From: Peter Xu <peterx@redhat.com>
To: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Cc: David Hildenbrand <david@redhat.com>,
Hugh Dickins <hughd@google.com>, Maya Gokhale <gokhale2@llnl.gov>,
Jerome Glisse <jglisse@redhat.com>,
Pavel Emelyanov <xemul@virtuozzo.com>,
Johannes Weiner <hannes@cmpxchg.org>,
peterx@redhat.com, Martin Cracauer <cracauer@cons.org>,
Denis Plotnikov <dplotnikov@virtuozzo.com>,
Shaohua Li <shli@fb.com>, Andrea Arcangeli <aarcange@redhat.com>,
Mike Kravetz <mike.kravetz@oracle.com>,
Marty McFadden <mcfadden8@llnl.gov>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Mel Gorman <mgorman@suse.de>,
"Kirill A . Shutemov" <kirill@shutemov.name>,
"Dr . David Alan Gilbert" <dgilbert@redhat.com>
Subject: [PATCH v5 12/25] userfaultfd: wp: apply _PAGE_UFFD_WP bit
Date: Thu, 20 Jun 2019 10:19:55 +0800 [thread overview]
Message-ID: <20190620022008.19172-13-peterx@redhat.com> (raw)
In-Reply-To: <20190620022008.19172-1-peterx@redhat.com>
Firstly, introduce two new flags MM_CP_UFFD_WP[_RESOLVE] for
change_protection() when used with uffd-wp and make sure the two new
flags are exclusively used. Then,
- For MM_CP_UFFD_WP: apply the _PAGE_UFFD_WP bit and remove _PAGE_RW
when a range of memory is write protected by uffd
- For MM_CP_UFFD_WP_RESOLVE: remove the _PAGE_UFFD_WP bit and recover
_PAGE_RW when write protection is resolved from userspace
And use this new interface in mwriteprotect_range() to replace the old
MM_CP_DIRTY_ACCT.
Do this change for both PTEs and huge PMDs. Then we can start to
identify which PTE/PMD is write protected by general (e.g., COW or soft
dirty tracking), and which is for userfaultfd-wp.
Since we should keep the _PAGE_UFFD_WP when doing pte_modify(), add it
into _PAGE_CHG_MASK as well. Meanwhile, since we have this new bit, we
can be even more strict when detecting uffd-wp page faults in either
do_wp_page() or wp_huge_pmd().
After we're with _PAGE_UFFD_WP, a special case is when a page is both
protected by the general COW logic and also userfault-wp. Here the
userfault-wp will have higher priority and will be handled first.
Only after the uffd-wp bit is cleared on the PTE/PMD will we continue
to handle the general COW. These are the steps on what will happen
with such a page:
1. CPU accesses write protected shared page (so both protected by
general COW and uffd-wp), blocked by uffd-wp first because in
do_wp_page we'll handle uffd-wp first, so it has higher priority
than general COW.
2. Uffd service thread receives the request, do UFFDIO_WRITEPROTECT
to remove the uffd-wp bit upon the PTE/PMD. However here we
still keep the write bit cleared. Notify the blocked CPU.
3. The blocked CPU resumes the page fault process with a fault
retry, during retry it'll notice it was not with the uffd-wp bit
this time but it is still write protected by general COW, then
it'll go though the COW path in the fault handler, copy the page,
apply write bit where necessary, and retry again.
4. The CPU will be able to access this page with write bit set.
Suggested-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
---
include/linux/mm.h | 5 +++++
mm/huge_memory.c | 18 +++++++++++++++++-
mm/memory.c | 4 ++--
mm/mprotect.c | 17 +++++++++++++++++
mm/userfaultfd.c | 8 ++++++--
5 files changed, 47 insertions(+), 5 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index a93ac1c37940..beca76650271 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1719,6 +1719,11 @@ extern unsigned long move_page_tables(struct vm_area_struct *vma,
#define MM_CP_DIRTY_ACCT (1UL << 0)
/* Whether this protection change is for NUMA hints */
#define MM_CP_PROT_NUMA (1UL << 1)
+/* Whether this change is for write protecting */
+#define MM_CP_UFFD_WP (1UL << 2) /* do wp */
+#define MM_CP_UFFD_WP_RESOLVE (1UL << 3) /* Resolve wp */
+#define MM_CP_UFFD_WP_ALL (MM_CP_UFFD_WP | \
+ MM_CP_UFFD_WP_RESOLVE)
extern unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgprot_t newprot,
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index b7149a0acac1..3fda79f6746b 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -1911,6 +1911,8 @@ int change_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd,
bool preserve_write;
int ret;
bool prot_numa = cp_flags & MM_CP_PROT_NUMA;
+ bool uffd_wp = cp_flags & MM_CP_UFFD_WP;
+ bool uffd_wp_resolve = cp_flags & MM_CP_UFFD_WP_RESOLVE;
ptl = __pmd_trans_huge_lock(pmd, vma);
if (!ptl)
@@ -1977,6 +1979,17 @@ int change_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd,
entry = pmd_modify(entry, newprot);
if (preserve_write)
entry = pmd_mk_savedwrite(entry);
+ if (uffd_wp) {
+ entry = pmd_wrprotect(entry);
+ entry = pmd_mkuffd_wp(entry);
+ } else if (uffd_wp_resolve) {
+ /*
+ * Leave the write bit to be handled by PF interrupt
+ * handler, then things like COW could be properly
+ * handled.
