From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B422C77B73 for ; Mon, 24 Apr 2023 18:55:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C740A6B007B; Mon, 24 Apr 2023 14:54:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C22666B007D; Mon, 24 Apr 2023 14:54:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A75676B007E; Mon, 24 Apr 2023 14:54:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 9A8A06B007B for ; Mon, 24 Apr 2023 14:54:59 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 72460AC67A for ; Mon, 24 Apr 2023 18:54:59 +0000 (UTC) X-FDA: 80717186718.13.E65F3CA Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2060.outbound.protection.outlook.com [40.107.100.60]) by imf06.hostedemail.com (Postfix) with ESMTP id 27D6418000C for ; Mon, 24 Apr 2023 18:54:54 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=ETkHU9iW; dmarc=pass (policy=reject) header.from=nvidia.com; spf=pass (imf06.hostedemail.com: domain of jgg@nvidia.com designates 40.107.100.60 as permitted sender) smtp.mailfrom=jgg@nvidia.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1682362496; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1pQa4whavOwoZPSDdx4Xp+6qjNXFXSS2p7+NybRM4NI=; b=R6Rj5QvULnRh+ihORUsqKg09EMgF7EW0bJW0Wy+BlK/HlgwimRvP3oGYJvA9WZyWpo3WvK Rn27AiLacK0z52Nu3uGJYecuQVT4hwFh4rPr0kP06FdJwFqucy3GWOHIXmkiKv0SS5mTJp HUxIAUwYssiYrHZBjfrTuSMygWY7FS4= ARC-Authentication-Results: i=2; imf06.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=ETkHU9iW; dmarc=pass (policy=reject) header.from=nvidia.com; spf=pass (imf06.hostedemail.com: domain of jgg@nvidia.com designates 40.107.100.60 as permitted sender) smtp.mailfrom=jgg@nvidia.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1682362496; a=rsa-sha256; cv=pass; b=4WMZmX9fOV+J7yjvv1NGvDc4QJRKxPFpe/m/01Wgfjhpz5uHPnUsE6yflu41/q6/KBRrpy fsgQ4Q5ZIKaS1hFkX2A95dALkEAVNIp2r2lG8sMQc/T8AbhCy5brso7VJhmcTHXK22ZF+F MfRBLfbQO4iLB3h7SqCux/0NSsXMyLU= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jEe5aFltVsp2COL1K0EkADI5g9ugkr3YTXgoc07Jxeke6VtyijF47QLDVCwZ9Et4q8dUwDEtRNQIqUyHB3d9ezr/CF+2MGNnFKm5afhMes/DAUc90R7c5tuffL8XuYC9XC8omGi/QSe3uvMVwn6kcupjTom7gz2vCb3ZXM7kaXlhl6GOgVRXBo/98vr8L+kfgkOA0G8kL0eo+hHkG2fNQh43jPett1GLq3o5R/JwWUdg5Pw8QkfRdeTRmbTjLLpHU/X3sdP6p+tbf7B5eazwKdU7tGVkp1HvP/LnqIzB1a6IabeCCtOn0NK+TcG+FXmgksS18wAB9sjv01HaSsDjgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1pQa4whavOwoZPSDdx4Xp+6qjNXFXSS2p7+NybRM4NI=; b=dliudlGwFoop2zTGnqFhuJZtXIhnLJTx7huzhID0rhtxoLhk4704wNVXQUwD7V+ZeqFHzHN/TFlgjE/HLcrtZ0VKPdbKx5NLogCcZrJOZb4je17sEr7AJfiMZGGaUWj7tY1DYPGtFugfX8lM2qhBKjQkYpjcaUKHoSN6jWfHbR8zTMlvcSsb+kSQkUd3wtRVltM5CMXZ9ZyPNCdd//fvjwrgU6rbBXjd00W6ntFjwShszCyGjOdtihkQ6Ox0bUsvEWmjuCwCJNsTwwDynjZiVHEeQTETVhJVfuIRO0PLvm6T4M3Rk3X7RXi8J+fw0OHa3uEN2yQE3hrdOyP4qqoCwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1pQa4whavOwoZPSDdx4Xp+6qjNXFXSS2p7+NybRM4NI=; b=ETkHU9iWp3DNqSFPoJziaAF6jJd0YIoLhtJHCrPQoUfgLDEkFwrKc6/UB6BotLCzRt19928Y77jI2BNGg3FQM5mN7EaCGPD2RtW0F8cuhroBuMXwzP935ldb5ZfmcB72DCUJv34GPKRQJwc0FEvBmGxFEAbdvLWJ8MF8SQkP6vKenz3koD9pj7/2TmGwYCvXf8pV6AJwavIgPdbLgXagZi9mJKENzIXbm75ePk8IteEsvg7OZY6SPKezDT3qsb0jEXyISLMbZpWn8/PVorXrddzq8zT/px9IvZYY+Jsxjjzp5mssbE1QzsLE+N8w8ZxjUap+9IJCXVSnnIIhw83VZg== Received: from LV2PR12MB5869.namprd12.prod.outlook.com (2603:10b6:408:176::16) by SA1PR12MB7319.namprd12.prod.outlook.com (2603:10b6:806:2b5::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.32; Mon, 24 Apr 2023 18:54:52 +0000 Received: from LV2PR12MB5869.namprd12.prod.outlook.com ([fe80::f7a7:a561:87e9:5fab]) by LV2PR12MB5869.namprd12.prod.outlook.com ([fe80::f7a7:a561:87e9:5fab%5]) with mapi id 15.20.6319.033; Mon, 24 Apr 2023 18:54:52 +0000 Date: Mon, 24 Apr 2023 15:54:48 -0300 From: Jason Gunthorpe To: Lorenzo Stoakes Cc: Christoph Hellwig , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov Subject: Re: [PATCH v2] mm/gup: disallow GUP writing to file-backed mappings by default Message-ID: References: <90a54439-5d30-4711-8a86-eba816782a66@lucifer.local> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: BYAPR03CA0035.namprd03.prod.outlook.com (2603:10b6:a02:a8::48) To LV2PR12MB5869.namprd12.prod.outlook.com (2603:10b6:408:176::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: LV2PR12MB5869:EE_|SA1PR12MB7319:EE_ X-MS-Office365-Filtering-Correlation-Id: 0a35ea9e-a4c2-45ef-d7c8-08db44f562b8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tye3Rymzx19k52M7QztE/t1c5gy5TizJHATpSF7nd4vv+ziMEV8/Lxm+K8nbWtSU8j1JPPoVcbE/8NlWZk07T3qWPWXKhPr1Ca5KY8WV3IMYK1tBCtMDSkO0HL0BrPtc0JzfF+ihDjHpfFKSLy04TTGzJq7jMd5lovyTPQk6yBmlujumYy5T8TbuvcXjNesJyjjK7xueFgKqTj0dmfdw3RX44y5I49E/q1DCFW/ZBecYhCopXR1t37E9LvqFO0iA+pFQqrA9Hu/D3iULxS3R3KcPY02dJliRBspGoLj4fDsqWf89jDOVeLkyWN7JnCjBLY9ex/T4+JNWxCytQpSWy3t4T404AFF9evISarWSG9AgppXhoJsprNu/Z9y98PBjhGhFLZEyX58vpyZRN2hPWm5f5LSHy9Zoqtr9jNrrmqgqgBj5DRVsFVQJRdVfR01BSJZh2MPUxFIHMGITRJV7tVrzWs4nzyJ/tUwBKsq9xLRfVZWmCl6/sKcyJ/SUFOhnNfy4LsqJ9sHWSsLRVor+kNQd7WZJTV8bt5qSXPQ4bjhzYmBtW3awXm1AsrptLK4q X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV2PR12MB5869.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(376002)(39860400002)(136003)(346002)(366004)(396003)(451199021)(5660300002)(7416002)(54906003)(7406005)(478600001)(8676002)(8936002)(86362001)(38100700002)(2906002)(316002)(6666004)(66946007)(6486002)(6916009)(41300700001)(4326008)(66556008)(66476007)(6506007)(6512007)(26005)(186003)(2616005)(83380400001)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?+1apgD1K7jIYt83DaeH2MqgglOy2Q/TnaTwXek35RSGUKWKuIVaKKGPSqSkb?