diff mbox series

[15/31] mm/userfaultfd: allow pte_offset_map_lock() to fail

Message ID	49d92b15-3442-4e84-39bd-c77c316bf844@google.com
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Date: Sun, 21 May 2023 22:07:35 -0700 (PDT) From: Hugh Dickins <hughd@google.com> To: Andrew Morton <akpm@linux-foundation.org> cc: Mike Kravetz <mike.kravetz@oracle.com>, Mike Rapoport <rppt@kernel.org>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, Matthew Wilcox <willy@infradead.org>, David Hildenbrand <david@redhat.com>, Suren Baghdasaryan <surenb@google.com>, Qi Zheng <zhengqi.arch@bytedance.com>, Yang Shi <shy828301@gmail.com>, Mel Gorman <mgorman@techsingularity.net>, Peter Xu <peterx@redhat.com>, Peter Zijlstra <peterz@infradead.org>, Will Deacon <will@kernel.org>, Yu Zhao <yuzhao@google.com>, Alistair Popple <apopple@nvidia.com>, Ralph Campbell <rcampbell@nvidia.com>, Ira Weiny <ira.weiny@intel.com>, Steven Price <steven.price@arm.com>, SeongJae Park <sj@kernel.org>, Naoya Horiguchi <naoya.horiguchi@nec.com>, Christophe Leroy <christophe.leroy@csgroup.eu>, Zack Rusin <zackr@vmware.com>, Jason Gunthorpe <jgg@ziepe.ca>, Axel Rasmussen <axelrasmussen@google.com>, Anshuman Khandual <anshuman.khandual@arm.com>, Pasha Tatashin <pasha.tatashin@soleen.com>, Miaohe Lin <linmiaohe@huawei.com>, Minchan Kim <minchan@kernel.org>, Christoph Hellwig <hch@infradead.org>, Song Liu <song@kernel.org>, Thomas Hellstrom <thomas.hellstrom@linux.intel.com>, linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH 15/31] mm/userfaultfd: allow pte_offset_map_lock() to fail In-Reply-To: <68a97fbe-5c1e-7ac6-72c-7b9c6290b370@google.com> Message-ID: <49d92b15-3442-4e84-39bd-c77c316bf844@google.com> References: <68a97fbe-5c1e-7ac6-72c-7b9c6290b370@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	mm: allow pte_offset_map[_lock]() to fail \| [00/31] mm: allow pte_offset_map[_lock]() to fail [01/31] mm: use pmdp_get_lockless() without surplus barrier() [02/31] mm/migrate: remove cruft from migration_entry_wait()s [03/31] mm/pgtable: kmap_local_page() instead of kmap_atomic() [04/31] mm/pgtable: allow pte_offset_map[_lock]() to fail [05/31] mm/filemap: allow pte_offset_map_lock() to fail [06/31] mm/page_vma_mapped: delete bogosity in page_vma_mapped_walk() [07/31] mm/page_vma_mapped: reformat map_pte() with less indentation [08/31] mm/page_vma_mapped: pte_offset_map_nolock() not pte_lockptr() [09/31] mm/pagewalkers: ACTION_AGAIN if pte_offset_map_lock() fails [10/31] mm/pagewalk: walk_pte_range() allow for pte_offset_map() [11/31] mm/vmwgfx: simplify pmd & pud mapping dirty helpers [12/31] mm/vmalloc: vmalloc_to_page() use pte_offset_kernel() [13/31] mm/hmm: retry if pte_offset_map() fails [14/31] fs/userfaultfd: retry if pte_offset_map() fails [15/31] mm/userfaultfd: allow pte_offset_map_lock() to fail [16/31] mm/debug_vm_pgtable,page_table_check: warn pte map fails [17/31] mm/various: give up if pte_offset_map[_lock]() fails [18/31] mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge() [19/31] mm/mremap: retry if either pte_offset_map_*lock() fails [20/31] mm/madvise: clean up pte_offset_map_lock() scans [21/31] mm/madvise: clean up force_shm_swapin_readahead() [22/31] mm/swapoff: allow pte_offset_map[_lock]() to fail [23/31] mm/mglru: allow pte_offset_map_nolock() to fail [24/31] mm/migrate_device: allow pte_offset_map_lock() to fail [25/31] mm/gup: remove FOLL_SPLIT_PMD use of pmd_trans_unstable() [26/31] mm/huge_memory: split huge pmd under one pte_offset_map() [27/31] mm/khugepaged: allow pte_offset_map[_lock]() to fail [28/31] mm/memory: allow pte_offset_map[_lock]() to fail [29/31] mm/memory: handle_pte_fault() use pte_offset_map_nolock() [30/31] mm/pgtable: delete pmd_trans_unstable() and friends [31/31] perf/core: Allow pte_offset_map() to fail

Commit Message

Hugh Dickins May 22, 2023, 5:07 a.m. UTC

  mfill_atomic_install_pte() and mfill_atomic_pte_zeropage() treat
failed pte_offset_map_lock() as -EFAULT, with no attempt to retry.

