lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 22 Jan 2019 16:22:38 +0800
From:   Peter Xu <>
To:     Jerome Glisse <>
        Hugh Dickins <>,
        Maya Gokhale <>,
        Johannes Weiner <>,
        Martin Cracauer <>,
        Denis Plotnikov <>,
        Shaohua Li <>,
        Andrea Arcangeli <>,
        Mike Kravetz <>,
        Marty McFadden <>,
        Mike Rapoport <>,
        Mel Gorman <>,
        "Kirill A . Shutemov" <>,
        "Dr . David Alan Gilbert" <>
Subject: Re: [PATCH RFC 03/24] mm: allow VM_FAULT_RETRY for multiple times

On Mon, Jan 21, 2019 at 10:55:36AM -0500, Jerome Glisse wrote:
> On Mon, Jan 21, 2019 at 03:57:01PM +0800, Peter Xu wrote:
> > The idea comes from a discussion between Linus and Andrea [1].
> > 
> > Before this patch we only allow a page fault to retry once.  We achieved
> > this by clearing the FAULT_FLAG_ALLOW_RETRY flag when doing
> > handle_mm_fault() the second time.  This was majorly used to avoid
> > unexpected starvation of the system by looping over forever to handle
> > the page fault on a single page.  However that should hardly happen, and
> > after all for each code path to return a VM_FAULT_RETRY we'll first wait
> > for a condition (during which time we should possibly yield the cpu) to
> > happen before VM_FAULT_RETRY is really returned.
> > 
> > This patch removes the restriction by keeping the FAULT_FLAG_ALLOW_RETRY
> > flag when we receive VM_FAULT_RETRY.  It means that the page fault
> > handler now can retry the page fault for multiple times if necessary
> > without the need to generate another page fault event. Meanwhile we
> > still keep the FAULT_FLAG_TRIED flag so page fault handler can still
> > identify whether a page fault is the first attempt or not.
> So there is nothing protecting starvation after this patch ? AFAICT.
> Do we sufficient proof that we never have a scenario where one process
> might starve fault another ?
> For instance some page locking could starve one process.

Hi, Jerome,

Do you mean lock_page()?

AFAIU lock_page() will only yield the process itself until the lock is
released, so IMHO it's not really starving the process but a natural
behavior.  After all the process may not continue without handling the
page fault correctly.

Or when you say "starvation" do you mean that we might return
VM_FAULT_RETRY from handle_mm_fault() continuously so we'll looping
over and over inside the page fault handler?


> > 
> > GUP code is not touched yet and will be covered in follow up patch.
> > 
> > This will be a nice enhancement for current code at the same time a
> > supporting material for the future userfaultfd-writeprotect work since
> > in that work there will always be an explicit userfault writeprotect
> > retry for protected pages, and if that cannot resolve the page
> > fault (e.g., when userfaultfd-writeprotect is used in conjunction with
> > shared memory) then we'll possibly need a 3rd retry of the page fault.
> > It might also benefit other potential users who will have similar
> > requirement like userfault write-protection.
> > 
> > Please read the thread below for more information.
> > 
> > [1]
> > 
> > Suggested-by: Linus Torvalds <>
> > Suggested-by: Andrea Arcangeli <>
> > Signed-off-by: Peter Xu <>
> > ---


Peter Xu

Powered by blists - more mailing lists