From: Jason Gunthorpe <jgg@nvidia.com>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: DRI Development <dri-devel@lists.freedesktop.org>,
LKML <linux-kernel@vger.kernel.org>,
kvm@vger.kernel.org, linux-mm@kvack.org,
linux-arm-kernel@lists.infradead.org,
linux-samsung-soc@vger.kernel.org, linux-media@vger.kernel.org,
3pvd@google.com, Jann Horn <jannh@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Cornelia Huck <cohuck@redhat.com>, Peter Xu <peterx@redhat.com>,
Alex Williamson <alex.williamson@redhat.com>,
Daniel Vetter <daniel.vetter@intel.com>
Subject: Re: [PATCH 3/3] mm: unexport follow_pfn
Date: Mon, 29 Mar 2021 10:31:01 -0300 [thread overview]
Message-ID: <20210329133101.GA1168973@nvidia.com> (raw)
In-Reply-To: <20210316153303.3216674-4-daniel.vetter@ffwll.ch>
On Tue, Mar 16, 2021 at 04:33:03PM +0100, Daniel Vetter wrote:
> Both kvm (in bd2fae8da794 ("KVM: do not assume PTE is writable after
> follow_pfn")) and vfio (in 07956b6269d3 ("vfio/type1: Use
> follow_pte()")) have lost their callsites of follow_pfn(). All the
> other ones have been switched over to unsafe_follow_pfn because they
> cannot be fixed without breaking userspace api.
>
> Argueably the vfio code is still racy, but that's kinda a bigger
vfio and kvm
> picture. But since it does leak the pte beyond where it drops the pt
> lock, without anything else like an mmu notifier guaranteeing
> coherence, the problem is at least clearly visible in the vfio code.
> So good enough with me.
>
> I've decided to keep the explanation that after dropping the pt lock
> you must have an mmu notifier if you keep using the pte somehow by
> adjusting it and moving it into the kerneldoc for the new follow_pte()
> function.
>
> Cc: 3pvd@google.com
> Cc: Jann Horn <jannh@google.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Jason Gunthorpe <jgg@nvidia.com>
> Cc: Cornelia Huck <cohuck@redhat.com>
> Cc: Peter Xu <peterx@redhat.com>
> Cc: Alex Williamson <alex.williamson@redhat.com>
> Cc: linux-mm@kvack.org
> Cc: linux-arm-kernel@lists.infradead.org
> Cc: linux-samsung-soc@vger.kernel.org
> Cc: linux-media@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> ---
> include/linux/mm.h | 2 --
> mm/memory.c | 26 +++++---------------------
> mm/nommu.c | 13 +------------
> 3 files changed, 6 insertions(+), 35 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgg@nvidia.com>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: DRI Development <dri-devel@lists.freedesktop.org>,
LKML <linux-kernel@vger.kernel.org>,
kvm@vger.kernel.org, linux-mm@kvack.org,
linux-arm-kernel@lists.infradead.org,
linux-samsung-soc@vger.kernel.org, linux-media@vger.kernel.org,
3pvd@google.com, Jann Horn <jannh@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Cornelia Huck <cohuck@redhat.com>, Peter Xu <peterx@redhat.com>,
Alex Williamson <alex.williamson@redhat.com>,
Daniel Vetter <daniel.vetter@intel.com>
Subject: Re: [PATCH 3/3] mm: unexport follow_pfn
Date: Mon, 29 Mar 2021 10:31:01 -0300 [thread overview]
Message-ID: <20210329133101.GA1168973@nvidia.com> (raw)
In-Reply-To: <20210316153303.3216674-4-daniel.vetter@ffwll.ch>
On Tue, Mar 16, 2021 at 04:33:03PM +0100, Daniel Vetter wrote:
> Both kvm (in bd2fae8da794 ("KVM: do not assume PTE is writable after
> follow_pfn")) and vfio (in 07956b6269d3 ("vfio/type1: Use
> follow_pte()")) have lost their callsites of follow_pfn(). All the
> other ones have been switched over to unsafe_follow_pfn because they
> cannot be fixed without breaking userspace api.
>
> Argueably the vfio code is still racy, but that's kinda a bigger
vfio and kvm
> picture. But since it does leak the pte beyond where it drops the pt
> lock, without anything else like an mmu notifier guaranteeing
> coherence, the problem is at least clearly visible in the vfio code.
> So good enough with me.
>
> I've decided to keep the explanation that after dropping the pt lock
> you must have an mmu notifier if you keep using the pte somehow by
> adjusting it and moving it into the kerneldoc for the new follow_pte()
> function.
