All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-12 22:06 ` Felix Kuehling
  0 siblings, 0 replies; 30+ messages in thread
From: Felix Kuehling @ 2021-07-12 22:06 UTC (permalink / raw)
  To: amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig

KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
is_cow_mapping returns true for these mappings. Add a check for
vm_flags & VM_WRITE to avoid mmap failures on private read-only or
PROT_NONE mappings.

v2: protect against mprotect making a mapping writable after the fact
v3: update driver-specific vm_operations_structs

Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
 drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
 drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
 drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
 include/drm/ttm/ttm_bo_api.h             |  4 ++++
 6 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
index b3404c43a911..1aa750a6a5d2 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
@@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
 	.fault = amdgpu_gem_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
-	.access = ttm_bo_vm_access
+	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect
 };
 
 static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
index 5b27845075a1..164ea564bb7a 100644
--- a/drivers/gpu/drm/nouveau/nouveau_gem.c
+++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
@@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
 	.fault = nouveau_ttm_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
-	.access = ttm_bo_vm_access
+	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect
 };
 
 void
diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
index 458f92a70887..c19ad07eb7b5 100644
--- a/drivers/gpu/drm/radeon/radeon_gem.c
+++ b/drivers/gpu/drm/radeon/radeon_gem.c
@@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
 	.fault = radeon_gem_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
-	.access = ttm_bo_vm_access
+	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect
 };
 
 static void radeon_gem_object_free(struct drm_gem_object *gobj)
diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
index f56be5bc0861..fb325bad5db6 100644
--- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
+++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
@@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
 }
 EXPORT_SYMBOL(ttm_bo_vm_access);
 
+int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
+		       unsigned long end, unsigned long newflags)
+{
+	/* Enforce no COW since would have really strange behavior with it. */
+	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
+		return -EINVAL;
+
+	return 0;
+}
+EXPORT_SYMBOL(ttm_bo_vm_mprotect);
+
 static const struct vm_operations_struct ttm_bo_vm_ops = {
 	.fault = ttm_bo_vm_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
 	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect,
 };
 
 int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
 {
 	/* Enforce no COW since would have really strange behavior with it. */
-	if (is_cow_mapping(vma->vm_flags))
+	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
 		return -EINVAL;
 
 	ttm_bo_get(bo);
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
index e6b1f98ec99f..e4bf7dc99320 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
@@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
 		.fault = vmw_bo_vm_fault,
 		.open = ttm_bo_vm_open,
 		.close = ttm_bo_vm_close,
+		.mprotect = ttm_bo_vm_mprotect,
 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
 		.huge_fault = vmw_bo_vm_huge_fault,
 #endif
diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
index f681bbdbc698..40eb95875355 100644
--- a/include/drm/ttm/ttm_bo_api.h
+++ b/include/drm/ttm/ttm_bo_api.h
@@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
 
 int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
 		     void *buf, int len, int write);
+
+int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
+		       unsigned long end, unsigned long newflags);
+
 bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
 
 vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
-- 
2.32.0


^ permalink raw reply related	[flat|nested] 30+ messages in thread

* [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-12 22:06 ` Felix Kuehling
  0 siblings, 0 replies; 30+ messages in thread
From: Felix Kuehling @ 2021-07-12 22:06 UTC (permalink / raw)
  To: amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig

KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
is_cow_mapping returns true for these mappings. Add a check for
vm_flags & VM_WRITE to avoid mmap failures on private read-only or
PROT_NONE mappings.

v2: protect against mprotect making a mapping writable after the fact
v3: update driver-specific vm_operations_structs

Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
 drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
 drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
 drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
 include/drm/ttm/ttm_bo_api.h             |  4 ++++
 6 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
index b3404c43a911..1aa750a6a5d2 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
@@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
 	.fault = amdgpu_gem_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
-	.access = ttm_bo_vm_access
+	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect
 };
 
 static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
index 5b27845075a1..164ea564bb7a 100644
--- a/drivers/gpu/drm/nouveau/nouveau_gem.c
+++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
@@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
 	.fault = nouveau_ttm_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
-	.access = ttm_bo_vm_access
+	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect
 };
 
 void
diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
index 458f92a70887..c19ad07eb7b5 100644
--- a/drivers/gpu/drm/radeon/radeon_gem.c
+++ b/drivers/gpu/drm/radeon/radeon_gem.c
@@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
 	.fault = radeon_gem_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
-	.access = ttm_bo_vm_access
+	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect
 };
 
 static void radeon_gem_object_free(struct drm_gem_object *gobj)
diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
index f56be5bc0861..fb325bad5db6 100644
--- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
+++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
@@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
 }
 EXPORT_SYMBOL(ttm_bo_vm_access);
 
+int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
+		       unsigned long end, unsigned long newflags)
+{
+	/* Enforce no COW since would have really strange behavior with it. */
+	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
+		return -EINVAL;
+
+	return 0;
+}
+EXPORT_SYMBOL(ttm_bo_vm_mprotect);
+
 static const struct vm_operations_struct ttm_bo_vm_ops = {
 	.fault = ttm_bo_vm_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
 	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect,
 };
 
 int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
 {
 	/* Enforce no COW since would have really strange behavior with it. */
-	if (is_cow_mapping(vma->vm_flags))
+	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
 		return -EINVAL;
 
 	ttm_bo_get(bo);
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
index e6b1f98ec99f..e4bf7dc99320 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
@@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
 		.fault = vmw_bo_vm_fault,
 		.open = ttm_bo_vm_open,
 		.close = ttm_bo_vm_close,
+		.mprotect = ttm_bo_vm_mprotect,
 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
 		.huge_fault = vmw_bo_vm_huge_fault,
 #endif
diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
index f681bbdbc698..40eb95875355 100644
--- a/include/drm/ttm/ttm_bo_api.h
+++ b/include/drm/ttm/ttm_bo_api.h
@@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
 
 int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
 		     void *buf, int len, int write);
+
+int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
+		       unsigned long end, unsigned long newflags);
+
 bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
 
 vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
-- 
2.32.0

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply related	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-12 22:06 ` Felix Kuehling
@ 2021-07-13  6:57   ` Christian König
  -1 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-13  6:57 UTC (permalink / raw)
  To: Felix Kuehling, amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig



Am 13.07.21 um 00:06 schrieb Felix Kuehling:
> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> is_cow_mapping returns true for these mappings. Add a check for
> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> PROT_NONE mappings.
>
> v2: protect against mprotect making a mapping writable after the fact
> v3: update driver-specific vm_operations_structs
>
> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

Reviewed-by: Christian König <christian.koenig@amd.com>

> ---
>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>   include/drm/ttm/ttm_bo_api.h             |  4 ++++
>   6 files changed, 24 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> index b3404c43a911..1aa750a6a5d2 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>   	.fault = amdgpu_gem_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>   };
>   
>   static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> index 5b27845075a1..164ea564bb7a 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>   	.fault = nouveau_ttm_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>   };
>   
>   void
> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> index 458f92a70887..c19ad07eb7b5 100644
> --- a/drivers/gpu/drm/radeon/radeon_gem.c
> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>   	.fault = radeon_gem_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>   };
>   
>   static void radeon_gem_object_free(struct drm_gem_object *gobj)
> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> index f56be5bc0861..fb325bad5db6 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>   }
>   EXPORT_SYMBOL(ttm_bo_vm_access);
>   
> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +		       unsigned long end, unsigned long newflags)
> +{
> +	/* Enforce no COW since would have really strange behavior with it. */
> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> +		return -EINVAL;
> +
> +	return 0;
> +}
> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> +
>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>   	.fault = ttm_bo_vm_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
>   	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect,
>   };
>   
>   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>   {
>   	/* Enforce no COW since would have really strange behavior with it. */
> -	if (is_cow_mapping(vma->vm_flags))
> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>   		return -EINVAL;
>   
>   	ttm_bo_get(bo);
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> index e6b1f98ec99f..e4bf7dc99320 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>   		.fault = vmw_bo_vm_fault,
>   		.open = ttm_bo_vm_open,
>   		.close = ttm_bo_vm_close,
> +		.mprotect = ttm_bo_vm_mprotect,
>   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>   		.huge_fault = vmw_bo_vm_huge_fault,
>   #endif
> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> index f681bbdbc698..40eb95875355 100644
> --- a/include/drm/ttm/ttm_bo_api.h
> +++ b/include/drm/ttm/ttm_bo_api.h
> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>   
>   int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>   		     void *buf, int len, int write);
> +
> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +		       unsigned long end, unsigned long newflags);
> +
>   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>   
>   vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-13  6:57   ` Christian König
  0 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-13  6:57 UTC (permalink / raw)
  To: Felix Kuehling, amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig



Am 13.07.21 um 00:06 schrieb Felix Kuehling:
> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> is_cow_mapping returns true for these mappings. Add a check for
> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> PROT_NONE mappings.
>
> v2: protect against mprotect making a mapping writable after the fact
> v3: update driver-specific vm_operations_structs
>
> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

Reviewed-by: Christian König <christian.koenig@amd.com>

> ---
>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>   include/drm/ttm/ttm_bo_api.h             |  4 ++++
>   6 files changed, 24 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> index b3404c43a911..1aa750a6a5d2 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>   	.fault = amdgpu_gem_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>   };
>   
>   static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> index 5b27845075a1..164ea564bb7a 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>   	.fault = nouveau_ttm_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>   };
>   
>   void
> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> index 458f92a70887..c19ad07eb7b5 100644
> --- a/drivers/gpu/drm/radeon/radeon_gem.c
> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>   	.fault = radeon_gem_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>   };
>   
>   static void radeon_gem_object_free(struct drm_gem_object *gobj)
> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> index f56be5bc0861..fb325bad5db6 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>   }
>   EXPORT_SYMBOL(ttm_bo_vm_access);
>   
> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +		       unsigned long end, unsigned long newflags)
> +{
> +	/* Enforce no COW since would have really strange behavior with it. */
> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> +		return -EINVAL;
> +
> +	return 0;
> +}
> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> +
>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>   	.fault = ttm_bo_vm_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
>   	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect,
>   };
>   
>   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>   {
>   	/* Enforce no COW since would have really strange behavior with it. */
> -	if (is_cow_mapping(vma->vm_flags))
> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>   		return -EINVAL;
>   
>   	ttm_bo_get(bo);
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> index e6b1f98ec99f..e4bf7dc99320 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>   		.fault = vmw_bo_vm_fault,
>   		.open = ttm_bo_vm_open,
>   		.close = ttm_bo_vm_close,
> +		.mprotect = ttm_bo_vm_mprotect,
>   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>   		.huge_fault = vmw_bo_vm_huge_fault,
>   #endif
> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> index f681bbdbc698..40eb95875355 100644
> --- a/include/drm/ttm/ttm_bo_api.h
> +++ b/include/drm/ttm/ttm_bo_api.h
> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>   
>   int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>   		     void *buf, int len, int write);
> +
> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +		       unsigned long end, unsigned long newflags);
> +
>   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>   
>   vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-13  6:57   ` Christian König
@ 2021-07-13 15:28     ` Alex Deucher
  -1 siblings, 0 replies; 30+ messages in thread
From: Alex Deucher @ 2021-07-13 15:28 UTC (permalink / raw)
  To: Christian König
  Cc: Alex Deucher, Felix Kuehling, Maling list - DRI developers,
	amd-gfx list, Christian Koenig

On Tue, Jul 13, 2021 at 2:57 AM Christian König
<ckoenig.leichtzumerken@gmail.com> wrote:
>
>
>
> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
> > KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> > is_cow_mapping returns true for these mappings. Add a check for
> > vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> > PROT_NONE mappings.
> >
> > v2: protect against mprotect making a mapping writable after the fact
> > v3: update driver-specific vm_operations_structs
> >
> > Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> > Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>
> Reviewed-by: Christian König <christian.koenig@amd.com>

Are you planning to push this to drm-misc?

