lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190117152108.GB3550@redhat.com>
Date:   Thu, 17 Jan 2019 10:21:08 -0500
From:   Jerome Glisse <jglisse@...hat.com>
To:     John Hubbard <jhubbard@...dia.com>
Cc:     Jan Kara <jack@...e.cz>, Matthew Wilcox <willy@...radead.org>,
        Dave Chinner <david@...morbit.com>,
        Dan Williams <dan.j.williams@...el.com>,
        John Hubbard <john.hubbard@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linux MM <linux-mm@...ck.org>, tom@...pey.com,
        Al Viro <viro@...iv.linux.org.uk>, benve@...co.com,
        Christoph Hellwig <hch@...radead.org>,
        Christopher Lameter <cl@...ux.com>,
        "Dalessandro, Dennis" <dennis.dalessandro@...el.com>,
        Doug Ledford <dledford@...hat.com>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Michal Hocko <mhocko@...nel.org>, mike.marciniszyn@...el.com,
        rcampbell@...dia.com,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH 1/2] mm: introduce put_user_page*(), placeholder versions

On Wed, Jan 16, 2019 at 09:42:25PM -0800, John Hubbard wrote:
> On 1/16/19 5:08 AM, Jerome Glisse wrote:
> > On Wed, Jan 16, 2019 at 12:38:19PM +0100, Jan Kara wrote:
> >> On Tue 15-01-19 09:07:59, Jan Kara wrote:
> >>> Agreed. So with page lock it would actually look like:
> >>>
> >>> get_page_pin()
> >>> 	lock_page(page);
> >>> 	wait_for_stable_page();
> >>> 	atomic_add(&page->_refcount, PAGE_PIN_BIAS);
> >>> 	unlock_page(page);
> >>>
> >>> And if we perform page_pinned() check under page lock, then if
> >>> page_pinned() returned false, we are sure page is not and will not be
> >>> pinned until we drop the page lock (and also until page writeback is
> >>> completed if needed).
> >>
> >> After some more though, why do we even need wait_for_stable_page() and
> >> lock_page() in get_page_pin()?
> >>
> >> During writepage page_mkclean() will write protect all page tables. So
> >> there can be no new writeable GUP pins until we unlock the page as all such
> >> GUPs will have to first go through fault and ->page_mkwrite() handler. And
> >> that will wait on page lock and do wait_for_stable_page() for us anyway.
> >> Am I just confused?
> > 
> > Yeah with page lock it should synchronize on the pte but you still
> > need to check for writeback iirc the page is unlocked after file
> > system has queue up the write and thus the page can be unlock with
> > write back pending (and PageWriteback() == trye) and i am not sure
> > that in that states we can safely let anyone write to that page. I
> > am assuming that in some case the block device also expect stable
> > page content (RAID stuff).
> > 
> > So the PageWriteback() test is not only for racing page_mkclean()/
> > test_set_page_writeback() and GUP but also for pending write back.
> 
> 
> That was how I thought it worked too: page_mkclean and a few other things
> like page migration take the page lock, but writeback takes the lock, 
> queues it up, then drops the lock, and writeback actually happens outside
> that lock. 
> 
> So on the GUP end, some combination of taking the page lock, and 
> wait_on_page_writeback(), is required in order to flush out the writebacks.
> I think I just rephrased what Jerome said, actually. :)
> 
> 
> > 
> > 
> >> That actually touches on another question I wanted to get opinions on. GUP
> >> can be for read and GUP can be for write (that is one of GUP flags).
> >> Filesystems with page cache generally have issues only with GUP for write
> >> as it can currently corrupt data, unexpectedly dirty page etc.. DAX & memory
> >> hotplug have issues with both (DAX cannot truncate page pinned in any way,
> >> memory hotplug will just loop in kernel until the page gets unpinned). So
> >> we probably want to track both types of GUP pins and page-cache based
> >> filesystems will take the hit even if they don't have to for read-pins?
> > 
> > Yes the distinction between read and write would be nice. With the map
> > count solution you can only increment the mapcount for GUP(write=true).
> > With pin bias the issue is that a big number of read pin can trigger
> > false positive ie you would do:
> >     GUP(vaddr, write)
> >         ...
> >         if (write)
> >             atomic_add(page->refcount, PAGE_PIN_BIAS)
> >         else
> >             atomic_inc(page->refcount)
> > 
> >     PUP(page, write)
> >         if (write)
> >             atomic_add(page->refcount, -PAGE_PIN_BIAS)
> >         else
> >             atomic_dec(page->refcount)
> > 
> > I am guessing false positive because of too many read GUP is ok as
> > it should be unlikely and when it happens then we take the hit.
> > 
> 
> I'm also intrigued by the point that read-only GUP is harmless, and we 
> could just focus on the writeable case.

For filesystem anybody that just look at the page is fine, as it would
not change its content thus the page would stay stable.

> 
> However, I'm rather worried about actually attempting it, because remember
> that so far, each call site does no special tracking of each struct page. 
> It just remembers that it needs to do a put_page(), not whether or
> not that particular page was set up with writeable or read-only GUP. I mean,
> sure, they often call set_page_dirty before put_page, indicating that it might
> have been a writeable GUP call, but it seems sketchy to rely on that.
> 
> So actually doing this could go from merely lots of work, to K*(lots_of_work)...

I did a quick scan and most of the GUP user know wether they did a write
GUP or not by the time they do put_page for instance all device knows
that because they use that very information for the dma_page_unmap()

So wether the GUP was write or read only is available at the time of PUP.

If you do not feel comfortable you can leave it out for now.

Cheers,
Jérôme

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