lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190319141416.GA3879@redhat.com>
Date:   Tue, 19 Mar 2019 10:14:16 -0400
From:   Jerome Glisse <jglisse@...hat.com>
To:     "Kirill A. Shutemov" <kirill@...temov.name>
Cc:     john.hubbard@...il.com, Andrew Morton <akpm@...ux-foundation.org>,
        linux-mm@...ck.org, Al Viro <viro@...iv.linux.org.uk>,
        Christian Benvenuti <benve@...co.com>,
        Christoph Hellwig <hch@...radead.org>,
        Christopher Lameter <cl@...ux.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Dave Chinner <david@...morbit.com>,
        Dennis Dalessandro <dennis.dalessandro@...el.com>,
        Doug Ledford <dledford@...hat.com>,
        Ira Weiny <ira.weiny@...el.com>, Jan Kara <jack@...e.cz>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Matthew Wilcox <willy@...radead.org>,
        Michal Hocko <mhocko@...nel.org>,
        Mike Rapoport <rppt@...ux.ibm.com>,
        Mike Marciniszyn <mike.marciniszyn@...el.com>,
        Ralph Campbell <rcampbell@...dia.com>,
        Tom Talpey <tom@...pey.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-fsdevel@...r.kernel.org, John Hubbard <jhubbard@...dia.com>,
        Andrea Arcangeli <aarcange@...hat.com>
Subject: Re: [PATCH v4 1/1] mm: introduce put_user_page*(), placeholder
 versions

On Tue, Mar 19, 2019 at 09:47:24AM -0400, Jerome Glisse wrote:
> On Tue, Mar 19, 2019 at 03:04:17PM +0300, Kirill A. Shutemov wrote:
> > On Fri, Mar 08, 2019 at 01:36:33PM -0800, john.hubbard@...il.com wrote:
> > > From: John Hubbard <jhubbard@...dia.com>
> 
> [...]
> 
> > > diff --git a/mm/gup.c b/mm/gup.c
> > > index f84e22685aaa..37085b8163b1 100644
> > > --- a/mm/gup.c
> > > +++ b/mm/gup.c
> > > @@ -28,6 +28,88 @@ struct follow_page_context {
> > >  	unsigned int page_mask;
> > >  };
> > >  
> > > +typedef int (*set_dirty_func_t)(struct page *page);
> > > +
> > > +static void __put_user_pages_dirty(struct page **pages,
> > > +				   unsigned long npages,
> > > +				   set_dirty_func_t sdf)
> > > +{
> > > +	unsigned long index;
> > > +
> > > +	for (index = 0; index < npages; index++) {
> > > +		struct page *page = compound_head(pages[index]);
> > > +
> > > +		if (!PageDirty(page))
> > > +			sdf(page);
> > 
> > How is this safe? What prevents the page to be cleared under you?
> > 
> > If it's safe to race clear_page_dirty*() it has to be stated explicitly
> > with a reason why. It's not very clear to me as it is.
> 
> The PageDirty() optimization above is fine to race with clear the
> page flag as it means it is racing after a page_mkclean() and the
> GUP user is done with the page so page is about to be write back
> ie if (!PageDirty(page)) see the page as dirty and skip the sdf()
> call while a split second after TestClearPageDirty() happens then
> it means the racing clear is about to write back the page so all
> is fine (the page was dirty and it is being clear for write back).
> 
> If it does call the sdf() while racing with write back then we
> just redirtied the page just like clear_page_dirty_for_io() would
> do if page_mkclean() failed so nothing harmful will come of that
> neither. Page stays dirty despite write back it just means that
> the page might be write back twice in a row.

Forgot to mention one thing, we had a discussion with Andrea and Jan
about set_page_dirty() and Andrea had the good idea of maybe doing
the set_page_dirty() at GUP time (when GUP with write) not when the
GUP user calls put_page(). We can do that by setting the dirty bit
in the pte for instance. They are few bonus of doing things that way:
    - amortize the cost of calling set_page_dirty() (ie one call for
      GUP and page_mkclean()
    - it is always safe to do so at GUP time (ie the pte has write
      permission and thus the page is in correct state)
    - safe from truncate race
    - no need to ever lock the page

Extra bonus from my point of view, it simplify thing for my generic
page protection patchset (KSM for file back page).

So maybe we should explore that ? It would also be a lot less code.

Cheers,
Jérôme

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