From: Oded Gabbay <oded.gabbay-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Felix Kuehling <Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
Cc: amd-gfx list <amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>
Subject: Re: [PATCH 02/16] drm/amdkfd: Don't dereference kfd_process.mm
Date: Wed, 25 Oct 2017 09:45:31 +0300 [thread overview]
Message-ID: <CAFCwf11qCJ4oRn_3_9PED594FD+6y99N_aP--L0z7TZ+uvLibQ@mail.gmail.com> (raw)
In-Reply-To: <1508545400-24338-3-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
On Sat, Oct 21, 2017 at 3:23 AM, Felix Kuehling <Felix.Kuehling@amd.com> wrote:
> The kfd_process doesn't own a reference to the mm_struct, so it can
> disappear without warning even while the kfd_process still exists.
> In fact, the delayed kfd_process teardown is triggered by an MMU
> notifier when the mm_struct is destroyed. Permanently holding a
> reference to the mm_struct would prevent this from happening.
>
> Therefore, avoid dereferencing the kfd_process.mm pointer and make
> it opaque. Use get_task_mm to get a temporary reference to the mm
> when it's needed.
>
> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> ---
> drivers/gpu/drm/amd/amdkfd/kfd_events.c | 19 +++++++++++++++----
> drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 7 ++++++-
> drivers/gpu/drm/amd/amdkfd/kfd_process.c | 6 +++++-
> 3 files changed, 26 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_events.c
> index 944abfa..61ce547 100644
> --- a/drivers/gpu/drm/amd/amdkfd/kfd_events.c
> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_events.c
> @@ -24,8 +24,8 @@
> #include <linux/slab.h>
> #include <linux/types.h>
> #include <linux/sched/signal.h>
> +#include <linux/sched/mm.h>
> #include <linux/uaccess.h>
> -#include <linux/mm.h>
> #include <linux/mman.h>
> #include <linux/memory.h>
> #include "kfd_priv.h"
> @@ -904,14 +904,24 @@ void kfd_signal_iommu_event(struct kfd_dev *dev, unsigned int pasid,
> * running so the lookup function returns a locked process.
> */
> struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
> + struct mm_struct *mm;
>
> if (!p)
> return; /* Presumably process exited. */
>
> + /* Take a safe reference to the mm_struct, which may otherwise
> + * disappear even while the kfd_process is still referenced.
> + */
> + mm = get_task_mm(p->lead_thread);
> + if (!mm) {
> + mutex_unlock(&p->mutex);
> + return; /* Process is exiting */
> + }
> +
> memset(&memory_exception_data, 0, sizeof(memory_exception_data));
>
> - down_read(&p->mm->mmap_sem);
> - vma = find_vma(p->mm, address);
> + down_read(&mm->mmap_sem);
> + vma = find_vma(mm, address);
>
> memory_exception_data.gpu_id = dev->id;
> memory_exception_data.va = address;
> @@ -937,7 +947,8 @@ void kfd_signal_iommu_event(struct kfd_dev *dev, unsigned int pasid,
> }
> }
>
> - up_read(&p->mm->mmap_sem);
> + up_read(&mm->mmap_sem);
> + mmput(mm);
>
> mutex_lock(&p->event_mutex);
>
> diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
> index 7d86ec9..1a483a7 100644
> --- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
> @@ -494,7 +494,12 @@ struct kfd_process {
> */
> struct hlist_node kfd_processes;
>
> - struct mm_struct *mm;
> + /*
> + * Opaque pointer to mm_struct. We don't hold a reference to
> + * it so it should never be dereferenced from here. This is
> + * only used for looking up processes by their mm.
