From: Mike Rapoport <rppt@linux.ibm.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm/gup: continue VM_FAULT_RETRY processing event for pre-faults
Date: Tue, 21 May 2019 18:53:53 +0300 [thread overview]
Message-ID: <20190521155353.GC24470@rapoport-lnx> (raw)
In-Reply-To: <1557844195-18882-1-git-send-email-rppt@linux.ibm.com>
Hi,
Any comments on this?
On Tue, May 14, 2019 at 05:29:55PM +0300, Mike Rapoport wrote:
> When get_user_pages*() is called with pages = NULL, the processing of
> VM_FAULT_RETRY terminates early without actually retrying to fault-in all
> the pages.
>
> If the pages in the requested range belong to a VMA that has userfaultfd
> registered, handle_userfault() returns VM_FAULT_RETRY *after* user space
> has populated the page, but for the gup pre-fault case there's no actual
> retry and the caller will get no pages although they are present.
>
> This issue was uncovered when running post-copy memory restore in CRIU
> after commit d9c9ce34ed5c ("x86/fpu: Fault-in user stack if
> copy_fpstate_to_sigframe() fails").
>
> After this change, the copying of FPU state to the sigframe switched from
> copy_to_user() variants which caused a real page fault to get_user_pages()
> with pages parameter set to NULL.
>
> In post-copy mode of CRIU, the destination memory is managed with
> userfaultfd and lack of the retry for pre-fault case in get_user_pages()
> causes a crash of the restored process.
>
> Making the pre-fault behavior of get_user_pages() the same as the "normal"
> one fixes the issue.
>
> Fixes: d9c9ce34ed5c ("x86/fpu: Fault-in user stack if copy_fpstate_to_sigframe() fails")
> Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
> ---
> mm/gup.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/mm/gup.c b/mm/gup.c
> index 91819b8..c32ae5a 100644
> --- a/mm/gup.c
> +++ b/mm/gup.c
> @@ -936,10 +936,6 @@ static __always_inline long __get_user_pages_locked(struct task_struct *tsk,
> BUG_ON(ret >= nr_pages);
> }
>
> - if (!pages)
> - /* If it's a prefault don't insist harder */
> - return ret;
> -
> if (ret > 0) {
> nr_pages -= ret;
> pages_done += ret;
> @@ -955,8 +951,12 @@ static __always_inline long __get_user_pages_locked(struct task_struct *tsk,
> pages_done = ret;
> break;
> }
> - /* VM_FAULT_RETRY triggered, so seek to the faulting offset */
> - pages += ret;
> + /*
> + * VM_FAULT_RETRY triggered, so seek to the faulting offset.
> + * For the prefault case (!pages) we only update counts.
> + */
> + if (likely(pages))
> + pages += ret;
> start += ret << PAGE_SHIFT;
>
> /*
> @@ -979,7 +979,8 @@ static __always_inline long __get_user_pages_locked(struct task_struct *tsk,
> pages_done++;
> if (!nr_pages)
> break;
> - pages++;
> + if (likely(pages))
> + pages++;
> start += PAGE_SIZE;
> }
> if (lock_dropped && *locked) {
> --
> 2.7.4
>
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2019-05-21 15:54 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-26 17:33 [PATCH] x86/fpu: Use fault_in_pages_writeable() for pre-faulting Sebastian Andrzej Siewior
2019-05-26 17:35 ` Sebastian Andrzej Siewior
2019-05-26 19:25 ` Hugh Dickins
2019-05-26 19:25 ` Hugh Dickins
2019-05-28 11:54 ` My emacs problem -- was " Pavel Machek
2019-05-29 4:18 ` Andrew Morton
2019-05-29 7:25 ` [PATCH v2] " Sebastian Andrzej Siewior
2019-05-14 14:29 ` [PATCH] mm/gup: continue VM_FAULT_RETRY processing event for pre-faults Mike Rapoport
2019-05-16 16:25 ` Andrei Vagin
2019-05-16 16:25 ` Andrei Vagin
2019-05-21 15:53 ` Mike Rapoport [this message]
2019-05-22 19:21 ` Andrew Morton
2019-05-22 19:43 ` Sebastian Andrzej Siewior
2019-05-24 22:22 ` Hugh Dickins
2019-05-24 22:22 ` Hugh Dickins
2019-05-25 8:45 ` Sebastian Andrzej Siewior
2019-05-25 18:09 ` Hugh Dickins
2019-05-25 18:09 ` Hugh Dickins
2019-05-26 19:36 ` Sebastian Andrzej Siewior
2019-05-26 20:17 ` Hugh Dickins
2019-05-26 20:17 ` Hugh Dickins
2019-05-26 17:25 ` Pavel Machek
2019-05-22 20:38 ` Mike Rapoport
2019-05-22 21:18 ` Andrew Morton
2019-06-22 17:51 ` Andrea Arcangeli
2019-06-06 17:25 ` [tip:x86/urgent] x86/fpu: Use fault_in_pages_writeable() for pre-faulting tip-bot for Hugh Dickins
2019-05-29 21:29 ` [PATCH v2] " Chris Wilson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190521155353.GC24470@rapoport-lnx \
--to=rppt@linux.ibm.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.