Alex

>
> > ---
> >   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> >   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> >   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> >   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> >   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> >   include/drm/ttm/ttm_bo_api.h             |  4 ++++
> >   6 files changed, 24 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > index b3404c43a911..1aa750a6a5d2 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> >       .fault = amdgpu_gem_fault,
> >       .open = ttm_bo_vm_open,
> >       .close = ttm_bo_vm_close,
> > -     .access = ttm_bo_vm_access
> > +     .access = ttm_bo_vm_access,
> > +     .mprotect = ttm_bo_vm_mprotect
> >   };
> >
> >   static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> > diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > index 5b27845075a1..164ea564bb7a 100644
> > --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> > +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> >       .fault = nouveau_ttm_fault,
> >       .open = ttm_bo_vm_open,
> >       .close = ttm_bo_vm_close,
> > -     .access = ttm_bo_vm_access
> > +     .access = ttm_bo_vm_access,
> > +     .mprotect = ttm_bo_vm_mprotect
> >   };
> >
> >   void
> > diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> > index 458f92a70887..c19ad07eb7b5 100644
> > --- a/drivers/gpu/drm/radeon/radeon_gem.c
> > +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> > @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> >       .fault = radeon_gem_fault,
> >       .open = ttm_bo_vm_open,
> >       .close = ttm_bo_vm_close,
> > -     .access = ttm_bo_vm_access
> > +     .access = ttm_bo_vm_access,
> > +     .mprotect = ttm_bo_vm_mprotect
> >   };
> >
> >   static void radeon_gem_object_free(struct drm_gem_object *gobj)
> > diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > index f56be5bc0861..fb325bad5db6 100644
> > --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >   }
> >   EXPORT_SYMBOL(ttm_bo_vm_access);
> >
> > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > +                    unsigned long end, unsigned long newflags)
> > +{
> > +     /* Enforce no COW since would have really strange behavior with it. */
> > +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> > +             return -EINVAL;
> > +
> > +     return 0;
> > +}
> > +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> > +
> >   static const struct vm_operations_struct ttm_bo_vm_ops = {
> >       .fault = ttm_bo_vm_fault,
> >       .open = ttm_bo_vm_open,
> >       .close = ttm_bo_vm_close,
> >       .access = ttm_bo_vm_access,
> > +     .mprotect = ttm_bo_vm_mprotect,
> >   };
> >
> >   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> >   {
> >       /* Enforce no COW since would have really strange behavior with it. */
> > -     if (is_cow_mapping(vma->vm_flags))
> > +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> >               return -EINVAL;
> >
> >       ttm_bo_get(bo);
> > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > index e6b1f98ec99f..e4bf7dc99320 100644
> > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> >               .fault = vmw_bo_vm_fault,
> >               .open = ttm_bo_vm_open,
> >               .close = ttm_bo_vm_close,
> > +             .mprotect = ttm_bo_vm_mprotect,
> >   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> >               .huge_fault = vmw_bo_vm_huge_fault,
> >   #endif
> > diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> > index f681bbdbc698..40eb95875355 100644
> > --- a/include/drm/ttm/ttm_bo_api.h
> > +++ b/include/drm/ttm/ttm_bo_api.h
> > @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> >
> >   int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >                    void *buf, int len, int write);
> > +
> > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > +                    unsigned long end, unsigned long newflags);
> > +
> >   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> >
> >   vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-13 15:28     ` Alex Deucher
  0 siblings, 0 replies; 30+ messages in thread
From: Alex Deucher @ 2021-07-13 15:28 UTC (permalink / raw)
  To: Christian König
  Cc: Alex Deucher, Felix Kuehling, Maling list - DRI developers,
	amd-gfx list, Christian Koenig

On Tue, Jul 13, 2021 at 2:57 AM Christian König
<ckoenig.leichtzumerken@gmail.com> wrote:
>
>
>
> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
> > KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> > is_cow_mapping returns true for these mappings. Add a check for
> > vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> > PROT_NONE mappings.
> >
> > v2: protect against mprotect making a mapping writable after the fact
> > v3: update driver-specific vm_operations_structs
> >
> > Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> > Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>
> Reviewed-by: Christian König <christian.koenig@amd.com>

Are you planning to push this to drm-misc?

Alex

>
> > ---
> >   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> >   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> >   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> >   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> >   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> >   include/drm/ttm/ttm_bo_api.h             |  4 ++++
> >   6 files changed, 24 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > index b3404c43a911..1aa750a6a5d2 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> >       .fault = amdgpu_gem_fault,
> >       .open = ttm_bo_vm_open,
> >       .close = ttm_bo_vm_close,
> > -     .access = ttm_bo_vm_access
> > +     .access = ttm_bo_vm_access,
> > +     .mprotect = ttm_bo_vm_mprotect
> >   };
> >
> >   static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> > diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > index 5b27845075a1..164ea564bb7a 100644
> > --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> > +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> >       .fault = nouveau_ttm_fault,
> >       .open = ttm_bo_vm_open,
> >       .close = ttm_bo_vm_close,
> > -     .access = ttm_bo_vm_access
> > +     .access = ttm_bo_vm_access,
> > +     .mprotect = ttm_bo_vm_mprotect
> >   };
> >
> >   void
> > diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> > index 458f92a70887..c19ad07eb7b5 100644
> > --- a/drivers/gpu/drm/radeon/radeon_gem.c
> > +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> > @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> >       .fault = radeon_gem_fault,
> >       .open = ttm_bo_vm_open,
> >       .close = ttm_bo_vm_close,
> > -     .access = ttm_bo_vm_access
> > +     .access = ttm_bo_vm_access,
> > +     .mprotect = ttm_bo_vm_mprotect
> >   };
> >
> >   static void radeon_gem_object_free(struct drm_gem_object *gobj)
> > diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > index f56be5bc0861..fb325bad5db6 100644
> > --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >   }
> >   EXPORT_SYMBOL(ttm_bo_vm_access);
> >
> > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > +                    unsigned long end, unsigned long newflags)
> > +{
> > +     /* Enforce no COW since would have really strange behavior with it. */
> > +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> > +             return -EINVAL;
> > +
> > +     return 0;
> > +}
> > +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> > +
> >   static const struct vm_operations_struct ttm_bo_vm_ops = {
> >       .fault = ttm_bo_vm_fault,
> >       .open = ttm_bo_vm_open,
> >       .close = ttm_bo_vm_close,
> >       .access = ttm_bo_vm_access,
> > +     .mprotect = ttm_bo_vm_mprotect,
> >   };
> >
> >   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> >   {
> >       /* Enforce no COW since would have really strange behavior with it. */
> > -     if (is_cow_mapping(vma->vm_flags))
> > +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> >               return -EINVAL;
> >
> >       ttm_bo_get(bo);
> > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > index e6b1f98ec99f..e4bf7dc99320 100644
> > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> >               .fault = vmw_bo_vm_fault,
> >               .open = ttm_bo_vm_open,
> >               .close = ttm_bo_vm_close,
> > +             .mprotect = ttm_bo_vm_mprotect,
> >   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> >               .huge_fault = vmw_bo_vm_huge_fault,
> >   #endif
> > diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> > index f681bbdbc698..40eb95875355 100644
> > --- a/include/drm/ttm/ttm_bo_api.h
> > +++ b/include/drm/ttm/ttm_bo_api.h
> > @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> >
> >   int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >                    void *buf, int len, int write);
> > +
> > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > +                    unsigned long end, unsigned long newflags);
> > +
> >   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> >
> >   vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-13  6:57   ` Christian König
@ 2021-07-13 15:29     ` Felix Kuehling
  -1 siblings, 0 replies; 30+ messages in thread
From: Felix Kuehling @ 2021-07-13 15:29 UTC (permalink / raw)
  To: Christian König, amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig

Am 2021-07-13 um 2:57 a.m. schrieb Christian König:
>
>
> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>> is_cow_mapping returns true for these mappings. Add a check for
>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>> PROT_NONE mappings.
>>
>> v2: protect against mprotect making a mapping writable after the fact
>> v3: update driver-specific vm_operations_structs
>>
>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>
> Reviewed-by: Christian König <christian.koenig@amd.com>

Thank you!

Alex, this patch is against your updated amd-staging-drm-next branch.
Please replace my previous version of the patch with this one.