> + */
> + void *mm;
>
> struct mutex mutex;
>
> diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process.c b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
> index 3ccb3b5..21d27e5 100644
> --- a/drivers/gpu/drm/amd/amdkfd/kfd_process.c
> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
> @@ -200,7 +200,11 @@ static void kfd_process_destroy_delayed(struct rcu_head *rcu)
> struct kfd_process *p;
>
> p = container_of(rcu, struct kfd_process, rcu);
> - WARN_ON(atomic_read(&p->mm->mm_count) <= 0);
> + /*
> + * This cast should be safe here because we grabbed a
> + * reference to the mm in kfd_process_notifier_release
> + */
> + WARN_ON(atomic_read(&((struct mm_struct *)p->mm)->mm_count) <= 0);
>
> mmdrop(p->mm);
>
> --
> 2.7.4
>
This patch is:
Reviewed-by: Oded Gabbay <oded.gabbay@gmail.com>
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
next prev parent reply other threads:[~2017-10-25 6:45 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-21 0:23 [PATCH 00/16] KFD interrupt and signal event handling improvements Felix Kuehling
[not found] ` <1508545400-24338-1-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-21 0:23 ` [PATCH 01/16] drm/amdkfd: Add SDMA trap src id to the KFD isr wanted list Felix Kuehling
[not found] ` <1508545400-24338-2-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 6:13 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 02/16] drm/amdkfd: Don't dereference kfd_process.mm Felix Kuehling
[not found] ` <1508545400-24338-3-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 6:45 ` Oded Gabbay [this message]
2017-10-26 7:33 ` Christian König
[not found] ` <183a1c77-23a2-3015-e019-cb3fc57cdb3c-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-26 16:47 ` Felix Kuehling
[not found] ` <f42bdbcc-0264-f189-fa6f-9989016b380d-5C7GfCeVMHo@public.gmane.org>
2017-10-26 18:11 ` Christian König
[not found] ` <b04933a4-e585-d1ff-57a3-d9ba1f09c0b0-5C7GfCeVMHo@public.gmane.org>
2017-10-26 18:54 ` Felix Kuehling
[not found] ` <0ff645b5-1906-2ce3-a9a6-d34c2ce2c516-5C7GfCeVMHo@public.gmane.org>
2017-10-27 7:22 ` Christian König
[not found] ` <19defd90-bf38-315b-cb4a-eb78e4acafec-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-27 7:41 ` Christian König
[not found] ` <fa2c0104-7a85-f250-bafc-c8096f910d92-5C7GfCeVMHo@public.gmane.org>
2017-10-27 19:09 ` Felix Kuehling
2017-10-21 0:23 ` [PATCH 03/16] drm/amdkfd: increase limit of signal events to 4096 per process Felix Kuehling
[not found] ` <1508545400-24338-4-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 8:31 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 04/16] drm/amdkfd: Short cut for kfd_wait_on_events without waiting Felix Kuehling
[not found] ` <1508545400-24338-5-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 8:39 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 05/16] drm/amdkfd: Fix scheduler race in kfd_wait_on_events sleep loop Felix Kuehling
[not found] ` <1508545400-24338-6-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 8:45 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 06/16] drm/amdkfd: Clean up kfd_wait_on_events Felix Kuehling
[not found] ` <1508545400-24338-7-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 8:49 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 07/16] drm/amdkfd: Fix event destruction with pending waiters Felix Kuehling
[not found] ` <1508545400-24338-8-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 8:50 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 08/16] drm/amdkfd: remove redundant kfd_event_waiter.input_index Felix Kuehling
[not found] ` <1508545400-24338-9-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 8:54 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 09/16] drm/amdkfd: Use wait_queue_t to implement event waiting Felix Kuehling
[not found] ` <1508545400-24338-10-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 10:28 ` Oded Gabbay
[not found] ` <CAFCwf10QwD3JNz6BGWBC94WHfU2EpDx1CJSkjjwjNt7AnZLpyA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-10-25 16:02 ` Felix Kuehling
2017-10-21 0:23 ` [PATCH 10/16] drm/amdkfd: Simplify events page allocator Felix Kuehling
[not found] ` <1508545400-24338-11-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 10:40 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 11/16] drm/amdkfd: Simplify event ID and signal slot management Felix Kuehling
[not found] ` <1508545400-24338-12-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 10:42 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 12/16] drm/amdkfd: Use IH context ID for signal lookup Felix Kuehling
[not found] ` <1508545400-24338-13-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 10:46 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 13/16] drm/amdkfd: use standard kernel kfifo for IH Felix Kuehling
[not found] ` <1508545400-24338-14-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 12:15 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 14/16] drm/amdkfd: increase IH num entries to 8192 Felix Kuehling
[not found] ` <1508545400-24338-15-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 12:18 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 15/16] drm/amdkfd: wait only for IH work on IH exit Felix Kuehling
[not found] ` <1508545400-24338-16-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 12:20 ` Oded Gabbay
2017-10-21 0:23 ` [PATCH 16/16] drm/amdkfd: use a high priority workqueue for IH work Felix Kuehling
[not found] ` <1508545400-24338-17-git-send-email-Felix.Kuehling-5C7GfCeVMHo@public.gmane.org>
2017-10-25 12:21 ` Oded Gabbay
2017-10-25 6:57 ` [PATCH 00/16] KFD interrupt and signal event handling improvements Oded Gabbay
[not found] ` <CAFCwf11ao-E7Y+LvE6e++74xq+RiH+B1xA9nrk_u_8CTXyUuVQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-10-25 7:31 ` Christian König
2017-10-25 16:04 ` Felix Kuehling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFCwf11qCJ4oRn_3_9PED594FD+6y99N_aP--L0z7TZ+uvLibQ@mail.gmail.com \
--to=oded.gabbay-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=Felix.Kuehling-5C7GfCeVMHo@public.gmane.org \
--cc=amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.