Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp7234183rwr; Tue, 25 Apr 2023 09:54:02 -0700 (PDT) X-Google-Smtp-Source: AKy350ZROgJPYaQeXMoRqPnkyQxWVc2u5FD2qWLLJpoTSMis5Gehf5EzFtURDDehjNGiPZX/ps0R X-Received: by 2002:a17:902:d484:b0:1a9:712d:18b5 with SMTP id c4-20020a170902d48400b001a9712d18b5mr9592574plg.67.1682441642186; Tue, 25 Apr 2023 09:54:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682441642; cv=none; d=google.com; s=arc-20160816; b=iF9n9rBDwJpaPu48Y08xq9f14qpciAHUaVdF76C3RX/DFj1kEvxfCfsXB7gCm3rqV0 bYWmJ/etOFtU66iO3/+FbvOd1L3cHgp8piDtjWAltdxc5o+IaRNszaPE4u7FZYf1YY9U 3BgWLW2t5h0Zhu+yPsunLiQbTOti/MYdm53qOasIiOfWf+Z+wULk33xgZx8j4QgTUhqc 0n7KhunZuGSvrBZWeJHkApRuuy6kQkoUSOvzSFUpAG9SHVT/Z4uL44iqsJx7y863L69N ixBNOCsBf0+j/drDLu3IVUHpIcoE4Pf35gov+Rcxw64bmzFh+Bb3Sr5LQSw7nTLx4COc iCWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=DQgl8loxAa0veEtZSLtrUvcvIyw2BmuwVPdtNPCihQg=; b=b62xPRsNqY0bXz3Lmy3jn+mpAbAgBTt6LAdTkQnyDY5F1PiMTUSXI6OR/8pfAfOYed U1bW4daFuN2E/Zs3AI6f+yyoZWocl4pDIsgaJv+6FQQCUZY77jNcJ59G+1i3b7Ws7KxW wT8NbRMX9jqZfkhP+tU/7MacXgDkIa8om1Sa4C1sjZ3cIvPIY6OrMi2rSjW2YwIp7ByB pcEZe6nEb/nZkyy/IdzeXNgMRoJG8Y5VHbE70FPdNKfB9YXLjfztpgaG0L9vKsiELMiI gR3TJcyCsxY5s0A2NclSwIlTTc6OiOdP4y6SbpEj1W13fZyCyiddpnVkgNgBta2pudE9 feOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=sIcEl1Tq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p8-20020a170902e74800b001a966042af8si8022892plf.341.2023.04.25.09.53.50; Tue, 25 Apr 2023 09:54:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=sIcEl1Tq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234802AbjDYQpr (ORCPT + 99 others); Tue, 25 Apr 2023 12:45:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39140 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234794AbjDYQpq (ORCPT ); Tue, 25 Apr 2023 12:45:46 -0400 Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 763A8D32E; Tue, 25 Apr 2023 09:45:40 -0700 (PDT) Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-3f19b9d5358so37403675e9.1; Tue, 25 Apr 2023 09:45:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682441139; x=1685033139; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=DQgl8loxAa0veEtZSLtrUvcvIyw2BmuwVPdtNPCihQg=; b=sIcEl1Tq3fwrs5UA5d0jX7GXW2Kr1kzevC2acB6kGpDEHKhEr1s9Nv64aQTPCMYV3b 8ogebBHtokSZSmEB38ASPWmJFv8VhO9CXDIGJ7A3a0jSniormcYUo170KQJgaZ/9ZNhH cOfQjXRcRLByvhH8UPAVLiw4tMzfQCtNEO1KMn6VCHOdb3sKSnbH/IcHPKhOeMrChhNv JMb0WcLeiws5HqMPX8V0OIa1fx6cu4d4gQ0O1QMNmcSGGMhIWpJ6dE602GjSAh8KDHHy /ei4tBSGhgulm1GTAscNu1bTIhOBVZ+E3mup8DtyVPaVcm5IQ6WVGGr4ObkkwKUvTf5L XsHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682441139; x=1685033139; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=DQgl8loxAa0veEtZSLtrUvcvIyw2BmuwVPdtNPCihQg=; b=Npba7R5Ulyw1NJmOI0dLq0Pav1PO1rgUSuQT97E/01eUIUfgPbhQLwn553zyy9JHA+ dpj2myvkI3KbVeA9A/K1xthmSqD8Nl3zZlW2LZ6amQuVa2YqzlkgMBg6AAiRN2+mwjeL 8gKhZ8JwarN09X8Lkq5QELVm4ZY38fbaLBGn4yoVraC6pG0UHfAnp5ix1jbakXL/5kXN qqFdT+abj9+ybsMiJlHZjhbCBkkJG0Be9evW5tepHNCuMNzjkGoGyucwfoGO9nNb4O5C d5Kjyk1pEgDgfydswa+o1/Q3rqK9UNO87P0GVJZVeyeyoK8p64E6cUniqNZJbH871m6k e5OQ== X-Gm-Message-State: AAQBX9dZRMkVToc0ge+tqj2FGLO+SSfcjT87nwsCWSeqk4Zb4rSeSYUc pUbdz0IM4gxaQZB39NoloBw= X-Received: by 2002:a05:600c:3783:b0:3f1:6fb4:44cf with SMTP id o3-20020a05600c378300b003f16fb444cfmr10814511wmr.28.1682441138560; Tue, 25 Apr 2023 09:45:38 -0700 (PDT) Received: from localhost ([208.34.186.1]) by smtp.gmail.com with ESMTPSA id p10-20020a1c544a000000b003f03d483966sm18820138wmi.44.2023.04.25.09.45.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Apr 2023 09:45:37 -0700 (PDT) Date: Tue, 25 Apr 2023 17:45:36 +0100 From: Lorenzo Stoakes To: "Kirill A . Shutemov" Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jason Gunthorpe , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov , Jason Gunthorpe , John Hubbard , Jan Kara , Pavel Begunkov Subject: Re: [PATCH v3] mm/gup: disallow GUP writing to file-backed mappings by default Message-ID: References: <23c19e27ef0745f6d3125976e047ee0da62569d4.1682406295.git.lstoakes@gmail.com> <20230425101153.xxi4arpwkz7ijnvm@box.shutemov.name> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230425101153.xxi4arpwkz7ijnvm@box.shutemov.name> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 25, 2023 at 01:11:53PM +0300, Kirill A . Shutemov wrote: > On Tue, Apr 25, 2023 at 08:14:14AM +0100, Lorenzo Stoakes wrote: > > GUP does not correctly implement write-notify semantics, nor does it > > guarantee that the underlying pages are correctly dirtied, which could lead > > to a kernel oops or data corruption when writing to file-backed mappings. > > > > This is only relevant when the mappings are file-backed and the underlying > > file system requires folio dirty tracking. File systems which do not, such > > as shmem or hugetlb, are not at risk and therefore can be written to > > without issue. > > > > Unfortunately this limitation of GUP has been present for some time and > > requires future rework of the GUP API in order to provide correct write > > access to such mappings. > > > > In the meantime, we add a check for the most broken GUP case - > > FOLL_LONGTERM - which really under no circumstances can safely access > > dirty-tracked file mappings. > > > > Suggested-by: Jason Gunthorpe > > Signed-off-by: Lorenzo Stoakes > > --- > > v3: > > - Rebased on latest mm-unstable as of 24th April 2023. > > - Explicitly check whether file system requires folio dirtying. Note that > > vma_wants_writenotify() could not be used directly as it is very much focused > > on determining if the PTE r/w should be set (e.g. assuming private mapping > > does not require it as already set, soft dirty considerations). > > Hm. Okay. Have you considered having a common base for your case and > vma_wants_writenotify()? Code duplication doesn't look good. > I did and I actually started implementing something for the same reason, however I wondered whether it was worth it for essentially 3 clauses that are shared between the two. On second thoughts, it is painful to have this duplicated, so let me take another look. > > -- > Kiryl Shutsemau / Kirill A. Shutemov