From: David Hildenbrand <david@redhat.com>
To: Peter Xu <peterx@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Andrea Arcangeli <aarcange@redhat.com>,
Axel Rasmussen <axelrasmussen@google.com>,
Ives van Hoorne <ives@codesandbox.io>,
Nadav Amit <nadav.amit@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
stable@vger.kernel.org
Subject: Re: [PATCH v2 1/2] mm/migrate: Fix read-only page got writable when recover pte
Date: Tue, 15 Nov 2022 18:54:09 +0100 [thread overview]
Message-ID: <2ed12722-2359-cb07-53e7-566d959d311e@redhat.com> (raw)
In-Reply-To: <82d7a142-8c78-4168-37e9-7b677b18987a@redhat.com>
On 15.11.22 18:22, David Hildenbrand wrote:
>>> I consider UFFD-wp a special case: while the default VMA protection might
>>> state that it is writable, you actually want individual PTEs to be
>>> write-protected and have to manually remove the protection.
>>>
>>> softdirty tracking is another special case: however, softdirty tracking is
>>> enabled for the whole VMA. For remove_migration_pte() that should be fine (I
>>> guess) because writenotify is active when the VMA needs to track softdirty
>>> bits, and consequently vma->vm_page_prot has the proper default permissions.
>>>
>>>
>>> I wonder if the following (valid), for example is possible:
>>>
>>>
>>> 1) clear_refs() clears VM_SOFTDIRTY and pte_wrprotect() the pte.
>>> -> writenotify is active and vma->vm_page_prot updated accordingly
>>>
>>> VM_SOFTDIRTY is reset due to VMA merging and vma->vm_page_prot is updated
>>> accordingly. See mmap_region() where we set VM_SOFTDIRTY.
>>>
>>> If you now migrate the (still write-protected in the PTE) page, it was not
>>> writable, but it can be writable on the destination.
>>
>> I didn't even notice merging could work with soft-dirty enabled, that's
>> interesting to know.
>>
>> Yes I think it's possible and I agree it's safe, as VM_SOFTDIRTY is set for
>> the merged vma so afaiu the write bit is safe to set. We get a bunch of
>> false positives but that's how soft-dirty works.
>>
>> I think the whole problem is easier if we see this at a higher level.
>> You're discussing this from vma pov and it's fair to do so, at least I
>> agree with what you mentioned so far and I can't see anything outside
>> uffd-wp that can be affected. However, it is also true when you noticed we
>> already have quite a few paragraphs trying to discuss the safety for this
>> and that, that's the part where I think we need justification and it's not
>> that "natural".
Forgot to reply to that part:
No it isn't natural. But sneaking such a change into your fix seems
wrong. Touching !uffd-wp code should be separate, if we want to do this
at all (as we discussed, maybe the better/cleaner approach is to
eliminate writable migration entries if possible).
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2022-11-15 17:55 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-10 20:31 [PATCH v2 0/2] mm/migrate: Fix writable pte for read migration entry Peter Xu
2022-11-10 20:31 ` [PATCH v2 1/2] mm/migrate: Fix read-only page got writable when recover pte Peter Xu
2022-11-10 21:28 ` Nadav Amit
2022-11-10 22:09 ` Peter Xu
2022-11-10 21:53 ` Ives van Hoorne
2022-11-10 22:08 ` Peter Xu
2022-11-10 23:42 ` Alistair Popple
2022-11-13 23:56 ` Peter Xu
2022-11-14 6:22 ` Alistair Popple
2022-11-14 16:09 ` David Hildenbrand
2022-11-14 20:09 ` Peter Xu
2022-11-15 9:13 ` David Hildenbrand
2022-11-15 16:08 ` Peter Xu
2022-11-15 17:22 ` David Hildenbrand
2022-11-15 17:54 ` David Hildenbrand [this message]
2022-11-15 18:11 ` Peter Xu
2022-11-15 18:16 ` David Hildenbrand
2022-11-15 18:03 ` Peter Xu
2022-11-15 18:08 ` David Hildenbrand
2022-11-10 20:31 ` [PATCH v2 2/2] mm/uffd: Sanity check write bit for uffd-wp protected ptes Peter Xu
2022-11-11 22:06 ` kernel test robot
2022-11-13 22:33 ` Peter Xu
2022-11-12 2:59 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2ed12722-2359-cb07-53e7-566d959d311e@redhat.com \
--to=david@redhat.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=axelrasmussen@google.com \
--cc=ives@codesandbox.io \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nadav.amit@gmail.com \
--cc=peterx@redhat.com \
--cc=rppt@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.