Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp7516858rwi; Mon, 24 Oct 2022 16:06:23 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7Xg/LV9drgb0LZNEaaAI+nI3Z73PJnBWDK/2y+5939psHpYBPArU+tXOYXYRThoX7xFadT X-Received: by 2002:a50:ee87:0:b0:461:a09b:aae5 with SMTP id f7-20020a50ee87000000b00461a09baae5mr9934714edr.24.1666652783711; Mon, 24 Oct 2022 16:06:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666652783; cv=none; d=google.com; s=arc-20160816; b=GuF2BsGPw2+Vqiatq6vDJ17kTqoLo93jEhU5g1YANQk36eb9IUl5TwyXWfjqUDHOpq 07I+osngBWL8dT+EfmkYm8QP65uGNkoy7s1AbFSHORMHum/cxVysq4PqDtrZzVyvP3UA PxzaWJH7uA9ac6fdr6UyT8M6nc++AmgJm/rEzLxV/uirKNrCBvQHisTqoEzgWQm84mmP /lFY8syagCfbTu7sGeoTqUR+O2fsEznBS3LU7zCgz/VdGCs2EmV93kn+Oo98AeEeMRSM z0xzmiL1zWGG88szTHeXe21501bjHdsuIOVy6yRp4eiat21ChJl2EQyK6toqGZfoI4X/ Iizw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=91T5Fm7XnNKkoCT04MlZt8PlvkehhJwmM3iCe4VSqZ0=; b=QVd7IyW57vl+EGRLRFcoUao1FROC24NYTjI4MT3/FjvocrOv3YslNexiuC5CiEOt4Q PYtrmcINU8+5UMpSEYzgbchGMV35n7Lu6k8Kv8tNwZ1k1XOei1tz417r9eULJl90bzkF 3fzTopQVv2aggitA9HgceY97MZhfwrtj4+8k3d8LFNSO6jUFV3jrf3uksNryTkhwuBWM YDXiOegNbiHIhTiZV9AyjKnjCXMmOq7Y9JS8S+9wSphyOlXRCVPN864+M+882FnkHxmr vQ4DghT7iE9IzamWuJmfK8pD+fA5NcVZ5QL2kQCJCL4QSDuiVuypKgeaPupNMfDe/n/N TFBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Z9EeVyBX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w26-20020a17090649da00b007a8c58b51a1si923088ejv.179.2022.10.24.16.05.57; Mon, 24 Oct 2022 16:06:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Z9EeVyBX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231987AbiJXWHr (ORCPT + 99 others); Mon, 24 Oct 2022 18:07:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231743AbiJXWH0 (ORCPT ); Mon, 24 Oct 2022 18:07:26 -0400 Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DBEE857FF for ; Mon, 24 Oct 2022 13:20:43 -0700 (PDT) Received: by mail-qv1-xf36.google.com with SMTP id c8so6518924qvn.10 for ; Mon, 24 Oct 2022 13:20:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=91T5Fm7XnNKkoCT04MlZt8PlvkehhJwmM3iCe4VSqZ0=; b=Z9EeVyBXNd9oUt/ydVxYIH3o38pxdMklbwkGV3LphkIsAwNPQJzioPy3DaRn0rGhQS 5EC/Dkdzr01glyKtRiGRMcMFUbDMBjL8eclmj0LTgBEgatwemSsYk+8YMsBS+gH4sggw d21ZWPaAQBrNoqlvhKiAZug3pAo8fhsTAqsHU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=91T5Fm7XnNKkoCT04MlZt8PlvkehhJwmM3iCe4VSqZ0=; b=0n2fGJB2JZevt7YNeHG0SqBDxP13cKNdZAkEoy7hm4uVAjNy7GLaOQRuEyL0U5+C5i Y9q9I308pmYnb8BTd8rrt316HeOuLMo4WDQVVMM9rnZ0jmzONFWTj/aQLK9Z0BV0Tu5j hH0lwO3TEPnJZ/1hbcArA14Xw7ZwX6E3kWgKjOdfeJv5DAxM8amlHpz3mcYdEWKLAbdg UEPgt19CZ70mgdtRv9rYkQ4YaYiUWOdCwoZewP1cdtfOhaHbouJpOENutrfXBOBnBXfj MUuDv+mNmMoZCVHXow9QpSi4eTA0puUGQEl7jCCzXdb47NBWGxUTx/ApFAtFWDDyL/HO 4MtA== X-Gm-Message-State: ACrzQf1NePnC757TbkfayOxY9vltkdDZ7xB44cOkRA5IDvC0eLa1fACB xrpi4MSiFaNlLuEaxH2dvKlFYHTZBS5hVA== X-Received: by 2002:a0c:a79a:0:b0:4b1:ca99:177 with SMTP id v26-20020a0ca79a000000b004b1ca990177mr28986832qva.34.1666642781059; Mon, 24 Oct 2022 13:19:41 -0700 (PDT) Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com. [209.85.128.172]) by smtp.gmail.com with ESMTPSA id x11-20020a05620a258b00b006ceb933a9fesm611217qko.81.2022.10.24.13.19.39 