On Tue, Mar 15, 2022 at 11:47:39AM +0100, David Hildenbrand wrote: > Whenever GUP currently ends up taking a R/O pin on an anonymous page that > might be shared -- mapped R/O and !PageAnonExclusive() -- any write fault > on the page table entry will end up replacing the mapped anonymous page > due to COW, resulting in the GUP pin no longer being consistent with the > page actually mapped into the page table. > > The possible ways to deal with this situation are: > (1) Ignore and pin -- what we do right now. > (2) Fail to pin -- which would be rather surprising to callers and > could break user space. > (3) Trigger unsharing and pin the now exclusive page -- reliable R/O > pins. > > We want to implement 3) because it provides the clearest semantics and > allows for checking in unpin_user_pages() and friends for possible BUGs: > when trying to unpin a page that's no longer exclusive, clearly > something went very wrong and might result in memory corruptions that > might be hard to debug. So we better have a nice way to spot such > issues. > > To implement 3), we need a way for GUP to trigger unsharing: > FAULT_FLAG_UNSHARE. FAULT_FLAG_UNSHARE is only applicable to R/O mapped > anonymous pages and resembles COW logic during a write fault. However, in > contrast to a write fault, GUP-triggered unsharing will, for example, still > maintain the write protection. Given the way this series has developed you might want to call this FAULT_FLAG_MAKE_ANON_EXCLUSIVE Which strikes me as more directly connected to what it is trying to do. Jason
