Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp7688338imm; Thu, 28 Jun 2018 07:50:52 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeU+zkBBoE4AUnf27w4SgRCqylAqknDyB1B3Rp38cTXUQE5H3B3nS3BrFxY+o63MLpwX/2o X-Received: by 2002:a62:569c:: with SMTP id h28-v6mr6297318pfj.201.1530197452822; Thu, 28 Jun 2018 07:50:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530197452; cv=none; d=google.com; s=arc-20160816; b=voV6k3tuoPm1BMkwl8n0Pkz45wt1BzaFAVEi+/+2BbXAdzqfX2Tujej5yX9Hu2qIFs 2WoE7r11DoY7jTRHawNDdktU11gGS9G9SMebPjnrpovZKZJw8cK2hcD2lAiEpV2N3okM N9m+IsGKUoAJ/jxF1agkdpsT+1JmPh0AX2Fa9J28Ot5Xz3vlOdkbuFC8+I3n6RAGxJow 6VqFEZHteUDKn/SwFh2SEiNFI9nSCRRQnAp1DrwFBBt66gVelkO4dtbPmZuZVQP1zWQ6 hlwjHPiVWtD3kBudO8ABDyU9+DuxSSB5Sx9UCbtD0VcN2090AspFlfA/dMspaI6Wjj/x kcIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:autocrypt:openpgp:from:references:cc:to :subject:arc-authentication-results; bh=k0XPaPW+blGaTr7bf5EwvXWKQQHKW0j1gRsInCoMTwc=; b=vgTs1kbeHbBz/dbdzSFgAGbC3FQFwPAceoqPj2crCGwwCibRD2Mq5qYgDW6QSgn5f5 1Na+j3Gkw1lbFbBmeiWaCFXjtw/vBWnQwfpPWjGFKbPD07rXActhjHo/nNxnHHH+P2ID Nu9Z8JNzSiU8qK0R/Ho4OPL0yAtbuco48PwhEG76QWDIyz4hHJ7awEmFtqx23kSk/3Hr 3KJiDlX0A4UDObuY71thnUUcAy1ndw39jVNseU3uVabMyBLy8IXcxCQt/rvAh8PAsIyb 4p7obkjS3jx3yp+SL6ij3TfjSN0EWUndwKAuUMKrLjwL38gZLCHedP/DeMVGekvzycKV mvLA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r3-v6si6071295pgf.339.2018.06.28.07.50.38; Thu, 28 Jun 2018 07:50:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966680AbeF1Otl (ORCPT + 99 others); Thu, 28 Jun 2018 10:49:41 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:58390 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S966385AbeF1Oti (ORCPT ); Thu, 28 Jun 2018 10:49:38 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CD9EC401CE88; Thu, 28 Jun 2018 14:49:37 +0000 (UTC) Received: from [10.36.116.166] (ovpn-116-166.ams2.redhat.com [10.36.116.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3407F111C4A0; Thu, 28 Jun 2018 14:49:36 +0000 (UTC) Subject: Re: [PATCH/RFC] mm: do not drop unused pages when userfaultd is running To: Christian Borntraeger , linux-mm@kvack.org, linux-s390@vger.kernel.org Cc: kvm@vger.kernel.org, Janosch Frank , Cornelia Huck , linux-kernel@vger.kernel.org, Martin Schwidefsky , Andrea Arcangeli References: <20180628123916.96106-1-borntraeger@de.ibm.com> <1e470063-d56c-0a76-7a7f-2c0f0e87824b@de.ibm.com> From: David Hildenbrand Openpgp: preference=signencrypt Autocrypt: addr=david@redhat.com; prefer-encrypt=mutual; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwX4EEwECACgFAljj9eoCGwMFCQlmAYAGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEE3eEPcA/4Na5IIP/3T/FIQMxIfNzZshIq687qgG 8UbspuE/YSUDdv7r5szYTK6KPTlqN8NAcSfheywbuYD9A4ZeSBWD3/NAVUdrCaRP2IvFyELj