Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1863476rwd; Mon, 15 May 2023 04:17:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4HYjjtr0OKJVJuKbUMSY75sCW8/QuaKNP4lAlocJlIi6UCPNYT97NLqfd/CC5darI8sn0+ X-Received: by 2002:aa7:88ce:0:b0:645:6142:7f5a with SMTP id k14-20020aa788ce000000b0064561427f5amr34973558pff.3.1684149453364; Mon, 15 May 2023 04:17:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684149453; cv=none; d=google.com; s=arc-20160816; b=jVujvrVo4mfDDJdtrIrNF7TbsZgdU0nYifSlS/In3JsVeDRDXOq4mcjaQNNnt7+2s1 6HYXpanTtf7KLsk4+QACoB20d4C3K/hH8JyeGk58PphNXw/u4oZB3Ew3GGJ/Sw29uBfg mhr1hYJDTHZHke9szZUhYNJ3yk5gWfvyy/YxkIfPOjkzcu2y1/OJKT3vTWN/Rtxc2m7s YFV9Y5tvFtGIcVdcwF+RN45xUfoMegO+STSOKCV2XciRsy45HcZwB84cftbRdmA97YTh XIeI1HcacUDCCFHhpYSGFSwsdHbM0ciGwWkIvJwe5X1eJsZkvFVR5CWcFATUAtl47en+ 8jbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=a/Iydw3E9XYq6OMWXW3TvDHCSGXOvuQLC/4M2+8UgSg=; b=xS6T+rLxvXLrYniM0ckU+21jTOElhUSOkRsm8H5IMuCeNNrZhHvO6qQlI27OwNzELK R5tW5/XNTjN8F76El1W4twGwGqhJfQ0xL5jWxHyF927u8N0X6qStB5eId5UTIOki/zST EMzvitHzXj6U/DiTbkpOHZsh+o4nZf1UqZaX9flUNlfXFoFTChwW/w0Df9tdQaAG016l j+KV+dDrLe5cv+ipoPa8o6hK/tGOmubGM0xI5MBehsj/d+05PUSAqp1QxfvWfXV+GcpC SKUtw1yMMvCTbQzQjO8twdY0AbBrR3F9cmzIrPxKIXWl8ObNOJE61v40WO+fxZ83Z9Dr hmTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov.name header.s=fm2 header.b=beqhaz6+; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=HCOKyUCG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z1-20020aa79481000000b0062a450c329dsi16627244pfk.93.2023.05.15.04.17.19; Mon, 15 May 2023 04:17:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov.name header.s=fm2 header.b=beqhaz6+; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=HCOKyUCG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241056AbjEOLD1 (ORCPT + 99 others); Mon, 15 May 2023 07:03:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48166 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232090AbjEOLD0 (ORCPT ); Mon, 15 May 2023 07:03:26 -0400 Received: from wnew4-smtp.messagingengine.com (wnew4-smtp.messagingengine.com [64.147.123.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12C1593; Mon, 15 May 2023 04:03:25 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.west.internal (Postfix) with ESMTP id BF1CA2B05E55; Mon, 15 May 2023 07:03:20 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 15 May 2023 07:03:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; t=1684148600; x= 1684155800; bh=a/Iydw3E9XYq6OMWXW3TvDHCSGXOvuQLC/4M2+8UgSg=; b=b eqhaz6+aC9XTJDJe/wr3N36+Tj3flpCfHvlOf9y8lXsK+262zaCij702Mejo2+QE Fd2xpeGSZ+xZXcy4D/O2ys6/yeyG+eg9pe7ttAK7rJ4flep8j0NnEuUu/JpgQ2zq +sQYGICk0DOSR7KXB1FGzWMBThhFGROaza2HF5WZTMoyXCpSoGrgyUpv2AwTVyoh MPRAEKadMnnI/sj+LbQEWvTyhwhvfq0KMSmbFHooxdpg4bZ6fN05mjKqs5p5+gMe sDKrBEwm+QstfKvMpg7xfToq9y+QHBotkJ9i3CoJB7tGWQC23VldSFyJYd2XEL4U Gl+2fihoHMbSTuxjVue1g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1684148600; x=1684155800; bh=a/Iydw3E9XYq6 OMWXW3TvDHCSGXOvuQLC/4M2+8UgSg=; b=HCOKyUCGguRFf1xsGM0olaZPpyE83 QUFg57fXwoOwyQLXQfBrzuMoGa6jxavNDy4hgO/KieahDInTa0sH3/uTA04n9PBd