Re: [patch 2/6] mm: fix vma_is_anonymous() false-positives

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Gunthorpe <jgg@ziepe.ca>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Doug Ledford <dledford@redhat.com>,
	Yishai Hadas <yishaih@mellanox.com>,
	Lijun Ou <oulijun@huawei.com>,
	"Wei Hu(Xavier)" <xavier.huwei@huawei.com>,
	stable <stable@vger.kernel.org>, Oleg Nesterov <oleg@redhat.com>,
	marcel.ziswiler@toradex.com, Dmitry Vyukov <dvyukov@google.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	mm-commits@vger.kernel.org
Subject: Re: [patch 2/6] mm: fix vma_is_anonymous() false-positives
Date: Sun, 22 Jul 2018 21:17:31 -0600	[thread overview]
Message-ID: <20180723031731.GA532@ziepe.ca> (raw)
In-Reply-To: <CA+55aFxJTV_g46AQPoPXen-UPiqR1HGMZictt7VpC-SMFbm3Cw@mail.gmail.com>

On Sun, Jul 22, 2018 at 01:21:06PM -0700, Linus Torvalds wrote:
> On Sat, Jul 21, 2018 at 3:49 PM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > IOW, Kirill's patch now just boils down to the attached trial patch.
> 
> Side note: we have a few rdma drivers that mess with vm_ops.
> 
> One does so intentionally, see mlx4_ib_vma_open() in
> 
>     drivers/infiniband/hw/mlx4/main.c

Both drivers should be doing this for identical reasons, the long
comment in mlx4/main.c appears to be the rational and expected
behavior..

mlx5/main.c also does this.

Most likely this entire process should be part of the core support
library and not open coded like this in drivers.

> and one *may* be intentional but it's not entirely clear:
> hns_roce_vma_open() may bve the same issue, but
> hns_roce_disassociate_ucontext() just looks pointless in
> 
>     drivers/infiniband/hw/hns/hns_roce_main.c

All three drivers should have code like this as well, it is triggered
during something like a PCI hot unplug,

What the drivers are doing is mapping PCI BAR memory in response to
mmap().

When the device becomes unplugged then the BAR memory map is to be
revoked and replaced with a zero page, so the physical device can be
physically un-plugged, or hard reset. (ie access to the BAR memory may
now MCE or something)

This is probably the strongest reason why these pages need to be
protected, as the driver must be able to hunt down all user space
mappings of the BAR page and do this zeroing, so "don't copy" and
other flags seem necessary with the current vma tracking approach.

Would be glad to hear if this algorithm with zap_vma_ptes makes any
sense or is totally wrong.

However, I believe, at least for mlx4/5, it is actually actively
tested and does work in the straightfoward case.

> Afaik, they should just use  VM_DONTCOPY to not see the fork open
> case, VM_DONTEXPAND to fail a size-changing mremap, and set a
> vm_ops->split() function that returns an error.

This does makes more sense, I certainly would prefer well defined
flags over this strange manipulation.

If you say this approach will do what is needed I'll ask the driver
maintainer to code and test with it..

Jason

next prev parent reply	other threads:[~2018-07-23  4:16 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-21  0:53 [patch 2/6] mm: fix vma_is_anonymous() false-positives akpm
2018-07-21 19:48 ` Linus Torvalds
2018-07-21 22:34   ` Linus Torvalds
2018-07-21 22:49     ` Linus Torvalds
2018-07-22 20:21       ` Linus Torvalds
2018-07-23  3:17         ` Jason Gunthorpe [this message]
2018-09-28 17:43         ` Jason Gunthorpe
2018-07-23  8:56       ` Kirill A. Shutemov
2018-07-23 19:16         ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180723031731.GA532@ziepe.ca \
    --to=jgg@ziepe.ca \
    --cc=aarcange@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=dledford@redhat.com \
    --cc=dvyukov@google.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=marcel.ziswiler@toradex.com \
    --cc=mm-commits@vger.kernel.org \
    --cc=oleg@redhat.com \
    --cc=oulijun@huawei.com \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=xavier.huwei@huawei.com \
    --cc=yishaih@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.