From patchwork Tue Sep 17 09:33:49 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Capper <steve.capper@linaro.org>
X-Patchwork-Id: 20373
Return-Path: <patchwork-forward+bncBCWKR65P2UCRBB6E4CIQKGQEZ5KYGJY@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-qc0-f197.google.com (mail-qc0-f197.google.com
 [209.85.216.197])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 7D6A828E98
 for <linaro@patches.linaro.org>; Tue, 17 Sep 2013 09:33:59 +0000 (UTC)
Received: by mail-qc0-f197.google.com with SMTP id r5sf5352153qcx.4
 for <linaro@patches.linaro.org>; Tue, 17 Sep 2013 02:33:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:x-original-sender:x-original-authentication-results
 :precedence:mailing-list:list-id:list-post:list-help:list-archive
 :list-unsubscribe;
 bh=V+xoMccgX2BWycM0PiuDDAg7JxdmFIs7U5imsx1F99A=;
 b=WgkH36dWwGYN1aZp3G/Pib0ughrZpFlgXmE2n1kR4E8jM3EF1yqqqEXPzzeMKBp4on
 QzwS4qbk6Ez95eHsYEWcgJP4sWTwojSlKcpl7JBMgWtEqQk333Yke1k1P2YEV++jybrE
 rlkeWyQd6of1r1UGcQ6Nw8bwSnknehyfnLLV8czi3MW2wEhVDl32fKDfn5nOU9vQ277u
 G+KNKJ1mQcjzgrIrX/Pl5TeFB2Y3aWijryGy8EMlivIgUw6k11O4AfwUH8VGW15KvkRg
 5wa+mEm9xCVOF0R2zXACnssAFPEbMcPlH7UAfx9EEw3e5RCCVsyMG100EACbeWe5Ci6M
 TdfQ==
X-Gm-Message-State: ALoCoQk7hicQciQ615swMHiNIUAQvYsyqXBKrOA6ycbJHB2FzG9U8iecpA5AElUC579QQskQYxoc
X-Received: by 10.224.96.136 with SMTP id h8mr417956qan.8.1379410439046;
 Tue, 17 Sep 2013 02:33:59 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.49.24.144 with SMTP id u16ls2725363qef.84.gmail; Tue, 17 Sep
 2013 02:33:58 -0700 (PDT)
X-Received: by 10.220.199.5 with SMTP id eq5mr31485420vcb.16.1379410438948; 
 Tue, 17 Sep 2013 02:33:58 -0700 (PDT)
Received: from mail-ve0-f169.google.com (mail-ve0-f169.google.com
 [209.85.128.169]) by mx.google.com with ESMTPS id
 ur9si8347376veb.79.1969.12.31.16.00.00
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 17 Sep 2013 02:33:58 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.128.169 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.128.169; 
Received: by mail-ve0-f169.google.com with SMTP id db12so4103263veb.0
 for <patchwork-forward@linaro.org>;
 Tue, 17 Sep 2013 02:33:58 -0700 (PDT)
X-Received: by 10.220.43.19 with SMTP id u19mr31352785vce.3.1379410438651;
 Tue, 17 Sep 2013 02:33:58 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.220.174.196 with SMTP id u4csp146375vcz;
 Tue, 17 Sep 2013 02:33:58 -0700 (PDT)
X-Received: by 10.194.205.164 with SMTP id lh4mr716657wjc.46.1379410437586; 
 Tue, 17 Sep 2013 02:33:57 -0700 (PDT)
Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com
 [209.85.212.180]) by mx.google.com with ESMTPS id
 qq7si1015399wic.72.1969.12.31.16.00.00
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 17 Sep 2013 02:33:57 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.212.180 is neither permitted nor
 denied by best guess record for domain of
 steve.capper@linaro.org) client-ip=209.85.212.180; 
Received: by mail-wi0-f180.google.com with SMTP id hj3so4689457wib.13
 for <patches@linaro.org>; Tue, 17 Sep 2013 02:33:57 -0700 (PDT)
X-Received: by 10.180.189.17 with SMTP id ge17mr1593541wic.53.1379410437025; 
 Tue, 17 Sep 2013 02:33:57 -0700 (PDT)
Received: from marmot.wormnet.eu (marmot.wormnet.eu. [188.246.204.87])
 by mx.google.com with ESMTPSA id
 z13sm3086036wib.0.1969.12.31.16.00.00
 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 17 Sep 2013 02:33:56 -0700 (PDT)
From: Steve Capper <steve.capper@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Cc: linaro-kernel@lists.linaro.org, patches@linaro.org,
 Steve Capper <steve.capper@linaro.org>
Subject: [RFC V2] ARM: mm: make UACCESS_WITH_MEMCPY huge page aware
Date: Tue, 17 Sep 2013 10:33:49 +0100
Message-Id: <1379410429-3372-1-git-send-email-steve.capper@linaro.org>
X-Mailer: git-send-email 1.7.10.4
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: steve.capper@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.128.169 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

