From: Jason Gunthorpe <jgg@nvidia.com>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: "DRI Development" <dri-devel@lists.freedesktop.org>,
LKML <linux-kernel@vger.kernel.org>,
kvm@vger.kernel.org, linux-mm@kvack.org,
linux-arm-kernel@lists.infradead.org,
linux-samsung-soc@vger.kernel.org, linux-media@vger.kernel.org,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Christoph Hellwig" <hch@infradead.org>,
"Kees Cook" <keescook@chromium.org>,
"Dan Williams" <dan.j.williams@intel.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"John Hubbard" <jhubbard@nvidia.com>,
"Jérôme Glisse" <jglisse@redhat.com>, "Jan Kara" <jack@suse.cz>
Subject: Re: [PATCH 1/3] mm: Add unsafe_follow_pfn
Date: Mon, 29 Mar 2021 10:29:39 -0300 [thread overview]
Message-ID: <20210329132939.GA1168773@nvidia.com> (raw)
In-Reply-To: <20210316153303.3216674-2-daniel.vetter@ffwll.ch>
On Tue, Mar 16, 2021 at 04:33:01PM +0100, Daniel Vetter wrote:
> Way back it was a reasonable assumptions that iomem mappings never
> change the pfn range they point at. But this has changed:
>
> - gpu drivers dynamically manage their memory nowadays, invalidating
> ptes with unmap_mapping_range when buffers get moved
>
> - contiguous dma allocations have moved from dedicated carvetouts to
> cma regions. This means if we miss the unmap the pfn might contain
> pagecache or anon memory (well anything allocated with GFP_MOVEABLE)
>
> - even /dev/mem now invalidates mappings when the kernel requests that
> iomem region when CONFIG_IO_STRICT_DEVMEM is set, see 3234ac664a87
> ("/dev/mem: Revoke mappings when a driver claims the region")
>
> Accessing pfns obtained from ptes without holding all the locks is
> therefore no longer a good idea.
>
> Unfortunately there's some users where this is not fixable (like v4l
> userptr of iomem mappings) or involves a pile of work (vfio type1
> iommu). For now annotate these as unsafe and splat appropriately.
>
> This patch adds an unsafe_follow_pfn, which later patches will then
> roll out to all appropriate places.
>
> Also mark up follow_pfn as EXPORT_SYMBOL_GPL. The only safe way to use
> that by drivers/modules is together with an mmu_notifier, and that's
> all _GPL stuff.
>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> Cc: Christoph Hellwig <hch@infradead.org>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: John Hubbard <jhubbard@nvidia.com>
> Cc: Jérôme Glisse <jglisse@redhat.com>
> Cc: Jan Kara <jack@suse.cz>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: linux-mm@kvack.org
> Cc: linux-arm-kernel@lists.infradead.org
> Cc: linux-samsung-soc@vger.kernel.org
> Cc: linux-media@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
> --
> v5: Suggestions from Christoph
> - reindent for less weirdness
> - use IS_ENABLED instead of #ifdef
> - same checks for nommu, for consistency
> - EXPORT_SYMBOL_GPL for follow_pfn.
> - kerneldoc was already updated in previous versions to explain when
> follow_pfn can be used safely
> ---
> include/linux/mm.h | 2 ++
> mm/memory.c | 34 ++++++++++++++++++++++++++++++++--
> mm/nommu.c | 27 ++++++++++++++++++++++++++-
> security/Kconfig | 13 +++++++++++++
> 4 files changed, 73 insertions(+), 3 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgg@nvidia.com>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: "DRI Development" <dri-devel@lists.freedesktop.org>,
LKML <linux-kernel@vger.kernel.org>,
kvm@vger.kernel.org, linux-mm@kvack.org,
linux-arm-kernel@lists.infradead.org,
linux-samsung-soc@vger.kernel.org, linux-media@vger.kernel.org,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Christoph Hellwig" <hch@infradead.org>,
"Kees Cook" <keescook@chromium.org>,
"Dan Williams" <dan.j.williams@intel.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"John Hubbard" <jhubbard@nvidia.com>,
"Jérôme Glisse" <jglisse@redhat.com>, "Jan Kara" <jack@suse.cz>
Subject: Re: [PATCH 1/3] mm: Add unsafe_follow_pfn
Date: Mon, 29 Mar 2021 10:29:39 -0300 [thread overview]
Message-ID: <20210329132939.GA1168773@nvidia.com> (raw)
In-Reply-To: <20210316153303.3216674-2-daniel.vetter@ffwll.ch>
On Tue, Mar 16, 2021 at 04:33:01PM +0100, Daniel Vetter wrote:
> Way back it was a reasonable assumptions that iomem mappings never
> change the pfn range they point at. But this has changed:
>
> - gpu drivers dynamically manage their memory nowadays, invalidating
> ptes with unmap_mapping_range when buffers get moved
>
> - contiguous dma allocations have moved from dedicated carvetouts to
> cma regions. This means if we miss the unmap the pfn might contain
> pagecache or anon memory (well anything allocated with GFP_MOVEABLE)
>
> - even /dev/mem now invalidates mappings when the kernel requests that
> iomem region when CONFIG_IO_STRICT_DEVMEM is set, see 3234ac664a87
> ("/dev/mem: Revoke mappings when a driver claims the region")
>
> Accessing pfns obtained from ptes without holding all the locks is
> therefore no longer a good idea.
