3VlCyvkxqCgM+K?= =?us-ascii?Q?sH9cvZg+fPva/s9Cs5yRFbeZmSRsArvfEV2euTkdzJjm0Jlh6E6DeE6xvlOr?= =?us-ascii?Q?WNol8xsHYPAGsXxhR1IZmmrHku17xEYzKraLeq2RA9wJMelFoanYfHMw5+pm?= =?us-ascii?Q?G58zcJAtd0eO0gi+z05oeJntxEcX2KOnTD8whRXX44NZl7zJ9WfN+uyC7THh?= =?us-ascii?Q?BupZ/kkMP9Hn8GluH11cytuoovsmgZC0MtXTkki5uhxiRarC5Julj6CyqcRH?= =?us-ascii?Q?M7WFPuVAO/PflCpRnWb3ENn6URaIrYUs+cV2nU3p5yS55VNtlYh6tHO6BR7Q?= =?us-ascii?Q?emm7R6eb/PW2BiSxzEsuegS/LpU1zfkgdvzw3E2oxQ/NvVlA4c8BtZXis6fM?= =?us-ascii?Q?2wcOBGkY8pWGMDa28rlgbXZpEuznZzyr3ctokfiWKJsmUqumjD9eR4ao7LXc?= =?us-ascii?Q?6GP4vfjcHX0G1bgbYJCaa08L+R0C5VBSaLn6+R7zdF0OhDbBDmoEZa0tiF5n?= =?us-ascii?Q?e8ys6scr06sPTGU7lcRPOfONNmdNnv8sWSJT4TZUJpNNyhglsDOEuh2Kyua4?= =?us-ascii?Q?8gJwxkCTMpIE9xnz/xUXAu+4ovVYua527oU5R6FqNzfPxw3X+QrWmPP1rl96?= =?us-ascii?Q?MbLgyraDBsqDtRN94XMsXqhpSCHJ41TktjI68c5oteScLYV2x0B8ZA6nFk/l?= =?us-ascii?Q?0DS80tjlfA7f6Vq/ER7WbzOe982TUS7nHxJnd7jgMV06txfEiSfvI/+N0A57?= =?us-ascii?Q?RS/nqH8EGnQkL3RyypP0vvnzqhFvnRwZjy1GqYPdkXLcgr47Kh15VcDWKM0h?= =?us-ascii?Q?vrsBj5isjRM8RyQTd+X4YJBVY2ro8Zh9yd/qbI1P9hwapEw341lZRbH9BQWO?= =?us-ascii?Q?g2Kl6weZWRd71OKUgL4JWod/bGbVXlZR0Y7EK059G9DnQUvApW7cvHhOxi1y?= =?us-ascii?Q?JlEwZi6Ru42TlQrk/++fKf9ZqIcseOWEJHmOa6TvfXoAO0DPHh+QxK09dKQ/?= =?us-ascii?Q?GhxzIzphNYELIJLhjX4HbKsPQ6wARv7xAp9fHUxa?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a25ebf8-1819-489e-160c-08db44ea7cb1 X-MS-Exchange-CrossTenant-AuthSource: LV2PR12MB5869.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2023 17:36:51.0143 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KpVEdGdBAb2mTr21PmeJt5/jtpeoSR0a7by5TaZQterhLw7uuk9lDjwLutIP62hy X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR12MB6523 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 5AC5BC0003 X-Rspam-User: X-Stat-Signature: 3nek9n9dk9dn6erg6ok688bhbchs79go X-HE-Tag: 1682357814-51518 X-HE-Meta: U2FsdGVkX1/T0zoNSosS/27Oi1Ri6GqNPSiOiqugLAQn+aRQKqobquqoq8R+WhbAVS0skCmFBa+dgofYVKkPL6bpuc5UCMpYu+1lWK/HLq3knsZ93YhnoXVU1ojQErEs+NTlH+o8mhkpfyYqLKlm3p0XkV8rkpL02lUCfymbrPTH36+qXnJPIPNV6Hg2E1wOd0X9UT+FHlkZYdVGcAjp1yEzV5LgIeNRKit/EQ/EdG2Asaf7VO8cvepl83k4Q4BHyy0Bg6VWUVUiynvZ1/0LRppRK/nEM5QCln/q2k3dN2EQdB525cYPov8KFzFdwASEkfwUu/NDD1k9T6rfXNK040jdyeFFCFsifkLaFK+o6tO5YkxrOjA0bzzg/wf6M9ig5IKyhhq72zYW0n1pRJDeYZQq6ssjS3DeJdduj/J3gx6AXw/PZAdkF1G6Ve6x/aAk4+zdvX9Fcuilm8yW/sjC9y+r3l61UK4A7CKCFuia+q6u5d5gpMccXzI7hFDUT85gb43b606Vzu4WrowyiLypTEe6pVSWRgvzFrCDBa1yvru49Ss/42DKretdYCqwFvxRA17XYWbn7GxEh1TxsbXzf9Ma4VI3/6QJDps9n5+vheUvqgShSBm3SoJzy1vFO0KG8A6FmugUCmXlguyNN4tEdh6GpFHSjuYrUBeZPW7HjpsPK35mv68ximnmX1WsdIrDMzOuCHfwdJajHJS6UNZIPimKtZaVh0V23GcymlMwc/2w8iojtTeZU6Yp9Rahxoxa80H2GI5ka0at31Is0IMJAV53w8/8tkPcXHhb2MdEYiDxZLDOYfRT/s8C0Gvq1CInVW3qw2rpxtjBo1SG8SdtQrxZW0FW+qhPoZtuKIbRDLmjvQf76qmDnXGeM8LeR3mfQp7T/rVrGyf8Z7qX0wykbZq6JG3QUXsvqnE/M2a6smWz1VosSYCQixZF21fAtLEdYqdlIu617oYUd+/rhLw 