lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABb0KFGftHi1t3Pt8V3XvsG=+-hvfQMMteW9VXEPrRmfUdZZWA@mail.gmail.com>
Date:   Thu, 10 Aug 2023 21:26:10 +0200
From:   Michał Mirosław <emmir@...gle.com>
To:     Muhammad Usama Anjum <usama.anjum@...labora.com>
Cc:     Peter Xu <peterx@...hat.com>, David Hildenbrand <david@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andrei Vagin <avagin@...il.com>,
        Danylo Mocherniuk <mdanylo@...gle.com>,
        Paul Gofman <pgofman@...eweavers.com>,
        Cyrill Gorcunov <gorcunov@...il.com>,
        Mike Rapoport <rppt@...nel.org>, Nadav Amit <namit@...are.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Shuah Khan <shuah@...nel.org>,
        Christian Brauner <brauner@...nel.org>,
        Yang Shi <shy828301@...il.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        "Liam R . Howlett" <Liam.Howlett@...cle.com>,
        Yun Zhou <yun.zhou@...driver.com>,
        Suren Baghdasaryan <surenb@...gle.com>,
        Alex Sierra <alex.sierra@....com>,
        Matthew Wilcox <willy@...radead.org>,
        Pasha Tatashin <pasha.tatashin@...een.com>,
        Axel Rasmussen <axelrasmussen@...gle.com>,
        "Gustavo A . R . Silva" <gustavoars@...nel.org>,
        Dan Williams <dan.j.williams@...el.com>,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-mm@...ck.org, linux-kselftest@...r.kernel.org,
        Greg KH <gregkh@...uxfoundation.org>, kernel@...labora.com
Subject: Re: [PATCH v28 5/6] mm/pagemap: add documentation of PAGEMAP_SCAN IOCTL

On Wed, 9 Aug 2023 at 08:16, Muhammad Usama Anjum
<usama.anjum@...labora.com> wrote:
> Add some explanation and method to use write-protection and written-to
> on memory range.
[...]
> --- a/Documentation/admin-guide/mm/pagemap.rst
> +++ b/Documentation/admin-guide/mm/pagemap.rst
> @@ -227,3 +227,67 @@ Before Linux 3.11 pagemap bits 55-60 were used for "page-shift" (which is
>  always 12 at most architectures). Since Linux 3.11 their meaning changes
>  after first clear of soft-dirty bits. Since Linux 4.2 they are used for
>  flags unconditionally.
> +
> +Pagemap Scan IOCTL
> +==================
> +
> +The ``PAGEMAP_SCAN`` IOCTL on the pagemap file can be used to get or optionally
> +clear the info about page table entries. The following operations are supported
> +in this IOCTL:
> +- Get the information if the pages have Async Write-Protection enabled
> +  (``PAGE_IS_WPALLOWED``), have been written to (``PAGE_IS_WRITTEN``), file mapped
> +  (``PAGE_IS_FILE``), present (``PAGE_IS_PRESENT``), swapped (``PAGE_IS_SWAPPED``)
> +  or page has pfn zero (``PAGE_IS_PFNZERO``).

A recent addition -- PAGE_IS_HUGE -- is missing.

BTW, it could be easier to understand if the page categories were
separated from the operation description and listed so that each has
its own line and maybe a longer description where needed.

> +- Find pages which have been written to and/or write protect
> +  (atomic ``PM_SCAN_WP_MATCHING + PM_SCAN_CHECK_WPASYNC``) the pages atomically.
> +  The (``PM_SCAN_WP_MATCHING``) is used to WP the matched pages. The
> +  (``PM_SCAN_CHECK_WPASYNC``) aborts the operation if non-Async-Write-Protected
> +  pages are found.

The operation the IOCTL does now is: "scan the process page tables and
report memory ranges matching provided criteria '.
Flags extend the operation: "PM_SCAN_WP_MATCHING write protects the
memory reported" (it does it atomically, but this is just an
optimization, isn't it? A process could gather the ranges, WP them,
and then copy.)
"PM_SCAN_CHECK_WPASYNC" aborts the scan early if a non-WP-able
matching page is found.