Thanks,
  Felix


>
>> ---
>>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>   include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>   6 files changed, 24 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> index b3404c43a911..1aa750a6a5d2 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct
>> amdgpu_gem_vm_ops = {
>>       .fault = amdgpu_gem_fault,
>>       .open = ttm_bo_vm_open,
>>       .close = ttm_bo_vm_close,
>> -    .access = ttm_bo_vm_access
>> +    .access = ttm_bo_vm_access,
>> +    .mprotect = ttm_bo_vm_mprotect
>>   };
>>     static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c
>> b/drivers/gpu/drm/nouveau/nouveau_gem.c
>> index 5b27845075a1..164ea564bb7a 100644
>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct
>> nouveau_ttm_vm_ops = {
>>       .fault = nouveau_ttm_fault,
>>       .open = ttm_bo_vm_open,
>>       .close = ttm_bo_vm_close,
>> -    .access = ttm_bo_vm_access
>> +    .access = ttm_bo_vm_access,
>> +    .mprotect = ttm_bo_vm_mprotect
>>   };
>>     void
>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c
>> b/drivers/gpu/drm/radeon/radeon_gem.c
>> index 458f92a70887..c19ad07eb7b5 100644
>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct
>> radeon_gem_vm_ops = {
>>       .fault = radeon_gem_fault,
>>       .open = ttm_bo_vm_open,
>>       .close = ttm_bo_vm_close,
>> -    .access = ttm_bo_vm_access
>> +    .access = ttm_bo_vm_access,
>> +    .mprotect = ttm_bo_vm_mprotect
>>   };
>>     static void radeon_gem_object_free(struct drm_gem_object *gobj)
>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> index f56be5bc0861..fb325bad5db6 100644
>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct
>> *vma, unsigned long addr,
>>   }
>>   EXPORT_SYMBOL(ttm_bo_vm_access);
>>   +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long
>> start,
>> +               unsigned long end, unsigned long newflags)
>> +{
>> +    /* Enforce no COW since would have really strange behavior with
>> it. */
>> +    if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>> +        return -EINVAL;
>> +
>> +    return 0;
>> +}
>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>> +
>>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>>       .fault = ttm_bo_vm_fault,
>>       .open = ttm_bo_vm_open,
>>       .close = ttm_bo_vm_close,
>>       .access = ttm_bo_vm_access,
>> +    .mprotect = ttm_bo_vm_mprotect,
>>   };
>>     int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct
>> ttm_buffer_object *bo)
>>   {
>>       /* Enforce no COW since would have really strange behavior with
>> it. */
>> -    if (is_cow_mapping(vma->vm_flags))
>> +    if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>           return -EINVAL;
>>         ttm_bo_get(bo);
>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> index e6b1f98ec99f..e4bf7dc99320 100644
>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct
>> vm_area_struct *vma)
>>           .fault = vmw_bo_vm_fault,
>>           .open = ttm_bo_vm_open,
>>           .close = ttm_bo_vm_close,
>> +        .mprotect = ttm_bo_vm_mprotect,
>>   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>           .huge_fault = vmw_bo_vm_huge_fault,
>>   #endif
>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>> index f681bbdbc698..40eb95875355 100644
>> --- a/include/drm/ttm/ttm_bo_api.h
>> +++ b/include/drm/ttm/ttm_bo_api.h
>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>     int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>                void *buf, int len, int write);
>> +
>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>> +               unsigned long end, unsigned long newflags);
>> +
>>   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>     vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t
>> prot);
>

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-13 15:29     ` Felix Kuehling
  0 siblings, 0 replies; 30+ messages in thread
From: Felix Kuehling @ 2021-07-13 15:29 UTC (permalink / raw)
  To: Christian König, amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig

Am 2021-07-13 um 2:57 a.m. schrieb Christian König:
>
>
> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>> is_cow_mapping returns true for these mappings. Add a check for
>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>> PROT_NONE mappings.
>>
>> v2: protect against mprotect making a mapping writable after the fact
>> v3: update driver-specific vm_operations_structs
>>
>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>
> Reviewed-by: Christian König <christian.koenig@amd.com>

Thank you!

Alex, this patch is against your updated amd-staging-drm-next branch.
Please replace my previous version of the patch with this one.

Thanks,
  Felix


>
>> ---
>>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>   include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>   6 files changed, 24 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> index b3404c43a911..1aa750a6a5d2 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct
>> amdgpu_gem_vm_ops = {
>>       .fault = amdgpu_gem_fault,
>>       .open = ttm_bo_vm_open,
>>       .close = ttm_bo_vm_close,
>> -    .access = ttm_bo_vm_access
>> +    .access = ttm_bo_vm_access,
>> +    .mprotect = ttm_bo_vm_mprotect
>>   };
>>     static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c
>> b/drivers/gpu/drm/nouveau/nouveau_gem.c
>> index 5b27845075a1..164ea564bb7a 100644
>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct
>> nouveau_ttm_vm_ops = {
>>       .fault = nouveau_ttm_fault,
>>       .open = ttm_bo_vm_open,
>>       .close = ttm_bo_vm_close,
>> -    .access = ttm_bo_vm_access
>> +    .access = ttm_bo_vm_access,
>> +    .mprotect = ttm_bo_vm_mprotect
>>   };
>>     void
>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c
>> b/drivers/gpu/drm/radeon/radeon_gem.c
>> index 458f92a70887..c19ad07eb7b5 100644
>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct
>> radeon_gem_vm_ops = {
>>       .fault = radeon_gem_fault,
>>       .open = ttm_bo_vm_open,
>>       .close = ttm_bo_vm_close,
>> -    .access = ttm_bo_vm_access
>> +    .access = ttm_bo_vm_access,
>> +    .mprotect = ttm_bo_vm_mprotect
>>   };
>>     static void radeon_gem_object_free(struct drm_gem_object *gobj)
>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> index f56be5bc0861..fb325bad5db6 100644
>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct
>> *vma, unsigned long addr,
>>   }
>>   EXPORT_SYMBOL(ttm_bo_vm_access);
>>   +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long
>> start,
>> +               unsigned long end, unsigned long newflags)
>> +{
>> +    /* Enforce no COW since would have really strange behavior with
>> it. */
>> +    if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>> +        return -EINVAL;
>> +
>> +    return 0;
>> +}
>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>> +
>>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>>       .fault = ttm_bo_vm_fault,
>>       .open = ttm_bo_vm_open,
>>       .close = ttm_bo_vm_close,
>>       .access = ttm_bo_vm_access,
>> +    .mprotect = ttm_bo_vm_mprotect,
>>   };
>>     int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct
>> ttm_buffer_object *bo)
>>   {
>>       /* Enforce no COW since would have really strange behavior with
>> it. */
>> -    if (is_cow_mapping(vma->vm_flags))
>> +    if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>           return -EINVAL;
>>         ttm_bo_get(bo);
>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> index e6b1f98ec99f..e4bf7dc99320 100644
>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct
>> vm_area_struct *vma)
>>           .fault = vmw_bo_vm_fault,
>>           .open = ttm_bo_vm_open,
>>           .close = ttm_bo_vm_close,
>> +        .mprotect = ttm_bo_vm_mprotect,
>>   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>           .huge_fault = vmw_bo_vm_huge_fault,
>>   #endif
>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>> index f681bbdbc698..40eb95875355 100644
>> --- a/include/drm/ttm/ttm_bo_api.h
>> +++ b/include/drm/ttm/ttm_bo_api.h
>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>     int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>                void *buf, int len, int write);
>> +
>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>> +               unsigned long end, unsigned long newflags);
>> +
>>   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>     vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t
>> prot);
>
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-13 15:28     ` Alex Deucher
@ 2021-07-14  8:51       ` Christian König
  -1 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-14  8:51 UTC (permalink / raw)
  To: Alex Deucher, Christian König
  Cc: Alex Deucher, Felix Kuehling, Maling list - DRI developers, amd-gfx list



Am 13.07.21 um 17:28 schrieb Alex Deucher:
> On Tue, Jul 13, 2021 at 2:57 AM Christian König
> <ckoenig.leichtzumerken@gmail.com> wrote:
>>
>>
>> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>> is_cow_mapping returns true for these mappings. Add a check for
>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>> PROT_NONE mappings.
>>>
>>> v2: protect against mprotect making a mapping writable after the fact
>>> v3: update driver-specific vm_operations_structs
>>>
>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>> Reviewed-by: Christian König <christian.koenig@amd.com>
> Are you planning to push this to drm-misc?

Yes, just didn't found time yesterday.

Christian.

>
> Alex
>
>>> ---
>>>    drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>    drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>    drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>    drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>    drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>    include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>    6 files changed, 24 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> index b3404c43a911..1aa750a6a5d2 100644
>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>>        .fault = amdgpu_gem_fault,
>>>        .open = ttm_bo_vm_open,
>>>        .close = ttm_bo_vm_close,
>>> -     .access = ttm_bo_vm_access
>>> +     .access = ttm_bo_vm_access,
>>> +     .mprotect = ttm_bo_vm_mprotect
>>>    };
>>>
>>>    static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> index 5b27845075a1..164ea564bb7a 100644
>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>>        .fault = nouveau_ttm_fault,
>>>        .open = ttm_bo_vm_open,
>>>        .close = ttm_bo_vm_close,
>>> -     .access = ttm_bo_vm_access
>>> +     .access = ttm_bo_vm_access,
>>> +     .mprotect = ttm_bo_vm_mprotect
>>>    };
>>>
>>>    void
>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>>> index 458f92a70887..c19ad07eb7b5 100644
>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>>        .fault = radeon_gem_fault,
>>>        .open = ttm_bo_vm_open,
>>>        .close = ttm_bo_vm_close,
>>> -     .access = ttm_bo_vm_access
>>> +     .access = ttm_bo_vm_access,
>>> +     .mprotect = ttm_bo_vm_mprotect
>>>    };
>>>
>>>    static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> index f56be5bc0861..fb325bad5db6 100644
>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>    }
>>>    EXPORT_SYMBOL(ttm_bo_vm_access);
>>>
>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>> +                    unsigned long end, unsigned long newflags)
>>> +{
>>> +     /* Enforce no COW since would have really strange behavior with it. */
>>> +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>> +             return -EINVAL;
>>> +
>>> +     return 0;
>>> +}
>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>> +
>>>    static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>        .fault = ttm_bo_vm_fault,
>>>        .open = ttm_bo_vm_open,
>>>        .close = ttm_bo_vm_close,
>>>        .access = ttm_bo_vm_access,
>>> +     .mprotect = ttm_bo_vm_mprotect,
>>>    };
>>>
>>>    int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>    {
>>>        /* Enforce no COW since would have really strange behavior with it. */
>>> -     if (is_cow_mapping(vma->vm_flags))
>>> +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>                return -EINVAL;
>>>
>>>        ttm_bo_get(bo);
>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>>                .fault = vmw_bo_vm_fault,
>>>                .open = ttm_bo_vm_open,
>>>                .close = ttm_bo_vm_close,
>>> +             .mprotect = ttm_bo_vm_mprotect,
>>>    #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>                .huge_fault = vmw_bo_vm_huge_fault,
>>>    #endif
>>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>>> index f681bbdbc698..40eb95875355 100644
>>> --- a/include/drm/ttm/ttm_bo_api.h
>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>
>>>    int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>                     void *buf, int len, int write);
>>> +
>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>> +                    unsigned long end, unsigned long newflags);
>>> +
>>>    bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>
>>>    vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-14  8:51       ` Christian König
  0 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-14  8:51 UTC (permalink / raw)
  To: Alex Deucher, Christian König
  Cc: Alex Deucher, Felix Kuehling, Maling list - DRI developers, amd-gfx list



Am 13.07.21 um 17:28 schrieb Alex Deucher:
> On Tue, Jul 13, 2021 at 2:57 AM Christian König
> <ckoenig.leichtzumerken@gmail.com> wrote:
>>
>>
>> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>> is_cow_mapping returns true for these mappings. Add a check for
>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>> PROT_NONE mappings.
>>>
>>> v2: protect against mprotect making a mapping writable after the fact
>>> v3: update driver-specific vm_operations_structs
>>>
>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>> Reviewed-by: Christian König <christian.koenig@amd.com>
> Are you planning to push this to drm-misc?

Yes, just didn't found time yesterday.

Christian.

>
> Alex
>
>>> ---
>>>    drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>    drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>    drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>    drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>    drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>    include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>    6 files changed, 24 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> index b3404c43a911..1aa750a6a5d2 100644
>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>>        .fault = amdgpu_gem_fault,
>>>        .open = ttm_bo_vm_open,
>>>        .close = ttm_bo_vm_close,
>>> -     .access = ttm_bo_vm_access
>>> +     .access = ttm_bo_vm_access,
>>> +     .mprotect = ttm_bo_vm_mprotect
>>>    };
>>>
>>>    static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> index 5b27845075a1..164ea564bb7a 100644
>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>>        .fault = nouveau_ttm_fault,
>>>        .open = ttm_bo_vm_open,
>>>        .close = ttm_bo_vm_close,
>>> -     .access = ttm_bo_vm_access
>>> +     .access = ttm_bo_vm_access,
>>> +     .mprotect = ttm_bo_vm_mprotect
>>>    };
>>>
>>>    void
>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>>> index 458f92a70887..c19ad07eb7b5 100644
>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>>        .fault = radeon_gem_fault,
>>>        .open = ttm_bo_vm_open,
>>>        .close = ttm_bo_vm_close,
>>> -     .access = ttm_bo_vm_access
>>> +     .access = ttm_bo_vm_access,
>>> +     .mprotect = ttm_bo_vm_mprotect
>>>    };
>>>
>>>    static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> index f56be5bc0861..fb325bad5db6 100644
>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>    }
>>>    EXPORT_SYMBOL(ttm_bo_vm_access);
>>>
>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>> +                    unsigned long end, unsigned long newflags)
>>> +{
>>> +     /* Enforce no COW since would have really strange behavior with it. */
>>> +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>> +             return -EINVAL;
>>> +
>>> +     return 0;
>>> +}
>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>> +
>>>    static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>        .fault = ttm_bo_vm_fault,
>>>        .open = ttm_bo_vm_open,
>>>        .close = ttm_bo_vm_close,
>>>        .access = ttm_bo_vm_access,
>>> +     .mprotect = ttm_bo_vm_mprotect,
>>>    };
>>>
>>>    int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>    {
>>>        /* Enforce no COW since would have really strange behavior with it. */
>>> -     if (is_cow_mapping(vma->vm_flags))
>>> +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>                return -EINVAL;
>>>
>>>        ttm_bo_get(bo);
>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>>                .fault = vmw_bo_vm_fault,
>>>                .open = ttm_bo_vm_open,
>>>                .close = ttm_bo_vm_close,
>>> +             .mprotect = ttm_bo_vm_mprotect,
>>>    #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>                .huge_fault = vmw_bo_vm_huge_fault,
>>>    #endif
>>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>>> index f681bbdbc698..40eb95875355 100644
>>> --- a/include/drm/ttm/ttm_bo_api.h
>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>
>>>    int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>                     void *buf, int len, int write);
>>> +
>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>> +                    unsigned long end, unsigned long newflags);
>>> +
>>>    bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>
>>>    vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-12 22:06 ` Felix Kuehling
@ 2021-07-14 10:44   ` Daniel Vetter
  -1 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-14 10:44 UTC (permalink / raw)
  To: Felix Kuehling; +Cc: Alex Deucher, dri-devel, amd-gfx, christian.koenig

On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> is_cow_mapping returns true for these mappings. Add a check for
> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> PROT_NONE mappings.
> 
> v2: protect against mprotect making a mapping writable after the fact
> v3: update driver-specific vm_operations_structs
> 
> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

So looking at vmf_insert_pfn_prot() and the comment there we can't have
VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
without pte_special at least.

So I'm not sure this is a great idea, and definitely not for all drivers
...

Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
instead?
-Daniel

> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>  drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>  drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>  drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>  drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>  include/drm/ttm/ttm_bo_api.h             |  4 ++++
>  6 files changed, 24 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> index b3404c43a911..1aa750a6a5d2 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>  	.fault = amdgpu_gem_fault,
>  	.open = ttm_bo_vm_open,
>  	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>  };
>  
>  static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> index 5b27845075a1..164ea564bb7a 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>  	.fault = nouveau_ttm_fault,
>  	.open = ttm_bo_vm_open,
>  	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>  };
>  
>  void
> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> index 458f92a70887..c19ad07eb7b5 100644
> --- a/drivers/gpu/drm/radeon/radeon_gem.c
> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>  	.fault = radeon_gem_fault,
>  	.open = ttm_bo_vm_open,
>  	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>  };
>  
>  static void radeon_gem_object_free(struct drm_gem_object *gobj)
> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> index f56be5bc0861..fb325bad5db6 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>  }
>  EXPORT_SYMBOL(ttm_bo_vm_access);
>  
> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +		       unsigned long end, unsigned long newflags)
> +{
> +	/* Enforce no COW since would have really strange behavior with it. */
> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> +		return -EINVAL;
> +
> +	return 0;
> +}
> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> +
>  static const struct vm_operations_struct ttm_bo_vm_ops = {
>  	.fault = ttm_bo_vm_fault,
>  	.open = ttm_bo_vm_open,
>  	.close = ttm_bo_vm_close,
>  	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect,
>  };
>  
>  int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>  {
>  	/* Enforce no COW since would have really strange behavior with it. */
> -	if (is_cow_mapping(vma->vm_flags))
> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>  		return -EINVAL;
>  
>  	ttm_bo_get(bo);
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> index e6b1f98ec99f..e4bf7dc99320 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>  		.fault = vmw_bo_vm_fault,
>  		.open = ttm_bo_vm_open,
>  		.close = ttm_bo_vm_close,
> +		.mprotect = ttm_bo_vm_mprotect,
>  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>  		.huge_fault = vmw_bo_vm_huge_fault,
>  #endif
> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> index f681bbdbc698..40eb95875355 100644
> --- a/include/drm/ttm/ttm_bo_api.h
> +++ b/include/drm/ttm/ttm_bo_api.h
> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>  
>  int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>  		     void *buf, int len, int write);
> +
> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +		       unsigned long end, unsigned long newflags);
> +
>  bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>  
>  vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
> -- 
> 2.32.0
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-14 10:44   ` Daniel Vetter
  0 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-14 10:44 UTC (permalink / raw)
  To: Felix Kuehling; +Cc: Alex Deucher, dri-devel, amd-gfx, christian.koenig

On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> is_cow_mapping returns true for these mappings. Add a check for
> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> PROT_NONE mappings.
> 
> v2: protect against mprotect making a mapping writable after the fact
> v3: update driver-specific vm_operations_structs
> 
> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

So looking at vmf_insert_pfn_prot() and the comment there we can't have
VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
without pte_special at least.

So I'm not sure this is a great idea, and definitely not for all drivers
...

Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
instead?
-Daniel

> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>  drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>  drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>  drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>  drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>  include/drm/ttm/ttm_bo_api.h             |  4 ++++
>  6 files changed, 24 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> index b3404c43a911..1aa750a6a5d2 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>  	.fault = amdgpu_gem_fault,
>  	.open = ttm_bo_vm_open,
>  	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>  };
>  
>  static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> index 5b27845075a1..164ea564bb7a 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>  	.fault = nouveau_ttm_fault,
>  	.open = ttm_bo_vm_open,
>  	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>  };
>  
>  void
> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> index 458f92a70887..c19ad07eb7b5 100644
> --- a/drivers/gpu/drm/radeon/radeon_gem.c
> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>  	.fault = radeon_gem_fault,
>  	.open = ttm_bo_vm_open,
>  	.close = ttm_bo_vm_close,
> -	.access = ttm_bo_vm_access
> +	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect
>  };
>  
>  static void radeon_gem_object_free(struct drm_gem_object *gobj)
> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> index f56be5bc0861..fb325bad5db6 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>  }
>  EXPORT_SYMBOL(ttm_bo_vm_access);
>  
> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +		       unsigned long end, unsigned long newflags)
> +{
> +	/* Enforce no COW since would have really strange behavior with it. */
> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> +		return -EINVAL;
> +
> +	return 0;
> +}
> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> +
>  static const struct vm_operations_struct ttm_bo_vm_ops = {
>  	.fault = ttm_bo_vm_fault,
>  	.open = ttm_bo_vm_open,
>  	.close = ttm_bo_vm_close,
>  	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect,
>  };
>  
>  int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>  {
>  	/* Enforce no COW since would have really strange behavior with it. */
> -	if (is_cow_mapping(vma->vm_flags))
> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>  		return -EINVAL;
>  
>  	ttm_bo_get(bo);
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> index e6b1f98ec99f..e4bf7dc99320 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>  		.fault = vmw_bo_vm_fault,
>  		.open = ttm_bo_vm_open,
>  		.close = ttm_bo_vm_close,
> +		.mprotect = ttm_bo_vm_mprotect,
>  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>  		.huge_fault = vmw_bo_vm_huge_fault,
>  #endif
> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> index f681bbdbc698..40eb95875355 100644
> --- a/include/drm/ttm/ttm_bo_api.h
> +++ b/include/drm/ttm/ttm_bo_api.h
> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>  
>  int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>  		     void *buf, int len, int write);
> +
> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +		       unsigned long end, unsigned long newflags);
> +
>  bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>  
>  vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
> -- 
> 2.32.0
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-14 10:44   ` Daniel Vetter
@ 2021-07-14 10:46     ` Daniel Vetter
  -1 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-14 10:46 UTC (permalink / raw)
  To: Felix Kuehling; +Cc: Alex Deucher, dri-devel, amd-gfx, christian.koenig

On Wed, Jul 14, 2021 at 12:44:00PM +0200, Daniel Vetter wrote:
> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
> > KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> > is_cow_mapping returns true for these mappings. Add a check for
> > vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> > PROT_NONE mappings.
> > 
> > v2: protect against mprotect making a mapping writable after the fact
> > v3: update driver-specific vm_operations_structs
> > 
> > Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> > Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> 
> So looking at vmf_insert_pfn_prot() and the comment there we can't have
> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
> without pte_special at least.
> 
> So I'm not sure this is a great idea, and definitely not for all drivers
> ...
> 
> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
> instead?

Quick git grep says there's plenty of drivers which clear MAYWRITE, and
often with comments to block mprotect upfront. That feels like the cleaner
approach, and maybe limited to an overwrite in just amdgpu with a comment
explaining why it's needed? As in amdgpu mmap function which just clears
VM_MAYWRITE if it's a cow mapping and then calls into ttm mmap
implementation.
-Daniel

> > ---
> >  drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> >  drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> >  drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> >  drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> >  drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> >  include/drm/ttm/ttm_bo_api.h             |  4 ++++
> >  6 files changed, 24 insertions(+), 4 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > index b3404c43a911..1aa750a6a5d2 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> >  	.fault = amdgpu_gem_fault,
> >  	.open = ttm_bo_vm_open,
> >  	.close = ttm_bo_vm_close,
> > -	.access = ttm_bo_vm_access
> > +	.access = ttm_bo_vm_access,
> > +	.mprotect = ttm_bo_vm_mprotect
> >  };
> >  
> >  static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> > diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > index 5b27845075a1..164ea564bb7a 100644
> > --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> > +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> >  	.fault = nouveau_ttm_fault,
> >  	.open = ttm_bo_vm_open,
> >  	.close = ttm_bo_vm_close,
> > -	.access = ttm_bo_vm_access
> > +	.access = ttm_bo_vm_access,
> > +	.mprotect = ttm_bo_vm_mprotect
> >  };
> >  
> >  void
> > diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> > index 458f92a70887..c19ad07eb7b5 100644
> > --- a/drivers/gpu/drm/radeon/radeon_gem.c
> > +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> > @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> >  	.fault = radeon_gem_fault,
> >  	.open = ttm_bo_vm_open,
> >  	.close = ttm_bo_vm_close,
> > -	.access = ttm_bo_vm_access
> > +	.access = ttm_bo_vm_access,
> > +	.mprotect = ttm_bo_vm_mprotect
> >  };
> >  
> >  static void radeon_gem_object_free(struct drm_gem_object *gobj)
> > diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > index f56be5bc0861..fb325bad5db6 100644
> > --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >  }
> >  EXPORT_SYMBOL(ttm_bo_vm_access);
> >  
> > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > +		       unsigned long end, unsigned long newflags)
> > +{
> > +	/* Enforce no COW since would have really strange behavior with it. */
> > +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> > +		return -EINVAL;
> > +
> > +	return 0;
> > +}
> > +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> > +
> >  static const struct vm_operations_struct ttm_bo_vm_ops = {
> >  	.fault = ttm_bo_vm_fault,
> >  	.open = ttm_bo_vm_open,
> >  	.close = ttm_bo_vm_close,
> >  	.access = ttm_bo_vm_access,
> > +	.mprotect = ttm_bo_vm_mprotect,
> >  };
> >  
> >  int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> >  {
> >  	/* Enforce no COW since would have really strange behavior with it. */
> > -	if (is_cow_mapping(vma->vm_flags))
> > +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> >  		return -EINVAL;
> >  
> >  	ttm_bo_get(bo);
> > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > index e6b1f98ec99f..e4bf7dc99320 100644
> > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> >  		.fault = vmw_bo_vm_fault,
> >  		.open = ttm_bo_vm_open,
> >  		.close = ttm_bo_vm_close,
> > +		.mprotect = ttm_bo_vm_mprotect,
> >  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> >  		.huge_fault = vmw_bo_vm_huge_fault,
> >  #endif
> > diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> > index f681bbdbc698..40eb95875355 100644
> > --- a/include/drm/ttm/ttm_bo_api.h
> > +++ b/include/drm/ttm/ttm_bo_api.h
> > @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> >  
> >  int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >  		     void *buf, int len, int write);
> > +
> > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > +		       unsigned long end, unsigned long newflags);
> > +
> >  bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> >  
> >  vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
> > -- 
> > 2.32.0
> > 
> 
> -- 
> Daniel Vetter
> Software Engineer, Intel Corporation
> http://blog.ffwll.ch

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-14 10:46     ` Daniel Vetter
  0 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-14 10:46 UTC (permalink / raw)
  To: Felix Kuehling; +Cc: Alex Deucher, dri-devel, amd-gfx, christian.koenig

On Wed, Jul 14, 2021 at 12:44:00PM +0200, Daniel Vetter wrote:
> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
> > KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> > is_cow_mapping returns true for these mappings. Add a check for
> > vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> > PROT_NONE mappings.
> > 
> > v2: protect against mprotect making a mapping writable after the fact
> > v3: update driver-specific vm_operations_structs
> > 
> > Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> > Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> 
> So looking at vmf_insert_pfn_prot() and the comment there we can't have
> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
> without pte_special at least.
> 
> So I'm not sure this is a great idea, and definitely not for all drivers
> ...
> 
> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
> instead?

Quick git grep says there's plenty of drivers which clear MAYWRITE, and
often with comments to block mprotect upfront. That feels like the cleaner
approach, and maybe limited to an overwrite in just amdgpu with a comment
explaining why it's needed? As in amdgpu mmap function which just clears
VM_MAYWRITE if it's a cow mapping and then calls into ttm mmap
implementation.
-Daniel

> > ---
> >  drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> >  drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> >  drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> >  drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> >  drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> >  include/drm/ttm/ttm_bo_api.h             |  4 ++++
> >  6 files changed, 24 insertions(+), 4 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > index b3404c43a911..1aa750a6a5d2 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> >  	.fault = amdgpu_gem_fault,
> >  	.open = ttm_bo_vm_open,
> >  	.close = ttm_bo_vm_close,
> > -	.access = ttm_bo_vm_access
> > +	.access = ttm_bo_vm_access,
> > +	.mprotect = ttm_bo_vm_mprotect
> >  };
> >  
> >  static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> > diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > index 5b27845075a1..164ea564bb7a 100644
> > --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> > +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> >  	.fault = nouveau_ttm_fault,
> >  	.open = ttm_bo_vm_open,
> >  	.close = ttm_bo_vm_close,
> > -	.access = ttm_bo_vm_access
> > +	.access = ttm_bo_vm_access,
> > +	.mprotect = ttm_bo_vm_mprotect
> >  };
> >  
> >  void
> > diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> > index 458f92a70887..c19ad07eb7b5 100644
> > --- a/drivers/gpu/drm/radeon/radeon_gem.c
> > +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> > @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> >  	.fault = radeon_gem_fault,
> >  	.open = ttm_bo_vm_open,
> >  	.close = ttm_bo_vm_close,
> > -	.access = ttm_bo_vm_access
> > +	.access = ttm_bo_vm_access,
> > +	.mprotect = ttm_bo_vm_mprotect
> >  };
> >  
> >  static void radeon_gem_object_free(struct drm_gem_object *gobj)
> > diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > index f56be5bc0861..fb325bad5db6 100644
> > --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >  }
> >  EXPORT_SYMBOL(ttm_bo_vm_access);
> >  
> > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > +		       unsigned long end, unsigned long newflags)
> > +{
> > +	/* Enforce no COW since would have really strange behavior with it. */
> > +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> > +		return -EINVAL;
> > +
> > +	return 0;
> > +}
> > +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> > +
> >  static const struct vm_operations_struct ttm_bo_vm_ops = {
> >  	.fault = ttm_bo_vm_fault,
> >  	.open = ttm_bo_vm_open,
> >  	.close = ttm_bo_vm_close,
> >  	.access = ttm_bo_vm_access,
> > +	.mprotect = ttm_bo_vm_mprotect,
> >  };
> >  
> >  int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> >  {
> >  	/* Enforce no COW since would have really strange behavior with it. */
> > -	if (is_cow_mapping(vma->vm_flags))
> > +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> >  		return -EINVAL;
> >  
> >  	ttm_bo_get(bo);
> > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > index e6b1f98ec99f..e4bf7dc99320 100644
> > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> >  		.fault = vmw_bo_vm_fault,
> >  		.open = ttm_bo_vm_open,
> >  		.close = ttm_bo_vm_close,
> > +		.mprotect = ttm_bo_vm_mprotect,
> >  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> >  		.huge_fault = vmw_bo_vm_huge_fault,
> >  #endif
> > diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> > index f681bbdbc698..40eb95875355 100644
> > --- a/include/drm/ttm/ttm_bo_api.h
> > +++ b/include/drm/ttm/ttm_bo_api.h
> > @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> >  
> >  int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >  		     void *buf, int len, int write);
> > +
> > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > +		       unsigned long end, unsigned long newflags);
> > +
> >  bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> >  
> >  vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
> > -- 
> > 2.32.0
> > 
> 
> -- 
> Daniel Vetter
> Software Engineer, Intel Corporation
> http://blog.ffwll.ch

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-14 10:44   ` Daniel Vetter
@ 2021-07-14 10:51     ` Christian König
  -1 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-14 10:51 UTC (permalink / raw)
  To: Daniel Vetter, Felix Kuehling; +Cc: Alex Deucher, dri-devel, amd-gfx

Am 14.07.21 um 12:44 schrieb Daniel Vetter:
> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>> is_cow_mapping returns true for these mappings. Add a check for
>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>> PROT_NONE mappings.
>>
>> v2: protect against mprotect making a mapping writable after the fact
>> v3: update driver-specific vm_operations_structs
>>
>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> So looking at vmf_insert_pfn_prot() and the comment there we can't have
> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
> without pte_special at least.

Key idea is that we never end up in vmf_insert_pfn_prot() because the 
vma is mapped with PROT_NONE.

>
> So I'm not sure this is a great idea, and definitely not for all drivers

Yeah, I'm absolutely not happy with this either but it seemed to be the 
least painful thing to do.

> ...
>
> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
> instead?

Well we have considered forcefully setting VM_SHARED, which won't work 
easily for a couple of reasons.

But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well.

Felix can you test this?

Thanks,
Christian.

