[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YmAOn75O7zOOioXQ@cmpxchg.org>
Date: Wed, 20 Apr 2022 09:46:07 -0400
From: Johannes Weiner <hannes@...xchg.org>
To: Peter Xu <peterx@...hat.com>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Matthew Wilcox <willy@...radead.org>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
David Hildenbrand <david@...hat.com>,
Hugh Dickins <hughd@...gle.com>,
Jerome Glisse <jglisse@...hat.com>,
"Kirill A . Shutemov" <kirill@...temov.name>,
Andrea Arcangeli <aarcange@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Axel Rasmussen <axelrasmussen@...gle.com>,
Alistair Popple <apopple@...dia.com>
Subject: Re: [PATCH v8 22/23] mm: Enable PTE markers by default
On Tue, Apr 19, 2022 at 06:01:14PM -0400, Peter Xu wrote:
> On Tue, Apr 19, 2022 at 05:24:28PM -0400, Johannes Weiner wrote:
> > On Tue, Apr 19, 2022 at 04:28:16PM -0400, Peter Xu wrote:
> > > On Tue, Apr 19, 2022 at 04:14:11PM -0400, Johannes Weiner wrote:
> > > > On Tue, Apr 19, 2022 at 03:59:21PM -0400, Peter Xu wrote:
> > > > > @@ -910,16 +910,16 @@ config ANON_VMA_NAME
> > > > Btw, this doesn't do much without userfaultfd being enabled in
> > > > general, right?
> > >
> > > So far yes, but I'm thinking there can be potential other users of
> > > PTE_MARKERS from mm world. The most close discussion is on the swap read
> > > failures and this patch proposed by Miaohe:
> > >
> > > https://lore.kernel.org/lkml/20220416030549.60559-1-linmiaohe@huawei.com/
> > >
> > > So I hope we can still keep them around here under mm/ if possible, and
> > > from the gut feeling it really should..
> >
> > Agreed, mm/ seems a good fit for PTE_MARKER.
> >
> > If it's invisible and gets selected as needed, it's less of a concern,
> > IMO. I'm somewhat worried about when and how the user-visible options
> > show up right now, though...
> >
> > > > Would it make sense to have it next to 'config USERFAULTFD' as a
> > > > sub-option?
> > >
> > > Yes another good question. :)
> > >
> > > IIUC CONFIG_USERFAULTFD resides in init/Kconfig because it introduces a new
> > > syscall. Same to the rest of the bits for uffd since then, namely:
> > >
> > > - USERFAULTFD_WP
> > > - USERFAULTFD_MINOR
> > >
> > > What I am thinking now is the other way round of your suggestion: whether
> > > we should move most of them out, at least the _WP and _MINOR configs into
> > > mm/? Because IMHO they are really pure mm ideas and they're irrelevant to
> > > syscalls and init.
> >
> > I'm thinking the MM submenu would probably be a better fit for all
> > user-visible userfaultfd options, including the syscall. Like you say,
> > it's an MM concept.
> >
> > But if moving the syscall knob out from init isn't popular, IMO it
> > would be better to add the new WP option to init as well. This ensures
> > that when somebody selects userfaultfd, they also see the relevant
> > suboptions and don't have to chase them down across multiple submenus.
> >
> > Conversely, they should also have the necessary depend clauses so that
> > suboptions aren't visible without the main feature. E.g. it asked me
> > for userfaultd options even though I have CONFIG_USERFAULTFD=n.
>
> Hmm, this is a bit weird... since we do have that dependency chain for
> PTE_MARKER_UFFD_WP -> HAVE_ARCH_USERFAULTFD_WP -> USERFAULTFD:
>
> in arch/x86/Kconfig:
> config X86
> ...
> select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD
>
> in mm/Kconfig (with/without the "mm/uffd: Hide PTE_MARKER" patch applied):
> config PTE_MARKER_UFFD_WP
> ...
> depends on HAVE_ARCH_USERFAULTFD_WP
>
> So logically if !USERFAULTFD we shouldn't see PTE_MARKER_UFFD_WP at all?
