From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.3 required=3.0 tests=DATE_IN_PAST_03_06, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B70BCA9EC3 for ; Tue, 29 Oct 2019 17:20:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 25D312067D for ; Tue, 29 Oct 2019 17:20:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kMvDAfqN" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390752AbfJ2RUA (ORCPT ); Tue, 29 Oct 2019 13:20:00 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:42174 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390744AbfJ2RUA (ORCPT ); Tue, 29 Oct 2019 13:20:00 -0400 Received: by mail-wr1-f65.google.com with SMTP id a15so2263979wrf.9 for ; Tue, 29 Oct 2019 10:19:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=reply-to:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=+7k6Tgo7zdAI3sdkV2vUab4Qg2cErY2tDGH+QpqLC8g=; b=kMvDAfqNMsgwLVSlQz2HGv5SXkrMFIA/sC5PQVA0qHCk2uNpr3vgteNY32KO6XolN9 jrYaAZAZBspll0O/IT//xBGYiWDFZD8KU1uPmY2vK3KPsyhTb7mzyGHCGTLByQgbXpOx OeloXmN2vq/6bG5ZHNwG845uL6ZvA2Sdmd4uYMZ4E+4NJ7wccdnycw840yvcV4FBt6VL /xrA8JLUiBY/5hX+ugxid7ZLni4gqfgl/j7jRF06f5phYKlyiq6OI+yIzaRotZfKsIyc R7JU0GMg+/jruClJEMts6SYQJZeL4C+Qp1GS1gxReNthE6HvcZsnnoBEcT3avouO/n1H WYQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:subject:to:cc:references:from :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=+7k6Tgo7zdAI3sdkV2vUab4Qg2cErY2tDGH+QpqLC8g=; b=D2Xu/1BwYb28of9oBY4/Q5vniZw1rnGyEuKA1LM8X0sauhU+nGvLWm/OhY5GKDb5dr fdAw/rYofM7Mn68cqlZAZ9MKWB5tg0lzUdUCCO739hR3b58mACdbdaZeJPoCwzP/DWkz +iy3wqnJyO8RyiNKLopNNo49oF3UCPeixU11JLbH1amNw/NLfesWGkGDlad+BcgIx44e BBNJXQic+5Jouu8Dx7tqvC1E1TrwHWBsSoGsJxx7YEmub0cCazgaquBBbv8PBiOZt4Y8 vDT1YEwd+cr2TOU4BSozEV9nyKqMFyy2v1V56cywdm/93KdXnBIGnqcR98a1HcjgKAdz ZxIA== X-Gm-Message-State: APjAAAVfFaRpXRo30FqCZ5l5leJws4mjZvHGBwJzZXzCboJLhxpHCren 1HG4oLCXdKs3g2UzqNQoM4g= X-Google-Smtp-Source: APXvYqyE7qwpgL7KV62AOaDM+oFRQdWcTDjdZKuljhwWYaRRqCfiSc2s9/fNi7ZWZZwXl8hUkkgUgA== X-Received: by 2002:adf:ef0a:: with SMTP id e10mr20205293wro.234.1572369597497; Tue, 29 Oct 2019 10:19:57 -0700 (PDT) Received: from ?IPv6:2a02:908:1252:fb60:be8a:bd56:1f94:86e7? ([2a02:908:1252:fb60:be8a:bd56:1f94:86e7]) by smtp.gmail.com with ESMTPSA id f8sm3544088wmb.37.2019.10.29.10.19.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Oct 2019 10:19:56 -0700 (PDT) Reply-To: christian.koenig@amd.com Subject: Re: [PATCH v2 12/15] drm/amdgpu: Call find_vma under mmap_sem To: "Kuehling, Felix" , Jason Gunthorpe , "linux-mm@kvack.org" , Jerome Glisse , Ralph Campbell , John Hubbard Cc: Juergen Gross , "Zhou, David(ChunMing)" , Mike Marciniszyn , Stefano Stabellini , Oleksandr Andrushchenko , "linux-rdma@vger.kernel.org" , "nouveau@lists.freedesktop.org" , Dennis Dalessandro , "amd-gfx@lists.freedesktop.org" , Christoph Hellwig , Jason Gunthorpe , "dri-devel@lists.freedesktop.org" , "Deucher, Alexander" , "xen-devel@lists.xenproject.org" , Boris Ostrovsky , Petr Cvek , "Koenig, Christian" , Ben Skeggs References: <20191028201032.6352-1-jgg@ziepe.ca> <20191028201032.6352-13-jgg@ziepe.ca> From: =?UTF-8?Q?Christian_K=c3=b6nig?