From: Jason Gunthorpe <jgg@ziepe.ca>
To: Christoph Hellwig <hch@lst.de>
Cc: Philip Yang <Philip.Yang@amd.com>,
Ralph Campbell <rcampbell@nvidia.com>,
John Hubbard <jhubbard@nvidia.com>,
Felix.Kuehling@amd.com, dri-devel@lists.freedesktop.org,
Steven Price <steven.price@arm.com>,
linux-mm@kvack.org, Jerome Glisse <jglisse@redhat.com>,
amd-gfx@lists.freedesktop.org
Subject: Re: [PATCH hmm 3/8] mm/hmm: do not call hmm_vma_walk_hole() while holding a spinlock
Date: Mon, 16 Mar 2020 09:56:19 -0300 [thread overview]
Message-ID: <20200316125619.GD20941@ziepe.ca> (raw)
In-Reply-To: <20200316090503.GC12439@lst.de>
On Mon, Mar 16, 2020 at 10:05:03AM +0100, Christoph Hellwig wrote:
> On Wed, Mar 11, 2020 at 03:35:01PM -0300, Jason Gunthorpe wrote:
> > From: Jason Gunthorpe <jgg@mellanox.com>
> >
> > This eventually calls into handle_mm_fault() which is a sleeping function.
> > Release the lock first.
> >
> > hmm_vma_walk_hole() does not touch the contents of the PUD, so it does not
> > need the lock.
>
> So how did this manage to not be noticed before?
I'm still struggling a bit with how this PUD stuff works.. However
AFAICT:
1) The first hunk around pud_none() is actualy covering a race. In the
non-race case the page walker will directly call
hmm_vma_walk_hole() for pud_none so it would be very hard to hit
this
2) I'm not 100% sure, but I think pud_present() == pud_none(), as
there is no swap entry for PUD I don't know what a non-present
but non-none entry is or how to create one. This is possibly dead
code due to #1
3) To hit hmm_range_need_fault() requesting fault you would need
a read-only huge PUD and a fault requesting write. I suspect
creating a read only huge PUD entry is very rare - not something
someone would deliberately construct.
4) To even trigger the PUD flow at all you need the 1G THP or the
special 1G DAX pages which I strongly suspect people are not
testing with.
> The fix looks fine assuming we want something backportable before
> starting the cleanups:
I found it easier to make the other cleanup patches make sense if they
didn't introduce all kinds of new logic too..
Thanks,
Jason
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgg@ziepe.ca>
To: Christoph Hellwig <hch@lst.de>
Cc: Philip Yang <Philip.Yang@amd.com>,
Ralph Campbell <rcampbell@nvidia.com>,
John Hubbard <jhubbard@nvidia.com>,
Felix.Kuehling@amd.com, dri-devel@lists.freedesktop.org,
Steven Price <steven.price@arm.com>,
linux-mm@kvack.org, Jerome Glisse <jglisse@redhat.com>,
amd-gfx@lists.freedesktop.org
Subject: Re: [PATCH hmm 3/8] mm/hmm: do not call hmm_vma_walk_hole() while holding a spinlock
Date: Mon, 16 Mar 2020 09:56:19 -0300 [thread overview]
Message-ID: <20200316125619.GD20941@ziepe.ca> (raw)
In-Reply-To: <20200316090503.GC12439@lst.de>
On Mon, Mar 16, 2020 at 10:05:03AM +0100, Christoph Hellwig wrote:
> On Wed, Mar 11, 2020 at 03:35:01PM -0300, Jason Gunthorpe wrote:
> > From: Jason Gunthorpe <jgg@mellanox.com>
> >
> > This eventually calls into handle_mm_fault() which is a sleeping function.
> > Release the lock first.
> >
> > hmm_vma_walk_hole() does not touch the contents of the PUD, so it does not
> > need the lock.
>
> So how did this manage to not be noticed before?
I'm still struggling a bit with how this PUD stuff works.. However
AFAICT:
1) The first hunk around pud_none() is actualy covering a race. In the
non-race case the page walker will directly call
hmm_vma_walk_hole() for pud_none so it would be very hard to hit
this
2) I'm not 100% sure, but I think pud_present() == pud_none(), as
there is no swap entry for PUD I don't know what a non-present
but non-none entry is or how to create one. This is possibly dead
code due to #1
3) To hit hmm_range_need_fault() requesting fault you would need
a read-only huge PUD and a fault requesting write. I suspect
creating a read only huge PUD entry is very rare - not something
someone would deliberately construct.
