Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp6760973rwr; Tue, 25 Apr 2023 03:26:52 -0700 (PDT) X-Google-Smtp-Source: AKy350a7aIEv39kOY7f0jxGDzKqV3nKPsrDVDyZJykF+a0xnopNjN3kqiMY1LQkE3yDodIMa/Iti X-Received: by 2002:a05:6a21:170b:b0:ef:e589:28a3 with SMTP id nv11-20020a056a21170b00b000efe58928a3mr19060737pzb.16.1682418411827; Tue, 25 Apr 2023 03:26:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682418411; cv=none; d=google.com; s=arc-20160816; b=z19xk/Ka1RnVrns5QvxYkyKz8/DQXEPlB5vUFnp/lXjD152GXZHczMwh8SqGJ6WZjO zZZglwuZlRNj/yVYKvJIL/G5PdnGFjDytg3oi6UqB4Bt6BBgN69qvtf9wxsJsnaMhGYv jRuhECNM45jOQBPCRwpd5Am/Fsmv+x5xUWxbiyi67dVgFH7ofh1aFYCMBtnORcqjFFyE SLv+hrYYzCewiWLUP90+v6wMEV7JBYv19/3+YG1pC1nVR9cF0j87Zj4zhbpeze69SW/0 m0aawq76QtpuqRyGTB/PopldYkpFwgjiaiFXrUnmTmbFX2/egdjaw0JDQKdk/Lo1+LIh Uiog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=6ykmRoJ2ViKku45z63OOrhQO86nvESrAdiWG+K7bYwg=; b=GFU50FJS2BbruSl2+C4x62sf6gjTB/x/+7LNCfmWwu8wfvVzQx5nep8WrwuOQRHCGM HXRmSvN6Uod1ml7e/t6YJn1SQmqHNVA5OHOohawl1mJMMkVtDESt5BvC/j4pRYrL+R+i SCK0lpB2L2AaJtUTY0GZNg6ktGAvEfvyMUNv8/cXMlsRnqP43qMmcjlRRIOSwYLwhvHH nQzMpeJ8dnZX8+p/vOI56EN89ohZClbGiLMl8958VOe9/+REr/VWKptnLRgAOt43JDNM pcjFi2PI3GpwG7q1MqHTdT3/GNccIQc3zKei8hlvm9rz7c9sHYCUX06QhoC6qZ5neyJr NZ5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov.name header.s=fm1 header.b=cTDVrrJw; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b="WJYj4cV/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u11-20020a6540cb000000b0051fb6ca1e69si12697500pgp.180.2023.04.25.03.26.41; Tue, 25 Apr 2023 03:26:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov.name header.s=fm1 header.b=cTDVrrJw; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b="WJYj4cV/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233698AbjDYKMJ (ORCPT + 99 others); Tue, 25 Apr 2023 06:12:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56396 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233615AbjDYKMH (ORCPT ); Tue, 25 Apr 2023 06:12:07 -0400 Received: from wnew1-smtp.messagingengine.com (wnew1-smtp.messagingengine.com [64.147.123.26]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 044CDC15B; Tue, 25 Apr 2023 03:12:05 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.west.internal (Postfix) with ESMTP id 1B7DD2B0671D; Tue, 25 Apr 2023 06:12:02 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 25 Apr 2023 06:12:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1682417521; x= 1682424721; bh=6ykmRoJ2ViKku45z63OOrhQO86nvESrAdiWG+K7bYwg=; b=c TDVrrJwJKmBSLCZheZhCKbfhHj89iyuDI9vXtVPgz7Ym9svXdHwoke8YmZXCqthh Dw/yM/Yh6/Jv7G+J6l6Hz8flfXI8blB1z1RdOTyprn4atgk5r/DyuW3RMbxU5w5R Si1LutW9YV4Ae12xbcNxhUZ6Z0mRfVihmRIuRAt3clBMGEoo68fwSqrMZtChKUZD vtUDX/Ybm48ar48ml6553kpg21Diy6e3UNUHLcKlx+Wmw0n6bt/9aNBmpO2rsJ2g 9jb58e80XBwgakjaHtHw/nkJ0wasVCDg+Kvn6VcIvfTlQ/NiJJyWfBkmhvmETTEj zHTqFHPh2Hhe3XEIN54aw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1682417521; x=1682424721; bh=6ykmRoJ2ViKku 45z63OOrhQO86nvESrAdiWG+K7bYwg=; b=WJYj4cV/CB4Wt++zgV0y3XLrBW2V8 IdDYNBmyW2TZ1BrHyTSM9xB23HAFhIxnRPIIfMUl4cwi3LitMeI4niSUQDfl9LDx