pOkNlIQsSrzizEIjBJ9OClefL/E9/wJWOs6W/BHwQZEkVPX/yhJWt9zeo1XJL8yO Dm7ChPssB/erg2Ti3ewsAZ+Qt8Pig5D5DcQN2IwE1zz0yI1+ld7eJeDoy/HbjJp8 Fwwn6gnv5N4GzwOjiaZb1+aSt2I9N4jbT6NnDxfZPC4PkwlZwKP41PP0oJSiwruW x9dW25YtqwNwMjBly/giIjtuqcpmWp+sz3+M1OpAnT7+WPfc354OTJLVA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeehjedgfeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesthdttddttddtvdenucfhrhhomhepfdfmihhr ihhllhcutecurdcuufhhuhhtvghmohhvfdcuoehkihhrihhllhesshhhuhhtvghmohhvrd hnrghmvgeqnecuggftrfgrthhtvghrnhepgfdtveeugeethfffffeklefgkeelgfekfedt heeileetuefhkeefleduvddtkeevnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepkhhirhhilhhlsehshhhuthgvmhhovhdrnhgrmhgv X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 15 May 2023 07:03:17 -0400 (EDT) Received: by box.shutemov.name (Postfix, from userid 1000) id 55AD0103956; Mon, 15 May 2023 14:03:15 +0300 (+03) Date: Mon, 15 May 2023 14:03:15 +0300 From: "Kirill A . Shutemov" To: Lorenzo Stoakes Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jason Gunthorpe , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov , Jason Gunthorpe , John Hubbard , Jan Kara , Pavel Begunkov , Mika Penttila , David Hildenbrand , Dave Chinner , Theodore Ts'o , Peter Xu , Matthew Rosato , "Paul E . McKenney" , Christian Borntraeger Subject: Re: [PATCH v9 0/3] mm/gup: disallow GUP writing to file-backed mappings by default Message-ID: <20230515110315.uqifqgqkzcrrrubv@box.shutemov.name> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 04, 2023 at 10:27:50PM +0100, Lorenzo Stoakes wrote: > Writing to file-backed mappings which require folio dirty tracking using > GUP is a fundamentally broken operation, as kernel write access to GUP > mappings do not adhere to the semantics expected by a file system. > > A GUP caller uses the direct mapping to access the folio, which does not > cause write notify to trigger, nor does it enforce that the caller marks > the folio dirty. Okay, problem is clear and the patchset look good to me. But I'm worried breaking existing users. Do we expect the change to be visible to real world users? If yes, are we okay to break them? One thing that came to mind is KVM with "qemu -object memory-backend-file,share=on..." It is mostly used for pmem emulation. Do we have plan B? Just a random/crazy/broken idea: - Allow folio_mkclean() (and folio_clear_dirty_for_io()) to fail, indicating that the page cannot be cleared because it is pinned; - Introduce a new vm_operations_struct::mkclean() that would be called by page_vma_mkclean_one() before clearing the range and can fail; - On GUP, create an in-kernel fake VMA that represents the file, but with custom vm_ops. The VMA registered in rmap to get notified on folio_mkclean() and fail it because of GUP. - folio_clear_dirty_for_io() callers will handle the new failure as indication that the page can be written back but will stay dirty and fs-specific data that is associated with the page writeback cannot be freed. I'm sure the idea is broken on many levels (I have never looked closely at the writeback path). But maybe it is good enough as conversation started? -- Kiryl Shutsemau / Kirill A. Shutemov