From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5FDFC433FE for ; Mon, 17 Jan 2022 12:07:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DB8C36B0071; Mon, 17 Jan 2022 07:07:12 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D68B36B0073; Mon, 17 Jan 2022 07:07:12 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C2F9C6B0074; Mon, 17 Jan 2022 07:07:12 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0020.hostedemail.com [216.40.44.20]) by kanga.kvack.org (Postfix) with ESMTP id B2AAD6B0071 for ; Mon, 17 Jan 2022 07:07:12 -0500 (EST) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 75816181CB2B3 for ; Mon, 17 Jan 2022 12:07:12 +0000 (UTC) X-FDA: 79039653504.10.56EAB00 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by imf16.hostedemail.com (Postfix) with ESMTP id 071CB180007 for ; Mon, 17 Jan 2022 12:07:11 +0000 (UTC) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 83662218D9; Mon, 17 Jan 2022 12:07:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1642421230; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8wkzKP9fLaXgY2a15LPiUHP/MrlisWENBuhkJSBf/QU=; b=kNb5VDqUDcUOSjDX9wymuegh2X8rUC59WA+0d6Zyo2W8ZD7GuYdlA431BY3DOwkVmTsPL5 kVY1RQ5qp6bpJliUScrG6/6JLNPJhwtOtfpSPnO5Lgsuj+0vFHcS0dg/UaH7xGMg46lOr2 g6AW5+n0No6qA4hRs9GCAaeoHhFXskY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1642421230; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8wkzKP9fLaXgY2a15LPiUHP/MrlisWENBuhkJSBf/QU=; b=m67dT4VpSWB6XKHgCurhF+5EJtfsirc8OPfSlHxDkvKLbLVxSW2WL/EJjWhqIH2VR3e8gc 0DoJBgdwajv0gNAA== Received: from quack3.suse.cz (unknown [10.163.28.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 68A83A3BA5; Mon, 17 Jan 2022 12:07:10 +0000 (UTC) Received: by quack3.suse.cz (Postfix, from userid 1000) id A615BA05E4; Mon, 17 Jan 2022 13:07:04 +0100 (CET) Date: Mon, 17 Jan 2022 13:07:04 +0100 From: Jan Kara To: Matthew Wilcox Cc: Jan Kara , John Hubbard , linux-mm@kvack.org, Andrew Morton , Christoph Hellwig Subject: Re: [PATCH 14/17] gup: Convert for_each_compound_head() to gup_for_each_folio() Message-ID: <20220117120704.awee5vpk4tqepn4w@quack3.lan> References: <20220102215729.2943705-1-willy@infradead.org> <20220102215729.2943705-15-willy@infradead.org> <20c2d9d3-bbbe-2f11-f6bf-a0e3578c6a71@nvidia.com> <20220110152208.w3tj5hjnbwjd6n2l@quack3.lan> <20220110203611.7s2lg4cyejj5l5ah@quack3.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 071CB180007 X-Stat-Signature: 6pbbz1upbwmj6prp9s5szxnb186w85cj Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=kNb5VDqU; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=m67dT4Vp; spf=pass (imf16.hostedemail.com: domain of jack@suse.cz designates 195.135.220.28 as permitted sender) smtp.mailfrom=jack@suse.cz; dmarc=none X-Rspamd-Server: rspam07 X-HE-Tag: 1642421231-887946 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon 10-01-22 21:10:36, Matthew Wilcox wrote: > On Mon, Jan 10, 2022 at 09:36:11PM +0100, Jan Kara wrote: > > On Mon 10-01-22 15:52:51, Matthew Wilcox wrote: > > > On Mon, Jan 10, 2022 at 04:22:08PM +0100, Jan Kara wrote: > > > > On Sun 09-01-22 00:01:49, John Hubbard wrote: > > > > > On 1/8/22 20:39, Matthew Wilcox wrote: > > > > > > On Wed, Jan 05, 2022 at 12:17:46AM -0800, John Hubbard wrote: > > > > > > > > + if (!folio_test_dirty(folio)) { > > > > > > > > + folio_lock(folio); > > > > > > > > + folio_mark_dirty(folio); > > > > > > > > + folio_unlock(folio); > > > > > > > > > > > > > > At some point, maybe even here, I suspect that creating the folio > > > > > > > version of set_page_dirty_lock() would help. I'm sure you have > > > > > > > a better feel for whether it helps, after doing all of this conversion > > > > > > > work, but it just sort of jumped out at me as surprising to see it > > > > > > > in this form. > > > > > > > > > > > > I really hate set_page_dirty_lock(). It smacks of "there is a locking > > > > > > rule here which we're violating, so we'll just take the lock to fix it" > > > > > > without understanding why there's a locking problem here. > > > > > > > > > > > > As far as I can tell, originally, the intent was that you would lock > > > > > > the page before modifying any of the data in the page. ie you would > > > > > > do: > > > > > > > > > > > > gup() > > > > > > lock_page() > > > > > > addr = kmap_page() > > > > > > *addr = 1; > > > > > > kunmap_page() > > > > > > set_page_dirty() > > > > > > unlock_page() > > > > > > put_page() > > > > > > > > > > > > and that would prevent races between modifying the page and (starting) > > > > > > writeback, not to mention truncate() and various other operations. > > > > > > > > > > > > Clearly we can't do that for DMA-pinned pages. There's only one lock > > > > > > bit. But do we even need to take the lock if we have the page pinned? > > > > > > What are we protecting against? > > > > > > > > > > This is a fun question, because you're asking it at a point when the > > > > > overall problem remains unsolved. That is, the interaction between > > > > > file-backed pages and gup/pup is still completely broken. > > > > > > > > > > And I don't have an answer for you: it does seem like lock_page() is > > > > > completely pointless here. Looking back, there are some 25 callers of > > > > > unpin_user_pages_dirty_lock(), and during all those patch reviews, no > > > > > one noticed this point! > > > > > > > > I'd say it is underdocumented but not obviously pointless :) AFAIR (and > > > > Christoph or Andrew may well correct me) the page lock in > > > > set_page_dirty_lock() is there to protect metadata associated with the page > > > > through page->private. Otherwise truncate could free these (e.g. > > > > block_invalidatepage()) while ->set_page_dirty() callback (e.g. > > > > __set_page_dirty_buffers()) works on this metadata. > > > > > > Yes, but ... we have an inconsistency between DMA writes to the page and > > > CPU writes to the page. > > > > > > fd = open(file) > > > write(fd, 1024 * 1024) > > > mmap(NULL, 1024 * 1024, PROT_RW, MAP_SHARED, fd, 0) > > > register-memory-with-RDMA > > > ftruncate(fd, 0); // page is removed from page cache > > > ftruncate(fd, 1024 * 1024) > > > > > > Now if we do a store from the CPU, we instantiate a new page in the > > > page cache and the store will be written back to the file. If we do > > > an RDMA-write, the write goes to the old page and will be lost. Indeed, > > > it's no longer visible to the CPU (but is visible to other RDMA reads!) > > > > > > Which is fine if the program did it itself because it's doing something > > > clearly bonkers, but another program might be the one doing the > > > two truncate() steps, and this would surprise an innocent program. > > > > > > I still favour blocking the truncate-down (or holepunch) until there > > > are no pinned pages in the inode. But I know this is a change in > > > behaviour since for some reason, truncate() gets to override mmap(). > > > > I agree although this is unrelated to the page lock discussion above. In > > principle we can consider such change (after all we chose this solution for > > DAX) but it has some consequences - e.g. that disk space cannot be > > reclaimed when someone has pagecache pages pinned (which may be unexpected > > from sysadmin POV) or that we have to be careful or eager application > > doing DIO (once it is converted to pinning) can block truncate > > indefinitely. > > It's not unrelated ... once we figure out how to solve this problem, > the set_page_dirty() call happens while the page is still DMA-pinned, > so any solution can be applicable to both places. Maybe the solution > to truncate vs DMA-pin won't be applicable to both ... > > As far as badly behaved applications doing DMA-pinning blocking truncate() > goes, have we considered the possibility of declining the DMA pin if the > process does not own the mmaped file? That would limit the amount of > trouble it can cause, but maybe it would break some interesting use cases. Sorry for delayed reply, this fell through the cracks. IMO this isn't going to fly. 1) Direct IO needs to use DMA pinning for its buffers and you cannot regress that by changing required permissions. 2) Also requiring file ownership for such operation looks a bit weird from userspace POV. Userspace is just using mmaped files, why should it require extra priviledges? 3) It would be definitive goodbye to GUP-fast for pinning. Honza -- Jan Kara SUSE Labs, CR