From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=YsDo=EI=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-11.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SIGNED_OFF_BY,SPF_HELO_NONE,
	SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8944EC00A89
	for <linux-mm@archiver.kernel.org>; Mon,  2 Nov 2020 19:19:49 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id EDBEA2225E
	for <linux-mm@archiver.kernel.org>; Mon,  2 Nov 2020 19:19:48 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=nvidia.com header.i=@nvidia.com header.b="RQlnPcAN"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EDBEA2225E
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=nvidia.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 3E0DF6B0036; Mon,  2 Nov 2020 14:19:48 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3B7236B005C; Mon,  2 Nov 2020 14:19:48 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 27EFE6B0068; Mon,  2 Nov 2020 14:19:48 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0143.hostedemail.com [216.40.44.143])
	by kanga.kvack.org (Postfix) with ESMTP id F02406B0036
	for <linux-mm@kvack.org>; Mon,  2 Nov 2020 14:19:47 -0500 (EST)
Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 8E92F362D
	for <linux-mm@kvack.org>; Mon,  2 Nov 2020 19:19:47 +0000 (UTC)
X-FDA: 77440442814.30.fifth32_2708d3c272b2
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin30.hostedemail.com (Postfix) with ESMTP id 644C3180B3C8B
	for <linux-mm@kvack.org>; Mon,  2 Nov 2020 19:19:47 +0000 (UTC)
X-HE-Tag: fifth32_2708d3c272b2
X-Filterd-Recvd-Size: 4541
Received: from hqnvemgate25.nvidia.com (hqnvemgate25.nvidia.com [216.228.121.64])
	by imf40.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon,  2 Nov 2020 19:19:46 +0000 (UTC)
Received: from hqmail.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate25.nvidia.com (using TLS: TLSv1.2, AES256-SHA)
	id <B5fa05bd10000>; Mon, 02 Nov 2020 11:19:45 -0800
Received: from [10.2.49.167] (10.124.1.5) by HQMAIL107.nvidia.com
 (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 2 Nov
 2020 19:19:41 +0000
Subject: Re: [PATCH rc v2] mm/gup: use unpin_user_pages() in
 __gup_longterm_locked()
To: Jason Gunthorpe <jgg@nvidia.com>, Andrew Morton
	<akpm@linux-foundation.org>, <linux-mm@kvack.org>
CC: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>, Dan Williams
	<dan.j.williams@intel.com>, Ira Weiny <ira.weiny@intel.com>
References: <0-v2-3ae7d9d162e2+2a7-gup_cma_fix_jgg@nvidia.com>
From: John Hubbard <jhubbard@nvidia.com>
Message-ID: <1446f69f-092f-d71b-acdb-688f36293fb2@nvidia.com>
Date: Mon, 2 Nov 2020 11:19:40 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <0-v2-3ae7d9d162e2+2a7-gup_cma_fix_jgg@nvidia.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.124.1.5]
X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To
 HQMAIL107.nvidia.com (172.20.187.13)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1;
	t=1604344785; bh=TSjntT6p7XkesIXoZ5C5glWmGyib0DfMcZC7czI+uwM=;
	h=Subject:To:CC:References:From:Message-ID:Date:User-Agent:
	 MIME-Version:In-Reply-To:Content-Type:Content-Language:
	 Content-Transfer-Encoding:X-Originating-IP:X-ClientProxiedBy;
	b=RQlnPcANxSgowanFig5febkOz4d8ujS8C4SbyExoh5nwDhh2EEWBf/UWIpUZ02AGb
	 OXj8F2j1TnTRtfzmMRWjvSqmdVPXAtKIGMfQERvW7w+HdkyaHtVhNHPbEvgV8yU74N
	 ZdGeTux2Dekn7doq7oJwVMaIdXtEFaSZDbAWrFyrFFEzXnHuvKtLjBJJx7GJGTUyvH
	 yJtVpeYwd87JWFDTqFDxtMLKXj8ZBh9BMB+dC4FyIjNFc5kyNh1kmMxzHuewgL7swQ
	 Hpnstyf725zhl5/sWlWccw59zY21DSkcF8+8oFMesLOSvY77KMVgwLk0utfqEcCbcP
	 ApN/6OECTI2eA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 11/2/20 10:19 AM, Jason Gunthorpe wrote:
> When FOLL_PIN is passed to __get_user_pages() the page list must be put
> back using unpin_user_pages() otherwise the page pin reference persists in
> a corrupted state.
> 
> There are two places in the unwind of __gup_longterm_locked() that put the
> pages back without checking. Normally on error this function would return
> the partial page list making this the caller's responsibility, but in
> these two cases the caller is not allowed to see these pages at all.
> 
> Cc: <stable@kernel.org>
> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
> Fixes: 3faa52c03f44 ("mm/gup: track FOLL_PIN pages")
> Reported-by: Ira Weiny <ira.weiny@intel.com>
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> ---
>   mm/gup.c | 14 ++++++++++----
>   1 file changed, 10 insertions(+), 4 deletions(-)
> 

Reviewed-by: John Hubbard <jhubbard@nvidia.com>

thanks,
-- 
John Hubbard
NVIDIA

> v2:
>   - Catch the DAX related case as well (Ira)
> v1: https://lore.kernel.org/r/0-v1-976effcd4468+d4-gup_cma_fix_jgg@nvidia.com
> 
> Andrew, this version with a modified commit message and extra hunk replaces:
>    mm-gup-use-unpin_user_pages-in-check_and_migrate_cma_pages.patch
> 
> Thanks,
> Jason
> 
> diff --git a/mm/gup.c b/mm/gup.c
> index 102877ed77a4b4..98eb8e6d2609c3 100644
> --- a/mm/gup.c
> +++ b/mm/gup.c
> @@ -1647,8 +1647,11 @@ static long check_and_migrate_cma_pages(struct mm_struct *mm,
>   		/*
>   		 * drop the above get_user_pages reference.
>   		 */
> -		for (i = 0; i < nr_pages; i++)
> -			put_page(pages[i]);
> +		if (gup_flags & FOLL_PIN)
> +			unpin_user_pages(pages, nr_pages);
> +		else
> +			for (i = 0; i < nr_pages; i++)
> +				put_page(pages[i]);
>   
>   		if (migrate_pages(&cma_page_list, alloc_migration_target, NULL,
>   			(unsigned long)&mtc, MIGRATE_SYNC, MR_CONTIG_RANGE)) {
> @@ -1728,8 +1731,11 @@ static long __gup_longterm_locked(struct mm_struct *mm,
>   			goto out;
>   
>   		if (check_dax_vmas(vmas_tmp, rc)) {
> -			for (i = 0; i < rc; i++)
> -				put_page(pages[i]);
> +			if (gup_flags & FOLL_PIN)
> +				unpin_user_pages(pages, rc);
> +			else
> +				for (i = 0; i < rc; i++)
> +					put_page(pages[i]);
>   			rc = -EOPNOTSUPP;
>   			goto out;
>   		}
>