From: Peter Xu <peterx@redhat.com>
To: David Hildenbrand <david@redhat.com>
Cc: Jann Horn <jannh@google.com>,
Suren Baghdasaryan <surenb@google.com>,
akpm@linux-foundation.org, viro@zeniv.linux.org.uk,
brauner@kernel.org, shuah@kernel.org, aarcange@redhat.com,
lokeshgidra@google.com, hughd@google.com, mhocko@suse.com,
axelrasmussen@google.com, rppt@kernel.org, willy@infradead.org,
Liam.Howlett@oracle.com, zhangpeng362@huawei.com,
bgeffon@google.com, kaleshsingh@google.com, ngeoffray@google.com,
jdduke@google.com, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org, kernel-team@android.com
Subject: Re: [PATCH v2 2/3] userfaultfd: UFFDIO_REMAP uABI
Date: Thu, 28 Sep 2023 14:34:19 -0400 [thread overview]
Message-ID: <ZRXHK3hbdjfQvCCp@x1n> (raw)
In-Reply-To: <85e5390c-660c-ef9e-b415-00ee71bc5cbf@redhat.com>
On Thu, Sep 28, 2023 at 07:51:18PM +0200, David Hildenbrand wrote:
> On 28.09.23 19:21, Peter Xu wrote:
> > On Thu, Sep 28, 2023 at 07:05:40PM +0200, David Hildenbrand wrote:
> > > As described as reply to v1, without fork() and KSM, the PAE bit should
> > > stick around. If that's not the case, we should investigate why.
> > >
> > > If we ever support the post-fork case (which the comment above remap_pages()
> > > excludes) we'll need good motivation why we'd want to make this
> > > overly-complicated feature even more complicated.
> >
> > The problem is DONTFORK is only a suggestion, but not yet restricted. If
> > someone reaches on top of some !PAE page on src it'll never gonna proceed
> > and keep failing, iiuc.
>
> Yes. It won't work if you fork() and not use DONTFORK on the src VMA. We
> should document that as a limitation.
>
> For example, you could return an error to the user that can just call
> UFFDIO_COPY. (or to the UFFDIO_COPY from inside uffd code, but that's
> probably ugly as well).
We could indeed provide some special errno perhaps upon the PAE check, then
document it explicitly in the man page and suggest resolutions (like
DONTFORK) when user hit it.
>
> >
> > do_wp_page() doesn't have that issue of accuracy only because one round of
> > CoW will just allocate a new page with PAE set guaranteed, which is pretty
> > much self-heal and unnoticed.
>
> Yes. But it might have to copy, at which point the whole optimization of
> remap is gone :)
Right, but that's fine IMHO because it should still be very corner case,
definitely not expected to be the majority to start impact the performance
results.
>
> >
> > So it'll be great if we can have similar self-heal way for PAE. If not, I
> > think it's still fine we just always fail on !PAE src pages, but then maybe
> > we should let the user know what's wrong, e.g., the user can just forgot to
> > apply DONTFORK then forked. And then the user hits error and don't know
> > what happened. Probably at least we should document it well in man pages.
> >
> Yes, exactly.
>
> > Another option can be we keep using folio_mapcount() for pte, and another
> > helper (perhaps: _nr_pages_mapped==COMPOUND_MAPPED && _entire_mapcount==1)
> > for thp. But I know that's not ideal either.
>
> As long as we only set the pte writable if PAE is set, we're good from a CVE
> perspective. The other part is just simplicity of avoiding all these
> mapcount+swapcount games where possible.
>
> (one day folio_mapcount() might be faster -- I'm still working on that patch
> in the bigger picture of handling PTE-mapped THP better)
Sure.
For now as long as we're crystal clear on the possibility of inaccuracy of
PAE, it never hits besides fork() && !DONTFORK, and properly document it,
then sounds good here.