>
> Unfortunately there's some users where this is not fixable (like v4l
> userptr of iomem mappings) or involves a pile of work (vfio type1
> iommu). For now annotate these as unsafe and splat appropriately.
>
> This patch adds an unsafe_follow_pfn, which later patches will then
> roll out to all appropriate places.
>
> Also mark up follow_pfn as EXPORT_SYMBOL_GPL. The only safe way to use
> that by drivers/modules is together with an mmu_notifier, and that's
> all _GPL stuff.
>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> Cc: Christoph Hellwig <hch@infradead.org>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: John Hubbard <jhubbard@nvidia.com>
> Cc: Jérôme Glisse <jglisse@redhat.com>
> Cc: Jan Kara <jack@suse.cz>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: linux-mm@kvack.org
> Cc: linux-arm-kernel@lists.infradead.org
> Cc: linux-samsung-soc@vger.kernel.org
> Cc: linux-media@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
> --
> v5: Suggestions from Christoph
> - reindent for less weirdness
> - use IS_ENABLED instead of #ifdef
> - same checks for nommu, for consistency
> - EXPORT_SYMBOL_GPL for follow_pfn.
> - kerneldoc was already updated in previous versions to explain when
> follow_pfn can be used safely
> ---
> include/linux/mm.h | 2 ++
> mm/memory.c | 34 ++++++++++++++++++++++++++++++++--
> mm/nommu.c | 27 ++++++++++++++++++++++++++-
> security/Kconfig | 13 +++++++++++++
> 4 files changed, 73 insertions(+), 3 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgg@nvidia.com>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: linux-samsung-soc@vger.kernel.org, "Jan Kara" <jack@suse.cz>,
"Kees Cook" <keescook@chromium.org>,
kvm@vger.kernel.org, "John Hubbard" <jhubbard@nvidia.com>,
LKML <linux-kernel@vger.kernel.org>,
"DRI Development" <dri-devel@lists.freedesktop.org>,
"Christoph Hellwig" <hch@infradead.org>,
linux-mm@kvack.org, "Jérôme Glisse" <jglisse@redhat.com>,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Dan Williams" <dan.j.williams@intel.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
linux-arm-kernel@lists.infradead.org,
linux-media@vger.kernel.org
Subject: Re: [PATCH 1/3] mm: Add unsafe_follow_pfn
Date: Mon, 29 Mar 2021 10:29:39 -0300 [thread overview]
Message-ID: <20210329132939.GA1168773@nvidia.com> (raw)
In-Reply-To: <20210316153303.3216674-2-daniel.vetter@ffwll.ch>
On Tue, Mar 16, 2021 at 04:33:01PM +0100, Daniel Vetter wrote:
> Way back it was a reasonable assumptions that iomem mappings never
> change the pfn range they point at. But this has changed:
>
> - gpu drivers dynamically manage their memory nowadays, invalidating
> ptes with unmap_mapping_range when buffers get moved
>
> - contiguous dma allocations have moved from dedicated carvetouts to
> cma regions. This means if we miss the unmap the pfn might contain
> pagecache or anon memory (well anything allocated with GFP_MOVEABLE)
>
> - even /dev/mem now invalidates mappings when the kernel requests that
> iomem region when CONFIG_IO_STRICT_DEVMEM is set, see 3234ac664a87
> ("/dev/mem: Revoke mappings when a driver claims the region")
>
> Accessing pfns obtained from ptes without holding all the locks is
> therefore no longer a good idea.
>
> Unfortunately there's some users where this is not fixable (like v4l
> userptr of iomem mappings) or involves a pile of work (vfio type1
> iommu). For now annotate these as unsafe and splat appropriately.
>
> This patch adds an unsafe_follow_pfn, which later patches will then
> roll out to all appropriate places.
>
> Also mark up follow_pfn as EXPORT_SYMBOL_GPL. The only safe way to use
> that by drivers/modules is together with an mmu_notifier, and that's
> all _GPL stuff.
>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> Cc: Christoph Hellwig <hch@infradead.org>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: John Hubbard <jhubbard@nvidia.com>
> Cc: Jérôme Glisse <jglisse@redhat.com>
> Cc: Jan Kara <jack@suse.cz>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: linux-mm@kvack.org
> Cc: linux-arm-kernel@lists.infradead.org
> Cc: linux-samsung-soc@vger.kernel.org
> Cc: linux-media@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
> --
> v5: Suggestions from Christoph
> - reindent for less weirdness
> - use IS_ENABLED instead of #ifdef
> - same checks for nommu, for consistency
> - EXPORT_SYMBOL_GPL for follow_pfn.
> - kerneldoc was already updated in previous versions to explain when
> follow_pfn can be used safely
> ---
> include/linux/mm.h | 2 ++
> mm/memory.c | 34 ++++++++++++++++++++++++++++++++--
> mm/nommu.c | 27 ++++++++++++++++++++++++++-
> security/Kconfig | 13 +++++++++++++
> 4 files changed, 73 insertions(+), 3 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2021-03-29 13:30 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 15:33 [PATCH 0/3] switch to unsafe_follow_pfn Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` [PATCH 1/3] mm: Add unsafe_follow_pfn Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-29 13:29 ` Jason Gunthorpe [this message]
2021-03-29 13:29 ` Jason Gunthorpe
2021-03-29 13:29 ` Jason Gunthorpe
2021-03-16 15:33 ` [PATCH 2/3] media/videobuf1|2: Mark follow_pfn usage as unsafe Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:45 ` Christoph Hellwig
2021-03-16 15:45 ` Christoph Hellwig
2021-03-16 15:52 ` Daniel Vetter
2021-03-16 15:52 ` Daniel Vetter
2021-03-16 15:52 ` Daniel Vetter
2021-03-17 7:22 ` Christoph Hellwig
2021-03-17 7:22 ` Christoph Hellwig
2021-03-17 8:04 ` Daniel Vetter
2021-03-17 8:04 ` Daniel Vetter
2021-03-17 8:04 ` Daniel Vetter
2021-03-16 15:33 ` [PATCH 3/3] mm: unexport follow_pfn Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-24 12:52 ` Jason Gunthorpe
2021-03-24 12:52 ` Jason Gunthorpe
2021-03-24 12:52 ` Jason Gunthorpe
2021-03-24 14:31 ` Paolo Bonzini
2021-03-24 14:31 ` Paolo Bonzini
2021-03-24 14:31 ` Paolo Bonzini
2021-03-24 19:17 ` Daniel Vetter
2021-03-24 19:17 ` Daniel Vetter
2021-03-24 19:17 ` Daniel Vetter
2021-03-25 21:33 ` Daniel Vetter
2021-03-25 21:33 ` Daniel Vetter
2021-03-25 21:33 ` Daniel Vetter
2021-03-29 13:31 ` Jason Gunthorpe
2021-03-29 13:31 ` Jason Gunthorpe
2021-03-29 13:31 ` Jason Gunthorpe
2021-04-08 10:05 ` Daniel Vetter
2021-04-08 10:05 ` Daniel Vetter
2021-04-08 10:05 ` Daniel Vetter
2021-04-08 11:40 ` Paolo Bonzini
2021-04-08 11:40 ` Paolo Bonzini
2021-04-08 11:40 ` Paolo Bonzini
2021-04-08 11:44 ` Daniel Vetter
2021-04-08 11:44 ` Daniel Vetter
2021-04-08 11:44 ` Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210329132939.GA1168773@nvidia.com \
--to=jgg@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=dan.j.williams@intel.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel.vetter@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=jglisse@redhat.com \
--cc=jhubbard@nvidia.com \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-samsung-soc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.