= Message-ID: Date: Tue, 29 Oct 2019 14:07:37 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org Am 29.10.19 um 17:28 schrieb Kuehling, Felix: > On 2019-10-28 4:10 p.m., Jason Gunthorpe wrote: >> From: Jason Gunthorpe >> >> find_vma() must be called under the mmap_sem, reorganize this code to >> do the vma check after entering the lock. >> >> Further, fix the unlocked use of struct task_struct's mm, instead use >> the mm from hmm_mirror which has an active mm_grab. Also the mm_grab >> must be converted to a mm_get before acquiring mmap_sem or calling >> find_vma(). >> >> Fixes: 66c45500bfdc ("drm/amdgpu: use new HMM APIs and helpers") >> Fixes: 0919195f2b0d ("drm/amdgpu: Enable amdgpu_ttm_tt_get_user_pages in worker threads") >> Cc: Alex Deucher >> Cc: Christian König >> Cc: David (ChunMing) Zhou >> Cc: amd-gfx@lists.freedesktop.org >> Signed-off-by: Jason Gunthorpe > One question inline to confirm my understanding. Otherwise this patch is > > Reviewed-by: Felix Kuehling > > >> --- >> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 37 ++++++++++++++----------- >> 1 file changed, 21 insertions(+), 16 deletions(-) >> >> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >> index dff41d0a85fe96..c0e41f1f0c2365 100644 >> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >> @@ -35,6 +35,7 @@ >> #include >> #include >> #include >> +#include >> #include >> #include >> #include >> @@ -788,7 +789,7 @@ int amdgpu_ttm_tt_get_user_pages(struct amdgpu_bo *bo, struct page **pages) >> struct hmm_mirror *mirror = bo->mn ? &bo->mn->mirror : NULL; >> struct ttm_tt *ttm = bo->tbo.ttm; >> struct amdgpu_ttm_tt *gtt = (void *)ttm; >> - struct mm_struct *mm = gtt->usertask->mm; >> + struct mm_struct *mm; >> unsigned long start = gtt->userptr; >> struct vm_area_struct *vma; >> struct hmm_range *range; >> @@ -796,25 +797,14 @@ int amdgpu_ttm_tt_get_user_pages(struct amdgpu_bo *bo, struct page **pages) >> uint64_t *pfns; >> int r = 0; >> >> - if (!mm) /* Happens during process shutdown */ >> - return -ESRCH; >> - >> if (unlikely(!mirror)) { >> DRM_DEBUG_DRIVER("Failed to get hmm_mirror\n"); >> - r = -EFAULT; >> - goto out; >> + return -EFAULT; >> } >> >> - vma = find_vma(mm, start); >> - if (unlikely(!vma || start < vma->vm_start)) { >> - r = -EFAULT; >> - goto out; >> - } >> - if (unlikely((gtt->userflags & AMDGPU_GEM_USERPTR_ANONONLY) && >> - vma->vm_file)) { >> - r = -EPERM; >> - goto out; >> - } >> + mm = mirror->hmm->mmu_notifier.mm; >> + if (!mmget_not_zero(mm)) /* Happens during process shutdown */ > This works because mirror->hmm->mmu_notifier holds an mmgrab reference > to the mm? So the MM will not just go away, but if the mmget refcount is > 0, it means the mm is marked for destruction and shouldn't be used any more. Yes, exactly. That is a rather common pattern, one reference count for the functionality and one for the structure. When the functionality is gone the structure might still be alive for some reason. TTM and a couple of other structures use the same approach. Christian. > > >> + return -ESRCH; >> >> range = kzalloc(sizeof(*range), GFP_KERNEL); >> if (unlikely(!range)) { >> @@ -847,6 +837,17 @@ int amdgpu_ttm_tt_get_user_pages(struct amdgpu_bo *bo, struct page **pages) >> hmm_range_wait_until_valid(range, HMM_RANGE_DEFAULT_TIMEOUT); >> >> down_read(&mm->mmap_sem); >> + vma = find_vma(mm, start); >> + if (unlikely(!vma || start < vma->vm_start)) { >> + r = -EFAULT; >> + goto out_unlock; >> + } >> + if (unlikely((gtt->userflags & AMDGPU_GEM_USERPTR_ANONONLY) && >> + vma->vm_file)) { >> + r = -EPERM; >> + goto out_unlock; >> + } >> + >> r = hmm_range_fault(range, 0); >> up_read(&mm->mmap_sem); >> >> @@ -865,15 +866,19 @@ int amdgpu_ttm_tt_get_user_pages(struct amdgpu_bo *bo, struct page **pages) >> } >> >> gtt->range = range; >> + mmput(mm); >> >> return 0; >> >> +out_unlock: >> + up_read(&mm->mmap_sem); >> out_free_pfns: >> hmm_range_unregister(range); >> kvfree(pfns); >> out_free_ranges: >> kfree(range); >> out: >> + mmput(mm); >> return r; >> } >> > _______________________________________________ > amd-gfx mailing list > amd-gfx@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/amd-gfx