[RFC] [patch 0/39] remap_file_pages protection support, try 2

[Blaisorblade]

Ok, I've been working for the past two weeks learning well the Linux VM, 
understanding the Ingo's remap_file_pages protection support and its various 
weakness (due to lack of time on his part), and splitting and finishing it.

Here follow a series of 39 _little_ patches against the git-commit-id 
889371f61fd5bb914d0331268f12432590cf7e85, which means between 2.6.13-rc4 and 
-rc5.

Actually, the first 7 ones are unrelated trivial cleanups which somehow get in 
the way on this work and that can probably be merged even now (many are just 
comment fixes).

Since I was a VM newbie until two weeks ago, I've separated my changes into 
many little patches.

To avoid the noise, I'm CC:ing many people only on this message, while I'm 
sending the full patch series only to akpm, mingo and LKML. Or actually, I'm 
trying - my provider seem not to like me sending so many patches. I attached 
an exported tarball to this mail, since it's very little.

I hope these changes can be included inside -mm, but I guess that they'll 
probably conflict with pagefault scalability patches, and that some of them 
are not completely polished. Still, the patch is IMHO in better shape, in 
many ways, than when it was in -mm last time.

I'll appreciate any comments.

==============
Changes from 2.6.5-mm1/dropped version of the patches:
==============
*) Actually implemented _real_ and _anal_ protection support, safe against 
swapout; programs get SIGSEGV *always* when they should. I've used the 
attached test program (an improved version of Ingo's one) to check that.
I tested just until patch 25, onto UML. The subsequent ones are either patches 
for foreign archs or proposed

*) Fixed many changes present in the patches.
*) Fixed UML bits
*) Added several headaches for arches ports. I've also included some patches 
which reduce this 

*) No more usage of a new syscall slot: to use the new interface, application 
will use the new MAP_NOINHERIT flag I've added. I've still the patches to use 
the old -mm ABI, if there's any reason they're needed.

*) Fixed a regression wrt using mprotect() against remapped area (see patch 
15)

======
Still to do:
======
*) fix mprotect VS remap_file_pages(MAP_NOINHERIT) interaction - see long 
discussion in patch 15 changelog
*) ->populate flushes each TLB individually, instead of using mmu_gathers as 
it should; this was suggested even by Ingo when sending the patch, but it 
seems he didn't get the time to finish this. Seems rewriting the kernel 
locking is a quite time-consuming task!

======
Patch summaries
======
Each patch has an attached changelog, but I'm giving here a summary (sorry for 
using the patch numbers, but I found no other way).

The first 7 are just generic cleanups (mostly for comments) which bugged me 
along the way, however some of them are needed for the subsequent patches to 
apply.

08-11 ones are arch bits for some arches (the ones I have access too).

12 is the core change for generic code, 13-17 are various changes to the 
syscall code, as 20, 21 and 23, 35 and 36, to review individually. Most of 
those changes (except #23, which is a fix for try_to_unmap_one I missed 
initially) are just speedups, and it should be possible to individually drop 
them.

18, 19, 22, 32, 33, 34 move partially the handling of protection checks from 
the arches' page faults handler to the generic code, by introducing 
VM_FAULT_SIGSEGV. In fact, the VMA protection are not reliable for 
VM_NONUNIFORM areas. This aspect was just begun in Ingo's code, and was the 
weakest area of his patch. I must now pass the *full* kind of fault to the 
generic code, and test it against the PTE or possibly the VMA protections. 
However, in these patches it's done in a kludgy way, because we check the VMA 
protections against VM_READ/WRITE/EXEC with no consideration of the 
architecture-specific dependencies between them (like READ_IMPLIES_EXEC and 
so on), so arches have to workaround this. This is fixed in patch 33, which 
is untested however.

24 and 25 are some fixes for UML code, needed to make it work even with this 
change.

26-31 are other arch's compile fix for the introduction of pte_to_pgoff.

The last three ones (37-39) are not to apply - they are some possible changes 
I'm either really uncertain about, or which I'm sure are wrong in that form 
but express possibly correct ideas. 36 should be a fixed version of the #37 
one, but I wrote it in the past few minutes.
-- 
Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!".
Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894)
http://www.user-mode-linux.org/~blaisorblade

Attachment: fremap-prot-complete-broken-out.tar.bz2
Description: application/tbz

Attachment: fremap-test-complete.c.bz2
Description: BZip2 compressed data