On Wed, Apr 07, 2021 at 03:21:55PM +0200, Vlastimil Babka wrote:
- For backports go with the original approach of 17839856fd58 ("gup: document
and work around "COW can break either way" issue"), thus break COW during the GUP. But only for vmplice() so that nothing else gets broken. I think 5.4 stable (another LTS) actually backported only 17839856fd58 out of everything else, so it should have even the THP case covered, but its userfaultfd() is now probably broken...
Since you mentioned this approach - AFAIU userfaultfd was only broken because with that approach the kernel pretends some read accesses as writes, while userfaultfd needs that accurate resolution. Adding something like FOLL_BREAK_COW [1] upon 17839856fd58 should keep both the vmsplice issue fixed but also uffd working since that'll keep the read/write operation separate.
Meanwhile, I know Andrea was actively working on a complete solution [2] that's a few steps further. E.g., FOLL_BREAK_COW is done with FOLL_UNSHARE [3], speed up in COW path [4] with similar idea of what we do right now with latest upstream in 09854ba94c6aad7, allow write-protect with pinned pages (which is right now forbidden), and something more. However that's definitely a huge branch, even discussing upstream (or maybe stopped discussing for quite some days already?).
Neither of above are within upstream, so I don't really know whether these information could be anything useful, just raise it up. If Android could drop userfaultfd, then I think solution 2) above is indeed the most efficient. Note that I think only uffd-wp was affected by 17839856fd58 but not the "missing mode", so if Android is only using missing mode it still looks fine to only have 17839856fd58. It's just that I remembered there's another report besides uffd-wp on 17839856fd58, but I can't remember the details of the other report.
Thanks,
[1] https://lkml.org/lkml/2020/8/10/439 [2] https://git.kernel.org/pub/scm/linux/kernel/git/andrea/aa.git/log/?h=mapcoun... [3] https://git.kernel.org/pub/scm/linux/kernel/git/andrea/aa.git/commit/?h=mapc... [4] https://git.kernel.org/pub/scm/linux/kernel/git/andrea/aa.git/commit/?h=mapc...