Signed-off-by: Hugh Dickins <hughd@google.com>
---
 mm/userfaultfd.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Comments

Peter Xu May 24, 2023, 10:44 p.m. UTC | #1

Hi, Hugh,

On Sun, May 21, 2023 at 10:07:35PM -0700, Hugh Dickins wrote:
> mfill_atomic_install_pte() and mfill_atomic_pte_zeropage() treat
> failed pte_offset_map_lock() as -EFAULT, with no attempt to retry.

Could you help explain why it should be -EFAULT, not -EAGAIN or -EEXIST?

IIUC right now if pte existed we have -EEXIST returned as part of the
userfault ABI, no matter whether it's pte or thp.

IMHO it may boil down to my limited knowledge on how pte_offset_map_lock()
is used after this part 2 series, and I assume the core changes will be in
your 3rd series (besides this one and the arch one).

Please shed some light if there's quick answers (IIUC this is for speeding
up collapsing shmem thps, but still no much clue here), or I can also wait
for reading the 3rd part if it'll come soon in any form.

Thanks,

Hugh Dickins May 25, 2023, 10:06 p.m. UTC | #2

On Wed, 24 May 2023, Peter Xu wrote:
> On Sun, May 21, 2023 at 10:07:35PM -0700, Hugh Dickins wrote:
> > mfill_atomic_install_pte() and mfill_atomic_pte_zeropage() treat
> > failed pte_offset_map_lock() as -EFAULT, with no attempt to retry.
> 
> Could you help explain why it should be -EFAULT, not -EAGAIN or -EEXIST?

Thanks a lot for looking, Peter.

No good justification for -EFAULT: I just grabbed the closest, fairly
neutral, error code that I could see already being in use there: but now
that you mention -EAGAIN, which I can see being used from mfill_atomic(),
yes, that would be ideal - and consistent with how it's already being used.

I'll make that change, thanks for suggesting.  (And it had bugged me how
my fs/userfaultfd.c was electing to retry, but this one electing to fail.)

> 
> IIUC right now if pte existed we have -EEXIST returned as part of the
> userfault ABI, no matter whether it's pte or thp.

It might or might not correspond to -EEXIST - it might even end up as
-EFAULT on a retry after -EAGAIN: I see mfill_atomic() contains both
-EEXIST and -EFAULT cases for pmd_trans_huge().  Actually, I could
say that the -EFAULT case there corresponds to the -EFAULT in this
15/31 patch, but that would be by coincidence not design: I'm happier
with your -EAGAIN suggestion.

> 
> IMHO it may boil down to my limited knowledge on how pte_offset_map_lock()
> is used after this part 2 series, and I assume the core changes will be in
> your 3rd series (besides this one and the arch one).
> 
> Please shed some light if there's quick answers (IIUC this is for speeding
> up collapsing shmem thps, but still no much clue here), or I can also wait
> for reading the 3rd part if it'll come soon in any form.

It wouldn't be particularly easy to deduce from the third series of
patches, rather submerged in implementation details.  Just keep in mind
that, like in the "old" pmd_trans_unstable() cases, there may be instants
at which, when trying to get the lock on a page table, that page table
might already have gone, or been replaced by something else e.g. a THP,
and a retry necessary at the outer level (if it's important to persist).

Hugh

Peter Xu May 26, 2023, 4:25 p.m. UTC | #3

On Thu, May 25, 2023 at 03:06:27PM -0700, Hugh Dickins wrote:
> On Wed, 24 May 2023, Peter Xu wrote:
> > On Sun, May 21, 2023 at 10:07:35PM -0700, Hugh Dickins wrote:
> > > mfill_atomic_install_pte() and mfill_atomic_pte_zeropage() treat
> > > failed pte_offset_map_lock() as -EFAULT, with no attempt to retry.
> > 
> > Could you help explain why it should be -EFAULT, not -EAGAIN or -EEXIST?
> 
> Thanks a lot for looking, Peter.
> 
> No good justification for -EFAULT: I just grabbed the closest, fairly
> neutral, error code that I could see already being in use there: but now
> that you mention -EAGAIN, which I can see being used from mfill_atomic(),
> yes, that would be ideal - and consistent with how it's already being used.
> 
> I'll make that change, thanks for suggesting.  (And it had bugged me how
> my fs/userfaultfd.c was electing to retry, but this one electing to fail.)