8fBAcSF8 HzYqY4+Xv2o8FmlXN+v9lu2k3LxeApNnUhdOHXum36Bi71MXJYJGvPGOBGsnW3N5tsw4jVWvoGbOs7DFbAaNlnGhY8pnDXUWvYQgbcmvDYxHPubjWGndsZ6k7q90BJDr6OwHKBKYZF0xPXSLjYexBpwNVp7HqTzn574yD1zR9bt/It/wV2zMVV8gMiic8wl2W9ScTKBnRBOZ5wxk7NuVmG22lnJQl1746jKQLPSVmSBB+kiHyG9qHYD/hR9el8MLyRVa8nPQMzQWCgCOfrmWZQ/NdqjcYU1g7uWah X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Apr 24, 2023 at 03:29:57PM +0100, Lorenzo Stoakes wrote: > On Mon, Apr 24, 2023 at 10:39:25AM -0300, Jason Gunthorpe wrote: > > On Mon, Apr 24, 2023 at 01:38:49PM +0100, Lorenzo Stoakes wrote: > > > > > I was being fairly conservative in that list, though we certainly need to > > > set the flag for /proc/$pid/mem and ptrace to avoid breaking this > > > functionality (I observed breakpoints breaking without it which obviously > > > is a no go :). I'm not sure if there's a more general way we could check > > > for this though? > > > > More broadly we should make sure these usages of GUP safe somehow so > > that it can reliably write to those types of pages without breaking > > the current FS contract.. > > > > I forget exactly, but IIRC, don't you have to hold some kind of page > > spinlock while writing to the page memory? > > > > I think perhaps you're thinking of the mm->mmap_lock? Which will be held > for the FOLL_GET cases and simply prevent the VMA from disappearing below > us but not do much else. No not mmap_lock, I want to say there is a per-page lock that interacts with the write protect, or at worst this needs to use the page table spinlocks. > I wonder whether we should do this check purely for FOLL_PIN to be honest? > As this indicates medium to long-term access without mmap_lock held. This > would exclude the /proc/$pid/mem and ptrace paths which use gup_remote(). Everything is buggy. FOLL_PIN is part of a someday solution to solve it. > That and a very specific use of uprobes are the only places that use > FOLL_GET in this instance and each of them are careful in any case to > handle setting the dirty page flag. That is actually the bug :) Broadly the bug is to make a page dirty without holding the right locks to actually dirty it. Jason