+ */
+ entry = pmd_clear_uffd_wp(entry);
+ }
ret = HPAGE_PMD_NR;
set_pmd_at(mm, addr, pmd, entry);
BUG_ON(vma_is_anonymous(vma) && !preserve_write && pmd_write(entry));
@@ -2125,7 +2138,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
struct page *page;
pgtable_t pgtable;
pmd_t old_pmd, _pmd;
- bool young, write, soft_dirty, pmd_migration = false;
+ bool young, write, soft_dirty, pmd_migration = false, uffd_wp = false;
unsigned long addr;
int i;
@@ -2207,6 +2220,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
write = pmd_write(old_pmd);
young = pmd_young(old_pmd);
soft_dirty = pmd_soft_dirty(old_pmd);
+ uffd_wp = pmd_uffd_wp(old_pmd);
}
VM_BUG_ON_PAGE(!page_count(page), page);
page_ref_add(page, HPAGE_PMD_NR - 1);
@@ -2240,6 +2254,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
entry = pte_mkold(entry);
if (soft_dirty)
entry = pte_mksoft_dirty(entry);
+ if (uffd_wp)
+ entry = pte_mkuffd_wp(entry);
}
pte = pte_offset_map(&_pmd, addr);
BUG_ON(!pte_none(*pte));
diff --git a/mm/memory.c b/mm/memory.c
index 05bcd741855b..d79e6d1f8c62 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2579,7 +2579,7 @@ static vm_fault_t do_wp_page(struct vm_fault *vmf)
{
struct vm_area_struct *vma = vmf->vma;
- if (userfaultfd_wp(vma)) {
+ if (userfaultfd_pte_wp(vma, *vmf->pte)) {
pte_unmap_unlock(vmf->pte, vmf->ptl);
return handle_userfault(vmf, VM_UFFD_WP);
}
@@ -3800,7 +3800,7 @@ static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf)
static inline vm_fault_t wp_huge_pmd(struct vm_fault *vmf, pmd_t orig_pmd)
{
if (vma_is_anonymous(vmf->vma)) {
- if (userfaultfd_wp(vmf->vma))
+ if (userfaultfd_huge_pmd_wp(vmf->vma, orig_pmd))
return handle_userfault(vmf, VM_UFFD_WP);
return do_huge_pmd_wp_page(vmf, orig_pmd);
}
diff --git a/mm/mprotect.c b/mm/mprotect.c
index ae9caa4c6562..c7066d7384e3 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -45,6 +45,8 @@ static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
int target_node = NUMA_NO_NODE;
bool dirty_accountable = cp_flags & MM_CP_DIRTY_ACCT;
bool prot_numa = cp_flags & MM_CP_PROT_NUMA;
+ bool uffd_wp = cp_flags & MM_CP_UFFD_WP;
+ bool uffd_wp_resolve = cp_flags & MM_CP_UFFD_WP_RESOLVE;
/*
* Can be called with only the mmap_sem for reading by
@@ -116,6 +118,19 @@ static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
if (preserve_write)
ptent = pte_mk_savedwrite(ptent);
+ if (uffd_wp) {
+ ptent = pte_wrprotect(ptent);
+ ptent = pte_mkuffd_wp(ptent);
+ } else if (uffd_wp_resolve) {
+ /*
+ * Leave the write bit to be handled
+ * by PF interrupt handler, then
+ * things like COW could be properly
+ * handled.
+ */
+ ptent = pte_clear_uffd_wp(ptent);
+ }
+
/* Avoid taking write faults for known dirty pages */
if (dirty_accountable && pte_dirty(ptent) &&
(pte_soft_dirty(ptent) ||
@@ -302,6 +317,8 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
{
unsigned long pages;
+ BUG_ON((cp_flags & MM_CP_UFFD_WP_ALL) == MM_CP_UFFD_WP_ALL);
+
if (is_vm_hugetlb_page(vma))
pages = hugetlb_change_protection(vma, start, end, newprot);
else
diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
index c8e7846e9b7e..5363376cb07a 100644
--- a/mm/userfaultfd.c
+++ b/mm/userfaultfd.c
@@ -73,8 +73,12 @@ static int mcopy_atomic_pte(struct mm_struct *dst_mm,
goto out_release;
_dst_pte = pte_mkdirty(mk_pte(page, dst_vma->vm_page_prot));
- if ((dst_vma->vm_flags & VM_WRITE) && !wp_copy)
- _dst_pte = pte_mkwrite(_dst_pte);
+ if (dst_vma->vm_flags & VM_WRITE) {
+ if (wp_copy)
+ _dst_pte = pte_mkuffd_wp(_dst_pte);
+ else
+ _dst_pte = pte_mkwrite(_dst_pte);
+ }
dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl);
if (dst_vma->vm_file) {
--
2.21.0
next prev parent reply other threads:[~2019-06-20 2:22 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-20 2:19 [PATCH v5 00/25] userfaultfd: write protection support Peter Xu
2019-06-20 2:19 ` [PATCH v5 01/25] mm: gup: rename "nonblocking" to "locked" where proper Peter Xu
2019-06-20 2:19 ` [PATCH v5 02/25] mm: userfault: return VM_FAULT_RETRY on signals Peter Xu
2019-06-22 18:02 ` Linus Torvalds
2019-06-22 18:02 ` Linus Torvalds
2019-06-24 7:42 ` Peter Xu
2019-06-24 13:31 ` Linus Torvalds
2019-06-24 13:31 ` Linus Torvalds
2019-06-25 5:30 ` Peter Xu
2019-06-26 1:59 ` Linus Torvalds
2019-06-26 1:59 ` Linus Torvalds
2019-06-26 7:43 ` Peter Xu
2019-06-20 2:19 ` [PATCH v5 03/25] userfaultfd: don't retake mmap_sem to emulate NOPAGE Peter Xu
2019-06-20 2:19 ` [PATCH v5 04/25] mm: allow VM_FAULT_RETRY for multiple times Peter Xu
2019-06-20 2:19 ` [PATCH v5 05/25] mm: gup: " Peter Xu
2019-06-20 2:19 ` [PATCH v5 06/25] userfaultfd: wp: add helper for writeprotect check Peter Xu
2019-06-20 2:19 ` [PATCH v5 07/25] userfaultfd: wp: hook userfault handler to write protection fault Peter Xu
2019-06-20 2:19 ` [PATCH v5 08/25] userfaultfd: wp: add WP pagetable tracking to x86 Peter Xu
2019-06-20 2:19 ` [PATCH v5 09/25] userfaultfd: wp: userfaultfd_pte/huge_pmd_wp() helpers Peter Xu
2019-06-20 2:19 ` [PATCH v5 10/25] userfaultfd: wp: add UFFDIO_COPY_MODE_WP Peter Xu
2019-06-20 2:19 ` [PATCH v5 11/25] mm: merge parameters for change_protection() Peter Xu
2019-06-20 2:19 ` Peter Xu [this message]
2019-06-20 2:19 ` [PATCH v5 13/25] userfaultfd: wp: drop _PAGE_UFFD_WP properly when fork Peter Xu
2019-06-20 2:19 ` [PATCH v5 14/25] userfaultfd: wp: add pmd_swp_*uffd_wp() helpers Peter Xu
2019-06-20 2:19 ` [PATCH v5 15/25] userfaultfd: wp: support swap and page migration Peter Xu
2019-06-20 2:19 ` [PATCH v5 16/25] khugepaged: skip collapse if uffd-wp detected Peter Xu
2019-06-20 2:20 ` [PATCH v5 17/25] userfaultfd: introduce helper vma_find_uffd Peter Xu
2019-06-20 2:20 ` [PATCH v5 18/25] userfaultfd: wp: support write protection for userfault vma range Peter Xu
2019-06-20 2:20 ` [PATCH v5 19/25] userfaultfd: wp: add the writeprotect API to userfaultfd ioctl Peter Xu
2019-06-20 2:20 ` [PATCH v5 20/25] userfaultfd: wp: enabled write protection in userfaultfd API Peter Xu
2019-06-20 2:20 ` [PATCH v5 21/25] userfaultfd: wp: don't wake up when doing write protect Peter Xu
2019-06-20 2:20 ` [PATCH v5 22/25] userfaultfd: wp: UFFDIO_REGISTER_MODE_WP documentation update Peter Xu
2019-06-20 2:20 ` [PATCH v5 23/25] userfaultfd: wp: declare _UFFDIO_WRITEPROTECT conditionally Peter Xu
2019-06-20 2:20 ` [PATCH v5 24/25] userfaultfd: selftests: refactor statistics Peter Xu
2019-06-20 2:20 ` [PATCH v5 25/25] userfaultfd: selftests: add write-protect test Peter Xu
2019-06-23 8:39 ` [PATCH v5 10/25] userfaultfd: wp: add UFFDIO_COPY_MODE_WP Hillf Danton
2020-02-18 3:59 ` [PATCH v5 00/25] userfaultfd: write protection support Bobby Powers
2020-02-18 3:59 ` Bobby Powers
2020-02-18 16:11 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190620022008.19172-13-peterx@redhat.com \
--to=peterx@redhat.com \
--cc=aarcange@redhat.com \
--cc=cracauer@cons.org \
--cc=david@redhat.com \
--cc=dgilbert@redhat.com \
--cc=dplotnikov@virtuozzo.com \
--cc=gokhale2@llnl.gov \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=jglisse@redhat.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mcfadden8@llnl.gov \
--cc=mgorman@suse.de \
--cc=mike.kravetz@oracle.com \
--cc=rppt@linux.vnet.ibm.com \
--cc=shli@fb.com \
--cc=xemul@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.