OPYbWpYhJlZmJg03JnqcJmvWCtPqpqA/6HouMN/xIHvYuPM5P5dx0vYavhlOn8Tm 5LsAwNBieltv76YqxmRogvh50Xm6vyEAdzjio6lCgUIoZsNnqvgWFgioK8zPaaKw hMhwsBKgdekr/gn033pJNRMzyaELXGIdSWOA4MneADwWnj/xsxdsheSx2jvrh+oG UnZN4Re0NkR2JE7gRX8TD+r9w+ApJAQWuqc3dDXd9mB2rjvlwdtOVKDMw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeduvddgvdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesthdttddttddtvdenucfhrhhomhepfdfmihhr ihhllhcutecurdcuufhhuhhtvghmohhvfdcuoehkihhrihhllhesshhhuhhtvghmohhvrd hnrghmvgeqnecuggftrfgrthhtvghrnhepgfdtveeugeethfffffeklefgkeelgfekfedt heeileetuefhkeefleduvddtkeevnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepkhhirhhilhhlsehshhhuthgvmhhovhdrnhgrmhgv X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 25 Apr 2023 06:11:57 -0400 (EDT) Received: by box.shutemov.name (Postfix, from userid 1000) id F3F9D10BAC9; Tue, 25 Apr 2023 13:11:53 +0300 (+03) Date: Tue, 25 Apr 2023 13:11:53 +0300 From: "Kirill A . Shutemov" To: Lorenzo Stoakes Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jason Gunthorpe , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov , Jason Gunthorpe , John Hubbard , Jan Kara , Pavel Begunkov Subject: Re: [PATCH v3] mm/gup: disallow GUP writing to file-backed mappings by default Message-ID: <20230425101153.xxi4arpwkz7ijnvm@box.shutemov.name> References: <23c19e27ef0745f6d3125976e047ee0da62569d4.1682406295.git.lstoakes@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <23c19e27ef0745f6d3125976e047ee0da62569d4.1682406295.git.lstoakes@gmail.com> X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 25, 2023 at 08:14:14AM +0100, Lorenzo Stoakes wrote: > GUP does not correctly implement write-notify semantics, nor does it > guarantee that the underlying pages are correctly dirtied, which could lead > to a kernel oops or data corruption when writing to file-backed mappings. > > This is only relevant when the mappings are file-backed and the underlying > file system requires folio dirty tracking. File systems which do not, such > as shmem or hugetlb, are not at risk and therefore can be written to > without issue. > > Unfortunately this limitation of GUP has been present for some time and > requires future rework of the GUP API in order to provide correct write > access to such mappings. > > In the meantime, we add a check for the most broken GUP case - > FOLL_LONGTERM - which really under no circumstances can safely access > dirty-tracked file mappings. > > Suggested-by: Jason Gunthorpe > Signed-off-by: Lorenzo Stoakes > --- > v3: > - Rebased on latest mm-unstable as of 24th April 2023. > - Explicitly check whether file system requires folio dirtying. Note that > vma_wants_writenotify() could not be used directly as it is very much focused > on determining if the PTE r/w should be set (e.g. assuming private mapping > does not require it as already set, soft dirty considerations). Hm. Okay. Have you considered having a common base for your case and vma_wants_writenotify()? Code duplication doesn't look good. -- Kiryl Shutsemau / Kirill A. Shutemov