= =?us-ascii?Q?sSgYOll1R+xCOMkmbSMEbXgLFHKO5+BMD1Oh/+UkFAoZYXUFy1RdkEM6onof?= =?us-ascii?Q?kPePq2sm7wElYKrwfrMLokj8Bjh5IY33wNex9SjoxsH1WsUFhojMh8B1ry5X?= =?us-ascii?Q?KBPRuOTTomFbztjGgzQ0iG5nA+6vFuPEMZWCm5e/mrWwio88cFqdx8JF8aDr?= =?us-ascii?Q?b9aSGWXUoMthfyzHSHV67aQpMsI184vF+MGma56ssfLfkwF+YxudDBi8Cka4?= =?us-ascii?Q?y7l0drysOnX2JJg0KYc+DfNyn4/MBnD4Bwmt8biDTQiqHkDFP3AmpbhzU2L5?= =?us-ascii?Q?kDaHlsYU1oItUClKAU5eZZUCvxFksctCdEtu32E9YhLCBiWAva0Qm3QLYUtI?= =?us-ascii?Q?h5UcSVUT0IrO7eWkvtBe095rBox6F5mQ7ihQzFrWpI5GC3bU3m8IRIOoCmcm?= =?us-ascii?Q?kMPsGYlmBXVBUSEfGFgLJX2drvTXVCaXqplIdw5kWZ4s3vzM4ODgbOoh1XD5?= =?us-ascii?Q?U1fxNLsjqW7yiWWHWGdH2safVUBbqq4xYvT8c9qaoG+hX2MUJPgW+hnlxY0n?= =?us-ascii?Q?FxVu9hxrhHldduStoxLwUc7FuDtUUFANxgJQq90HJ8P9EDKwx2ldiIkbjmLO?= =?us-ascii?Q?bqcl/xduoPlQcjHrJOxxb0xKYAqDFevxHMq14VtYdgN+0nsB8Wq6UQ9asirp?= =?us-ascii?Q?G6AKFQvYBGknGyYLI2dFr5EClFDNiqF5tdaFnJrcoFwOuTo0zag1162qNZ01?= =?us-ascii?Q?ACWuKwDAPzZQhddeiJgz6giag00L8ooCMA2e/jez9dn+fUy9x29ewRtsB7qw?= =?us-ascii?Q?YyzAFfgLPpfbdMFoV/QWsg89FisD1PJB/X5BHWlFfK3honLhOxvl4gWq8wCE?= =?us-ascii?Q?t/q4JgAawPxr4JeVCU0Ghx/jMhl+zqs5YdwjCrqHYx3qEMV76F+D9iOOhjjW?= =?us-ascii?Q?WvipkxAIeEreF7gNXko4aAmWnI4q0a5g4pSOzq5KZX92XNk23FbgcMlBQZGt?= =?us-ascii?Q?VFmRqWQqyPqIBsbuXxAHbvK2uPDAtN6W4lbQMpw1P0jXoAdoRrg3LrhdBMda?= =?us-ascii?Q?4+VZOdblNWD9kPgiF8wksn38B0zQfp775wsxL2SoOfIuYRYgNPLGLOw/liPy?= =?us-ascii?Q?lUaeBIBnC+phjgWxcjy25JP+gC+AiwWIIUzagVoud9qig3nkB/yaVdd6idMg?= =?us-ascii?Q?GtPXiOE1nHiAOwXGat9cUFRHNM6w2sF1wnAF4W6901SYYPk5Cr8Z+Zy7zS+V?= =?us-ascii?Q?JM0oRS66XW9Xna8JB+bKuzGIJAjcvZSujoQLTdWJiGwh4kQ8gcx1kRNJMzJA?= =?us-ascii?Q?0if7o0ZaUXVmDxnyRWaDYwdLYwJ8+D5X0AqPrC1aOYBAHm7gUDR4Xet6MNTf?= =?us-ascii?Q?dROaEc5Nc81KKldPWt04t2C/+fDMzMjtoXHvCpZg3rI0g9dhlich6jsbzwTd?= =?us-ascii?Q?Gof5wB5hdwbT0STfUDXisQuJyjGH164aoNvkGXwYDVjLaC/W+eEEbsujjpfy?= =?us-ascii?Q?0t1bfFd5Bj2iXaWPZBOzEwaOlaFFO12yVB89DwZdGOfhWUFfGhta4X+wr51M?= =?us-ascii?Q?Jbzd5OXvi7alYzBFUbTNvt/5E+Ha3TuM0Rb1YwfX?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0a35ea9e-a4c2-45ef-d7c8-08db44f562b8 X-MS-Exchange-CrossTenant-AuthSource: LV2PR12MB5869.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2023 18:54:51.8841 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dLmUrYCJVqEh+V5g5yCzgAdGd6rbJMDTUkGITinp6FFj9D4YdrUDJWDaeO1nANDo X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7319 X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 27D6418000C X-Stat-Signature: sqndbxmy48qrgjswmm1pq8x3ju8njkb5 X-HE-Tag: 1682362494-217442 X-HE-Meta: U2FsdGVkX1/Hj9SlpjfTAEt9lLYtN9y3Q/nMEVLmAGdmR/3FBRlahWwEZQXeSHMx5CL4sF9C3SQcYbVMZyvF9GWJVveHiqHP6xTn0q4CtpJVWplOVK12bwdNlHhpIDrUcwDNnXj31JFZWqBjdveMdgwtdbztmopRUK9bX0p/8o0Lm5zzy8owvng7GScs3FMd1hjhjsOAeegY8kslVD4FgRxE/7YroLc6uacs07OcIjr+bESNpFKkeFevMPLF2gBkVkXhJ2b4ocr96crt7WqjTItoGPMSXu+AM+qcsqIWEVCZIIRsrnfGdrZxQz9BkA//FqWQDMQo0U14mT0isguM5I1q7+VFjHgV+mprLbFQwXoSMNSmj+9Enu5AfkWRd/IUYp8Xb/1nbuY1N1EoZsyYwINjOz0jeCJlWpEVKWTOv0AkIfgI4CWykCeTEsJWQxBV9R471iuq+x/yMlgNBM6Z3Byc2yAspwgd9H6ma/yKD+aY6V7wkTyABUB47FrElLYW+tybgudc4BpApVZCBqNPtZhGjabheu5xczMxOCBIqdiIDhznqQI0yBu/VunwfbynGQ34QLy2znp1omTCz6nTXAmVxtZ6+GUNzNkMlfFFcHdXmTb1eOW0D2A/yPGxyRVZI7wSv0ZBj8iIku2JGjyCdV+y+QSh//ot7j+VoLs8gmhrTfBcnUKL714/dF6bk/JHS11mVxGxzCfs/ygykZfknDlUKHHO+5tBMTFIiBz0X9Y1RUo2EWGRfOVI6EuY4pFTy9749d7rLPWMO95vyGNydzrrJlOyIFFAVK7HsaC7OhPLOGhqhcmZ0bIoh52cTBzz3nnU9Yz8gFPuTlArjJnZaxSI+T2r0fJiCwH2ByUsiHio4LZlIJt+G1oR6YWwQcZ2bTQau2rJZVWTpHtfoc8+SU2hnonTUqGVgkFGn+JgAxTLaIvTB3JZ4Bz9/yAmINHPDDweJ5kif7rq6wZebII XHlfNZZd V5qldVVMLNt4L4O4EuJ6DybGLndwGu9r1NBjXl01qAkhWtUvtkot5xs9HNzgFLQQ84V9NLv1XgcEk2nBsayh7kwH5jcbL/QvpiWRl4tZ/dKhNC+EsUk1Sgmt3KaZ89i8/CkrL3+AsxnwR1jsN9o+VYZR4dUlLHqTB2RtEPJGfJJm09RAHz1W0m94z4ikqhk+ARzj0RNVQ8yjeXwIHJVqWZYseAeifKvbTgVS5LSZ4u9SeRVorTM4xmuC33yNNVNNvjgNwByIteFJekEs8r+NVAC0D9J04DaT61YZ5 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Apr 24, 2023 at 07:22:03PM +0100, Lorenzo Stoakes wrote: > OK I guess you mean the folio lock :) Well there is > unpin_user_pages_dirty_lock() and unpin_user_page_range_dirty_lock() and > also set_page_dirty_lock() (used by __access_remote_vm()) which should > avoid this. It has been a while, but IIRC, these are all basically racy, the comment in front of set_page_dirty_lock() even says it is racy.. The race is that a FS cleans a page and thinks it cannot become dirty, and then it becomes dirty - and all variations of that.. Looking around a bit, I suppose what I'd expect to see is a sequence sort of like what do_page_mkwrite() does: /* Synchronize with the FS and get the page locked */ ret = vmf->vma->vm_ops->page_mkwrite(vmf); if (unlikely(ret & (VM_FAULT_ERROR | VM_FAULT_NOPAGE))) return ret; if (unlikely(!(ret & VM_FAULT_LOCKED))) { lock_page(page); if (!page->mapping) { unlock_page(page); return 0; /* retry */ } ret |= VM_FAULT_LOCKED; } else VM_BUG_ON_PAGE(!PageLocked(page), page); /* Write to the page with the CPU */ va = kmap_local_atomic(page); memcpy(va, ....); kunmap_local_atomic(page); /* Tell the FS and unlock it. */ set_page_dirty(page); unlock_page(page); I don't know if this is is exactly right, but it seems closerish So maybe some kind of GUP interfaces that returns single locked pages is the right direction? IDK Or maybe we just need to make a memcpy primitive that works while holding the PTLs? > We definitely need to keep ptrace and /proc/$pid/mem functioning correctly, > and I given the privilege levels required I don't think there's a security > issue there? Even root is not allowed to trigger data corruption or oops inside the kernel. Jason