Thanks.

> 
> > 
> > IIUC right now if pte existed we have -EEXIST returned as part of the
> > userfault ABI, no matter whether it's pte or thp.
> 
> It might or might not correspond to -EEXIST - it might even end up as
> -EFAULT on a retry after -EAGAIN: I see mfill_atomic() contains both
> -EEXIST and -EFAULT cases for pmd_trans_huge().  Actually, I could
> say that the -EFAULT case there corresponds to the -EFAULT in this
> 15/31 patch, but that would be by coincidence not design: I'm happier
> with your -EAGAIN suggestion.

I had a feeling that that 2nd -EFAULT there could crash some userapp
already if it got returned somewhere, because the userapp shouldn't expect
that.  IMHO it should also return -EAGAIN, or even -EEXIST because even if
user retries, we should highly possibly see that thp again, so the -EEXIST
should possibly follow anyway.

Not a big deal here I think - if an userapp can trigger that -EFAULT I'd
say it's also a user bug because it made two decisions already on resolving
page fault for single VA, and it's racy between them..

> 
> > 
> > IMHO it may boil down to my limited knowledge on how pte_offset_map_lock()
> > is used after this part 2 series, and I assume the core changes will be in
> > your 3rd series (besides this one and the arch one).
> > 
> > Please shed some light if there's quick answers (IIUC this is for speeding
> > up collapsing shmem thps, but still no much clue here), or I can also wait
> > for reading the 3rd part if it'll come soon in any form.
> 
> It wouldn't be particularly easy to deduce from the third series of
> patches, rather submerged in implementation details.  Just keep in mind
> that, like in the "old" pmd_trans_unstable() cases, there may be instants
> at which, when trying to get the lock on a page table, that page table
> might already have gone, or been replaced by something else e.g. a THP,
> and a retry necessary at the outer level (if it's important to persist).

I'm actually still curious how the 3rd series will look like; would love to
read it when it comes.

Thanks,

diff mbox series

Patch

diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
index e97a0b4889fc..b1554286a31c 100644
--- a/mm/userfaultfd.c
+++ b/mm/userfaultfd.c
@@ -76,14 +76,16 @@  int mfill_atomic_install_pte(pmd_t *dst_pmd,
 	if (flags & MFILL_ATOMIC_WP)
 		_dst_pte = pte_mkuffd_wp(_dst_pte);
 
+	ret = -EFAULT;
 	dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl);
+	if (!dst_pte)
+		goto out;
 
 	if (vma_is_shmem(dst_vma)) {
 		/* serialize against truncate with the page table lock */
 		inode = dst_vma->vm_file->f_inode;
 		offset = linear_page_index(dst_vma, dst_addr);
 		max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
-		ret = -EFAULT;
 		if (unlikely(offset >= max_off))
 			goto out_unlock;
 	}
@@ -121,6 +123,7 @@  int mfill_atomic_install_pte(pmd_t *dst_pmd,
 	ret = 0;
 out_unlock:
 	pte_unmap_unlock(dst_pte, ptl);
+out:
 	return ret;
 }
 
@@ -212,13 +215,15 @@  static int mfill_atomic_pte_zeropage(pmd_t *dst_pmd,
 
 	_dst_pte = pte_mkspecial(pfn_pte(my_zero_pfn(dst_addr),
 					 dst_vma->vm_page_prot));
+	ret = -EFAULT;
 	dst_pte = pte_offset_map_lock(dst_vma->vm_mm, dst_pmd, dst_addr, &ptl);
+	if (!dst_pte)
+		goto out;
 	if (dst_vma->vm_file) {
 		/* the shmem MAP_PRIVATE case requires checking the i_size */
 		inode = dst_vma->vm_file->f_inode;
 		offset = linear_page_index(dst_vma, dst_addr);
 		max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
-		ret = -EFAULT;
 		if (unlikely(offset >= max_off))
 			goto out_unlock;
 	}
@@ -231,6 +236,7 @@  static int mfill_atomic_pte_zeropage(pmd_t *dst_pmd,
 	ret = 0;
 out_unlock:
 	pte_unmap_unlock(dst_pte, ptl);
+out:
 	return ret;
 }