xoMvfJccbq45BxzgEspg/bVahNbyuBpLBVjVWwRtFCUEXkyazksSv8pdTMAs9IucChvFmmq3 jJ2vlaz9lYt/lxN246fIVceckPMiUveimngvXZw21VOAhfQ+/sofXF8JCFv2mFcBDoa7eYob s0FLpmqFaeNRHAlzMWgSsP80qx5nWWEvRLdKWi533N2vC/EyunN3HcBwVrXH4hxRBMco3jvM m8VKLKao9wKj82qSivUnkPIwsAGNPdFoPbgghCQiBjBe6A75Z2xHFrzo7t1jg7nQfIyNC7ez MZBJ59sqA9EDMEJPlLNIeJmqslXPjmMFnE7Mby/+335WJYDulsRybN+W5rLT5aMvhC6x6POK z55fMNKrMASCzBJum2Fwjf/VnuGRYkhKCqqZ8gJ3OvmR50tInDV2jZ1DQgc3i550T5JDpToh dPBxZocIhzg+MBSRDXcJmHOx/7nQm3iQ6iLuwmXsRC6f5FbFefk9EjuTKcLMvBsEx+2DEx0E UnmJ4hVg7u1PQ+2Oy+Lh/opK/BDiqlQ8Pz2jiXv5xkECvr/3Sv59hlOCZMOaiLTTjtOIU7Tq 7ut6OL64oAq+zsFNBFXLn5EBEADn1959INH2cwYJv0tsxf5MUCghCj/CA/lc/LMthqQ773ga uB9mN+F1rE9cyyXb6jyOGn+GUjMbnq1o121Vm0+neKHUCBtHyseBfDXHA6m4B3mUTWo13nid 0e4AM71r0DS8+KYh6zvweLX/LL5kQS9GQeT+QNroXcC1NzWbitts6TZ+IrPOwT1hfB4WNC+X 2n4AzDqp3+ILiVST2DT4VBc11Gz6jijpC/KI5Al8ZDhRwG47LUiuQmt3yqrmN63V9wzaPhC+ xbwIsNZlLUvuRnmBPkTJwwrFRZvwu5GPHNndBjVpAfaSTOfppyKBTccu2AXJXWAE1Xjh6GOC 8mlFjZwLxWFqdPHR1n2aPVgoiTLk34LR/bXO+e0GpzFXT7enwyvFFFyAS0Nk1q/7EChPcbRb hJqEBpRNZemxmg55zC3GLvgLKd5A09MOM2BrMea+l0FUR+PuTenh2YmnmLRTro6eZ/qYwWkC u8FFIw4pT0OUDMyLgi+GI1aMpVogTZJ70FgV0pUAlpmrzk/bLbRkF3TwgucpyPtcpmQtTkWS gDS50QG9DR/1As3LLLcNkwJBZzBG6PWbvcOyrwMQUF1nl4SSPV0LLH63+BrrHasfJzxKXzqg rW28CTAE2x8qi7e/6M/+XXhrsMYG+uaViM7n2je3qKe7ofum3s4vq7oFCPsOgwARAQABwsFl BBgBAgAPBQJVy5+RAhsMBQkJZgGAAAoJEE3eEPcA/4NagOsP/jPoIBb/iXVbM+fmSHOjEshl KMwEl/m5iLj3iHnHPVLBUWrXPdS7iQijJA/VLxjnFknhaS60hkUNWexDMxVVP/6lbOrs4bDZ NEWDMktAeqJaFtxackPszlcpRVkAs6Msn9tu8hlvB517pyUgvuD7ZS9gGOMmYwFQDyytpepo YApVV00P0u3AaE0Cj/o71STqGJKZxcVhPaZ+LR+UCBZOyKfEyq+ZN311VpOJZ1IvTExf+S/5 lqnciDtbO3I4Wq0ArLX1gs1q1XlXLaVaA3yVqeC8E7kOchDNinD3hJS4OX0e1gdsx/e6COvy qNg5aL5n0Kl4fcVqM0LdIhsubVs4eiNCa5XMSYpXmVi3HAuFyg9dN+x8thSwI836FoMASwOl C7tHsTjnSGufB+D7F7ZBT61BffNBBIm1KdMxcxqLUVXpBQHHlGkbwI+3Ye+nE6HmZH7IwLwV W+Ajl7oYF+jeKaH4DZFtgLYGLtZ1LDwKPjX7VAsa4Yx7S5+EBAaZGxK510MjIx6SGrZWBrrV TEvdV00F2MnQoeXKzD7O4WFbL55hhyGgfWTHwZ457iN9SgYi1JLPqWkZB0JRXIEtjd4JEQcx +8Umfre0Xt4713VxMygW0PnQt5aSQdMD58jHFxTk092mU+yIHj5LeYgvwSgZN4airXk5yRXl SE+xAvmumFBY Organization: Red Hat GmbH Message-ID: Date: Thu, 28 Jun 2018 16:49:35 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <1e470063-d56c-0a76-7a7f-2c0f0e87824b@de.ibm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Thu, 28 Jun 2018 14:49:37 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Thu, 28 Jun 2018 14:49:37 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'david@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 28.06.2018 16:39, Christian Borntraeger wrote: > > > On 06/28/2018 03:18 PM, David Hildenbrand wrote: >> On 28.06.2018 14:39, Christian Borntraeger wrote: >>> KVM guests on s390 can notify the host of unused pages. This can result >>> in pte_unused callbacks