From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE506C433F5 for ; Thu, 23 Sep 2021 04:18:01 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 84A6161090 for ; Thu, 23 Sep 2021 04:18:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 84A6161090 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 0FBBB900002; Thu, 23 Sep 2021 00:18:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0859E6B0071; Thu, 23 Sep 2021 00:18:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E67FF900002; Thu, 23 Sep 2021 00:18:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0181.hostedemail.com [216.40.44.181]) by kanga.kvack.org (Postfix) with ESMTP id D1A976B006C for ; Thu, 23 Sep 2021 00:18:00 -0400 (EDT) Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 7924530152 for ; Thu, 23 Sep 2021 04:18:00 +0000 (UTC) X-FDA: 78617530320.08.BA089F8 Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by imf18.hostedemail.com (Postfix) with ESMTP id 398244002085 for ; Thu, 23 Sep 2021 04:18:00 +0000 (UTC) Received: by mail-wr1-f49.google.com with SMTP id t8so13311703wri.1 for ; Wed, 22 Sep 2021 21:18:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wwz3xT4jz1lCoxKDZBldnsOpbclkpwP/7ynQgLAOUHM=; b=qvAwMSZBdrRC2mdukPHKwdwMPAfViwUcGfT54bhT915wZF00azFOpb+EOagOZQIEZp s6lkW+kIz+joW/JB5RYAI5LLUif+tjQmKWUjR4ImrNvPPvhSgjcHQhAqBhSGD2I7EKe2 ySBvdn84LsBQMn9N5COawJaCKxkvk3lCffT5J86BWNCz+A4maVhwzxD9KrXQAR2YCW3y LAu9axc/H1F6z5x2ybrkw0tG+9DRO+biL0juaGL3lmlMIf8rzpzl2IK05hFEZN+23TTd ltciIc+P31jiXIht70EfdYUjydYPcbbkf13d62iY8uG4cn3bEhYEWBxKPJIPYnl29pI1 OdiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wwz3xT4jz1lCoxKDZBldnsOpbclkpwP/7ynQgLAOUHM=; b=OyQcMVJPZKHhmP42DeVdWn1aOVQ5AGYNdGO82f//JtTlWfx0xWgCd5i/geEBmZpjII 6s6yJu98nYYy0E3AB9ItRAgHGxetzsQn8A+SHF+3VVX7SNh9KL6cGxl2CWqWk8zXjDMK dB7LpKRN23GWRbcZvs9uTt1TLNpTaLvNM7HKJkPOpn4eOkQd+HfuaVBLOTy20AxKeqc5 fMT1fKgol4b12cNscXnK8AC1cMAVipigS0K3HI1XTAWcqAKH1f4xpixMBgq+9NNF3aDA dvsltdSpqZa+ABxdJnYn8HiUDdY9yx84DCoRDQfccL0Z4F/jPmBIMg2Yaj2gL7KjjSSj AHoQ== X-Gm-Message-State: AOAM5317BY7iTjZSDO4hgto0Kkg7pnFK9ZHkeilukAtkbgBiWir8I5QF LDNStG4u/auHIS7STsie1Gcxkmse7Om7k//5glJKKg== X-Google-Smtp-Source: ABdhPJzzWDVXW7SYmpK56KayGBqKhCZCXE4NQ4dhCewYYN78rq+Cc8gA/Wd6cyZSlmCC1NptXnEaICo1LPucnW43vtM= X-Received: by 2002:a7b:cc14:: with SMTP id f20mr2124849wmh.137.1632370678382; Wed, 22 Sep 2021 21:17:58 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: James Houghton Date: Wed, 22 Sep 2021 21:17:46 -0700 Message-ID: Subject: Re: [PATCH 1/3] userfaultfd/selftests: fix feature support detection To: Peter Xu Cc: Axel Rasmussen , Andrew Morton , Shuah Khan , Linux MM , Linuxkselftest , LKML , Jue Wang Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 398244002085 X-Stat-Signature: kjzcy7gnqyi45njx17ngyeyysukbofyh Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=qvAwMSZB; spf=pass (imf18.hostedemail.com: domain of jthoughton@google.com designates 209.85.221.49 as permitted sender) smtp.mailfrom=jthoughton@google.com; dmarc=pass (policy=reject) header.from=google.com X-HE-Tag: 1632370680-957428 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Sep 22, 2021 at 4:49 PM Peter Xu wrote: > > On Wed, Sep 22, 2021 at 03:29:42PM -0700, Axel Rasmussen wrote: > > On Wed, Sep 22, 2021 at 2:52 PM Peter Xu wrote: > > > > > > On Wed, Sep 22, 2021 at 01:54:53PM -0700, Axel Rasmussen wrote: > > > > On Wed, Sep 22, 2021 at 10:33 AM Peter Xu wrote: > > > > > > > > > > Hello, Axel, > > > > > > > > > > On Wed, Sep 22, 2021 at 10:04:03AM -0700, Axel Rasmussen wrote: > > > > > > Thanks for discussing the design Peter. I have some ideas which might > > > > > > make for a nicer v2; I'll massage the code a bit and see what I can > > > > > > come up with. > > > > > > > > > > Sure thing. Note again that as I don't have a strong opinion on that, feel > > > > > free to keep it. However if you provide v2, I'll read. > > > > > > > > > > [off-topic below] > > > > > > > > > > Another thing I probably have forgot but need your confirmation is, when you > > > > > worked on uffd minor mode, did you explicitly disable thp, or is it allowed? > > > > > > > > I gave a more detailed answer in the other thread, but: currently it > > > > is allowed, but this was a bug / oversight on my part. :) THP collapse > > > > can break the guarantees minor fault registration is trying to > > > > provide. > > > > > > I've replied there: > > > > > > https://lore.kernel.org/linux-mm/YUueOUfoamxOvEyO@t490s/ > > > > > > We can try to keep the discussion unified there regarding this. > > > > > > > But there's another scenario: what if the collapse happened well > > > > before registration happened? > > > > > > Maybe yes, but my understanding of the current uffd-minor scenario tells me > > > that this is fine too. Meanwhile I actually have another idea regarding minor > > > mode, please continue reading. > > > > > > Firstly, let me try to re-cap on how minor mode is used in your production > > > systems: I believe there should have two processes A and B, if A is the main > > > process, B could be the migration process. B migrates pages in the background, > > > while A so far should have been stopped and never ran. When we want to start > > > A, we should register A with uffd-minor upon the whole range (note: I think so > > > far A does not have any pgtable mapped within uffd-minor range). Then any page > > > access of A should kick B and asking "whether it is the latest page", if yes > > > then UFFDIO_CONTINUE, if no then B modifies the page, plus UFFDIO_CONTINUE > > > afterwards. Am I right above? > > > > > > So if that's the case, then A should have no page table at all. > > > > > > Then, is that a problem if the shmem file that A maps contains huge thps? I > > > think no - because UFFDIO_CONTINUE will only install small pages. > > > > > > Let me know if I'm understanding it right above; I'll be happy to be corrected. > > > > Right, except that our use case is even more similar to QEMU: the code > > doing UFFDIO_CONTINUE / demand paging, and the code running the vCPUs, > > are in the same process (same mm) - just different threads. > > I see. > > > > > > > > > Actually besides this scenario, I'm also thinking of another scenario of using > > > minor fault in a single process - that's mostly what QEMU is doing right now, > > > as QEMU has the vcpu threads and migration thread sharing a single mm/pgtable. > > > So I think it'll be great to have a new madvise(MADV_ZAP) which will tear down > > > all the file-backed memory pgtables of a specific range. I think it'll suite > > > perfectly for the minor fault use case, and it can be used for other things > > > too. Let me know what you think about this idea, and whether that'll help in > > > your case too (e.g., if you worry a current process A mapped huge shmem thp > > > somewhere, we can use madvise(MADV_ZAP) to drop it). > > > > Yes, this would be convenient for our implementation too. :) There are > > workarounds if the feature doesn't exist, but it would be nice to > > have. > > Could I know what's the workaround? Normally if the workaround works solidly, > then there's less need to introduce a kernel interface for that. Otherwise I'm > glad to look into such a formal proposal. The workaround is, for the region that you want to zap, run through this sequence of syscalls: mumap, mmap, and re-register with userfaultfd if it was registered before. If we're using tmpfs, we can use madvise(DONTNEED) instead, but this is kind of an abuse of the API. I don't think there's a guarantee that the PTEs will get zapped, but currently they will always get zapped if we're using tmpfs. I really like the idea of adding a new madvise() mode that is guaranteed to zap the PTEs. > > > It's also useful for memory poisoning, I think, if the host > > decides some page(s) are "bad" and wants to intercept any future guest > > accesses to those page(s). > > Curious: isn't hwpoison information come from MCEs; or say, host kernel side? > Then I thought the host kernel will have full control of it already. > > Or there's other way that the host can try to detect some pages are going to be > rotten? So the userspace can do something before the kernel handles those > exceptions? Here's a general idea of how we would like to use userfaultfd to support MPR: If a guest accesses a poisoned page for the first time, we will get an MCE through the host kernel and send an MCE to the guest. The guest will now no longer be able to access this page, and we have to enforce this. After a live migration, the pages that were poisoned before probably won't still be poisoned (from the host's perspective), so we can't rely on the host kernel's MCE handling path. This is where userfaultfd and this new madvise mode come in: we can just madvise(MADV_ZAP) the poisoned page(s) on the target during a migration. Now all accesses will be routed to the VMM and we can inject an MCE. We don't *need* the new madvise mode, as we can also use fallocate(PUNCH_HOLE) (works for tmpfs and hugetlbfs), but it would be more convenient if we didn't have to use fallocate. Jue Wang can provide more context here, so I've cc'd him. There may be some things I'm wrong about, so Jue feel free to correct me. - James > > -- > Peter Xu >