Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Subject: Re: [PATCH 14/15] mm: Align THP mappings for non-DAX
From:   William Kucharski <william.kucharski@oracle.com>
In-Reply-To: <20191001142018.wpordswdkadac6kt@box>
Date:   Tue, 1 Oct 2019 10:08:30 -0600
Cc:     Matthew Wilcox <willy@infradead.org>,
        linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <85868A27-CA43-4AF5-B8A0-2D037C2207FD@oracle.com>
References: <20190925005214.27240-1-willy@infradead.org>
 <20190925005214.27240-15-willy@infradead.org>
 <20191001104558.rdcqhjdz7frfuhca@box>
 <A935F599-BB18-40C3-90DD-47B7700743D6@oracle.com>
 <20191001113216.3qbrkqmb2b2xtwkd@box>
 <5dc7b5c1-6d7d-90ee-9423-6eda9ecb005c@oracle.com>
 <20191001142018.wpordswdkadac6kt@box>
To:     "Kirill A. Shutemov" <kirill@shutemov.name>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk


> On Oct 1, 2019, at 8:20 AM, Kirill A. Shutemov <kirill@shutemov.name> =
wrote:
>=20
> On Tue, Oct 01, 2019 at 06:18:28AM -0600, William Kucharski wrote:
>>=20
>>=20
>> On 10/1/19 5:32 AM, Kirill A. Shutemov wrote:
>>> On Tue, Oct 01, 2019 at 05:21:26AM -0600, William Kucharski wrote:
>>>>=20
>>>>=20
>>>>> On Oct 1, 2019, at 4:45 AM, Kirill A. Shutemov =
<kirill@shutemov.name> wrote:
>>>>>=20
>>>>> On Tue, Sep 24, 2019 at 05:52:13PM -0700, Matthew Wilcox wrote:
>>>>>>=20
>>>>>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>>>>>> index cbe7d0619439..670a1780bd2f 100644
>>>>>> --- a/mm/huge_memory.c
>>>>>> +++ b/mm/huge_memory.c
>>>>>> @@ -563,8 +563,6 @@ unsigned long thp_get_unmapped_area(struct =
file *filp, unsigned long addr,
>>>>>>=20
>>>>>> 	if (addr)
>>>>>> 		goto out;
>>>>>> -	if (!IS_DAX(filp->f_mapping->host) || =
!IS_ENABLED(CONFIG_FS_DAX_PMD))
>>>>>> -		goto out;
>>>>>>=20
>>>>>> 	addr =3D __thp_get_unmapped_area(filp, len, off, flags, =
PMD_SIZE);
>>>>>> 	if (addr)
>>>>>=20
>>>>> I think you reducing ASLR without any real indication that THP is =
relevant
>>>>> for the VMA. We need to know if any huge page allocation will be
>>>>> *attempted* for the VMA or the file.
>>>>=20
>>>> Without a properly aligned address the code will never even attempt =
allocating
>>>> a THP.
>>>>=20
>>>> I don't think rounding an address to one that would be properly =
aligned to map
>>>> to a THP if possible is all that detrimental to ASLR and without =
the ability to
>>>> pick an aligned address it's rather unlikely anyone would ever map =
anything to
>>>> a THP unless they explicitly designate an address with MAP_FIXED.
>>>>=20
>>>> If you do object to the slight reduction of the ASLR address space, =
what
>>>> alternative would you prefer to see?
>>>=20
>>> We need to know by the time if THP is allowed for this
>>> file/VMA/process/whatever. Meaning that we do not give up ASLR =
entropy for
>>> nothing.
>>>=20
>>> For instance, if THP is disabled globally, there is no reason to =
align the
>>> VMA to the THP requirements.
>>=20
>> I understand, but this code is in thp_get_unmapped_area(), which is =
only called
>> if THP is configured and the VMA can support it.
>>=20
>> I don't see it in Matthew's patchset, so I'm not sure if it was =
inadvertently
>> missed in his merge or if he has other ideas for how it would =
eventually be
>> called, but in my last patch revision the code calling it in =
do_mmap()
>> looked like this:
>>=20
>> #ifdef CONFIG_RO_EXEC_FILEMAP_HUGE_FAULT_THP
>>        /*
>>         * If THP is enabled, it's a read-only executable that is
>>         * MAP_PRIVATE mapped, the length is larger than a PMD page
>>         * and either it's not a MAP_FIXED mapping or the passed =
address is
>>         * properly aligned for a PMD page, attempt to get an =
appropriate
>>         * address at which to map a PMD-sized THP page, otherwise =
call the
>>         * normal routine.
>>         */
>>        if ((prot & PROT_READ) && (prot & PROT_EXEC) &&
>>                (!(prot & PROT_WRITE)) && (flags & MAP_PRIVATE) &&
>>                (!(flags & MAP_FIXED)) && len >=3D HPAGE_PMD_SIZE) {
>=20
> len and MAP_FIXED is already handled by thp_get_unmapped_area().
>=20
> 	if (prot & (PROT_READ|PROT_WRITE|PROT_READ) =3D=3D =
(PROT_READ|PROT_EXEC) &&
> 		(flags & MAP_PRIVATE)) {

It is, but I wanted to avoid even calling it if conditions weren't =
right.

Checking twice is non-optimal but I didn't want to alter the existing =
use of
the routine for anon THP.

>=20
>=20
>>                addr =3D thp_get_unmapped_area(file, addr, len, pgoff, =
flags);
>>=20
>>                if (addr && (!(addr & ~HPAGE_PMD_MASK))) {
>=20
> This check is broken.
>=20
> For instance, if pgoff is one, (addr & ~HPAGE_PMD_MASK) has to be =
equal to
> PAGE_SIZE to have chance to get a huge page in the mapping.
>=20

If the address isn't PMD-aligned, we will never be able to map it with a =
THP
anyway.

The current code is designed to only map a THP if the VMA allows for it =
and
it can map the entire THP starting at an aligned address.

You can't map a THP at the PMD level at an address that isn't PMD =
aligned.

Perhaps I'm missing a use case here.

>>                        /*
>>                         * If we got a suitable THP mapping address, =
shut off
>>                         * VM_MAYWRITE for the region, since it's =
never what
>>                         * we would want.
>>                         */
>>                        vm_maywrite =3D 0;
>=20
> Wouldn't it break uprobe, for instance?

I'm not sure; does uprobe allow COW to insert the probe even for =
mappings
explicitly marked read-only?

Thanks,
     Bill