Thanks,
--
Peter Xu
next prev parent reply other threads:[~2023-09-28 18:34 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-23 1:31 [PATCH v2 0/3] userfaultfd remap option Suren Baghdasaryan
2023-09-23 1:31 ` [PATCH v2 1/3] userfaultfd: UFFDIO_REMAP: rmap preparation Suren Baghdasaryan
2023-09-28 16:23 ` Peter Xu
2023-09-28 20:03 ` Suren Baghdasaryan
2023-10-02 14:42 ` David Hildenbrand
2023-10-02 15:23 ` Peter Xu
2023-10-02 17:30 ` David Hildenbrand
2023-10-03 17:56 ` Suren Baghdasaryan
2023-09-23 1:31 ` [PATCH v2 2/3] userfaultfd: UFFDIO_REMAP uABI Suren Baghdasaryan
2023-09-27 10:06 ` potential new userfaultfd vs khugepaged conflict [was: Re: [PATCH v2 2/3] userfaultfd: UFFDIO_REMAP uABI] Jann Horn
2023-09-27 17:12 ` Suren Baghdasaryan
2023-09-28 15:29 ` Jann Horn
2023-09-27 12:47 ` [PATCH v2 2/3] userfaultfd: UFFDIO_REMAP uABI Jann Horn
2023-09-27 13:29 ` David Hildenbrand
2023-09-27 18:25 ` Suren Baghdasaryan
2023-09-28 16:28 ` Peter Xu
2023-09-28 17:15 ` David Hildenbrand
2023-09-28 18:32 ` Suren Baghdasaryan
2023-09-28 20:11 ` Suren Baghdasaryan
2023-09-28 19:00 ` Peter Xu
2023-10-02 7:49 ` David Hildenbrand
2023-09-28 16:24 ` Peter Xu
2023-09-28 17:05 ` David Hildenbrand
2023-09-28 17:21 ` Peter Xu
2023-09-28 17:51 ` David Hildenbrand
2023-09-28 18:34 ` Peter Xu [this message]
2023-09-28 19:47 ` Suren Baghdasaryan
2023-10-02 8:00 ` David Hildenbrand
2023-10-02 15:21 ` Peter Xu
2023-10-02 15:46 ` Lokesh Gidra
2023-10-02 15:55 ` Lokesh Gidra
2023-10-02 17:43 ` David Hildenbrand
2023-10-02 19:33 ` Lokesh Gidra
2023-10-03 20:04 ` Suren Baghdasaryan
2023-10-03 20:21 ` Peter Xu
2023-10-03 21:08 ` David Hildenbrand
2023-10-03 21:20 ` Peter Xu
2023-10-03 22:26 ` Suren Baghdasaryan
2023-10-03 23:39 ` Lokesh Gidra
2023-10-06 12:30 ` David Hildenbrand
2023-10-06 15:02 ` Suren Baghdasaryan
2023-10-03 21:04 ` David Hildenbrand
2023-10-02 17:33 ` David Hildenbrand
2023-10-02 17:36 ` David Hildenbrand
2023-09-27 18:07 ` Suren Baghdasaryan
2023-09-27 20:04 ` Jann Horn
2023-09-27 20:42 ` Suren Baghdasaryan
2023-09-27 21:08 ` Suren Baghdasaryan
2023-09-27 22:48 ` Jann Horn
2023-09-28 15:36 ` Suren Baghdasaryan
2023-09-28 17:09 ` Peter Xu
2023-09-28 18:23 ` Suren Baghdasaryan
2023-09-28 18:43 ` Peter Xu
2023-09-28 19:50 ` Suren Baghdasaryan
2023-09-23 1:31 ` [PATCH v2 3/3] selftests/mm: add UFFDIO_REMAP ioctl test Suren Baghdasaryan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZRXHK3hbdjfQvCCp@x1n \
--to=peterx@redhat.com \
--cc=Liam.Howlett@oracle.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=axelrasmussen@google.com \
--cc=bgeffon@google.com \
--cc=brauner@kernel.org \
--cc=david@redhat.com \
--cc=hughd@google.com \
--cc=jannh@google.com \
--cc=jdduke@google.com \
--cc=kaleshsingh@google.com \
--cc=kernel-team@android.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lokeshgidra@google.com \
--cc=mhocko@suse.com \
--cc=ngeoffray@google.com \
--cc=rppt@kernel.org \
--cc=shuah@kernel.org \
--cc=surenb@google.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=zhangpeng362@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox