From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38DAFC432BE for ; Mon, 30 Aug 2021 09:13:11 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9B29560F56 for ; Mon, 30 Aug 2021 09:13:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9B29560F56 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 311736B006C; Mon, 30 Aug 2021 05:13:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2C1366B0071; Mon, 30 Aug 2021 05:13:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1897F6B0072; Mon, 30 Aug 2021 05:13:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0235.hostedemail.com [216.40.44.235]) by kanga.kvack.org (Postfix) with ESMTP id 0AADE6B006C for ; Mon, 30 Aug 2021 05:13:10 -0400 (EDT) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id A808E181AF5D8 for ; Mon, 30 Aug 2021 09:13:09 +0000 (UTC) X-FDA: 78531182898.18.3D352F6 Received: from mail-io1-f49.google.com (mail-io1-f49.google.com [209.85.166.49]) by imf07.hostedemail.com (Postfix) with ESMTP id 65DAF1000099 for ; Mon, 30 Aug 2021 09:13:09 +0000 (UTC) Received: by mail-io1-f49.google.com with SMTP id b10so18890100ioq.9 for ; Mon, 30 Aug 2021 02:13:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9yw+XZCjtFNzTwYgdWuhzUjs/Q06ktbq7Pj7BywTkMc=; b=Fiuwnin4U7wI1/e7u2TKHN7pwJzX20zOy1w0lED/iEmmTzc4rZJspfotliwvVc2HOb g59HqqbfB/NMgussI33T08GgSNBos6/yng56u3sOUtyorbCSXwaCMwnGHbpCGamBu4Kt 0R2ii2+LJfDW5l9bwBZhzqd5HC61oHe26wNlQsUNsxOu5N+Jm5fxd2/luKEkyZJhokA3 ulggDwqfZjz1bYajmTQGKP64qE0ygOaktX3vlKfy/gGCTnP9XuvQ3Ivo/A1NnqRQZ6YZ LHC/5pRlEArBuXczLhLrCwDmkQvi6xqwv1EBNP/IaROnqC7EQDzfORdSXz3WKnuqlQr+ r9jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9yw+XZCjtFNzTwYgdWuhzUjs/Q06ktbq7Pj7BywTkMc=; b=Ji7ug5udKkqywRjpXRcfPmZL1QC2Y9jhuEtuHRGnd1Q67NtE5KsEcRtN30MmSnFcZJ FgWKIuSGeGbmoRBNeeLcYKQDaKvSm5L1vwjpQ01f4g6yJ7po40RSSZcSkiSIWgNBCTRo N2mkUIO7yozPhCv0X+BuSzKxeH71BFMsT1e22mVTLF6ITQ0r6H5ipZAzKUY8XOHAJ6bl KMDIPbjDlTZW662p8TcDESmc22I4eK+dQ3qNQiti3XpTbwEggmjrK+scAIFxvrbnb7tQ Y9I/BHJgqKkcpnHpomOELakteMeJCpSi9ntuhyUfKJboUBsNe0KZPejH0ZEeXfxc/119 Qkag== X-Gm-Message-State: AOAM532dq4XOGU3h7seYKYl9OwRv3bXr3WydS43PZfEO7XEBe/N8aIFG QYrX5lRelwriOB8RnE1iJtHXB5Bdsalt7082KK0Dai0f0JxypQ== X-Google-Smtp-Source: ABdhPJyb2GeDUdDyyTQuE87HU15u0iSlosKQtVJanWvDHpmjc3wkMMwG6mIZzX+HTkMqEv1Uy2sGYWt6Su0IJRAAHzA= X-Received: by 2002:a6b:8d8a:: with SMTP id p132mr17304465iod.81.1630314788795; Mon, 30 Aug 2021 02:13:08 -0700 (PDT) MIME-Version: 1.0 References: <20210829011953.9051-1-laoar.shao@gmail.com> In-Reply-To: From: Yafang Shao Date: Mon, 30 Aug 2021 17:12:32 +0800 Message-ID: Subject: Re: [PATCH] mm, gpu: fix error when FOLL_MLOCK an unpresent page To: Christoph Hellwig Cc: Andrew Morton , Linux MM , "Kirill A . Shutemov" Content-Type: text/plain; charset="UTF-8" Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=Fiuwnin4; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf07.hostedemail.com: domain of laoarshao@gmail.com designates 209.85.166.49 as permitted sender) smtp.mailfrom=laoarshao@gmail.com X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 65DAF1000099 X-Stat-Signature: tn6rs7459tfamfrdw74xrmawi4mszffo X-HE-Tag: 1630314789-11564 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Aug 30, 2021 at 3:00 PM Christoph Hellwig wrote: > > On Sun, Aug 29, 2021 at 01:19:53AM +0000, Yafang Shao wrote: > > After some analyzation, I found it was caused by a bug in GUP. > > When the kernel module calls get_user_pages() with FOLL_MLOCK being set but > > FOLL_POPULATE being unset, if the page of the user addr isn't present, the > > Which is not a valid way to call get_user_pages. What we need to do is > to reject that case. Do you mean below change ? diff --git a/include/linux/mm.h b/include/linux/mm.h index 7ca22e6e694a..10f7d6f2ad7b 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2855,7 +2855,7 @@ struct page *follow_page(struct vm_area_struct *vma, unsigned long address, #define FOLL_NUMA 0x200 /* force NUMA hinting page fault */ #define FOLL_MIGRATION 0x400 /* wait for page to replace migration entry */ #define FOLL_TRIED 0x800 /* a retry, previous pass started an IO */ -#define FOLL_MLOCK 0x1000 /* lock present pages */ +#define FOLL_MLOCK 0x1000 /* lock present pages, must be set with FOLL_POPULATE */ #define FOLL_REMOTE 0x2000 /* we are working on non-current tsk/mm */ #define FOLL_COW 0x4000 /* internal GUP flag */ #define FOLL_ANON 0x8000 /* don't do file mappings */ diff --git a/mm/gup.c b/mm/gup.c index b94717977d17..dfdc0654f7a5 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -929,9 +929,9 @@ static int faultin_page(struct vm_area_struct *vma, unsigned int fault_flags = 0; vm_fault_t ret; - /* mlock all present pages, but do not fault in new pages */ - if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK) - return -ENOENT; + /* FOLL_MLOCK must be set with FOLL_POPULATE */ + BUG_ON((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK); + if (*flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (*flags & FOLL_REMOTE) @@ -1181,8 +1181,6 @@ static long __get_user_pages(struct mm_struct *mm, case -ENOMEM: case -EHWPOISON: goto out; - case -ENOENT: - goto next_page; } BUG(); } else if (PTR_ERR(page) == -EEXIST) { @@ -1823,6 +1821,10 @@ static long __gup_longterm_locked(struct mm_struct *mm, static bool is_valid_gup_flags(unsigned int gup_flags) { + /* FOLL_MLOCK must be set with FOLL_POPULATE */ + if (WARN_ON_ONCE((gup_flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK)) + return false; + /* * FOLL_PIN must only be set internally by the pin_user_pages*() APIs, * never directly by the caller, so enforce that with an assertion: > No-tree user does this so that bug is what ever > crap out of tree code you're using. populate_vma_page_range() may trigger this bug, but I haven't verified it yet. populate_vma_page_range gup_flags = FOLL_TOUCH | FOLL_POPULATE | FOLL_MLOCK; if (vma->vm_flags & VM_LOCKONFAULT) gup_flags &= ~FOLL_POPULATE; // FOLL_MLOCK without FOLL_POPULATE then. __get_user_pages(..., gup_flags, ...); -- Thanks Yafang