>
> Cc: 3pvd@google.com
> Cc: Jann Horn <jannh@google.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Jason Gunthorpe <jgg@nvidia.com>
> Cc: Cornelia Huck <cohuck@redhat.com>
> Cc: Peter Xu <peterx@redhat.com>
> Cc: Alex Williamson <alex.williamson@redhat.com>
> Cc: linux-mm@kvack.org
> Cc: linux-arm-kernel@lists.infradead.org
> Cc: linux-samsung-soc@vger.kernel.org
> Cc: linux-media@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> ---
> include/linux/mm.h | 2 --
> mm/memory.c | 26 +++++---------------------
> mm/nommu.c | 13 +------------
> 3 files changed, 6 insertions(+), 35 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgg@nvidia.com>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: linux-samsung-soc@vger.kernel.org,
Alex Williamson <alex.williamson@redhat.com>,
kvm@vger.kernel.org, Jann Horn <jannh@google.com>,
Cornelia Huck <cohuck@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
DRI Development <dri-devel@lists.freedesktop.org>,
linux-mm@kvack.org, 3pvd@google.com, Peter Xu <peterx@redhat.com>,
Daniel Vetter <daniel.vetter@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
linux-arm-kernel@lists.infradead.org,
linux-media@vger.kernel.org
Subject: Re: [PATCH 3/3] mm: unexport follow_pfn
Date: Mon, 29 Mar 2021 10:31:01 -0300 [thread overview]
Message-ID: <20210329133101.GA1168973@nvidia.com> (raw)
In-Reply-To: <20210316153303.3216674-4-daniel.vetter@ffwll.ch>
On Tue, Mar 16, 2021 at 04:33:03PM +0100, Daniel Vetter wrote:
> Both kvm (in bd2fae8da794 ("KVM: do not assume PTE is writable after
> follow_pfn")) and vfio (in 07956b6269d3 ("vfio/type1: Use
> follow_pte()")) have lost their callsites of follow_pfn(). All the
> other ones have been switched over to unsafe_follow_pfn because they
> cannot be fixed without breaking userspace api.
>
> Argueably the vfio code is still racy, but that's kinda a bigger
vfio and kvm
> picture. But since it does leak the pte beyond where it drops the pt
> lock, without anything else like an mmu notifier guaranteeing
> coherence, the problem is at least clearly visible in the vfio code.
> So good enough with me.
>
> I've decided to keep the explanation that after dropping the pt lock
> you must have an mmu notifier if you keep using the pte somehow by
> adjusting it and moving it into the kerneldoc for the new follow_pte()
> function.
>
> Cc: 3pvd@google.com
> Cc: Jann Horn <jannh@google.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Jason Gunthorpe <jgg@nvidia.com>
> Cc: Cornelia Huck <cohuck@redhat.com>
> Cc: Peter Xu <peterx@redhat.com>
> Cc: Alex Williamson <alex.williamson@redhat.com>
> Cc: linux-mm@kvack.org
> Cc: linux-arm-kernel@lists.infradead.org
> Cc: linux-samsung-soc@vger.kernel.org
> Cc: linux-media@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> ---
> include/linux/mm.h | 2 --
> mm/memory.c | 26 +++++---------------------
> mm/nommu.c | 13 +------------
> 3 files changed, 6 insertions(+), 35 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2021-03-29 13:32 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 15:33 [PATCH 0/3] switch to unsafe_follow_pfn Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` [PATCH 1/3] mm: Add unsafe_follow_pfn Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-29 13:29 ` Jason Gunthorpe
2021-03-29 13:29 ` Jason Gunthorpe
2021-03-29 13:29 ` Jason Gunthorpe
2021-03-16 15:33 ` [PATCH 2/3] media/videobuf1|2: Mark follow_pfn usage as unsafe Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:45 ` Christoph Hellwig
2021-03-16 15:45 ` Christoph Hellwig
2021-03-16 15:52 ` Daniel Vetter
2021-03-16 15:52 ` Daniel Vetter
2021-03-16 15:52 ` Daniel Vetter
2021-03-16 15:52 ` Daniel Vetter
2021-03-17 7:22 ` Christoph Hellwig
2021-03-17 7:22 ` Christoph Hellwig
2021-03-17 7:22 ` Christoph Hellwig
2021-03-17 8:04 ` Daniel Vetter
2021-03-17 8:04 ` Daniel Vetter
2021-03-17 8:04 ` Daniel Vetter
2021-03-17 8:04 ` Daniel Vetter
2021-03-16 15:33 ` [PATCH 3/3] mm: unexport follow_pfn Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-16 15:33 ` Daniel Vetter
2021-03-24 12:52 ` Jason Gunthorpe
2021-03-24 12:52 ` Jason Gunthorpe
2021-03-24 12:52 ` Jason Gunthorpe
2021-03-24 14:31 ` Paolo Bonzini
2021-03-24 14:31 ` Paolo Bonzini
2021-03-24 14:31 ` Paolo Bonzini
2021-03-24 19:17 ` Daniel Vetter
2021-03-24 19:17 ` Daniel Vetter
2021-03-24 19:17 ` Daniel Vetter
2021-03-25 21:33 ` Daniel Vetter
2021-03-25 21:33 ` Daniel Vetter
2021-03-25 21:33 ` Daniel Vetter
2021-03-29 13:31 ` Jason Gunthorpe [this message]
2021-03-29 13:31 ` Jason Gunthorpe
2021-03-29 13:31 ` Jason Gunthorpe
2021-04-08 10:05 ` Daniel Vetter
2021-04-08 10:05 ` Daniel Vetter
2021-04-08 10:05 ` Daniel Vetter
2021-04-08 11:40 ` Paolo Bonzini
2021-04-08 11:40 ` Paolo Bonzini
2021-04-08 11:40 ` Paolo Bonzini
2021-04-08 11:44 ` Daniel Vetter
2021-04-08 11:44 ` Daniel Vetter
2021-04-08 11:44 ` Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210329133101.GA1168973@nvidia.com \
--to=jgg@nvidia.com \
--cc=3pvd@google.com \
--cc=alex.williamson@redhat.com \
--cc=cohuck@redhat.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel.vetter@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=jannh@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-samsung-soc@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.