> -Daniel
>
>> ---
>>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>   include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>   6 files changed, 24 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> index b3404c43a911..1aa750a6a5d2 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>   	.fault = amdgpu_gem_fault,
>>   	.open = ttm_bo_vm_open,
>>   	.close = ttm_bo_vm_close,
>> -	.access = ttm_bo_vm_access
>> +	.access = ttm_bo_vm_access,
>> +	.mprotect = ttm_bo_vm_mprotect
>>   };
>>   
>>   static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>> index 5b27845075a1..164ea564bb7a 100644
>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>   	.fault = nouveau_ttm_fault,
>>   	.open = ttm_bo_vm_open,
>>   	.close = ttm_bo_vm_close,
>> -	.access = ttm_bo_vm_access
>> +	.access = ttm_bo_vm_access,
>> +	.mprotect = ttm_bo_vm_mprotect
>>   };
>>   
>>   void
>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>> index 458f92a70887..c19ad07eb7b5 100644
>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>   	.fault = radeon_gem_fault,
>>   	.open = ttm_bo_vm_open,
>>   	.close = ttm_bo_vm_close,
>> -	.access = ttm_bo_vm_access
>> +	.access = ttm_bo_vm_access,
>> +	.mprotect = ttm_bo_vm_mprotect
>>   };
>>   
>>   static void radeon_gem_object_free(struct drm_gem_object *gobj)
>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> index f56be5bc0861..fb325bad5db6 100644
>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>   }
>>   EXPORT_SYMBOL(ttm_bo_vm_access);
>>   
>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>> +		       unsigned long end, unsigned long newflags)
>> +{
>> +	/* Enforce no COW since would have really strange behavior with it. */
>> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>> +		return -EINVAL;
>> +
>> +	return 0;
>> +}
>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>> +
>>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>>   	.fault = ttm_bo_vm_fault,
>>   	.open = ttm_bo_vm_open,
>>   	.close = ttm_bo_vm_close,
>>   	.access = ttm_bo_vm_access,
>> +	.mprotect = ttm_bo_vm_mprotect,
>>   };
>>   
>>   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>   {
>>   	/* Enforce no COW since would have really strange behavior with it. */
>> -	if (is_cow_mapping(vma->vm_flags))
>> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>   		return -EINVAL;
>>   
>>   	ttm_bo_get(bo);
>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> index e6b1f98ec99f..e4bf7dc99320 100644
>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>   		.fault = vmw_bo_vm_fault,
>>   		.open = ttm_bo_vm_open,
>>   		.close = ttm_bo_vm_close,
>> +		.mprotect = ttm_bo_vm_mprotect,
>>   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>   		.huge_fault = vmw_bo_vm_huge_fault,
>>   #endif
>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>> index f681bbdbc698..40eb95875355 100644
>> --- a/include/drm/ttm/ttm_bo_api.h
>> +++ b/include/drm/ttm/ttm_bo_api.h
>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>   
>>   int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>   		     void *buf, int len, int write);
>> +
>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>> +		       unsigned long end, unsigned long newflags);
>> +
>>   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>   
>>   vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>> -- 
>> 2.32.0
>>


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-14 10:51     ` Christian König
  0 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-14 10:51 UTC (permalink / raw)
  To: Daniel Vetter, Felix Kuehling; +Cc: Alex Deucher, dri-devel, amd-gfx

Am 14.07.21 um 12:44 schrieb Daniel Vetter:
> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>> is_cow_mapping returns true for these mappings. Add a check for
>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>> PROT_NONE mappings.
>>
>> v2: protect against mprotect making a mapping writable after the fact
>> v3: update driver-specific vm_operations_structs
>>
>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> So looking at vmf_insert_pfn_prot() and the comment there we can't have
> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
> without pte_special at least.

Key idea is that we never end up in vmf_insert_pfn_prot() because the 
vma is mapped with PROT_NONE.

>
> So I'm not sure this is a great idea, and definitely not for all drivers

Yeah, I'm absolutely not happy with this either but it seemed to be the 
least painful thing to do.

> ...
>
> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
> instead?

Well we have considered forcefully setting VM_SHARED, which won't work 
easily for a couple of reasons.

But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well.

Felix can you test this?

Thanks,
Christian.

> -Daniel
>
>> ---
>>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>   include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>   6 files changed, 24 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> index b3404c43a911..1aa750a6a5d2 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>   	.fault = amdgpu_gem_fault,
>>   	.open = ttm_bo_vm_open,
>>   	.close = ttm_bo_vm_close,
>> -	.access = ttm_bo_vm_access
>> +	.access = ttm_bo_vm_access,
>> +	.mprotect = ttm_bo_vm_mprotect
>>   };
>>   
>>   static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>> index 5b27845075a1..164ea564bb7a 100644
>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>   	.fault = nouveau_ttm_fault,
>>   	.open = ttm_bo_vm_open,
>>   	.close = ttm_bo_vm_close,
>> -	.access = ttm_bo_vm_access
>> +	.access = ttm_bo_vm_access,
>> +	.mprotect = ttm_bo_vm_mprotect
>>   };
>>   
>>   void
>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>> index 458f92a70887..c19ad07eb7b5 100644
>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>   	.fault = radeon_gem_fault,
>>   	.open = ttm_bo_vm_open,
>>   	.close = ttm_bo_vm_close,
>> -	.access = ttm_bo_vm_access
>> +	.access = ttm_bo_vm_access,
>> +	.mprotect = ttm_bo_vm_mprotect
>>   };
>>   
>>   static void radeon_gem_object_free(struct drm_gem_object *gobj)
>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> index f56be5bc0861..fb325bad5db6 100644
>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>   }
>>   EXPORT_SYMBOL(ttm_bo_vm_access);
>>   
>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>> +		       unsigned long end, unsigned long newflags)
>> +{
>> +	/* Enforce no COW since would have really strange behavior with it. */
>> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>> +		return -EINVAL;
>> +
>> +	return 0;
>> +}
>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>> +
>>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>>   	.fault = ttm_bo_vm_fault,
>>   	.open = ttm_bo_vm_open,
>>   	.close = ttm_bo_vm_close,
>>   	.access = ttm_bo_vm_access,
>> +	.mprotect = ttm_bo_vm_mprotect,
>>   };
>>   
>>   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>   {
>>   	/* Enforce no COW since would have really strange behavior with it. */
>> -	if (is_cow_mapping(vma->vm_flags))
>> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>   		return -EINVAL;
>>   
>>   	ttm_bo_get(bo);
>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> index e6b1f98ec99f..e4bf7dc99320 100644
>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>   		.fault = vmw_bo_vm_fault,
>>   		.open = ttm_bo_vm_open,
>>   		.close = ttm_bo_vm_close,
>> +		.mprotect = ttm_bo_vm_mprotect,
>>   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>   		.huge_fault = vmw_bo_vm_huge_fault,
>>   #endif
>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>> index f681bbdbc698..40eb95875355 100644
>> --- a/include/drm/ttm/ttm_bo_api.h
>> +++ b/include/drm/ttm/ttm_bo_api.h
>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>   
>>   int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>   		     void *buf, int len, int write);
>> +
>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>> +		       unsigned long end, unsigned long newflags);
>> +
>>   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>   
>>   vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>> -- 
>> 2.32.0
>>

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-14 10:51     ` Christian König
@ 2021-07-14 11:15       ` Daniel Vetter
  -1 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-14 11:15 UTC (permalink / raw)
  To: Christian König; +Cc: dri-devel, Alex Deucher, Felix Kuehling, amd-gfx

On Wed, Jul 14, 2021 at 12:51:15PM +0200, Christian König wrote:
> Am 14.07.21 um 12:44 schrieb Daniel Vetter:
> > On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
> > > KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> > > is_cow_mapping returns true for these mappings. Add a check for
> > > vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> > > PROT_NONE mappings.
> > > 
> > > v2: protect against mprotect making a mapping writable after the fact
> > > v3: update driver-specific vm_operations_structs
> > > 
> > > Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> > > Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> > > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> > So looking at vmf_insert_pfn_prot() and the comment there we can't have
> > VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
> > without pte_special at least.
> 
> Key idea is that we never end up in vmf_insert_pfn_prot() because the vma is
> mapped with PROT_NONE.

Ah right if it's PROT_NONE then it's ok. But the code here only checks for
VM_WRITE, not VM_READ, so PROT_READ can get through and go boom? Or
something else I'm missing?

Maybe time for a few amdgpu mmap tests that go through the combos and make
sure it works/fails all correctly.
-Daniel

> > So I'm not sure this is a great idea, and definitely not for all drivers
> 
> Yeah, I'm absolutely not happy with this either but it seemed to be the
> least painful thing to do.
> 
> > ...
> > 
> > Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
> > instead?
> 
> Well we have considered forcefully setting VM_SHARED, which won't work
> easily for a couple of reasons.
> 
> But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well.
> 
> Felix can you test this?
> 
> Thanks,
> Christian.
> 
> > -Daniel
> > 
> > > ---
> > >   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> > >   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> > >   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> > >   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> > >   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> > >   include/drm/ttm/ttm_bo_api.h             |  4 ++++
> > >   6 files changed, 24 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > index b3404c43a911..1aa750a6a5d2 100644
> > > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> > >   	.fault = amdgpu_gem_fault,
> > >   	.open = ttm_bo_vm_open,
> > >   	.close = ttm_bo_vm_close,
> > > -	.access = ttm_bo_vm_access
> > > +	.access = ttm_bo_vm_access,
> > > +	.mprotect = ttm_bo_vm_mprotect
> > >   };
> > >   static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> > > diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > index 5b27845075a1..164ea564bb7a 100644
> > > --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> > >   	.fault = nouveau_ttm_fault,
> > >   	.open = ttm_bo_vm_open,
> > >   	.close = ttm_bo_vm_close,
> > > -	.access = ttm_bo_vm_access
> > > +	.access = ttm_bo_vm_access,
> > > +	.mprotect = ttm_bo_vm_mprotect
> > >   };
> > >   void
> > > diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> > > index 458f92a70887..c19ad07eb7b5 100644
> > > --- a/drivers/gpu/drm/radeon/radeon_gem.c
> > > +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> > > @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> > >   	.fault = radeon_gem_fault,
> > >   	.open = ttm_bo_vm_open,
> > >   	.close = ttm_bo_vm_close,
> > > -	.access = ttm_bo_vm_access
> > > +	.access = ttm_bo_vm_access,
> > > +	.mprotect = ttm_bo_vm_mprotect
> > >   };
> > >   static void radeon_gem_object_free(struct drm_gem_object *gobj)
> > > diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > index f56be5bc0861..fb325bad5db6 100644
> > > --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> > >   }
> > >   EXPORT_SYMBOL(ttm_bo_vm_access);
> > > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > > +		       unsigned long end, unsigned long newflags)
> > > +{
> > > +	/* Enforce no COW since would have really strange behavior with it. */
> > > +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> > > +		return -EINVAL;
> > > +
> > > +	return 0;
> > > +}
> > > +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> > > +
> > >   static const struct vm_operations_struct ttm_bo_vm_ops = {
> > >   	.fault = ttm_bo_vm_fault,
> > >   	.open = ttm_bo_vm_open,
> > >   	.close = ttm_bo_vm_close,
> > >   	.access = ttm_bo_vm_access,
> > > +	.mprotect = ttm_bo_vm_mprotect,
> > >   };
> > >   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> > >   {
> > >   	/* Enforce no COW since would have really strange behavior with it. */
> > > -	if (is_cow_mapping(vma->vm_flags))
> > > +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> > >   		return -EINVAL;
> > >   	ttm_bo_get(bo);
> > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > index e6b1f98ec99f..e4bf7dc99320 100644
> > > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> > >   		.fault = vmw_bo_vm_fault,
> > >   		.open = ttm_bo_vm_open,
> > >   		.close = ttm_bo_vm_close,
> > > +		.mprotect = ttm_bo_vm_mprotect,
> > >   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> > >   		.huge_fault = vmw_bo_vm_huge_fault,
> > >   #endif
> > > diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> > > index f681bbdbc698..40eb95875355 100644
> > > --- a/include/drm/ttm/ttm_bo_api.h
> > > +++ b/include/drm/ttm/ttm_bo_api.h
> > > @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> > >   int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> > >   		     void *buf, int len, int write);
> > > +
> > > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > > +		       unsigned long end, unsigned long newflags);
> > > +
> > >   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> > >   vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
> > > -- 
> > > 2.32.0
> > > 
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-14 11:15       ` Daniel Vetter
  0 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-14 11:15 UTC (permalink / raw)
  To: Christian König
  Cc: dri-devel, Alex Deucher, Felix Kuehling, amd-gfx, Daniel Vetter

On Wed, Jul 14, 2021 at 12:51:15PM +0200, Christian König wrote:
> Am 14.07.21 um 12:44 schrieb Daniel Vetter:
> > On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
> > > KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> > > is_cow_mapping returns true for these mappings. Add a check for
> > > vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> > > PROT_NONE mappings.
> > > 
> > > v2: protect against mprotect making a mapping writable after the fact
> > > v3: update driver-specific vm_operations_structs
> > > 
> > > Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> > > Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> > > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> > So looking at vmf_insert_pfn_prot() and the comment there we can't have
> > VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
> > without pte_special at least.
> 
> Key idea is that we never end up in vmf_insert_pfn_prot() because the vma is
> mapped with PROT_NONE.

Ah right if it's PROT_NONE then it's ok. But the code here only checks for
VM_WRITE, not VM_READ, so PROT_READ can get through and go boom? Or
something else I'm missing?

Maybe time for a few amdgpu mmap tests that go through the combos and make
sure it works/fails all correctly.
-Daniel

> > So I'm not sure this is a great idea, and definitely not for all drivers
> 
> Yeah, I'm absolutely not happy with this either but it seemed to be the
> least painful thing to do.
> 
> > ...
> > 
> > Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
> > instead?
> 
> Well we have considered forcefully setting VM_SHARED, which won't work
> easily for a couple of reasons.
> 
> But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well.
> 
> Felix can you test this?
> 
> Thanks,
> Christian.
> 
> > -Daniel
> > 
> > > ---
> > >   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> > >   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> > >   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> > >   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> > >   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> > >   include/drm/ttm/ttm_bo_api.h             |  4 ++++
> > >   6 files changed, 24 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > index b3404c43a911..1aa750a6a5d2 100644
> > > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> > >   	.fault = amdgpu_gem_fault,
> > >   	.open = ttm_bo_vm_open,
> > >   	.close = ttm_bo_vm_close,
> > > -	.access = ttm_bo_vm_access
> > > +	.access = ttm_bo_vm_access,
> > > +	.mprotect = ttm_bo_vm_mprotect
> > >   };
> > >   static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> > > diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > index 5b27845075a1..164ea564bb7a 100644
> > > --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> > >   	.fault = nouveau_ttm_fault,
> > >   	.open = ttm_bo_vm_open,
> > >   	.close = ttm_bo_vm_close,
> > > -	.access = ttm_bo_vm_access
> > > +	.access = ttm_bo_vm_access,
> > > +	.mprotect = ttm_bo_vm_mprotect
> > >   };
> > >   void
> > > diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> > > index 458f92a70887..c19ad07eb7b5 100644
> > > --- a/drivers/gpu/drm/radeon/radeon_gem.c
> > > +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> > > @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> > >   	.fault = radeon_gem_fault,
> > >   	.open = ttm_bo_vm_open,
> > >   	.close = ttm_bo_vm_close,
> > > -	.access = ttm_bo_vm_access
> > > +	.access = ttm_bo_vm_access,
> > > +	.mprotect = ttm_bo_vm_mprotect
> > >   };
> > >   static void radeon_gem_object_free(struct drm_gem_object *gobj)
> > > diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > index f56be5bc0861..fb325bad5db6 100644
> > > --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> > >   }
> > >   EXPORT_SYMBOL(ttm_bo_vm_access);
> > > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > > +		       unsigned long end, unsigned long newflags)
> > > +{
> > > +	/* Enforce no COW since would have really strange behavior with it. */
> > > +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> > > +		return -EINVAL;
> > > +
> > > +	return 0;
> > > +}
> > > +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> > > +
> > >   static const struct vm_operations_struct ttm_bo_vm_ops = {
> > >   	.fault = ttm_bo_vm_fault,
> > >   	.open = ttm_bo_vm_open,
> > >   	.close = ttm_bo_vm_close,
> > >   	.access = ttm_bo_vm_access,
> > > +	.mprotect = ttm_bo_vm_mprotect,
> > >   };
> > >   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> > >   {
> > >   	/* Enforce no COW since would have really strange behavior with it. */
> > > -	if (is_cow_mapping(vma->vm_flags))
> > > +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> > >   		return -EINVAL;
> > >   	ttm_bo_get(bo);
> > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > index e6b1f98ec99f..e4bf7dc99320 100644
> > > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> > >   		.fault = vmw_bo_vm_fault,
> > >   		.open = ttm_bo_vm_open,
> > >   		.close = ttm_bo_vm_close,
> > > +		.mprotect = ttm_bo_vm_mprotect,
> > >   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> > >   		.huge_fault = vmw_bo_vm_huge_fault,
> > >   #endif
> > > diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> > > index f681bbdbc698..40eb95875355 100644
> > > --- a/include/drm/ttm/ttm_bo_api.h
> > > +++ b/include/drm/ttm/ttm_bo_api.h
> > > @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> > >   int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> > >   		     void *buf, int len, int write);
> > > +
> > > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > > +		       unsigned long end, unsigned long newflags);
> > > +
> > >   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> > >   vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
> > > -- 
> > > 2.32.0
> > > 
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-14 11:15       ` Daniel Vetter
@ 2021-07-14 13:09         ` Christian König
  -1 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-14 13:09 UTC (permalink / raw)
  To: Daniel Vetter; +Cc: Alex Deucher, Felix Kuehling, dri-devel, amd-gfx

Am 14.07.21 um 13:15 schrieb Daniel Vetter:
> On Wed, Jul 14, 2021 at 12:51:15PM +0200, Christian König wrote:
>> Am 14.07.21 um 12:44 schrieb Daniel Vetter:
>>> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
>>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>>> is_cow_mapping returns true for these mappings. Add a check for
>>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>>> PROT_NONE mappings.
>>>>
>>>> v2: protect against mprotect making a mapping writable after the fact
>>>> v3: update driver-specific vm_operations_structs
>>>>
>>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>>> So looking at vmf_insert_pfn_prot() and the comment there we can't have
>>> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
>>> without pte_special at least.
>> Key idea is that we never end up in vmf_insert_pfn_prot() because the vma is
>> mapped with PROT_NONE.
> Ah right if it's PROT_NONE then it's ok. But the code here only checks for
> VM_WRITE, not VM_READ, so PROT_READ can get through and go boom? Or
> something else I'm missing?

Ah, good point. Yeah that is indeed not handled correctly and can cause 
a BUG_ON().

Looks like we need to revert that patch and go back to the drawing board 
then.

Christian.

>
> Maybe time for a few amdgpu mmap tests that go through the combos and make
> sure it works/fails all correctly.
> -Daniel
>
>>> So I'm not sure this is a great idea, and definitely not for all drivers
>> Yeah, I'm absolutely not happy with this either but it seemed to be the
>> least painful thing to do.
>>
>>> ...
>>>
>>> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
>>> instead?
>> Well we have considered forcefully setting VM_SHARED, which won't work
>> easily for a couple of reasons.
>>
>> But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well.
>>
>> Felix can you test this?
>>
>> Thanks,
>> Christian.
>>
>>> -Daniel
>>>
>>>> ---
>>>>    drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>>    drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>>    drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>>    drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>>    drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>>    include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>>    6 files changed, 24 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>> index b3404c43a911..1aa750a6a5d2 100644
>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>>>    	.fault = amdgpu_gem_fault,
>>>>    	.open = ttm_bo_vm_open,
>>>>    	.close = ttm_bo_vm_close,
>>>> -	.access = ttm_bo_vm_access
>>>> +	.access = ttm_bo_vm_access,
>>>> +	.mprotect = ttm_bo_vm_mprotect
>>>>    };
>>>>    static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>> index 5b27845075a1..164ea564bb7a 100644
>>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>>>    	.fault = nouveau_ttm_fault,
>>>>    	.open = ttm_bo_vm_open,
>>>>    	.close = ttm_bo_vm_close,
>>>> -	.access = ttm_bo_vm_access
>>>> +	.access = ttm_bo_vm_access,
>>>> +	.mprotect = ttm_bo_vm_mprotect
>>>>    };
>>>>    void
>>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>>>> index 458f92a70887..c19ad07eb7b5 100644
>>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>>>    	.fault = radeon_gem_fault,
>>>>    	.open = ttm_bo_vm_open,
>>>>    	.close = ttm_bo_vm_close,
>>>> -	.access = ttm_bo_vm_access
>>>> +	.access = ttm_bo_vm_access,
>>>> +	.mprotect = ttm_bo_vm_mprotect
>>>>    };
>>>>    static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>> index f56be5bc0861..fb325bad5db6 100644
>>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>    }
>>>>    EXPORT_SYMBOL(ttm_bo_vm_access);
>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>> +		       unsigned long end, unsigned long newflags)
>>>> +{
>>>> +	/* Enforce no COW since would have really strange behavior with it. */
>>>> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>>> +		return -EINVAL;
>>>> +
>>>> +	return 0;
>>>> +}
>>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>>> +
>>>>    static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>>    	.fault = ttm_bo_vm_fault,
>>>>    	.open = ttm_bo_vm_open,
>>>>    	.close = ttm_bo_vm_close,
>>>>    	.access = ttm_bo_vm_access,
>>>> +	.mprotect = ttm_bo_vm_mprotect,
>>>>    };
>>>>    int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>>    {
>>>>    	/* Enforce no COW since would have really strange behavior with it. */
>>>> -	if (is_cow_mapping(vma->vm_flags))
>>>> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>>    		return -EINVAL;
>>>>    	ttm_bo_get(bo);
>>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>>>    		.fault = vmw_bo_vm_fault,
>>>>    		.open = ttm_bo_vm_open,
>>>>    		.close = ttm_bo_vm_close,
>>>> +		.mprotect = ttm_bo_vm_mprotect,
>>>>    #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>>    		.huge_fault = vmw_bo_vm_huge_fault,
>>>>    #endif
>>>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>>>> index f681bbdbc698..40eb95875355 100644
>>>> --- a/include/drm/ttm/ttm_bo_api.h
>>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>>    int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>    		     void *buf, int len, int write);
>>>> +
>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>> +		       unsigned long end, unsigned long newflags);
>>>> +
>>>>    bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>>    vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>>>> -- 
>>>> 2.32.0
>>>>


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-14 13:09         ` Christian König
  0 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-14 13:09 UTC (permalink / raw)
  To: Daniel Vetter; +Cc: Alex Deucher, Felix Kuehling, dri-devel, amd-gfx

Am 14.07.21 um 13:15 schrieb Daniel Vetter:
> On Wed, Jul 14, 2021 at 12:51:15PM +0200, Christian König wrote:
>> Am 14.07.21 um 12:44 schrieb Daniel Vetter:
>>> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
>>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>>> is_cow_mapping returns true for these mappings. Add a check for
>>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>>> PROT_NONE mappings.
>>>>
>>>> v2: protect against mprotect making a mapping writable after the fact
>>>> v3: update driver-specific vm_operations_structs
>>>>
>>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>>> So looking at vmf_insert_pfn_prot() and the comment there we can't have
>>> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
>>> without pte_special at least.
>> Key idea is that we never end up in vmf_insert_pfn_prot() because the vma is
>> mapped with PROT_NONE.
> Ah right if it's PROT_NONE then it's ok. But the code here only checks for
> VM_WRITE, not VM_READ, so PROT_READ can get through and go boom? Or
> something else I'm missing?