> +The ``struct pm_scan_arg`` is used as the argument of the IOCTL.
> + 1. The size of the ``struct pm_scan_arg`` must be specified in the ``size``
> +    field. This field will be helpful in recognizing the structure if extensions
> +    are done later.
> + 2. The flags can be specified in the ``flags`` field. The ``PM_SCAN_WP_MATCHING``
> +    and ``PM_SCAN_CHECK_WPASYNC`` are the only added flags at this time. The get
> +    operation is optionally performed depending upon if the output buffer is
> +    provided or not.
> + 3. The range is specified through ``start`` and ``end``.
> + 4. The output buffer of ``struct page_region`` array and size is specified in
> +    ``vec`` and ``vec_len``.
> + 5. The optional maximum requested pages are specified in the ``max_pages``.
> + 6. The masks are specified in ``category_mask``, ``category_anyof_mask``,
> +    ``category_inverted`` and ``return_mask``.
> +    1.  To find if ``PAGE_IS_WRITTEN`` flag is set for pages which have
> +        ``PAGE_IS_FILE`` set and ``PAGE_IS_SWAPPED`` unset, ``category_mask``
> +        is set to ``PAGE_IS_FILE | PAGE_IS_SWAPPED``, ``category_inverted`` is
> +        set to ``PAGE_IS_SWAPPED`` and ``return_mask`` is set to ``PAGE_IS_WRITTEN``.
> +        The output buffer in ``vec`` and length must be specified in ``vec_len``.
> +    2. To find pages which have either ``PAGE_IS_FILE`` or ``PAGE_IS_SWAPPED``
> +       set, ``category_anyof_mask`` is set to  ``PAGE_IS_FILE | PAGE_IS_SWAPPED``.
> +    3. To find written pages and engage write protect, ``PAGE_IS_WRITTEN`` is
> +       specified in ``category_mask`` and ``return_mask``. In addition to
> +       specifying the output buffer in ``vec`` and length in ``vec_len``, the
> +       ``PM_SCAN_WP_MATCHING`` is specified in ``flags`` to perform write protect
> +       on the range as well.

Could this be rewritten as examples? E.g.:

Finding dirty file-backed pages:

struct pm_scan_arg arg = {
 .size = sizeof(arg),
  .flags = 0,
 ...
   .category_mask = ...,
   .return_mask = ...
};
ssize_t n = ioctl(..., &arg);

Find dirty pages and write protect them in the same call:

arg = { ... };
do {
  ... ioctl(...)
} while(...);

(The code snippets heavily commented.)

> +The ``PAGE_IS_WRITTEN`` flag can be considered as the better and correct

"as a better-performing alternative"

> +alternative of soft-dirty flag. It doesn't get affected by housekeeping chores
> +(VMA merging) of the kernel and hence the user can find the true soft-dirty pages
> +only.

This is still an optimization, e.g. in THP case there might be too
many pages reported?

> + This IOCTL adds the atomic way to find which pages have been written and
> +write protect those pages again. This kind of operation is needed to efficiently
> +find out which pages have changed in the memory.

This repeats the description of PM_SCAN_WP_MATCHING -- I suggest
removing this part.

> +To get information about which pages have been written to or optionally write
> +protect the pages, following must be performed first in order:

"PAGE_IS_WRITTEN" category is used with uffd write protect-enabled
ranges to implement memory dirty tracking in userspace:

> + 1. The userfaultfd file descriptor is created with ``userfaultfd`` syscall.
> + 2. The ``UFFD_FEATURE_WP_UNPOPULATED`` and ``UFFD_FEATURE_WP_ASYNC`` features
> +    are set by ``UFFDIO_API`` IOCTL.
> + 3. The memory range is registered with ``UFFDIO_REGISTER_MODE_WP`` mode
> +    through ``UFFDIO_REGISTER`` IOCTL.
> + 4. Then any part of the registered memory or the whole memory region must
> +    be write protected using ``PAGEMAP_SCAN`` IOCTL with flag ``PM_SCAN_OP_WP``
> +    or the ``UFFDIO_WRITEPROTECT`` IOCTL can be used. Both of these perform the
> +    same operation. The former is better in terms of performance.

I guess that the UFFD performance could be fixed? But this part refers
to the old PM_SCAN_OP_WP, so an updated example is needed.

> + 5. Now the ``PAGEMAP_SCAN`` IOCTL can be used to either just find pages which
> +    have been written to and/or optionally write protect the pages as well.

"find the pages written to since they were last write protected", but
this sounds contradicting: we look for pages that were WP but written
anyway. (IOW: marking write-protected is an implementation detail -
the ioctl is to find pages that changed since they were last marked.)
Maybe we should call the operation "marking CLEAN" or alike?

Best Regards
Michał Mirosław

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