4) To even trigger the PUD flow at all you need the 1G THP or the
special 1G DAX pages which I strongly suspect people are not
testing with.
> The fix looks fine assuming we want something backportable before
> starting the cleanups:
I found it easier to make the other cleanup patches make sense if they
didn't introduce all kinds of new logic too..
Thanks,
Jason
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgg@ziepe.ca>
To: Christoph Hellwig <hch@lst.de>
Cc: Jerome Glisse <jglisse@redhat.com>,
Ralph Campbell <rcampbell@nvidia.com>,
Felix.Kuehling@amd.com, linux-mm@kvack.org,
John Hubbard <jhubbard@nvidia.com>,
dri-devel@lists.freedesktop.org, amd-gfx@lists.freedesktop.org,
Philip Yang <Philip.Yang@amd.com>,
Steven Price <steven.price@arm.com>
Subject: Re: [PATCH hmm 3/8] mm/hmm: do not call hmm_vma_walk_hole() while holding a spinlock
Date: Mon, 16 Mar 2020 09:56:19 -0300 [thread overview]
Message-ID: <20200316125619.GD20941@ziepe.ca> (raw)
In-Reply-To: <20200316090503.GC12439@lst.de>
On Mon, Mar 16, 2020 at 10:05:03AM +0100, Christoph Hellwig wrote:
> On Wed, Mar 11, 2020 at 03:35:01PM -0300, Jason Gunthorpe wrote:
> > From: Jason Gunthorpe <jgg@mellanox.com>
> >
> > This eventually calls into handle_mm_fault() which is a sleeping function.
> > Release the lock first.
> >
> > hmm_vma_walk_hole() does not touch the contents of the PUD, so it does not
> > need the lock.
>
> So how did this manage to not be noticed before?
I'm still struggling a bit with how this PUD stuff works.. However
AFAICT:
1) The first hunk around pud_none() is actualy covering a race. In the
non-race case the page walker will directly call
hmm_vma_walk_hole() for pud_none so it would be very hard to hit
this
2) I'm not 100% sure, but I think pud_present() == pud_none(), as
there is no swap entry for PUD I don't know what a non-present
but non-none entry is or how to create one. This is possibly dead
code due to #1
3) To hit hmm_range_need_fault() requesting fault you would need
a read-only huge PUD and a fault requesting write. I suspect
creating a read only huge PUD entry is very rare - not something
someone would deliberately construct.
4) To even trigger the PUD flow at all you need the 1G THP or the
special 1G DAX pages which I strongly suspect people are not
testing with.
> The fix looks fine assuming we want something backportable before
> starting the cleanups:
I found it easier to make the other cleanup patches make sense if they
didn't introduce all kinds of new logic too..
Thanks,
Jason
next prev parent reply other threads:[~2020-03-16 13:07 UTC|newest]
Thread overview: 153+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-11 18:34 [PATCH hmm 0/8] Various error case bug fixes for hmm_range_fault() Jason Gunthorpe
2020-03-11 18:34 ` Jason Gunthorpe
2020-03-11 18:34 ` Jason Gunthorpe
2020-03-11 18:34 ` [PATCH hmm 1/8] mm/hmm: add missing unmaps of the ptep during hmm_vma_handle_pte() Jason Gunthorpe
2020-03-11 18:34 ` Jason Gunthorpe
2020-03-11 18:34 ` Jason Gunthorpe
2020-03-12 1:28 ` Ralph Campbell
2020-03-12 1:28 ` Ralph Campbell
2020-03-12 1:28 ` Ralph Campbell
2020-03-12 14:24 ` Jason Gunthorpe
2020-03-12 14:24 ` Jason Gunthorpe
2020-03-12 14:24 ` Jason Gunthorpe
2020-03-16 8:58 ` Christoph Hellwig
2020-03-16 8:58 ` Christoph Hellwig
2020-03-11 18:35 ` [PATCH hmm 2/8] mm/hmm: don't free the cached pgmap while scanning Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-12 1:29 ` Ralph Campbell
2020-03-12 1:29 ` Ralph Campbell
2020-03-12 1:29 ` Ralph Campbell
2020-03-16 9:02 ` Christoph Hellwig
2020-03-16 9:02 ` Christoph Hellwig
2020-03-16 18:07 ` Jason Gunthorpe
2020-03-16 18:07 ` Jason Gunthorpe
2020-03-16 18:07 ` Jason Gunthorpe
2020-03-16 18:13 ` Christoph Hellwig
2020-03-16 18:13 ` Christoph Hellwig
2020-03-16 19:23 ` Jason Gunthorpe
2020-03-16 19:23 ` Jason Gunthorpe
2020-03-16 19:23 ` Jason Gunthorpe
2020-03-11 18:35 ` [PATCH hmm 3/8] mm/hmm: do not call hmm_vma_walk_hole() while holding a spinlock Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-12 1:31 ` Ralph Campbell
2020-03-12 1:31 ` Ralph Campbell
2020-03-12 1:31 ` Ralph Campbell
2020-03-12 8:54 ` Steven Price
2020-03-12 8:54 ` Steven Price
2020-03-12 8:54 ` Steven Price
2020-03-12 10:28 ` [PATCH] mm/hmm: Simplify hmm_vma_walk_pud slightly Steven Price
2020-03-12 10:28 ` Steven Price
2020-03-12 10:28 ` Steven Price
2020-03-12 14:27 ` Jason Gunthorpe
2020-03-12 14:27 ` Jason Gunthorpe
2020-03-12 14:27 ` Jason Gunthorpe
2020-03-12 14:40 ` Steven Price
2020-03-12 14:40 ` Steven Price
2020-03-12 14:40 ` Steven Price
2020-03-12 15:11 ` Jason Gunthorpe
2020-03-12 15:11 ` Jason Gunthorpe
2020-03-12 15:11 ` Jason Gunthorpe
2020-03-12 16:16 ` Steven Price
2020-03-12 16:16 ` Steven Price
2020-03-12 16:16 ` Steven Price
2020-03-12 16:37 ` Jason Gunthorpe
2020-03-12 16:37 ` Jason Gunthorpe
2020-03-12 16:37 ` Jason Gunthorpe
2020-03-12 17:02 ` Steven Price
2020-03-12 17:02 ` Steven Price
2020-03-12 17:02 ` Steven Price
2020-03-12 17:17 ` Jason Gunthorpe
2020-03-12 17:17 ` Jason Gunthorpe
2020-03-12 17:17 ` Jason Gunthorpe
2020-03-13 19:55 ` Jason Gunthorpe
2020-03-13 19:55 ` Jason Gunthorpe
2020-03-13 19:55 ` Jason Gunthorpe
2020-03-13 21:04 ` Matthew Wilcox
2020-03-13 21:04 ` Matthew Wilcox
2020-03-13 21:04 ` Matthew Wilcox
2020-03-13 22:51 ` Jason Gunthorpe
2020-03-13 22:51 ` Jason Gunthorpe
2020-03-13 22:51 ` Jason Gunthorpe
2020-03-16 9:05 ` [PATCH hmm 3/8] mm/hmm: do not call hmm_vma_walk_hole() while holding a spinlock Christoph Hellwig
2020-03-16 9:05 ` Christoph Hellwig
2020-03-16 12:56 ` Jason Gunthorpe [this message]
2020-03-16 12:56 ` Jason Gunthorpe
2020-03-16 12:56 ` Jason Gunthorpe
2020-03-11 18:35 ` [PATCH hmm 4/8] mm/hmm: add missing pfns set to hmm_vma_walk_pmd() Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-12 1:33 ` Ralph Campbell