The memory pinning code in uaccess_with_memcpy.c does not check
for HugeTLB or THP pmds, and will enter an infinite loop should
a __copy_to_user or __clear_user occur against a huge page.

This patch adds detection code for huge pages to pin_page_for_write.
As this code can be executed in a fast path it refers to the actual
pmds rather than the vma. If a HugeTLB or THP is found (they have
the same pmd representation on ARM), the page table spinlock is
taken to prevent modification whilst the page is pinned.

On ARM, huge pages are only represented as pmds, thus no huge pud
checks are performed. (For huge puds one would lock the page table
in a similar manner as in the pmd case).

Two helper functions are introduced; pmd_thp_or_huge will check
whether or not a page is huge or transparent huge (which have the
same pmd layout on ARM), and pmd_hugewillfault will detect whether
or not a page fault will occur on write to the page.

Changes since first RFC:
   * The page mask is widened for hugepages to reduce the number
     of potential locks/unlocks.
     (A knobbled /dev/zero with its latency reduction chunks
      removed shows a 2x data rate boost with hugepages backing:
      dd if=/dev/zero of=/dev/null bs=10M count=1024 )

Signed-off-by: Steve Capper <steve.capper@linaro.org>
---
 arch/arm/include/asm/pgtable-3level.h |  3 ++
 arch/arm/lib/uaccess_with_memcpy.c    | 57 ++++++++++++++++++++++++++++++-----
 2 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
index 5689c18..39c54cf 100644
--- a/arch/arm/include/asm/pgtable-3level.h
+++ b/arch/arm/include/asm/pgtable-3level.h
@@ -206,6 +206,9 @@ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long addr)
 #define __HAVE_ARCH_PMD_WRITE
 #define pmd_write(pmd)		(!(pmd_val(pmd) & PMD_SECT_RDONLY))
 
+#define pmd_hugewillfault(pmd)	(!pmd_young(pmd) || !pmd_write(pmd))
+#define pmd_thp_or_huge(pmd)	(pmd_huge(pmd) || pmd_trans_huge(pmd))
+
 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
 #define pmd_trans_huge(pmd)	(pmd_val(pmd) && !(pmd_val(pmd) & PMD_TABLE_BIT))
 #define pmd_trans_splitting(pmd) (pmd_val(pmd) & PMD_SECT_SPLITTING)
diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c
index 025f742..78756db 100644
--- a/arch/arm/lib/uaccess_with_memcpy.c
+++ b/arch/arm/lib/uaccess_with_memcpy.c
@@ -18,11 +18,13 @@
 #include <linux/hardirq.h> /* for in_atomic() */
 #include <linux/gfp.h>
 #include <linux/highmem.h>
+#include <linux/hugetlb.h>
 #include <asm/current.h>
 #include <asm/page.h>
 
 static int
-pin_page_for_write(const void __user *_addr, pte_t **ptep, spinlock_t **ptlp)
+pin_page_for_write(const void __user *_addr, pte_t **ptep, spinlock_t **ptlp,
+			unsigned long *page_mask)
 {
 	unsigned long addr = (unsigned long)_addr;
 	pgd_t *pgd;
@@ -40,7 +42,36 @@ pin_page_for_write(const void __user *_addr, pte_t **ptep, spinlock_t **ptlp)
 		return 0;
 
 	pmd = pmd_offset(pud, addr);
-	if (unlikely(pmd_none(*pmd) || pmd_bad(*pmd)))
+	if (unlikely(pmd_none(*pmd)))
+		return 0;
+
+	/*
+	 * A pmd can be bad if it refers to a HugeTLB or THP page.
+	 *
+	 * Both THP and HugeTLB pages have the same pmd layout
+	 * and should not be manipulated by the pte functions.
+	 *
+	 * Lock the page table for the destination and check
+	 * to see that it's still huge and whether or not we will
+	 * need to fault on write, or if we have a splitting THP.
+	 */
+	if (unlikely(pmd_thp_or_huge(*pmd))) {
+		ptl = &current->mm->page_table_lock;
+		spin_lock(ptl);
+		if (unlikely(!pmd_thp_or_huge(*pmd)
+			|| pmd_hugewillfault(*pmd)
+			|| pmd_trans_splitting(*pmd))) {
+			spin_unlock(ptl);
+			return 0;
+		}
+
+		*ptep = NULL;
+		*ptlp = ptl;
+		*page_mask = HPAGE_MASK;
+		return 1;
+	}
+
+	if (unlikely(pmd_bad(*pmd)))
 		return 0;
 
 	pte = pte_offset_map_lock(current->mm, pmd, addr, &ptl);
@@ -52,6 +83,7 @@ pin_page_for_write(const void __user *_addr, pte_t **ptep, spinlock_t **ptlp)
 
 	*ptep = pte;
 	*ptlp = ptl;
+	*page_mask = PAGE_MASK;
 
 	return 1;
 }
@@ -60,6 +92,7 @@ static unsigned long noinline
 __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
 {
 	int atomic;
+	unsigned long page_mask;
 
 	if (unlikely(segment_eq(get_fs(), KERNEL_DS))) {
 		memcpy((void *)to, from, n);
@@ -76,7 +109,7 @@ __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
 		spinlock_t *ptl;
 		int tocopy;
 
-		while (!pin_page_for_write(to, &pte, &ptl)) {
+		while (!pin_page_for_write(to, &pte, &ptl, &page_mask)) {
 			if (!atomic)
 				up_read(&current->mm->mmap_sem);
 			if (__put_user(0, (char __user *)to))
@@ -85,7 +118,7 @@ __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
 				down_read(&current->mm->mmap_sem);
 		}
 
-		tocopy = (~(unsigned long)to & ~PAGE_MASK) + 1;
+		tocopy = (~(unsigned long)to & ~page_mask) + 1;
 		if (tocopy > n)
 			tocopy = n;
 
@@ -94,7 +127,10 @@ __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
 		from += tocopy;
 		n -= tocopy;
 
-		pte_unmap_unlock(pte, ptl);
+		if (pte)
+			pte_unmap_unlock(pte, ptl);
+		else
+			spin_unlock(ptl);
 	}
 	if (!atomic)
 		up_read(&current->mm->mmap_sem);
@@ -121,6 +157,8 @@ __copy_to_user(void __user *to, const void *from, unsigned long n)
 static unsigned long noinline
 __clear_user_memset(void __user *addr, unsigned long n)
 {
+	unsigned long page_mask;
+
 	if (unlikely(segment_eq(get_fs(), KERNEL_DS))) {
 		memset((void *)addr, 0, n);
 		return 0;
@@ -132,14 +170,14 @@ __clear_user_memset(void __user *addr, unsigned long n)
 		spinlock_t *ptl;
 		int tocopy;
 
-		while (!pin_page_for_write(addr, &pte, &ptl)) {
+		while (!pin_page_for_write(addr, &pte, &ptl, &page_mask)) {
 			up_read(&current->mm->mmap_sem);
 			if (__put_user(0, (char __user *)addr))
 				goto out;
 			down_read(&current->mm->mmap_sem);
 		}
 
-		tocopy = (~(unsigned long)addr & ~PAGE_MASK) + 1;
+		tocopy = (~(unsigned long)addr & ~page_mask) + 1;
 		if (tocopy > n)
 			tocopy = n;
 
@@ -147,7 +185,10 @@ __clear_user_memset(void __user *addr, unsigned long n)
 		addr += tocopy;
 		n -= tocopy;
 
-		pte_unmap_unlock(pte, ptl);
+		if (pte)
+			pte_unmap_unlock(pte, ptl);
+		else
+			spin_unlock(ptl);
 	}
 	up_read(&current->mm->mmap_sem);