Re: [PATCH] mm: introduce kvvirt_to_page() helper

From: Matthew Wilcox
Date: Mon Aug 20 2018 - 13:07:55 EST

On Mon, Aug 20, 2018 at 06:24:06PM +0200, Michal Hocko wrote:
> On Mon 20-08-18 07:49:23, Matthew Wilcox wrote:
> > On Mon, Aug 20, 2018 at 04:41:16PM +0200, Michal Hocko wrote:
> > > On Sat 18-08-18 20:49:01, Li RongQing wrote:
> > > > The new helper returns address mapping page, which has several users
> > > > in individual subsystem, like mem_to_page in xfs_buf.c and pgv_to_page
> > > > in af_packet.c, unify them
> > >
> > > kvvirt_to_page is a weird name. I guess you wanted it to fit into
> > > kv*alloc, kvfree naming, right? If yes then I guess kvmem_to_page
> > > would be slightly better.
> > >
> > > Other than that the patch makes sense to me. It would be great to add
> > > some documentation and be explicit that the call is only safe on
> > > directly mapped kernel address and vmalloc areas.
> >
> > ... and not safe if the length crosses a page boundary. I don't want to
> > see new code emerge that does kvmalloc(PAGE_SIZE * 2, ...); kvmem_to_page()
> > and have it randomly crash when kvmalloc happens to fall back to vmalloc()
> > under heavy memory pressure.
> >
> > Also, people are going to start using this for stack addresses. Perhaps
> > we should have a debug option to guard against them doing that.
> I do agree that such an interface is quite dangerous. That's why I was
> stressing out the proper documentation. I would be much happier if we
> could do without it altogether. Maybe the existing users can be rewoked
> to not rely on the addr2page functionality. If that is not the case then
> we should probably offer a helper. With some WARN_ONs to catch misuse
> would be really nice. I am not really sure how many abuses can we catch
> actually though.

I certainly understand the enthusiasm for sharing this code rather than
having dozens of places outside the VM implement their own version of it.
But I think most of these users are using code that's working at the wrong
level. Most of them seem to have an address range which may-or-may-not-be
virtually mapped and they want to get an array-of-pages for that.

Perhaps we should offer -that- API instead. vmalloc/vmap already has
an array-of-pages, and the various users could be given a pointer to
that array. If the memory isn't vmapped, maybe the caller could pass
an array pointer like XFS does, or we could require them to pass GFP flags
to allocate a new array.