Re: [RFC PATCH 0/5] KVM: guest_memfd: support for uffd missing

[Nikita Kalyazin <kalyazin@amazon.com>]

On 05/03/2025 20:29, Peter Xu wrote:
> On Wed, Mar 05, 2025 at 11:35:27AM -0800, James Houghton wrote:
>> I think it might be useful to implement an fs-generic MINOR mode. The
>> fault handler is already easy enough to do generically (though it
>> would become more difficult to determine if the "MINOR" fault is
>> actually a MISSING fault, but at least for my userspace, the
>> distinction isn't important. :)) So the question becomes: what should
>> UFFDIO_CONTINUE look like?
>>
>> And I think it would be nice if UFFDIO_CONTINUE just called
>> vm_ops->fault() to get the page we want to map and then mapped it,
>> instead of having shmem-specific and hugetlb-specific versions (though
>> maybe we need to keep the hugetlb specialization...). That would avoid
>> putting kvm/gmem/etc. symbols in mm/userfaultfd code.
>>
>> I've actually wanted to do this for a while but haven't had a good
>> reason to pursue it. I wonder if it can be done in a
>> backwards-compatible fashion...
> 
> Yes I also thought about that. :)

Hi Peter, hi James.  Thanks for pointing at the race condition!

I did some experimentation and it indeed looks possible to call 
vm_ops->fault() from userfault_continue() to make it generic and 
decouple from KVM, at least for non-hugetlb cases.  One thing is we'd 
need to prevent a recursive handle_userfault() invocation, which I 
believe can be solved by adding a new VMF flag to ignore the userfault 
path when the fault handler is called from userfault_continue().  I'm 
open to a more elegant solution though.

Regarding usage of the MINOR notification, in what case do you recommend 
sending it?  If following the logic implemented in shmem and hugetlb, ie 
if the page is _present_ in the pagecache, I can't see how it is going 
to work with the write syscall, as we'd like to know when the page is 
_missing_ in order to respond with the population via the write.  If 
going against shmem/hugetlb logic, and sending the MINOR event when the 
page is missing from the pagecache, how would it solve the race 
condition problem?

Also, where would the check for the folio_test_uptodate() mentioned by 
James fit into here?  Would it only be used for fortifying the MINOR 
(present) against the race?

> When Axel added minor fault, it's not a major concern as it's the only fs
> that will consume the feature anyway in the do_fault() path - hugetlbfs has
> its own path to take care of.. even until now.
> 
> And there's some valid points too if someone would argue to put it there
> especially on folio lock - do that in shmem.c can avoid taking folio lock
> when generating minor fault message.  It might make some difference when
> the faults are heavy and when folio lock is frequently taken elsewhere too.

Peter, could you expand on this?  Are you referring to the following 
(shmem_get_folio_gfp)?

	if (folio) {
		folio_lock(folio);

		/* Has the folio been truncated or swapped out? */
		if (unlikely(folio->mapping != inode->i_mapping)) {
			folio_unlock(folio);
			folio_put(folio);
			goto repeat;
		}
		if (sgp == SGP_WRITE)
			folio_mark_accessed(folio);
		if (folio_test_uptodate(folio))
			goto out;
		/* fallocated folio */
		if (sgp != SGP_READ)
			goto clear;
		folio_unlock(folio);
		folio_put(folio);
	}

Could you explain in what case the lock can be avoided?  AFAIC, the 
function is called by both the shmem fault handler and userfault_continue().

> It might boil down to how many more FSes would support minor fault, and
> whether we would care about such difference at last to shmem users. If gmem
> is the only one after existing ones, IIUC there's still option we implement
> it in gmem code.  After all, I expect the change should be very under
> control (<20 LOCs?)..
> 
> --
> Peter Xu
>