to be true for KVM guest memory. >>> >>> If a page is unused (checked with pte_unused) we might drop this page >>> instead of paging it. This can have side-effects on userfaultd, when the >>> page in question was already migrated: >>> >>> The next access of that page will trigger a fault and a user fault >>> instead of faulting in a new and empty zero page. As QEMU does not >>> expect a userfault on an already migrated page this migration will fail. >>> >>> The most straightforward solution is to ignore the pte_unused hint if a >>> userfault context is active for this VMA. >>> >>> Cc: Martin Schwidefsky >>> Cc: Andrea Arcangeli >>> Cc: stable@vger.kernel.org >>> Signed-off-by: Christian Borntraeger >>> --- >>> mm/rmap.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/mm/rmap.c b/mm/rmap.c >>> index 6db729dc4c50..3f3a72aa99f2 100644 >>> --- a/mm/rmap.c >>> +++ b/mm/rmap.c >>> @@ -1481,7 +1481,7 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, >>> set_pte_at(mm, address, pvmw.pte, pteval); >>> } >>> >>> - } else if (pte_unused(pteval)) { >>> + } else if (pte_unused(pteval) && !vma->vm_userfaultfd_ctx.ctx) { >>> /* >>> * The guest indicated that the page content is of no >>> * interest anymore. Simply discard the pte, vmscan >>> >> >> To understand the implications better: >> >> This is like a MADV_DONTNEED from user space while a userfaultfd >> notifier is registered for this vma range. >> >> While we can block such calls in QEMU ("we registered it, we know it >> best"), we can't do the same in the kernel. >> >> These "intern MADV_DONTNEED" can actually trigger "deferred", so e.g. if >> the pte_unused() was set before userfaultfd has been registered, we can >> still get the same result, right?> > Not sure I understand your last sentence. Rephrased: Instead trying to stop somebody from setting pte_unused will not work, as we might get a userfaultfd registration at some point and find a previously set pte_unused afterwards. But I think you guessed correctly what I meant :) > This place here is called on the unmap, (e.g. when the host tries to page out). > The value was transferred before (and always before) during the page table invalidation. > So pte_unused was always set before. This is the place where we decide if we page > out (ans establish a swap pte) or just drop this page table entry. So if > no userfaultd is registered at that point in time we are good. This certainly applies to ordinary userfaultfd we have right now. userfaultfd WP (write-protect) or other features to come might be different, but it does not seem to do any harm in case we page out instead of dropping it. This way we are on the safe side. In other words: I think this is the right approach. -- Thanks, David / dhildenb