From: Christoph Hellwig <hch@lst.de>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: "Christoph Hellwig" <hch@lst.de>,
"Dan Williams" <dan.j.williams@intel.com>,
"Bharata B Rao" <bharata@linux.ibm.com>,
"Christian König" <christian.koenig@amd.com>,
"Ben Skeggs" <bskeggs@redhat.com>,
"Jerome Glisse" <jglisse@redhat.com>,
kvm-ppc@vger.kernel.org, amd-gfx@lists.freedesktop.org,
dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org,
linux-mm@kvack.org
Subject: Re: [PATCH 4/4] mm: check the device private page owner in hmm_range_fault
Date: Sat, 21 Mar 2020 09:22:36 +0100 [thread overview]
Message-ID: <20200321082236.GB28613@lst.de> (raw)
In-Reply-To: <20200320134109.GA30230@ziepe.ca>
On Fri, Mar 20, 2020 at 10:41:09AM -0300, Jason Gunthorpe wrote:
> Thinking about this some more, does the locking work out here?
>
> hmm_range_fault() runs with mmap_sem in read, and does not lock any of
> the page table levels.
>
> So it relies on accessing stale pte data being safe, and here we
> introduce for the first time a page pointer dereference and a pgmap
> dereference without any locking/refcounting.
>
> The get_dev_pagemap() worked on the PFN and obtained a refcount, so it
> created safety.
>
> Is there some tricky reason this is safe, eg a DEVICE_PRIVATE page
> cannot be removed from the vma without holding mmap_sem in write or
> something?
I don't think there is any specific protection. Let me see if we
can throw in a get_dev_pagemap here - note that current mainline doesn't
even use it for this path..
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@lst.de>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: amd-gfx@lists.freedesktop.org, nouveau@lists.freedesktop.org,
dri-devel@lists.freedesktop.org, kvm-ppc@vger.kernel.org,
"Christoph Hellwig" <hch@lst.de>,
linux-mm@kvack.org, "Jerome Glisse" <jglisse@redhat.com>,
"Ben Skeggs" <bskeggs@redhat.com>,
"Dan Williams" <dan.j.williams@intel.com>,
"Bharata B Rao" <bharata@linux.ibm.com>,
"Christian König" <christian.koenig@amd.com>
Subject: Re: [PATCH 4/4] mm: check the device private page owner in hmm_range_fault
Date: Sat, 21 Mar 2020 09:22:36 +0100 [thread overview]
Message-ID: <20200321082236.GB28613@lst.de> (raw)
In-Reply-To: <20200320134109.GA30230@ziepe.ca>
On Fri, Mar 20, 2020 at 10:41:09AM -0300, Jason Gunthorpe wrote:
> Thinking about this some more, does the locking work out here?
>
> hmm_range_fault() runs with mmap_sem in read, and does not lock any of
> the page table levels.
>
> So it relies on accessing stale pte data being safe, and here we
> introduce for the first time a page pointer dereference and a pgmap
> dereference without any locking/refcounting.
>
> The get_dev_pagemap() worked on the PFN and obtained a refcount, so it
> created safety.
>
> Is there some tricky reason this is safe, eg a DEVICE_PRIVATE page
> cannot be removed from the vma without holding mmap_sem in write or
> something?
I don't think there is any specific protection. Let me see if we
can throw in a get_dev_pagemap here - note that current mainline doesn't
even use it for this path..
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@lst.de>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: "Christoph Hellwig" <hch@lst.de>,
"Dan Williams" <dan.j.williams@intel.com>,
"Bharata B Rao" <bharata@linux.ibm.com>,
"Christian König" <christian.koenig@amd.com>,
"Ben Skeggs" <bskeggs@redhat.com>,
"Jerome Glisse" <jglisse@redhat.com>,
kvm-ppc@vger.kernel.org, amd-gfx@lists.freedesktop.org,
dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org,
linux-mm@kvack.org
Subject: Re: [PATCH 4/4] mm: check the device private page owner in hmm_range_fault
Date: Sat, 21 Mar 2020 08:22:36 +0000 [thread overview]
Message-ID: <20200321082236.GB28613@lst.de> (raw)
In-Reply-To: <20200320134109.GA30230@ziepe.ca>
On Fri, Mar 20, 2020 at 10:41:09AM -0300, Jason Gunthorpe wrote:
> Thinking about this some more, does the locking work out here?