2020-03-12 1:33 ` Ralph Campbell
2020-03-12 1:33 ` Ralph Campbell
2020-03-16 9:06 ` Christoph Hellwig
2020-03-16 9:06 ` Christoph Hellwig
2020-03-11 18:35 ` [PATCH hmm 5/8] mm/hmm: add missing call to hmm_range_need_fault() before returning EFAULT Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-12 1:34 ` Ralph Campbell
2020-03-12 1:34 ` Ralph Campbell
2020-03-12 1:34 ` Ralph Campbell
2020-03-16 9:07 ` Christoph Hellwig
2020-03-16 9:07 ` Christoph Hellwig
2020-03-11 18:35 ` [PATCH hmm 6/8] mm/hmm: reorganize how !pte_present is handled in hmm_vma_handle_pte() Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-12 1:36 ` Ralph Campbell
2020-03-12 1:36 ` Ralph Campbell
2020-03-12 1:36 ` Ralph Campbell
2020-03-16 9:11 ` Christoph Hellwig
2020-03-16 9:11 ` Christoph Hellwig
2020-03-11 18:35 ` [PATCH hmm 7/8] mm/hmm: return -EFAULT when setting HMM_PFN_ERROR on requested valid pages Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-12 1:36 ` Ralph Campbell
2020-03-12 1:36 ` Ralph Campbell
2020-03-12 1:36 ` Ralph Campbell
2020-03-12 14:35 ` Jason Gunthorpe
2020-03-12 14:35 ` Jason Gunthorpe
2020-03-12 14:35 ` Jason Gunthorpe
2020-03-16 9:12 ` Christoph Hellwig
2020-03-16 9:12 ` Christoph Hellwig
2020-03-11 18:35 ` [PATCH hmm 8/8] mm/hmm: add missing call to hmm_pte_need_fault in HMM_PFN_SPECIAL handling Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-11 18:35 ` Jason Gunthorpe
2020-03-12 1:38 ` Ralph Campbell
2020-03-12 1:38 ` Ralph Campbell
2020-03-12 1:38 ` Ralph Campbell
2020-03-16 9:13 ` Christoph Hellwig
2020-03-16 9:13 ` Christoph Hellwig
2020-03-16 12:10 ` Jason Gunthorpe
2020-03-16 12:10 ` Jason Gunthorpe
2020-03-16 12:10 ` Jason Gunthorpe
2020-03-16 12:49 ` Christoph Hellwig
2020-03-16 12:49 ` Christoph Hellwig
2020-03-16 13:04 ` Jason Gunthorpe
2020-03-16 13:04 ` Jason Gunthorpe
2020-03-16 13:04 ` Jason Gunthorpe
2020-03-16 13:12 ` Christoph Hellwig
2020-03-16 13:12 ` Christoph Hellwig
2020-03-17 12:32 ` Christoph Hellwig
2020-03-17 12:32 ` Christoph Hellwig
2020-03-17 12:53 ` Jason Gunthorpe
2020-03-17 12:53 ` Jason Gunthorpe
2020-03-17 12:53 ` Jason Gunthorpe
2020-03-17 13:06 ` Christoph Hellwig
2020-03-17 13:06 ` Christoph Hellwig
2020-03-17 13:25 ` Jason Gunthorpe
2020-03-17 13:25 ` Jason Gunthorpe
2020-03-17 13:25 ` Jason Gunthorpe
2020-03-16 12:51 ` Christoph Hellwig
2020-03-16 12:51 ` Christoph Hellwig
2020-03-12 19:33 ` [PATCH hmm 9/8] mm/hmm: do not check pmd_protnone twice in hmm_vma_handle_pmd() Jason Gunthorpe
2020-03-12 19:33 ` Jason Gunthorpe
2020-03-12 19:33 ` Jason Gunthorpe
2020-03-12 23:50 ` Ralph Campbell
2020-03-12 23:50 ` Ralph Campbell
2020-03-12 23:50 ` Ralph Campbell
2020-03-16 9:14 ` Christoph Hellwig
2020-03-16 9:14 ` Christoph Hellwig
2020-03-16 18:25 ` [PATCH hmm 0/8] Various error case bug fixes for hmm_range_fault() Jason Gunthorpe
2020-03-16 18:25 ` Jason Gunthorpe
2020-03-16 18:25 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200316125619.GD20941@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=Felix.Kuehling@amd.com \
--cc=Philip.Yang@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=hch@lst.de \
--cc=jglisse@redhat.com \
--cc=jhubbard@nvidia.com \
--cc=linux-mm@kvack.org \
--cc=rcampbell@nvidia.com \
--cc=steven.price@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.