>
> That's also what I got when I tried it out for either !USERFAULTFD on x86,
> or any non-x86 platforms (because there we have !HAVE_ARCH_USERFAULTFD_WP
> constantly irrelevant of USERFAULTFD). Though I could have missed
> something..
Sorry, it asked me about PTE_MARKERS, and that conclusion got stuck in
my head. Indeed, once that symbol is invisible we should be good.
> > What do you think?
>
> I don't have a strong preference here, I think it's okay if it's preferred
> that we only put user-visible configs into mm/Kconfig. It's just that I
> see we have tons of user-invisible configs already in mm/Kconfig, to list
> some:
>
> config ARCH_HAS_HUGEPD
> config MAPPING_DIRTY_HELPERS
> config KMAP_LOCAL
> config KMAP_LOCAL_NON_LINEAR_PTE_ARRAY
>
> But I'm not sure whether it's a rule of thumb somewhere else.
I wasn't objecting to invisible symbols in mm/.
My point was simply that for the user it might be easiest and most
intuitive if userfaultfd and its related suboptions are 1) grouped
together and 2) in the MM submenu.
> At the meantime, I also looked at whether syscall configs are always and
> only be put under init/, and funnily I got:
>
> $ find . -name Kconfig | xargs grep --color -E "\".*syscall.*\""
> ./init/Kconfig: bool "Enable process_vm_readv/writev syscalls"
> ./init/Kconfig: bool "uselib syscall"
> ./init/Kconfig: bool "sgetmask/ssetmask syscalls support" if EXPERT
> ./init/Kconfig: bool "Sysfs syscall support" if EXPERT
> ./init/Kconfig: bool "open by fhandle syscalls" if EXPERT
> ./init/Kconfig: bool "Enable madvise/fadvise syscalls" if EXPERT
> ./arch/xtensa/Kconfig: bool "Enable fast atomic syscalls"
> ./arch/xtensa/Kconfig: bool "Enable spill registers syscall"
> ./arch/powerpc/Kconfig: bool "Support setting protections for 4k subpages (subpage_prot syscall)"
> ./arch/powerpc/Kconfig: bool "Enable filtering of RTAS syscalls"
> ./arch/Kconfig: bool "Support for randomizing kernel stack offset on syscall entry" if EXPERT
> ./arch/s390/Kconfig: bool "Verify kernel signature during kexec_file_load() syscall"
> ./arch/sh/mm/Kconfig: bool "Support vsyscall page"
> ./arch/x86/Kconfig: bool "Enable vsyscall emulation" if EXPERT
> ./arch/x86/Kconfig: bool "Verify kernel signature during kexec_file_load() syscall"
> ./arch/x86/Kconfig: bool "Require a valid signature in kexec_file_load() syscall"
> ./arch/x86/Kconfig: prompt "vsyscall table for legacy applications"
> ./arch/arm64/Kconfig: bool "Verify kernel signature during kexec_file_load() syscall"
> ./arch/arm64/Kconfig: bool "Enable the tagged user addresses syscall ABI"
> ./kernel/trace/Kconfig: bool "Trace syscalls"
> ./kernel/trace/Kconfig: bool "Run selftest on syscall events"
>
> So let's put aside arch specific lines, ftrace does have FTRACE_SYSCALLS
> that lies in the kernel/trace/ dir.. not sure whether we could move
> USERFAULTFD and all the rest into mm/ as well? Or perhaps that's just a
> bad example? :)
Yeah it looks like there is a healthy mix ;) To add to the list:
- mm/Kconfig has CONFIG_SWAP for the swapon/swapoff syscalls.
- fs/Kconfig has CONFIG_FILE_LOCKING, which adds the flock() syscall.
- Interestingly, fs/Kconfig has CONFIG_MEMFD_CREATE for memfd_create()
which is implemented in mm/memfd.c.
It seems reasonable to me to move the userfaultfd stuff to mm as well,
especially when it's becoming more than just a single binary question
on whether you want a syscall or not, and has MM-specific suboptions.
Powered by blists - more mailing lists