Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp15549008rwb; Mon, 28 Nov 2022 13:01:53 -0800 (PST) X-Google-Smtp-Source: AA0mqf4lgCl1BJP/YwBAYiJLRAieBL2Ds9nAUqoJ0pa4jZFd1zgPmImVYW3Y+hhhZjB5u0iCnE+q X-Received: by 2002:a05:6402:1d90:b0:46a:8e73:2b93 with SMTP id dk16-20020a0564021d9000b0046a8e732b93mr20219577edb.404.1669669313112; Mon, 28 Nov 2022 13:01:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669669313; cv=none; d=google.com; s=arc-20160816; b=m5Y9lkrHHPnbZHUcvSyo44aUBrXK41MpSkeTmokZ6TGzmPQg0VJjkZreOrZ+Pl6ivn nvWoy3qh8wG3kW5o6U9tZ+TxtcAFFR3nCOdFWWhGvs2D3dCpB4E8ZfjBLPz8sr7yovL+ uldEONvsdHNx7RnKZHuuS0kxBzJM+3WgX9C2/Llm4xtoirX6ZHf6dsvZ5uKxZ3Myk0Lq Kh485/dYBHooyv7+tajjQvdPCgQ/JB/pKIy6z0zmR63q8QaddppNj2xt3veo6EWtX6ZP pP8vdIqe6oUbTaw66lBcR1BWMHqvIgE2229U+0d3lnmGD5ncNS6CKTYjwe+R0mQPTQx2 uffA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=CnEA0T2qkTiQEs01sfihIXT1UyG0xIqrCPo5fAQoIbw=; b=K21D/PK2Jm9c5+zLYrEV1ZHAY8RjzCp9n0m/T+Pde8ebkPdRp7Y2++bPPdMY/2002x OF5W42PeXHJbguxPodHh+S3Dno4K+9+U+NyhJIpi+Rg8O1sgvVgo762XTfAHfvHb0NNy 4WSdIrR5vRNgfAgSMO4YOE76tRyhs9ekgRCNu/DYo8rAcTLVAad3dZEgPb3velZ3wHZi wrdv6hbT2emLcOpM3IxcCnc2VF2ricKcfRv+HfCfqliVi7sTGqpSNc/JI+vjeN8lVB+y 3BqqMhenBtRv2s/zhH7wXILQqv4YKPu/sZgW/vpfosQ4Y2VIG75OeXcx50LIpD8RD5IJ vKCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=me3KUbF5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gb12-20020a170907960c00b007ae814af66bsi12272435ejc.389.2022.11.28.13.01.30; Mon, 28 Nov 2022 13:01:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=me3KUbF5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233866AbiK1T5h (ORCPT + 84 others); Mon, 28 Nov 2022 14:57:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232847AbiK1T5e (ORCPT ); Mon, 28 Nov 2022 14:57:34 -0500 Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C801B26 for ; Mon, 28 Nov 2022 11:57:31 -0800 (PST) Received: by mail-io1-xd2d.google.com with SMTP id z3so8461335iof.3 for ; Mon, 28 Nov 2022 11:57:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CnEA0T2qkTiQEs01sfihIXT1UyG0xIqrCPo5fAQoIbw=; b=me3KUbF51HGTLR1arblyz8L3dc/A91yVC3vRVU1WCj6Y6Aa3Sfn1yNZFZ1kwzV4092 F+d1RVIPlwGEZ44KFLIu422hyZ0Edh8zep1H30licwwOPonTZ7omiunGYUrGOD5ShnxX NjUbjal94soLHwqFSLlFNnRv+7R/A7EFUF132I8WB5ooMmuJZdPRb6ty9iu9KcSwkIAJ TLrTabdccrWvpxbFmqhoCWjZCQ8SCRC7EWoO8PINWMrIqHASgeIPEOZn9zxRpbUzASzt vQg2d0VccsIV5L6wkwoqMxi0/A8XHk8MnjUjYVdvooaHR+6Q5mxEiWWBc1N8sCbWY6I3 i69g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CnEA0T2qkTiQEs01sfihIXT1UyG0xIqrCPo5fAQoIbw=; b=MqP5h9fLysQ3z5trny0A2Roqyx+XOtx2K/wRy0wgduYz0YkS3STvxjnogBhhhkc5J0 yTWPmgxOZV4PhAFlfxO7XUANvAKKwtqaMRJn0VHpQiFgYsoGH0jWhGONrgjTwrhkr8tw GT8ckC3ii39qqWA3eAZlvu6GVt7ElNlGzwS1DuIyu74+ZNNjJMyIQ/DPnLjrLq0OTU6j QKiu39YZm5se72pgBs01VQsLJS3aoUYMhLW76SNtFg3iA4z0WPxkOImqx8Xo76145FX4 AlvY41mZLbXl4F3RbpDRV3IW7/8RhXoAvYa95EPThmexUUvaiskxq2+pCMcoq8CBUOah LYzQ== X-Gm-Message-State: ANoB5pmyQdEDFRKMTIh8835pYfhItE3PzISZSZs/D2rK/S5Fj/4DGi/B