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Oct 2022 13:19:39 -0700 (PDT) Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-36847dfc5ccso96268657b3.0 for ; Mon, 24 Oct 2022 13:19:39 -0700 (PDT) X-Received: by 2002:a81:114e:0:b0:36a:fc80:fa62 with SMTP id 75-20020a81114e000000b0036afc80fa62mr12975148ywr.58.1666642779066; Mon, 24 Oct 2022 13:19:39 -0700 (PDT) MIME-Version: 1.0 References: <20221022111403.531902164@infradead.org> <20221022114424.515572025@infradead.org> <2c800ed1-d17a-def4-39e1-09281ee78d05@nvidia.com> In-Reply-To: From: Linus Torvalds Date: Mon, 24 Oct 2022 13:19:22 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 01/13] mm: Update ptep_get_lockless()s comment To: Jann Horn Cc: Peter Zijlstra , John Hubbard , x86@kernel.org, willy@infradead.org, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, aarcange@redhat.com, kirill.shutemov@linux.intel.com, jroedel@suse.de, ubizjak@gmail.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 24, 2022 at 12:58 PM Jann Horn wrote: > > Unless I'm completely misunderstanding what's going on here, the whole > "remove_table" thing only happens when you "remove a table", meaning > you free an entire *pagetable*. Just zapping PTEs doesn't trigger that > logic. I do have to admit that I'd be happier if this code - and the GUP code that also relies on "interrupts off" behavior - would just use a sequence counter instead. Relying on blocking IPI's is clever, but also clearly very subtle and somewhat dangerous. I think our GUP code is a *lot* more important than some "legacy x86-32 has problems in case you have an incredibly unlikely race that re-populates the page table with a different page that just happens to be exactly the same MOD-4GB", so honestly, I don't think the load-tearing is even worth worrying about - if you have hardware that is good enough at virtualizing things, it's almost certainly already 64-bit, and running 32-bit virtual machines with PAE you really only have yourself to blame. So I can't find it in myself to care about the 32-bit tearing thing, but this discussion makes me worried about Fast GUP. Note that even with proper atomic pte_t pte = ptep_get_lockless(ptep); in gup_pte_range(), and even if the page tables are RCU-free'd, that just means that the 'ptep' access itself is safe. But then you have the whole "the lookup of the page pointer is not atomic" wrt that. And right now that GUP code does rely on the "block IPI" to make it basically valid. I don't think it matters if GUP races with munmap or madvise() or something like that - if you get the old page, that's still a valid page, and the user only has himself to blame. But if we have memory pressure that causes vmscan to push out a page, and it gets replaced with a new page, and GUP gets the old page with no serialization, that sounds like a possible source of data inconsistency. I don't know if this can happen, but the whole "interrupts disabled doesn't actually block IPI's and synchronize with TLB flushes" really sounds like it would affect GUP too. And be much more serious there than on some x86-32 platform that nobody should be using anyway. Linus