On 17.12.21 21:56, Linus Torvalds wrote:
On Fri, Dec 17, 2021 at 12:47 PM Jason Gunthorpe jgg@nvidia.com wrote:
To remind all, the GUP users, like RDMA, VFIO use FOLL_FORCE|FOLL_WRITE to get a 'r/o pin' specifically because of the COW breaking the coherence. In these case 'r/o pin' does not mean "snapshot the data", but its only a promise not to write to the pages and still desires coherence with the memory map.
Eg in RDMA we know of apps asking for a R/O pin of something in .bss then filling that something with data finally doing the actual DMA. Breaking COW after pin breaks those apps.
I agree.
I agree that breaking COW after a pin should never be done. Therefore, break the COW before the pin -> unsharing as implemented here.
And my argument is that those kinds of things that ask for a R/O pin are broken, and should just make sure to use the shared pins.
And trigger a write fault although they are just reading. To me this is just a band aid instead of eventually ...
...
What's the downside of just doing this properly?
Doing it properly by fixing GUP and not the COW logic. GUP and COW are just incompatible and we should unshare early.
Honestly, the memory corruptions we can trigger in user space due to the current COW logic *especially* with FOLL_WRITE users such O_DIRECT, io_uring or vfio are not a joke anymore. (again, link in the cover letter)