Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2040627rwd; Mon, 15 May 2023 06:35:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5Px7AUQtL5oRIYsMAldg0QMtN/czC3dE+9nZrrDfl8OvFwkITGrfTLGL9a7UobqxcekIVo X-Received: by 2002:a05:6a20:a11e:b0:104:242a:9a78 with SMTP id q30-20020a056a20a11e00b00104242a9a78mr17074309pzk.2.1684157726830; Mon, 15 May 2023 06:35:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684157726; cv=none; d=google.com; s=arc-20160816; b=XCl960h7H9DNa5RjpcHpmtnPlmaUOQol4nh++lEUAJwao0aFGg8IaSAbUi4TSbWqrk JL2Qubct2RYYBfpSaymKeHQrLg2+3cEYNghXOOXH1xHKnHHs02hUNXd1xvaaEPsvZo3j bVgL1H+5m11aRHbLQf+eXQENAFxq/OQXVJa27DSfIeBPNm6j9PLsKuAigVq2fOY6v1QC z1k2QMiTbREUJ13OuYN/wySE0CU0OJ41SburFp3X8X8NSdMyCkLlL8aMMnim+Ek6M2+q evlO7wLsvwGkh1QKQACtp7ev0T7py5OLu3zrRpg9HBJ1LmtEtt7ipY7dyePdbbmVlS3b /yHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=I2gFAV1Bt11rr0HeGWTCJG9IDGxOMnHQHXHHbOCPYDo=; b=KPQoXPOtKmaSj8nrvGvP8wpinNbOyOQ24xQo6fnhxJHYi4SYzCjSCX0GcFFTnP5wzI oat9ISmdBe3LE9J57evOQb4GrWnKrlXriGxYPSlJMTZktfTt2QljB8C46/rtH8T6PNQ0 EVkN42o7Gf7hS2ouXcgok+iIzaEN7aX7CtW+Dt1Xi5XGHONIADF4p+5IPptZ+lFDP7In tBtlRgzCWNqGqcfuTexCd/58qMGwyqy9SGftYy6QcDtLS9+nS4f0sJoW2IWhlqRV/iKh okhrkJ36qjILjf9j79OqfIJNGklJMO5P2BAd9am+zHFwTSRZPL98M60G6wDfm9WMMjod nrGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=Fb4+g02Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w12-20020a63934c000000b0051ba9b9c3f3si15537865pgm.321.2023.05.15.06.35.10; Mon, 15 May 2023 06:35:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=Fb4+g02Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242214AbjEONI4 (ORCPT + 99 others); Mon, 15 May 2023 09:08:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55558 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242284AbjEONIa (ORCPT ); Mon, 15 May 2023 09:08:30 -0400 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E64926B0; Mon, 15 May 2023 06:08:00 -0700 (PDT) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3075e802738so11694985f8f.1; Mon, 15 May 2023 06:08:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684156079; x=1686748079; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=I2gFAV1Bt11rr0HeGWTCJG9IDGxOMnHQHXHHbOCPYDo=; b=Fb4+g02YBBu38SltuhS+IwpYVzoxe80rT1yHPlTht9o95uLaKhQM6L02U8FIQSzG0u F74fhxfxj9aXytF3FtFdEEivo2st0IMgxLRibmpbYacA0zZWuO4fj3Y/9A2Tn78oIvY0 C18Ml0c4V5ahXxqIhkCUiPcNutxniHakG8FQrBJdJLkk/GUk7OPBmr0muET13IO4vKdc v2E4936Adb3bkr5bfETRmIsjKU+IeoFpOqtNr3sLG0IJtBNMYIXtbopzPX+x1mhNuV0l 7s9GaeOiQuSZ54g+KUPd/b3efDKiKbFOuOxbTCZbYbh4sbs0SxUN3ALJYt6u0HfENSCo XHXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684156079; x=1686748079; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=I2gFAV1Bt11rr0HeGWTCJG9IDGxOMnHQHXHHbOCPYDo=; b=e3FGC8kMaDzgy3p9yWvJFuQPqCrkBzTk77qhtRMz7/AcEzselnEB//cYVFmk3hBbil TL//2nbcZzr1h3hldwaEGoOonTuDQ1jyIXIW5nGaV/uthTgcM38xqwD8ouitC/QPS58J 7weJo8DMx20GFiQiOmIJ4Uh4P8rTWIVqiIVrx3cl6uAafgMYH74lq5+Us2cmrR79FmCA DVwewb8q1BF0vmZ64Mq88UNSaKGd/SqBT9bzFwxfn4Dhp+ZXDgEpPOEhVJ6K9DK8TSpc hVc6Ebhu2WZEoWAcXQ85jdrXuIyo0ZSyY9Qf2r5IliksGNWRGXYsY7hSEVFJ0cJ7/3Ba HzLA== X-Gm-Message-State: AC+VfDyDTcKuNNHCGqlAyjOi54doki9HD4X/kBjCUlWZ+L8gMsxqKQQT vwFEsQTJVRf2k9O9PzH8vUc= X-Received: by 2002:adf:cc90:0:b0:307:8718:7891 with SMTP id p16-20020adfcc90000000b0030787187891mr25640550wrj.54.1684156078532; Mon, 15 May 2023 06:07:58 -0700 (PDT) Received: from localhost ([2a00:23c5:dc8c:8701:1663:9a35:5a7b:1d76]) by smtp.gmail.com with ESMTPSA id e12-20020adfe7cc000000b002c54c9bd71fsm32604261wrn.93.2023.05.15.06.07.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 May 2023 06:07:57 -0700 (PDT) Date: Mon, 15 May 2023 14:07:57 +0100 From: Lorenzo Stoakes To: Jason Gunthorpe Cc: "Kirill A . Shutemov" , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov , John Hubbard , Jan Kara , Pavel Begunkov , Mika Penttila , David Hildenbrand , Dave Chinner , Theodore Ts'o , Peter Xu , Matthew Rosato , "Paul E . McKenney" , Christian Borntraeger Subject: Re: [PATCH v9 0/3] mm/gup: disallow GUP writing to file-backed mappings by default Message-ID: References: <20230515110315.uqifqgqkzcrrrubv@box.shutemov.name> <7f6dbe36-88f2-468e-83c1-c97e666d8317@lucifer.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 15, 2023 at 09:12:49AM -0300, Jason Gunthorpe wrote: > On Mon, May 15, 2023 at 12:16:21PM +0100, Lorenzo Stoakes wrote: > > > One thing that came to mind is KVM with "qemu -object memory-backend-file,share=on..." > > > It is mostly used for pmem emulation. > > > > > > Do we have plan B? > > > > Yes, we can make it opt-in or opt-out via a FOLL_FLAG. This would be easy > > to implement in the event of any issues arising. > > I'm becoming less keen on the idea of a per-subsystem opt out. I think > we should make a kernel wide opt out. I like the idea of using lower > lockdown levels. Lots of things become unavaiable in the uAPI when the > lockdown level increases already. This would be the 'safest' in the sense that a user can't be surprised by higher lockdown = access modes disallowed, however we'd _definitely_ need to have an opt-in in that instance so io_uring can make use of this regardless. That's easy to add however. If we do go down that road, we can be even stricter/vary what we do at different levels right? > > > Jason will have some thoughts on this I'm sure. I guess the key question > > here is - is it actually feasible for this to work at all? Once we > > establish that, the rest are details :) > > Surely it is, but like Ted said, the FS folks are not interested and > they are at least half the solution.. :'( > > The FS also has to actively not write out the page while it cannot be > write protected unless it copies the data to a stable page. The block > stack needs the source data to be stable to do checksum/parity/etc > stuff. It is a complicated subject. Yes my sense was that being able to write arbitrarily to these pages _at all_ was a big issue, not only the dirty tracking aspect. I guess at some level letting filesystems have such total flexibility as to how they implement things leaves us in a difficult position. > > Jason