Re: [PATCH v2 13/15] mm: support GUP-triggered unsharing of anonymous pages

From: David Hildenbrand
Date: Mon Mar 21 2022 - 12:15:27 EST

Next message: Steven Rostedt: "Re: linux-next: build warnings after merge of the tip tree"
Previous message: Mickaël Salaün: "[GIT PULL] Add trusted_for(2) (was O_MAYEXEC)"
In reply to: Jason Gunthorpe: "Re: [PATCH v2 13/15] mm: support GUP-triggered unsharing of anonymous pages"
Next in thread: Jason Gunthorpe: "Re: [PATCH v2 13/15] mm: support GUP-triggered unsharing of anonymous pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 19.03.22 00:30, Jason Gunthorpe wrote:
> On Tue, Mar 15, 2022 at 11:47:39AM +0100, David Hildenbrand wrote:
>> Whenever GUP currently ends up taking a R/O pin on an anonymous page that
>> might be shared -- mapped R/O and !PageAnonExclusive() -- any write fault
>> on the page table entry will end up replacing the mapped anonymous page
>> due to COW, resulting in the GUP pin no longer being consistent with the
>> page actually mapped into the page table.
>>
>> The possible ways to deal with this situation are:
>> (1) Ignore and pin -- what we do right now.
>> (2) Fail to pin -- which would be rather surprising to callers and
>> could break user space.
>> (3) Trigger unsharing and pin the now exclusive page -- reliable R/O
>> pins.
>>
>> We want to implement 3) because it provides the clearest semantics and
>> allows for checking in unpin_user_pages() and friends for possible BUGs:
>> when trying to unpin a page that's no longer exclusive, clearly
>> something went very wrong and might result in memory corruptions that
>> might be hard to debug. So we better have a nice way to spot such
>> issues.
>>
>> To implement 3), we need a way for GUP to trigger unsharing:
>> FAULT_FLAG_UNSHARE. FAULT_FLAG_UNSHARE is only applicable to R/O mapped
>> anonymous pages and resembles COW logic during a write fault. However, in
>> contrast to a write fault, GUP-triggered unsharing will, for example, still
>> maintain the write protection.
>
> Given the way this series has developed you might want to call this
> FAULT_FLAG_MAKE_ANON_EXCLUSIVE
>
> Which strikes me as more directly connected to what it is trying to
> do.

I thought about something similar along those lines, and I think it
would apply even when extending that mechanism to anything !anon inside
a MAP_PRIVATE mapping.

The whole

const bool unshare = vmf->flags & FAULT_FLAG_UNSHARE;

would get a little more verbose, though

const bool make_anon_exclusive = vmf->flags &
FAULT_FLAG_MAKE_ANON_EXCLUSIVE;

No strong opinion, any other opinions or alternatives?

--
Thanks,

David / dhildenb

Next message: Steven Rostedt: "Re: linux-next: build warnings after merge of the tip tree"
Previous message: Mickaël Salaün: "[GIT PULL] Add trusted_for(2) (was O_MAYEXEC)"
In reply to: Jason Gunthorpe: "Re: [PATCH v2 13/15] mm: support GUP-triggered unsharing of anonymous pages"
Next in thread: Jason Gunthorpe: "Re: [PATCH v2 13/15] mm: support GUP-triggered unsharing of anonymous pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]