From: "Christian König" <ckoenig.leichtzumerken@gmail.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: "Daniel Vetter" <daniel.vetter@ffwll.ch>,
"Christian König" <christian.koenig@amd.com>,
"DRI Development" <dri-devel@lists.freedesktop.org>,
"Intel Graphics Development" <intel-gfx@lists.freedesktop.org>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Suren Baghdasaryan" <surenb@google.com>,
"Matthew Wilcox" <willy@infradead.org>,
"John Stultz" <john.stultz@linaro.org>,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
linux-media@vger.kernel.org, linaro-mm-sig@lists.linaro.org
Subject: Re: [Linaro-mm-sig] Re: [PATCH] dma-buf: Require VM_PFNMAP vma for mmap
Date: Wed, 23 Nov 2022 14:12:25 +0100 [thread overview]
Message-ID: <dc2a9d7f-192b-e9d8-b1d1-3b868cb1fd44@gmail.com> (raw)
In-Reply-To: <Y34XvmtHfb4ZwopN@ziepe.ca>
Am 23.11.22 um 13:53 schrieb Jason Gunthorpe:
> On Wed, Nov 23, 2022 at 01:49:41PM +0100, Christian König wrote:
>> Am 23.11.22 um 13:46 schrieb Jason Gunthorpe:
>>> On Wed, Nov 23, 2022 at 11:06:55AM +0100, Daniel Vetter wrote:
>>>
>>>>> Maybe a GFP flag to set the page reference count to zero or something
>>>>> like this?
>>>> Hm yeah that might work. I'm not sure what it will all break though?
>>>> And we'd need to make sure that underflowing the page refcount dies in
>>>> a backtrace.
>>> Mucking with the refcount like this to protect against crazy out of
>>> tree drives seems horrible..
>> Well not only out of tree drivers. The intree KVM got that horrible
>> wrong as well, those where the latest guys complaining about it.
> kvm was taking refs on special PTEs? That seems really unlikely?
Well then look at this code here:
commit add6a0cd1c5ba51b201e1361b05a5df817083618
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue Jun 7 17:51:18 2016 +0200
KVM: MMU: try to fix up page faults before giving up
The vGPU folks would like to trap the first access to a BAR by setting
vm_ops on the VMAs produced by mmap-ing a VFIO device. The fault
handler
then can use remap_pfn_range to place some non-reserved pages in
the VMA.
This kind of VM_PFNMAP mapping is not handled by KVM, but follow_pfn
and fixup_user_fault together help supporting it. The patch also
supports
VM_MIXEDMAP vmas where the pfns are not reserved and thus subject to
reference counting.
Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Tested-by: Neo Jia <cjia@nvidia.com>
Reported-by: Kirti Wankhede <kwankhede@nvidia.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
And see also the discussion here:
https://patchwork.freedesktop.org/patch/414123/
as well as here: https://patchwork.freedesktop.org/patch/499190/
I can't count how often I have pointed out that this is absolutely
illegal and KVM can't touch pages in VMAs with VM_PFNMAP.
>>> The WARN_ON(pag_count(p) != 1) seems like a reasonable thing to do
>>> though, though you must combine this with the special PTE flag..
>> That's not sufficient. The pages are released much later than things
>> actually go wrong. In most cases this WARN_ON here won't hit.
> How so? As long as the page is mapped into the PTE there is no issue
> with corruption. If dmabuf checks the refcount after it does the unmap
> mapping range it should catch any bogus pin that might be confused
> about address coherency.
Yeah, that would work. The problem is this WARN_ON() comes much later.
The device drivers usually keep the page around for a while even after
it is unmapped. IIRC the cleanup worker only runs every 10ms or so.
Christian.
>
> Jason
next prev parent reply other threads:[~2022-11-23 13:31 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-22 17:08 [PATCH] dma-buf: Require VM_PFNMAP vma for mmap Daniel Vetter
2022-11-22 18:03 ` Jason Gunthorpe
2022-11-22 18:08 ` Daniel Vetter
2022-11-22 18:50 ` Jason Gunthorpe
2022-11-22 19:29 ` Daniel Vetter
2022-11-22 19:34 ` Jason Gunthorpe
2022-11-22 19:50 ` Daniel Vetter
2022-11-23 9:06 ` Christian König
2022-11-23 9:30 ` Daniel Vetter
2022-11-23 9:39 ` [Linaro-mm-sig] " Christian König
2022-11-23 10:06 ` Daniel Vetter
2022-11-23 12:46 ` Jason Gunthorpe
2022-11-23 12:49 ` Christian König
2022-11-23 12:53 ` Jason Gunthorpe
2022-11-23 13:12 ` Christian König [this message]
2022-11-23 13:28 ` Jason Gunthorpe
2022-11-23 14:28 ` Daniel Vetter
2022-11-23 15:04 ` Jason Gunthorpe
2022-11-23 16:22 ` Daniel Vetter
2022-11-23 14:34 ` Daniel Vetter
2022-11-23 15:08 ` Jason Gunthorpe
2022-11-23 15:15 ` Christian König
2022-11-23 16:26 ` Daniel Vetter
2022-11-23 16:26 ` Jason Gunthorpe
2022-11-23 8:07 ` Thomas Zimmermann
2022-11-23 9:33 ` Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dc2a9d7f-192b-e9d8-b1d1-3b868cb1fd44@gmail.com \
--to=ckoenig.leichtzumerken@gmail.com \
--cc=christian.koenig@amd.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel.vetter@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jgg@ziepe.ca \
--cc=john.stultz@linaro.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-media@vger.kernel.org \
--cc=sumit.semwal@linaro.org \
--cc=surenb@google.com \
--cc=tzimmermann@suse.de \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox