From: David Hildenbrand <david@redhat.com>
To: Peter Xu <peterx@redhat.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Andrea Arcangeli <aarcange@redhat.com>,
Nadav Amit <nadav.amit@gmail.com>,
Hugh Dickins <hughd@google.com>,
Ives van Hoorne <ives@codesandbox.io>,
Mike Kravetz <mike.kravetz@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] mm/uffd: Always wr-protect pte in pte|pmd_mkuffd_wp()
Date: Wed, 14 Dec 2022 15:27:43 +0100 [thread overview]
Message-ID: <a30b2940-f650-4a09-0d5a-be43bbff313f@redhat.com> (raw)
In-Reply-To: <Y5ndIlgWMp8RuTdI@x1n>
On 14.12.22 15:26, Peter Xu wrote:
> On Wed, Dec 14, 2022 at 11:59:35AM +0100, David Hildenbrand wrote:
>> On 08.12.22 20:46, Peter Xu wrote:
>>> This patch is a cleanup to always wr-protect pte/pmd in mkuffd_wp paths.
>>>
>>> The reasons I still think this patch is worthwhile, are:
>>>
>>> (1) It is a cleanup already; diffstat tells.
>>>
>>> (2) It just feels natural after I thought about this, if the pte is uffd
>>> protected, let's remove the write bit no matter what it was.
>>>
>>> (2) Since x86 is the only arch that supports uffd-wp, it also redefines
>>> pte|pmd_mkuffd_wp() in that it should always contain removals of
>>> write bits. It means any future arch that want to implement uffd-wp
>>> should naturally follow this rule too. It's good to make it a
>>> default, even if with vm_page_prot changes on VM_UFFD_WP.
>>>
>>> (3) It covers more than vm_page_prot. So no chance of any potential
>>> future "accident" (like pte_mkdirty() sparc64 or loongarch, even
>>> though it just got its pte_mkdirty fixed <1 month ago). It'll be
>>> fairly clear when reading the code too that we don't worry anything
>>> before a pte_mkuffd_wp() on uncertainty of the write bit.
>>
>> Don't necessarily agree with (3). If you'd have a broken pte_mkdirty() and
>> do the pte_mkdirty() after pte_mkuffd_wp() it would still be broken. Because
>> sparc64 and loongarch are simply broken.
>
> That's why I mentioned on the order of operations matters.
>
>>
>>>
>>> We may call pte_wrprotect() one more time in some paths (e.g. thp split),
>>> but that should be fully local bitop instruction so the overhead should be
>>> negligible.
>>>
>>> Although this patch should logically also fix all the known issues on
>>> uffd-wp too recently on either page migration or numa balancing, but this
>>> is not the plan for that fix. So no fixes, and stable doesn't need this.
>>
>> I don't see how this would fix do_numa_page(), where we only do a
>> pte_modify().
>
> Yes, this patch won't, because it's a pure cleanup. Otherwise we need
> another line of wr-protect in numa recover path.
>
> I can remove that sentence in v2 commit log.
Feel free to add my
Acked-by: David Hildenbrand <david@redhat.com>
Nothing jumped at me.
--
Thanks,
David / dhildenb
prev parent reply other threads:[~2022-12-14 14:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-08 19:46 Peter Xu
2022-12-14 10:59 ` David Hildenbrand
2022-12-14 14:26 ` Peter Xu
2022-12-14 14:27 ` David Hildenbrand [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a30b2940-f650-4a09-0d5a-be43bbff313f@redhat.com \
--to=david@redhat.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=ives@codesandbox.io \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mike.kravetz@oracle.com \
--cc=nadav.amit@gmail.com \
--cc=peterx@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox