[v6,04/23] mm/uffd: PTE_MARKER_UFFD_WP

Message ID	20211115075522.73795-5-peterx@redhat.com (mailing list archive)
State	New
Headers	show Return-Path: <SRS0=Pe7y=QC=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 07BF363211 From: Peter Xu <peterx@redhat.com> To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: Axel Rasmussen <axelrasmussen@google.com>, Nadav Amit <nadav.amit@gmail.com>, Mike Rapoport <rppt@linux.vnet.ibm.com>, Hugh Dickins <hughd@google.com>, Mike Kravetz <mike.kravetz@oracle.com>, "Kirill A . Shutemov" <kirill@shutemov.name>, Alistair Popple <apopple@nvidia.com>, Jerome Glisse <jglisse@redhat.com>, Matthew Wilcox <willy@infradead.org>, Andrew Morton <akpm@linux-foundation.org>, peterx@redhat.com, David Hildenbrand <david@redhat.com>, Andrea Arcangeli <aarcange@redhat.com> Subject: [PATCH v6 04/23] mm/uffd: PTE_MARKER_UFFD_WP Date: Mon, 15 Nov 2021 15:55:03 +0800 Message-Id: <20211115075522.73795-5-peterx@redhat.com> In-Reply-To: <20211115075522.73795-1-peterx@redhat.com> References: <20211115075522.73795-1-peterx@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	userfaultfd-wp: Support shmem and hugetlbfs \| expand [v6,00/23] userfaultfd-wp: Support shmem and hugetlbfs [v6,01/23] mm: Introduce PTE_MARKER swap entry [v6,02/23] mm: Teach core mm about pte markers [v6,03/23] mm: Check against orig_pte for finish_fault() [v6,04/23] mm/uffd: PTE_MARKER_UFFD_WP [v6,05/23] mm/shmem: Take care of UFFDIO_COPY_MODE_WP [v6,06/23] mm/shmem: Handle uffd-wp special pte in page fault handler [v6,07/23] mm/shmem: Persist uffd-wp bit across zapping for file-backed [v6,08/23] mm/shmem: Allow uffd wr-protect none pte for file-backed mem [v6,09/23] mm/shmem: Allows file-back mem to be uffd wr-protected on thps [v6,10/23] mm/shmem: Handle uffd-wp during fork() [v6,11/23] mm/hugetlb: Introduce huge pte version of uffd-wp helpers [v6,12/23] mm/hugetlb: Hook page faults for uffd write protection [v6,13/23] mm/hugetlb: Take care of UFFDIO_COPY_MODE_WP [v6,14/23] mm/hugetlb: Handle UFFDIO_WRITEPROTECT [v6,15/23] mm/hugetlb: Handle pte markers in page faults [v6,16/23] mm/hugetlb: Allow uffd wr-protect none ptes [v6,17/23] mm/hugetlb: Only drop uffd-wp special pte if required [v6,18/23] mm/hugetlb: Handle uffd-wp during fork() [v6,19/23] mm/khugepaged: Don't recycle vma pgtable if uffd-wp registered [v6,20/23] mm/pagemap: Recognize uffd-wp bit for shmem/hugetlbfs [v6,21/23] mm/uffd: Enable write protection for shmem & hugetlbfs [v6,22/23] mm: Enable PTE markers by default [v6,23/23] selftests/uffd: Enable uffd-wp for shmem/hugetlbfs

Message ID

20211115075522.73795-5-peterx@redhat.com (mailing list archive)

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 07BF363211
From: Peter Xu <peterx@redhat.com>
To: linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Cc: Axel Rasmussen <axelrasmussen@google.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Mike Rapoport <rppt@linux.vnet.ibm.com>,
	Hugh Dickins <hughd@google.com>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	"Kirill A . Shutemov" <kirill@shutemov.name>,
	Alistair Popple <apopple@nvidia.com>,
	Jerome Glisse <jglisse@redhat.com>,
	Matthew Wilcox <willy@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	peterx@redhat.com,
	David Hildenbrand <david@redhat.com>,
	Andrea Arcangeli <aarcange@redhat.com>
Subject: [PATCH v6 04/23] mm/uffd: PTE_MARKER_UFFD_WP
Date: Mon, 15 Nov 2021 15:55:03 +0800
Message-Id: <20211115075522.73795-5-peterx@redhat.com>
In-Reply-To: <20211115075522.73795-1-peterx@redhat.com>
References: <20211115075522.73795-1-peterx@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

userfaultfd-wp: Support shmem and hugetlbfs | expand

Commit Message

Peter Xu Nov. 15, 2021, 7:55 a.m. UTC

This patch introduces the 1st user of pte marker: the uffd-wp marker.

When the pte marker is installed with the uffd-wp bit set, it means this pte
was wr-protected by uffd.

We will use this special pte to arm the ptes that got either unmapped or
swapped out for a file-backed region that was previously wr-protected.  This
special pte could trigger a page fault just like swap entries.

This idea is greatly inspired by Hugh and Andrea in the discussion, which is
referenced in the links below.

Some helpers are introduced to detect whether a swap pte is uffd wr-protected.
After the pte marker introduced, one swap pte can be wr-protected in two forms:
either it is a normal swap pte and it has _PAGE_SWP_UFFD_WP set, or it's a pte
marker that has PTE_MARKER_UFFD_WP set.

Link: https://lore.kernel.org/lkml/20201126222359.8120-1-peterx@redhat.com/
Link: https://lore.kernel.org/lkml/20201130230603.46187-1-peterx@redhat.com/
Suggested-by: Andrea Arcangeli <aarcange@redhat.com>
Suggested-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
---
 include/linux/swapops.h       |  3 ++-
 include/linux/userfaultfd_k.h | 38 +++++++++++++++++++++++++++++++++++
 mm/Kconfig                    |  9 +++++++++
 3 files changed, 49 insertions(+), 1 deletion(-)

Comments

Alistair Popple Dec. 16, 2021, 5:18 a.m. UTC | #1

On Monday, 15 November 2021 6:55:03 PM AEDT Peter Xu wrote:

[...]

> +/*
> + * Returns true if this is a swap pte and was uffd-wp wr-protected in either
> + * forms (pte marker or a normal swap pte), false otherwise.
> + */
> +static inline bool pte_swp_uffd_wp_any(pte_t pte)
> +{
> +#ifdef CONFIG_PTE_MARKER_UFFD_WP
> +	if (!is_swap_pte(pte))
> +		return false;
> +
> +	if (pte_swp_uffd_wp(pte))
> +		return true;

If I'm not mistaken normal swap uffd-wp ptes can still exist when
CONFIG_PTE_MARKER_UFFD_WP=n so shouldn't this be outside the #ifdef protection?

In fact we could drop the #ifdef entirely here as it is safe to call
is_pte_marker_uffd_wp() without CONFIG_PTE_MARKER_UFFD_WP.

> +
> +	if (is_pte_marker_uffd_wp(pte))
> +		return true;
> +#endif
> +	return false;
> +}
> +
>  #endif /* _LINUX_USERFAULTFD_K_H */
> diff --git a/mm/Kconfig b/mm/Kconfig
> index 66f23c6c2032..f01c8e0afadf 100644
> --- a/mm/Kconfig
> +++ b/mm/Kconfig
> @@ -904,6 +904,15 @@ config PTE_MARKER
>  	help
>  	  Allows to create marker PTEs for file-backed memory.
>  
> +config PTE_MARKER_UFFD_WP
> +	bool "Marker PTEs support for userfaultfd write protection"
> +	depends on PTE_MARKER && HAVE_ARCH_USERFAULTFD_WP
> +
> +	help
> +	  Allows to create marker PTEs for userfaultfd write protection
> +	  purposes.  It is required to enable userfaultfd write protection on
> +	  file-backed memory types like shmem and hugetlbfs.
> +
>  source "mm/damon/Kconfig"
>  
>  endmenu
>

Peter Xu Dec. 16, 2021, 5:45 a.m. UTC | #2

On Thu, Dec 16, 2021 at 04:18:50PM +1100, Alistair Popple wrote:
> On Monday, 15 November 2021 6:55:03 PM AEDT Peter Xu wrote:
> 
> [...]
> 
> > +/*
> > + * Returns true if this is a swap pte and was uffd-wp wr-protected in either
> > + * forms (pte marker or a normal swap pte), false otherwise.
> > + */
> > +static inline bool pte_swp_uffd_wp_any(pte_t pte)
> > +{
> > +#ifdef CONFIG_PTE_MARKER_UFFD_WP
> > +	if (!is_swap_pte(pte))
> > +		return false;
> > +
> > +	if (pte_swp_uffd_wp(pte))
> > +		return true;
> 
> If I'm not mistaken normal swap uffd-wp ptes can still exist when
> CONFIG_PTE_MARKER_UFFD_WP=n so shouldn't this be outside the #ifdef protection?
> 
> In fact we could drop the #ifdef entirely here as it is safe to call
> is_pte_marker_uffd_wp() without CONFIG_PTE_MARKER_UFFD_WP.

But if CONFIG_PTE_MARKER_UFFD_WP=n then it means we don't support file-backed
uffd-wp.  The thing is pte_swp_uffd_wp_any() is only needed for file-backed..
Anonymous uffd-wp code never uses it.

In other words, pte_swp_uffd_wp() is indeed still a valid helper, however this
specific function (pte_swp_uffd_wp_any) may not really be necessary anymore.

Keeping the "#ifdef" could still help, imho, to generate clean code for direct
calls to pte_swp_uffd_wp_any() if someone wants to turn pte markers off,
e.g. we could still have chance to optimize below:

        if (pte_swp_uffd_wp_any(pte) &&
                !(zap_flags & ZAP_FLAG_DROP_MARKER))
                set_huge_pte_at(mm, address, ptep,
                                make_pte_marker(PTE_MARKER_UFFD_WP));
        else
                huge_pte_clear(mm, address, ptep, sz);

Into:

        huge_pte_clear(mm, address, ptep, sz);

with any decent compiler.

That's majorly why I still slightly prefer to keep it, and that's also one of
the major reason to have the config knob, imho.

Thanks,

diff --git a/include/linux/swapops.h b/include/linux/swapops.h
index 5103d2a4ae38..2cec3ef355a7 100644
--- a/include/linux/swapops.h
+++ b/include/linux/swapops.h
@@ -249,7 +249,8 @@  static inline int is_writable_migration_entry(swp_entry_t entry)
 
 typedef unsigned long pte_marker;
 
-#define  PTE_MARKER_MASK     (0)
+#define  PTE_MARKER_UFFD_WP  BIT(0)
+#define  PTE_MARKER_MASK     (PTE_MARKER_UFFD_WP)
 
 #ifdef CONFIG_PTE_MARKER
 
diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h
index 33cea484d1ad..7d7ffec53ddb 100644
--- a/include/linux/userfaultfd_k.h
+++ b/include/linux/userfaultfd_k.h
@@ -15,6 +15,8 @@ 
 
 #include <linux/fcntl.h>
 #include <linux/mm.h>
+#include <linux/swap.h>
+#include <linux/swapops.h>
 #include <asm-generic/pgtable_uffd.h>
 
 /* The set of all possible UFFD-related VM flags. */
@@ -236,4 +238,40 @@  static inline void userfaultfd_unmap_complete(struct mm_struct *mm,
 
 #endif /* CONFIG_USERFAULTFD */
 
+static inline bool is_pte_marker_uffd_wp(pte_t pte)
+{
+#ifdef CONFIG_PTE_MARKER_UFFD_WP
+	swp_entry_t entry;
+
+	if (!is_swap_pte(pte))
+		return false;
+
+	entry = pte_to_swp_entry(pte);
+
+	return is_pte_marker_entry(entry) &&
+	    (pte_marker_get(entry) & PTE_MARKER_UFFD_WP);
+#else
+	return false;
+#endif
+}
+
+/*
+ * Returns true if this is a swap pte and was uffd-wp wr-protected in either
+ * forms (pte marker or a normal swap pte), false otherwise.
+ */
+static inline bool pte_swp_uffd_wp_any(pte_t pte)
+{
+#ifdef CONFIG_PTE_MARKER_UFFD_WP
+	if (!is_swap_pte(pte))
+		return false;
+
+	if (pte_swp_uffd_wp(pte))
+		return true;
+
+	if (is_pte_marker_uffd_wp(pte))
+		return true;
+#endif
+	return false;
+}
+
 #endif /* _LINUX_USERFAULTFD_K_H */
diff --git a/mm/Kconfig b/mm/Kconfig
index 66f23c6c2032..f01c8e0afadf 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -904,6 +904,15 @@  config PTE_MARKER
 	help
 	  Allows to create marker PTEs for file-backed memory.
 
+config PTE_MARKER_UFFD_WP
+	bool "Marker PTEs support for userfaultfd write protection"
+	depends on PTE_MARKER && HAVE_ARCH_USERFAULTFD_WP
+
+	help
+	  Allows to create marker PTEs for userfaultfd write protection
+	  purposes.  It is required to enable userfaultfd write protection on
+	  file-backed memory types like shmem and hugetlbfs.
+
 source "mm/damon/Kconfig"
 
 endmenu

[v6,04/23] mm/uffd: PTE_MARKER_UFFD_WP

Commit Message

Comments

Patch