>
> hmm_range_fault() runs with mmap_sem in read, and does not lock any of
> the page table levels.
>
> So it relies on accessing stale pte data being safe, and here we
> introduce for the first time a page pointer dereference and a pgmap
> dereference without any locking/refcounting.
>
> The get_dev_pagemap() worked on the PFN and obtained a refcount, so it
> created safety.
>
> Is there some tricky reason this is safe, eg a DEVICE_PRIVATE page
> cannot be removed from the vma without holding mmap_sem in write or
> something?
I don't think there is any specific protection. Let me see if we
can throw in a get_dev_pagemap here - note that current mainline doesn't
even use it for this path..
next prev parent reply other threads:[~2020-03-21 8:22 UTC|newest]
Thread overview: 196+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-16 19:32 ensure device private pages have an owner v2 Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 19:32 ` [PATCH 1/4] memremap: add an owner field to struct dev_pagemap Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 20:55 ` Ralph Campbell
2020-03-16 20:55 ` Ralph Campbell
2020-03-16 20:55 ` Ralph Campbell
2020-03-16 20:55 ` Ralph Campbell
2020-03-16 20:55 ` Ralph Campbell
2020-03-16 19:32 ` [PATCH 2/4] mm: handle multiple owners of device private pages in migrate_vma Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 21:43 ` Ralph Campbell
2020-03-16 21:43 ` Ralph Campbell
2020-03-16 21:43 ` Ralph Campbell
2020-03-16 21:43 ` Ralph Campbell
2020-03-16 21:43 ` Ralph Campbell
2020-03-16 19:32 ` [PATCH 3/4] mm: simplify device private page handling in hmm_range_fault Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 19:59 ` Jason Gunthorpe
2020-03-16 19:59 ` Jason Gunthorpe
2020-03-16 19:59 ` Jason Gunthorpe
2020-03-16 19:59 ` Jason Gunthorpe
2020-03-16 21:33 ` Christoph Hellwig
2020-03-16 21:33 ` Christoph Hellwig
2020-03-16 21:33 ` Christoph Hellwig
2020-03-16 22:49 ` Ralph Campbell
2020-03-16 22:49 ` Ralph Campbell
2020-03-16 22:49 ` Ralph Campbell
2020-03-16 22:49 ` Ralph Campbell
2020-03-16 22:49 ` Ralph Campbell
2020-03-17 7:34 ` Christoph Hellwig
2020-03-17 7:34 ` Christoph Hellwig
2020-03-17 7:34 ` Christoph Hellwig
2020-03-17 22:43 ` Ralph Campbell
2020-03-17 22:43 ` Ralph Campbell
2020-03-17 22:43 ` Ralph Campbell
2020-03-17 22:43 ` Ralph Campbell
2020-03-18 9:34 ` Christoph Hellwig
2020-03-18 9:34 ` Christoph Hellwig
2020-03-18 9:34 ` Christoph Hellwig
2020-03-17 12:15 ` Jason Gunthorpe
2020-03-17 12:15 ` Jason Gunthorpe
2020-03-17 12:15 ` Jason Gunthorpe
2020-03-17 12:15 ` Jason Gunthorpe
2020-03-17 12:24 ` Christoph Hellwig
2020-03-17 12:24 ` Christoph Hellwig
2020-03-17 12:24 ` Christoph Hellwig
2020-03-17 12:28 ` Christoph Hellwig
2020-03-17 12:28 ` Christoph Hellwig
2020-03-17 12:28 ` Christoph Hellwig
2020-03-17 12:47 ` Jason Gunthorpe
2020-03-17 12:47 ` Jason Gunthorpe
2020-03-17 12:47 ` Jason Gunthorpe
2020-03-17 12:47 ` Jason Gunthorpe
2020-03-17 12:59 ` Christoph Hellwig
2020-03-17 12:59 ` Christoph Hellwig
2020-03-17 12:59 ` Christoph Hellwig
2020-03-17 17:32 ` Jason Gunthorpe
2020-03-17 17:32 ` Jason Gunthorpe
2020-03-17 17:32 ` Jason Gunthorpe
2020-03-17 17:32 ` Jason Gunthorpe
2020-03-17 17:32 ` Jason Gunthorpe
2020-03-17 23:14 ` Ralph Campbell
2020-03-17 23:14 ` Ralph Campbell
2020-03-17 23:14 ` Ralph Campbell
2020-03-17 23:14 ` Ralph Campbell
2020-03-19 18:17 ` Jason Gunthorpe
2020-03-19 18:17 ` Jason Gunthorpe
2020-03-19 18:17 ` Jason Gunthorpe
2020-03-19 18:17 ` Jason Gunthorpe
2020-03-19 22:56 ` Ralph Campbell
2020-03-19 22:56 ` Ralph Campbell
2020-03-19 22:56 ` Ralph Campbell
2020-03-19 22:56 ` Ralph Campbell
2020-03-20 0:03 ` Jason Gunthorpe
2020-03-20 0:03 ` Jason Gunthorpe
2020-03-20 0:03 ` Jason Gunthorpe
2020-03-20 0:03 ` Jason Gunthorpe
2020-03-21 8:20 ` Christoph Hellwig
2020-03-21 8:20 ` Christoph Hellwig
2020-03-21 8:20 ` Christoph Hellwig
2020-03-20 0:14 ` Jason Gunthorpe
2020-03-20 0:14 ` Jason Gunthorpe
2020-03-20 0:14 ` Jason Gunthorpe
2020-03-20 0:14 ` Jason Gunthorpe
2020-03-20 1:33 ` Ralph Campbell
2020-03-20 1:33 ` Ralph Campbell
2020-03-20 1:33 ` Ralph Campbell
2020-03-20 1:33 ` Ralph Campbell
2020-03-20 12:58 ` Jason Gunthorpe
2020-03-20 12:58 ` Jason Gunthorpe
2020-03-20 12:58 ` Jason Gunthorpe
2020-03-20 12:58 ` Jason Gunthorpe
2020-03-20 12:58 ` Jason Gunthorpe
2020-03-16 19:32 ` [PATCH 4/4] mm: check the device private page owner " Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 19:32 ` Christoph Hellwig
2020-03-16 19:49 ` Jason Gunthorpe
2020-03-16 19:49 ` Jason Gunthorpe
2020-03-16 19:49 ` Jason Gunthorpe
2020-03-16 19:49 ` Jason Gunthorpe
2020-03-16 23:11 ` Ralph Campbell
2020-03-16 23:11 ` Ralph Campbell
2020-03-16 23:11 ` Ralph Campbell
2020-03-16 23:11 ` Ralph Campbell
2020-03-16 23:11 ` Ralph Campbell
2020-03-20 13:41 ` Jason Gunthorpe
2020-03-20 13:41 ` Jason Gunthorpe
2020-03-20 13:41 ` Jason Gunthorpe
2020-03-20 13:41 ` Jason Gunthorpe
2020-03-21 8:22 ` Christoph Hellwig [this message]
2020-03-21 8:22 ` Christoph Hellwig
2020-03-21 8:22 ` Christoph Hellwig
2020-03-21 12:38 ` Jason Gunthorpe
2020-03-21 12:38 ` Jason Gunthorpe
2020-03-21 12:38 ` Jason Gunthorpe
2020-03-21 12:38 ` Jason Gunthorpe
2020-03-21 15:18 ` Christoph Hellwig
2020-03-21 15:18 ` Christoph Hellwig
2020-03-21 15:18 ` Christoph Hellwig
2020-03-17 5:31 ` ensure device private pages have an owner v2 Bharata B Rao
2020-03-17 5:43 ` Bharata B Rao
2020-03-17 5:31 ` Bharata B Rao
2020-03-19 0:28 ` Jason Gunthorpe
2020-03-19 0:28 ` Jason Gunthorpe
2020-03-19 0:28 ` Jason Gunthorpe
2020-03-19 0:28 ` Jason Gunthorpe
2020-03-19 7:16 ` Christoph Hellwig
2020-03-19 7:16 ` Christoph Hellwig
2020-03-19 7:16 ` Christoph Hellwig
