From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE595C2D0A3 for ; Sun, 1 Nov 2020 21:15:22 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5C46722254 for ; Sun, 1 Nov 2020 21:15:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="uuyQkBKY"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nvidia.com header.i=@nvidia.com header.b="TG0DDiiN" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5C46722254 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=nvidia.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Type: Content-Transfer-Encoding:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=hqnZEYF7KIrtSXqpEdQARBWwIMlmYQHx4YOSksoHoZU=; b=uuyQkBKYeHYrLDq0kEwaZlhrw vaIKVfaWQxULmqHnh9kaMrbhdbrPUtX2sVBl8xTt8OWbvSZ3Wsp0iDVX/vaOjZx3oq39Iwmw6k1Ai P1S5NjKKuixQBLU+p3pHx/O8apFYNgwDgvso5ZIcwHOZOBocDvCQgFjUGzGufmFIOCaKb2Wb1hjYq u1xkhxv6GNTcw7JWoGATalPWeSW1RW+dBdFTO2Sn+yI+rT2J0SGyk1K4n/76PimG8l82uHRX+9hIv KehP35XlDhe7h4l7PXBnc684kQA2+xxVyKCxw/WUUT9mnHsnmEdjnNV/d8vjb324Bvyc4MsWFJcwD CxF3TIkYQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kZKf9-0005Zb-6E; Sun, 01 Nov 2020 21:13:19 +0000 Received: from hqnvemgate26.nvidia.com ([216.228.121.65]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kZKf7-0005Yd-0X for linux-arm-kernel@lists.infradead.org; Sun, 01 Nov 2020 21:13:18 +0000 Received: from hqmail.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate26.nvidia.com (using TLS: TLSv1.2, AES256-SHA) id ; Sun, 01 Nov 2020 13:13:25 -0800 Received: from [10.2.57.191] (10.124.1.5) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 1 Nov 2020 21:13:08 +0000 Subject: Re: [PATCH v5 05/15] mm/frame-vector: Use FOLL_LONGTERM To: Daniel Vetter References: <20201030100815.2269-1-daniel.vetter@ffwll.ch> <20201030100815.2269-6-daniel.vetter@ffwll.ch> <446b2d5b-a1a1-a408-f884-f17a04b72c18@nvidia.com> <1f7cf690-35e2-c56f-6d3f-94400633edd2@nvidia.com> From: John Hubbard Message-ID: <7f29a42a-c408-525d-90b7-ef3c12b5826c@nvidia.com> Date: Sun, 1 Nov 2020 13:13:07 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Originating-IP: [10.124.1.5] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1604265205; bh=GWXSjI75ejnpzeAzx+sY3ihD8k46wdcZjw6eIUm7yio=; h=Subject:To:CC:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding:X-Originating-IP:X-ClientProxiedBy; b=TG0DDiiN9wLyRJWPF4CK0bEiJecwbW6ZaU1EN3hcK+iiLqOS9MI5dU3fkfekhcLSo D8Uroub9UM3IxPuTpp/mdgWWmHBWeS5eox6FXTaFdsBWTBNRSgl5Cu5ZtmfE5KMOE7 myLAKYSS+2WWJhxLFAZxS4gweCWLuvWhrXyo/YhKjdz4lKGmESIZ+FE4lXpbabFgXi pvFXgZ524Vh7ASupM1Te+PsZY8D0x5iGctVe+fU1Nuogn5PuHPjsxVHvqUnnw+jQJn V6H5EGgGWnRfNNY+MZZaEeCvQaNhrKoJRvhfG/sSJ5h2RgpbPxIN1qVGpViLA1sekZ JTKyA/FR7JJwQ== X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201101_161317_142258_E100109E X-CRM114-Status: GOOD ( 31.40 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?B?SsOpcsO0bWUgR2xpc3Nl?= , linux-samsung-soc , Jan Kara , Pawel Osciak , KVM list , Jason Gunthorpe , Mauro Carvalho Chehab , LKML , DRI Development , Tomasz Figa , Linux MM , Kyungmin Park , Daniel Vetter , Andrew Morton , Marek Szyprowski , Dan Williams , Linux ARM , "open list:DMA BUFFER SHARING FRAMEWORK" Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 11/1/20 2:30 AM, Daniel Vetter wrote: > On Sun, Nov 1, 2020 at 6:22 AM John Hubbard wrote: >> >> On 10/31/20 7:45 AM, Daniel Vetter wrote: >>> On Sat, Oct 31, 2020 at 3:55 AM John Hubbard wrote: >>>> On 10/30/20 3:08 AM, Daniel Vetter wrote: >> ... >>>> By removing this check from this location, and changing from >>>> pin_user_pages_locked() to pin_user_pages_fast(), I *think* we end up >>>> losing the check entirely. Is that intended? If so it could use a comment >>>> somewhere to explain why. >>> >>> Yeah this wasn't intentional. I think I needed to drop the _locked >>> version to prep for FOLL_LONGTERM, and figured _fast is always better. >>> But I didn't realize that _fast doesn't have the vma checks, gup.c got >>> me a bit confused. >> >> Actually, I thought that the change to _fast was a very nice touch, btw. >> >>> >>> I'll remedy this in all the patches where this applies (because a >>> VM_IO | VM_PFNMAP can point at struct page backed memory, and that >>> exact use-case is what we want to stop with the unsafe_follow_pfn work >>> since it wreaks things like cma or security). >>> >>> Aside: I do wonder whether the lack for that check isn't a problem. >>> VM_IO | VM_PFNMAP generally means driver managed, which means the >>> driver isn't going to consult the page pin count or anything like that >>> (at least not necessarily) when revoking or moving that memory, since >>> we're assuming it's totally under driver control. So if pup_fast can >>> get into such a mapping, we might have a problem. >>> -Daniel >>> >> >> Yes. I don't know why that check is missing from the _fast path. >> Probably just an oversight, seeing as how it's in the slow path. Maybe >> the appropriate response here is to add a separate patch that adds the >> check. >> >> I wonder if I'm overlooking something, but it certainly seems correct to >> do that. > > You'll need the mmap_sem to get at the vma to be able to do this > check. If you add that to _fast, you made it as fast as the slow one. Arggh, yes of course. Strike that, please. :) > Plus there's _fast_only due to locking recurion issues in fast-paths > (I assume, I didn't check all the callers). > > I'm just wondering whether we have a bug somewhere with device > drivers. For CMA regions we always check in try_grab_page, but for dax OK, so here you're talking about a different bug than the VM_IO | VM_PFNMAP pages, I think. This is about the "FOLL_LONGTERM + CMA + gup/pup _fast" combination that is not allowed, right? For that: try_grab_page() doesn't check anything, but try_grab_compound_head() does, but only for pup_fast, not gup_fast. That was added by commit df3a0a21b698d ("mm/gup: fix omission of check on FOLL_LONGTERM in gup fast path") in April. I recall that the patch was just plugging a very specific hole, as opposed to locking down the API against mistakes or confused callers. And it does seem that there are some holes. > I'm not seeing where the checks in the _fast fastpaths are, and that > all still leaves random device driver mappings behind which aren't > backed by CMA but still point to something with a struct page behind > it. I'm probably just missing something, but no idea what. > -Daniel > Certainly we've established that we can't check VMA flags by that time, so I'm not sure that there is much we can check by the time we get to gup/pup _fast. Seems like the device drivers have to avoid calling _fast with pages that live in VM_IO | VM_PFNMAP, by design, right? Or maybe you're talking about CMA checks only? thanks, -- John Hubbard NVIDIA _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel