mbox series

[v4,0/8] add UFFDIO_POISON to simulate memory poisoning with UFFD

Message ID 20230707215540.2324998-1-axelrasmussen@google.com
Headers show
Series add UFFDIO_POISON to simulate memory poisoning with UFFD | expand

Message

Axel Rasmussen July 7, 2023, 9:55 p.m. UTC
This series adds a new userfaultfd feature, UFFDIO_POISON. See commit 4
for a detailed description of the feature.

The series is based on Linus master (partial 6.5 merge window), and
structured like this:

- Patches 1-3 are preparation / refactoring
- Patches 4-6 implement and advertise the new feature
- Patches 7-8 implement a unit test for the new feature

Changelog:

v3 -> v4:
 - [Peter] Rename PTE_MARKER_ERROR and helpers to PTE_MARKER_POISONED.
 - [Peter] Switch from calloc to memset for initializing some state in the
   selftest.

v2 -> v3:
 - Rebase onto current Linus master.
 - Don't overwrite existing PTE markers for non-hugetlb UFFDIO_POISON.
   Before, non-hugetlb would override them, but hugetlb would not. I don't
   think there's a use case where we *want* to override a UFFD_WP marker
   for example, so take the more conservative behavior for all kinds of
   memory.
 - [Peter] Drop hugetlb mfill atomic refactoring, since it isn't needed
   for this series (we don't touch that code directly anyway).
 - [Peter] Switch to re-using PTE_MARKER_SWAPIN_ERROR instead of defining
   new PTE_MARKER_UFFD_POISON.
 - [Peter] Extract start / len range overflow check into existing
   validate_range helper; this fixes the style issue of unnecessary braces
   in the UFFDIO_POISON implementation, because this code is just deleted.
 - [Peter] Extract file size check out into a new helper.
 - [Peter] Defer actually "enabling" the new feature until the last commit
   in the series; combine this with adding the documentation. As a
   consequence, move the selftest commits after this one.
 - [Randy] Fix typo in documentation.

v1 -> v2:
 - [Peter] Return VM_FAULT_HWPOISON not VM_FAULT_SIGBUS, to yield the
   correct behavior for KVM (guest MCE).
 - [Peter] Rename UFFDIO_SIGBUS to UFFDIO_POISON.
 - [Peter] Implement hugetlbfs support for UFFDIO_POISON.

Axel Rasmussen (8):
  mm: make PTE_MARKER_SWAPIN_ERROR more general
  mm: userfaultfd: check for start + len overflow in validate_range
  mm: userfaultfd: extract file size check out into a helper
  mm: userfaultfd: add new UFFDIO_POISON ioctl
  mm: userfaultfd: support UFFDIO_POISON for hugetlbfs
  mm: userfaultfd: document and enable new UFFDIO_POISON feature
  selftests/mm: refactor uffd_poll_thread to allow custom fault handlers
  selftests/mm: add uffd unit test for UFFDIO_POISON

 Documentation/admin-guide/mm/userfaultfd.rst |  15 +++
 fs/userfaultfd.c                             |  73 ++++++++++--
 include/linux/mm_inline.h                    |  19 +++
 include/linux/swapops.h                      |  15 ++-
 include/linux/userfaultfd_k.h                |   4 +
 include/uapi/linux/userfaultfd.h             |  25 +++-
 mm/hugetlb.c                                 |  51 ++++++--
 mm/madvise.c                                 |   2 +-
 mm/memory.c                                  |  15 ++-
 mm/mprotect.c                                |   4 +-
 mm/shmem.c                                   |   4 +-
 mm/swapfile.c                                |   2 +-
 mm/userfaultfd.c                             |  83 ++++++++++---
 tools/testing/selftests/mm/uffd-common.c     |   5 +-
 tools/testing/selftests/mm/uffd-common.h     |   3 +
 tools/testing/selftests/mm/uffd-stress.c     |   8 +-
 tools/testing/selftests/mm/uffd-unit-tests.c | 117 +++++++++++++++++++
 17 files changed, 379 insertions(+), 66 deletions(-)

--
2.41.0.255.g8b1d071c50-goog

Comments

Peter Xu July 8, 2023, 3 p.m. UTC | #1
On Fri, Jul 07, 2023 at 02:55:33PM -0700, Axel Rasmussen wrote:
> -static inline swp_entry_t make_swapin_error_entry(void)
> +static inline swp_entry_t make_poisoned_swp_entry(void)
>  {
> -	return make_pte_marker_entry(PTE_MARKER_SWAPIN_ERROR);
> +	return make_pte_marker_entry(PTE_MARKER_POISONED);
>  }
>  
> -static inline int is_swapin_error_entry(swp_entry_t entry)
> +static inline int is_poisoned_swp_entry(swp_entry_t entry)
>  {
>  	return is_pte_marker_entry(entry) &&
> -	    (pte_marker_get(entry) & PTE_MARKER_SWAPIN_ERROR);
> +	    (pte_marker_get(entry) & PTE_MARKER_POISONED);
>  }

These two can be slightly confusing when put together with hwpoison
entries, so maybe it'll be good to somehow attach a "marker" inside the
names:

  make_poisoned_marker_entry()
  is_pointed_marker_entry()

(the old helpers didn't attach a "marker" keyword because we started with
 consuming a swp entry type, I think)

But we can still identify easily with "hw" prefix being there or not, so
it's still pretty clear at least to me.  I'd say not worth a repost, so
your call to keep or change, just in case a new version for other reasons.
All fine here now:

Acked-by: Peter Xu <peterx@redhat.com>

Thanks,