AksKOjO+5NxOKE8gzxEC6sv7tdlatux0JmWSMxdqJA== X-Received: by 2002:a02:2123:0:b0:376:91d:b104 with SMTP id e35-20020a022123000000b00376091db104mr17049939jaa.58.1669665450587; Mon, 28 Nov 2022 11:57:30 -0800 (PST) MIME-Version: 1.0 References: <20221128180252.1684965-1-jannh@google.com> <20221128180252.1684965-2-jannh@google.com> In-Reply-To: From: Jann Horn Date: Mon, 28 Nov 2022 20:56:54 +0100 Message-ID: Subject: Re: [PATCH v4 2/3] mm/khugepaged: Fix GUP-fast interaction by sending IPI To: Yang Shi Cc: security@kernel.org, Andrew Morton , David Hildenbrand , Peter Xu , John Hubbard , linux-kernel@vger.kernel.org, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 28, 2022 at 8:54 PM Yang Shi wrote: > > On Mon, Nov 28, 2022 at 10:03 AM Jann Horn wrote: > > > > Since commit 70cbc3cc78a99 ("mm: gup: fix the fast GUP race against THP > > collapse"), the lockless_pages_from_mm() fastpath rechecks the pmd_t to > > ensure that the page table was not removed by khugepaged in between. > > > > However, lockless_pages_from_mm() still requires that the page table is not > > concurrently freed or reused to store non-PTE data. Otherwise, problems > > can occur because: > > > > - deposited page tables can be freed when a THP page somewhere in the > > mm is removed > > - some architectures store non-PTE information inside deposited page > > tables (see radix__pgtable_trans_huge_deposit()) > > > > Additionally, lockless_pages_from_mm() is also somewhat brittle with > > regards to page tables being repeatedly moved back and forth, but > > that shouldn't be an issue in practice. > > > > Fix it by sending IPIs (if the architecture uses > > semi-RCU-style page table freeing) before freeing/reusing page tables. > > > > As noted in mm/gup.c, on configs that define CONFIG_HAVE_FAST_GUP, > > there are two possible cases: > > > > 1. CONFIG_MMU_GATHER_RCU_TABLE_FREE is set, causing > > tlb_remove_table_sync_one() to send an IPI to synchronize with > > lockless_pages_from_mm(). > > 2. CONFIG_MMU_GATHER_RCU_TABLE_FREE is unset, indicating that all > > TLB flushes are already guaranteed to send IPIs. > > tlb_remove_table_sync_one() will do nothing, but we've already > > run pmdp_collapse_flush(), which did a TLB flush, which must have > > involved IPIs. > > I'm trying to catch up with the discussion after the holiday break. I > understand you switched from always allocating a new page table page > (we decided before) to sending IPIs to serialize against fast-GUP, > this is fine to me. > > So the code now looks like: > pmdp_collapse_flush() > sending IPI > > But the missing part is how we reached "TLB flushes are already > guaranteed to send IPIs" when CONFIG_MMU_GATHER_RCU_TABLE_FREE is > unset? ARM64 doesn't do it IIRC. Or did I miss something? From arch/arm64/Kconfig: select MMU_GATHER_RCU_TABLE_FREE CONFIG_MMU_GATHER_RCU_TABLE_FREE is not a config option that the user can freely toggle; it is an option selected by the architecture.