lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <33wnllmydtdlv4vf3rzz7ei3vg7t7x2gqqha27ib3i47lfd6mz@n3nyevb4yf26>
Date: Tue, 7 Oct 2025 16:25:48 -0400
From: "Liam R. Howlett" <Liam.Howlett@...cle.com>
To: Peter Xu <peterx@...hat.com>
Cc: David Hildenbrand <david@...hat.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org,
        Axel Rasmussen <axelrasmussen@...gle.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        James Houghton <jthoughton@...gle.com>,
        Nikita Kalyazin <kalyazin@...zon.com>,
        Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
        Ujwal Kundur <ujwal.kundur@...il.com>, Mike Rapoport <rppt@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andrea Arcangeli <aarcange@...hat.com>, Michal Hocko <mhocko@...e.com>,
        Muchun Song <muchun.song@...ux.dev>,
        Oscar Salvador <osalvador@...e.de>, Hugh Dickins <hughd@...gle.com>,
        Suren Baghdasaryan <surenb@...gle.com>
Subject: Re: [PATCH v3 1/4] mm: Introduce vm_uffd_ops API

* Peter Xu <peterx@...hat.com> [251007 15:42]:
> On Tue, Oct 07, 2025 at 02:46:46PM -0400, Liam R. Howlett wrote:
> > * Peter Xu <peterx@...hat.com> [251007 12:47]:
> > 
> > ...
> > 
> > > > > 
> > > > > This way is_vm_hugetlb_page() never really needs to be used because the
> > > > > function pointer already makes that distinction.
> > > > > 
> > > > > Right now, we have checks for hugetlb through other functions that "pass
> > > > > off to appropriate routine", and we end up translating the
> > > > > ioctl_supports into the function call eventually, anyways.
> > > > 
> > > > Right, it would be great to get rid of that. I recall I asked for such a
> > > > cleanup in RFC (or was it v1).
> > > 
> > > I didn't send RFC, likely you meant this reply in v1?
> > > 
> > > https://lore.kernel.org/all/0126fa5f-b5aa-4a17-80d6-d428105e45c7@redhat.com/
> > > 
> > >         I agree that another special-purpose file (like implemented by
> > >         guest_memfd) would need that. But if we could get rid of
> > >         "hugetlb"/"shmem" special-casing in userfaultfd, it would be a
> > >         rasonable independent cleanup.
> > > 
> > > Get rid of hugetlbfs is still not my goal as of in this series.
> > 
> > My example picked hugetlbfs because it is the most special of the types
> > of memory we have (so very special).  If the interface works for
> > hugetlbfs, then the rest will use a subset of the features and be happy.
> > 
> > IOW, doing the hard thing first makes what follows easy.  Doing the easy
> > thing first may mean rewriting the easy thing once you arrive at the
> > more difficult part.
> 
> In general I agree, but hugetlbfs is special when it is major-feature
> frozen.  IMHO we shouldn't design an API to suite hugetlbfs, but only
> trying to move it closer to all the rest of file systems as much as
> possible.
> 
> So the generic API should be designed without hugetlbfs involvement.  Then
> if there is guest-memfd / hugetlbfsv2 / ... they should fit into this API.

Since there is no end date for hugetlbfs, we should include it in the
design of modularized memory types.

And if everything is less special, the generic api that can facilitate
hugetlbfs can facilitate everything else.

> 
> > 
> > > 
> > > OTOH, I generalized shmem and removed shmem.h header from userfaultfd, but
> > > that was prior versions when with uffd_copy() and it was rejected.
> > > 
> > > What should I do now to move this series forward?  Could anyone provide a
> > > solid answer?
> > 
> > My understanding is that we need an interface for memory types so they
> > are modularised, with the short term goal of solving the faulting
> > support for guest_memfd and the long term goal of code cleanup, or at
> > least don't make things worse.
> > 
> > I think we all agree on that?
> > 
> > I propose that we need to add the minimum amount of uffd_ops to support
> > guest_memfd's specialness without creating an interface that makes
> > things worse.
> > 
> > It is very difficult to see a reason to pass in two variables (modes and
> > ioctls) to dispatch to the correct function in a struct that could
> 
> The reason is "modes" cannot directly be intepreted into ioctls.  But
> indeed ioctls can be intepreted into supported modes.
> 
> > simply point to the function in the first place.  If we can avoid that,
> > then it would be good.
> > 
> > Looking at the example you pointed to here [1], It appears the minimal
> > viable product would need to implement this:
> > 
> > uffd_ops = {
> >         .get_folio = <>,
> >         .minor_fault = <>,
> >         .atomic_fill_continue = <>,
> 
> These three are fundamentally the same thing.  As explained, if we have
> get_folio() we don't need the rest.  However we still need something to
> describe e.g. shmem supports MISSING mode.
> 

So encode ioctls into this uffd_ops, including a uffd_ops->missing_mode
and set it to NULL for all but shmem.

Without digging in and actually doing the work, I cannot really define
the exact interface needed.  If these are all not necessary, then reduce
what is there or expand it until you don't need new things defined.

> > }
> > 
> > Then shmem and hugetlb can define these and end up calling them in
> > today's spaghetti, but we are free to append more uffd_ops to reduce the
> > spaghetti later.
> > 
> > If using new #defines to clears up translations of features/modes and
> > ioctl codes, then please do that.  These should be removable once the
> > uffd_ops grows to support all necessary calls.
> > 
> > If there are places where you need to consult the modes/ioctls and a
> > translation does not work, then you could add something to uffd_ops that
> > is NULL for guest_memfd and use it to determine if the code path is
> > valid.  But this code should already exist for the other memory types.
> > 
> > What does everyone think?
> > 
> > [1]. https://lore.kernel.org/all/114133f5-0282-463d-9d65-3143aa658806@amazon.com/
> 
> Would it look better to you if I drop uffd_modes_supported, deducing it
> from uffd_ioctls_supported?
> 
> I believe that's what David mentioned very initially here:
> 
> https://lore.kernel.org/r/f1da3505-f17f-4829-80c1-696b1d99057d@redhat.com
> 
> I'd rather go with the two fields, but if we're trying to introduce another
> feature sets almost only for vm_uffd_ops, I'd prefer keeping it simple, and
> deduce the modes from ioctls.
> 
> Is that ok for you?  So it'll have (1) get_folio(), (2) supported_ioctls.
> That's all.

This is still middleware - a translation of flags passed in to figure
out what function to call.  I don't think this is the best path forward
as it means we have to complicate the layer for every user we add while
we are already providing the most flexible return of a folio.

This will end up making things worse, IMO.

Think, for example, we add hugetlbfs_v2 - every place we have
"if (is_hugetlbfs())" will now need an "else if(is_hugetlbfsv2())" to
accommodate something that probably has the same uffd_ops as hugetlbfs
v1.

Why would we do this instead of actually making your uffd_ops a complete
API, or at least a subset of the API that supports guest-memfd?

Thanks,
Liam

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