2020-03-19 11:50 ` Jason Gunthorpe
2020-03-19 11:50 ` Jason Gunthorpe
2020-03-19 11:50 ` Jason Gunthorpe
2020-03-19 11:50 ` Jason Gunthorpe
2020-03-19 18:50 ` Jason Gunthorpe
2020-03-19 18:50 ` Jason Gunthorpe
2020-03-19 18:50 ` Jason Gunthorpe
2020-03-19 18:50 ` Jason Gunthorpe
-- strict thread matches above, loose matches on Subject: below --
2020-03-16 17:52 ensure device private pages have an owner Christoph Hellwig
2020-03-16 17:52 ` Christoph Hellwig
2020-03-16 17:52 ` Christoph Hellwig
2020-03-16 17:52 ` [PATCH 1/2] mm: handle multiple owners of device private pages in migrate_vma Christoph Hellwig
2020-03-16 17:52 ` Christoph Hellwig
2020-03-16 17:52 ` Christoph Hellwig
2020-03-16 18:17 ` Jason Gunthorpe
2020-03-16 18:17 ` Jason Gunthorpe
2020-03-16 18:17 ` Jason Gunthorpe
2020-03-16 18:17 ` Jason Gunthorpe
2020-03-16 18:20 ` Christoph Hellwig
2020-03-16 18:20 ` Christoph Hellwig
2020-03-16 18:20 ` Christoph Hellwig
2020-03-16 17:52 ` [PATCH 2/2] mm: remove device private page support from hmm_range_fault Christoph Hellwig
2020-03-16 17:52 ` Christoph Hellwig
2020-03-16 17:52 ` Christoph Hellwig
2020-03-16 18:42 ` Ralph Campbell
2020-03-16 18:42 ` Ralph Campbell
2020-03-16 18:42 ` Ralph Campbell
2020-03-16 18:42 ` Ralph Campbell
2020-03-16 18:42 ` Ralph Campbell
2020-03-16 18:49 ` Christoph Hellwig
2020-03-16 18:49 ` Christoph Hellwig
2020-03-16 18:49 ` Christoph Hellwig
2020-03-16 18:58 ` Christoph Hellwig
2020-03-16 18:58 ` Christoph Hellwig
2020-03-16 18:58 ` Christoph Hellwig
2020-03-16 19:56 ` Ralph Campbell
2020-03-16 19:56 ` Ralph Campbell
2020-03-16 19:56 ` Ralph Campbell
2020-03-16 19:56 ` Ralph Campbell
2020-03-16 20:09 ` Jason Gunthorpe
2020-03-16 20:09 ` Jason Gunthorpe
2020-03-16 20:09 ` Jason Gunthorpe
2020-03-16 20:09 ` Jason Gunthorpe
2020-03-16 20:24 ` Ralph Campbell
2020-03-16 20:24 ` Ralph Campbell
2020-03-16 20:24 ` Ralph Campbell
2020-03-16 20:24 ` Ralph Campbell
2020-03-17 11:56 ` Jason Gunthorpe
2020-03-17 11:56 ` Jason Gunthorpe
2020-03-17 11:56 ` Jason Gunthorpe
2020-03-17 11:56 ` Jason Gunthorpe
2020-03-17 22:46 ` Ralph Campbell
2020-03-17 22:46 ` Ralph Campbell
2020-03-17 22:46 ` Ralph Campbell
2020-03-17 22:46 ` Ralph Campbell
2020-03-16 19:04 ` Jason Gunthorpe
2020-03-16 19:04 ` Jason Gunthorpe
2020-03-16 19:04 ` Jason Gunthorpe
2020-03-16 19:04 ` Jason Gunthorpe
2020-03-16 19:07 ` Christoph Hellwig
2020-03-16 19:07 ` Christoph Hellwig
2020-03-16 19:07 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200321082236.GB28613@lst.de \
--to=hch@lst.de \
--cc=amd-gfx@lists.freedesktop.org \
--cc=bharata@linux.ibm.com \
--cc=bskeggs@redhat.com \
--cc=christian.koenig@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=jgg@ziepe.ca \
--cc=jglisse@redhat.com \
--cc=kvm-ppc@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nouveau@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.