On 18.12.21 19:42, Jason Gunthorpe wrote:
On Fri, Dec 17, 2021 at 07:38:39PM -0800, Linus Torvalds wrote:
On Fri, Dec 17, 2021 at 7:30 PM Nadav Amit namit@vmware.com wrote:
In such a case, I do think it makes sense to fail uffd-wp (when page_count() > 1), and in a prototype I am working on I do something like that.
Ack. If uddf-wp finds a page that is pinned, just skip it as not write-protectable.
Because some of the pinners might be writing to it, of course - just not through the page tables.
That doesn't address the qemu use case though. The RDMA pin is the 'coherent r/o pin' we discussed before, which requires that the pages remain un-write-protected and the HW DMA is read only.
The VFIO pin will enable dirty page tracking in the system IOMMU so it gets the same effect from qemu's perspective as the CPU WP is doing.
In these operations every single page of the guest will be pinned, so skip it just means userfault fd wp doesn't work at all.
Qemu needs some solution to be able to dirty track the CPU memory for migration..
So that sounds like the right thing to do. I _think_ we discussed this the last time this came up. I have some dim memory of that. Jason, ring a bell?
We talked about clear_refs alot, but it was never really clear the use case, I think. Plus that discussion never finialized to anything.
David's latest summary seems accurate, if I paraphrase at a high level, Linus's approach always does enough COWs but might do extra and David's approach tries to do exactly the right number of COWs.
It looks like to have the same functionality with Linus's approach we need to have a way for userspace to opt out of COW and work in an entirely deterministic non-COW world. WP&GUP can never work together otherwise which leaves qemu stranded.
Or, we follow David's approach and make COW be precise and accept the complexity..
Thanks Jason,
I would really enjoy us discussion how we can eventually make it *precise* COW model work instead of living with a broken MM subsystem, as all the reproducers show. IMHO we should stop throwing more band-aids at it.
Is my approach complete? Sounds like it's not because Linus raised a good point that the mapcount in the current state might not be stable for our use case. I'm very happy that he reviewed this series.
I have some ideas to make the "_mapcount" of anonymous pages express exactly that: how many active (PTE mapped) users do we have and how many inactive (swap entries, migration entries) do we have. We can certainly discuss any such approaches, but first there should be the will to try getting it right ...