Ah, good point. Yeah that is indeed not handled correctly and can cause 
a BUG_ON().

Looks like we need to revert that patch and go back to the drawing board 
then.

Christian.

>
> Maybe time for a few amdgpu mmap tests that go through the combos and make
> sure it works/fails all correctly.
> -Daniel
>
>>> So I'm not sure this is a great idea, and definitely not for all drivers
>> Yeah, I'm absolutely not happy with this either but it seemed to be the
>> least painful thing to do.
>>
>>> ...
>>>
>>> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
>>> instead?
>> Well we have considered forcefully setting VM_SHARED, which won't work
>> easily for a couple of reasons.
>>
>> But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well.
>>
>> Felix can you test this?
>>
>> Thanks,
>> Christian.
>>
>>> -Daniel
>>>
>>>> ---
>>>>    drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>>    drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>>    drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>>    drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>>    drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>>    include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>>    6 files changed, 24 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>> index b3404c43a911..1aa750a6a5d2 100644
>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>>>    	.fault = amdgpu_gem_fault,
>>>>    	.open = ttm_bo_vm_open,
>>>>    	.close = ttm_bo_vm_close,
>>>> -	.access = ttm_bo_vm_access
>>>> +	.access = ttm_bo_vm_access,
>>>> +	.mprotect = ttm_bo_vm_mprotect
>>>>    };
>>>>    static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>> index 5b27845075a1..164ea564bb7a 100644
>>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>>>    	.fault = nouveau_ttm_fault,
>>>>    	.open = ttm_bo_vm_open,
>>>>    	.close = ttm_bo_vm_close,
>>>> -	.access = ttm_bo_vm_access
>>>> +	.access = ttm_bo_vm_access,
>>>> +	.mprotect = ttm_bo_vm_mprotect
>>>>    };
>>>>    void
>>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>>>> index 458f92a70887..c19ad07eb7b5 100644
>>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>>>    	.fault = radeon_gem_fault,
>>>>    	.open = ttm_bo_vm_open,
>>>>    	.close = ttm_bo_vm_close,
>>>> -	.access = ttm_bo_vm_access
>>>> +	.access = ttm_bo_vm_access,
>>>> +	.mprotect = ttm_bo_vm_mprotect
>>>>    };
>>>>    static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>> index f56be5bc0861..fb325bad5db6 100644
>>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>    }
>>>>    EXPORT_SYMBOL(ttm_bo_vm_access);
>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>> +		       unsigned long end, unsigned long newflags)
>>>> +{
>>>> +	/* Enforce no COW since would have really strange behavior with it. */
>>>> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>>> +		return -EINVAL;
>>>> +
>>>> +	return 0;
>>>> +}
>>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>>> +
>>>>    static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>>    	.fault = ttm_bo_vm_fault,
>>>>    	.open = ttm_bo_vm_open,
>>>>    	.close = ttm_bo_vm_close,
>>>>    	.access = ttm_bo_vm_access,
>>>> +	.mprotect = ttm_bo_vm_mprotect,
>>>>    };
>>>>    int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>>    {
>>>>    	/* Enforce no COW since would have really strange behavior with it. */
>>>> -	if (is_cow_mapping(vma->vm_flags))
>>>> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>>    		return -EINVAL;
>>>>    	ttm_bo_get(bo);
>>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>>>    		.fault = vmw_bo_vm_fault,
>>>>    		.open = ttm_bo_vm_open,
>>>>    		.close = ttm_bo_vm_close,
>>>> +		.mprotect = ttm_bo_vm_mprotect,
>>>>    #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>>    		.huge_fault = vmw_bo_vm_huge_fault,
>>>>    #endif
>>>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>>>> index f681bbdbc698..40eb95875355 100644
>>>> --- a/include/drm/ttm/ttm_bo_api.h
>>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>>    int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>    		     void *buf, int len, int write);
>>>> +
>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>> +		       unsigned long end, unsigned long newflags);
>>>> +
>>>>    bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>>    vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>>>> -- 
>>>> 2.32.0
>>>>

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-14 10:51     ` Christian König
@ 2021-07-14 16:11       ` Felix Kuehling
  -1 siblings, 0 replies; 30+ messages in thread
From: Felix Kuehling @ 2021-07-14 16:11 UTC (permalink / raw)
  To: Christian König, Daniel Vetter; +Cc: Alex Deucher, dri-devel, amd-gfx

Am 2021-07-14 um 6:51 a.m. schrieb Christian König:
> Am 14.07.21 um 12:44 schrieb Daniel Vetter:
>> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>> is_cow_mapping returns true for these mappings. Add a check for
>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>> PROT_NONE mappings.
>>>
>>> v2: protect against mprotect making a mapping writable after the fact
>>> v3: update driver-specific vm_operations_structs
>>>
>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>> So looking at vmf_insert_pfn_prot() and the comment there we can't have
>> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
>> without pte_special at least.
>
> Key idea is that we never end up in vmf_insert_pfn_prot() because the
> vma is mapped with PROT_NONE.

Ah, thanks for that pointer. I wasn't aware of that BUG_ON. I thought it
was more of an abstract "copy-on-write faults may be bad on these mappings."


>
>>
>> So I'm not sure this is a great idea, and definitely not for all drivers
>
> Yeah, I'm absolutely not happy with this either but it seemed to be
> the least painful thing to do.
>
>> ...
>>
>> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
>> instead?
>
> Well we have considered forcefully setting VM_SHARED, which won't work
> easily for a couple of reasons.
>
> But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well.
>
> Felix can you test this?

Sounds like it should work and be straight forward (I thought that about
setting VM_SHARED, too ...). I'll give it a try.

Thanks,
  Felix


>
> Thanks,
> Christian.
>
>> -Daniel
>>
>>> ---
>>>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>   include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>   6 files changed, 24 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> index b3404c43a911..1aa750a6a5d2 100644
>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct
>>> amdgpu_gem_vm_ops = {
>>>       .fault = amdgpu_gem_fault,
>>>       .open = ttm_bo_vm_open,
>>>       .close = ttm_bo_vm_close,
>>> -    .access = ttm_bo_vm_access
>>> +    .access = ttm_bo_vm_access,
>>> +    .mprotect = ttm_bo_vm_mprotect
>>>   };
>>>     static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> index 5b27845075a1..164ea564bb7a 100644
>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct
>>> nouveau_ttm_vm_ops = {
>>>       .fault = nouveau_ttm_fault,
>>>       .open = ttm_bo_vm_open,
>>>       .close = ttm_bo_vm_close,
>>> -    .access = ttm_bo_vm_access
>>> +    .access = ttm_bo_vm_access,
>>> +    .mprotect = ttm_bo_vm_mprotect
>>>   };
>>>     void
>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c
>>> b/drivers/gpu/drm/radeon/radeon_gem.c
>>> index 458f92a70887..c19ad07eb7b5 100644
>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct
>>> radeon_gem_vm_ops = {
>>>       .fault = radeon_gem_fault,
>>>       .open = ttm_bo_vm_open,
>>>       .close = ttm_bo_vm_close,
>>> -    .access = ttm_bo_vm_access
>>> +    .access = ttm_bo_vm_access,
>>> +    .mprotect = ttm_bo_vm_mprotect
>>>   };
>>>     static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> index f56be5bc0861..fb325bad5db6 100644
>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct
>>> *vma, unsigned long addr,
>>>   }
>>>   EXPORT_SYMBOL(ttm_bo_vm_access);
>>>   +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long
>>> start,
>>> +               unsigned long end, unsigned long newflags)
>>> +{
>>> +    /* Enforce no COW since would have really strange behavior with
>>> it. */
>>> +    if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>> +        return -EINVAL;
>>> +
>>> +    return 0;
>>> +}
>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>> +
>>>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>       .fault = ttm_bo_vm_fault,
>>>       .open = ttm_bo_vm_open,
>>>       .close = ttm_bo_vm_close,
>>>       .access = ttm_bo_vm_access,
>>> +    .mprotect = ttm_bo_vm_mprotect,
>>>   };
>>>     int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct
>>> ttm_buffer_object *bo)
>>>   {
>>>       /* Enforce no COW since would have really strange behavior
>>> with it. */
>>> -    if (is_cow_mapping(vma->vm_flags))
>>> +    if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>           return -EINVAL;
>>>         ttm_bo_get(bo);
>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct
>>> vm_area_struct *vma)
>>>           .fault = vmw_bo_vm_fault,
>>>           .open = ttm_bo_vm_open,
>>>           .close = ttm_bo_vm_close,
>>> +        .mprotect = ttm_bo_vm_mprotect,
>>>   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>           .huge_fault = vmw_bo_vm_huge_fault,
>>>   #endif
>>> diff --git a/include/drm/ttm/ttm_bo_api.h
>>> b/include/drm/ttm/ttm_bo_api.h
>>> index f681bbdbc698..40eb95875355 100644
>>> --- a/include/drm/ttm/ttm_bo_api.h
>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>     int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long
>>> addr,
>>>                void *buf, int len, int write);
>>> +
>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long
>>> start,
>>> +               unsigned long end, unsigned long newflags);
>>> +
>>>   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>     vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t
>>> prot);
>>> -- 
>>> 2.32.0
>>>
>

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-14 16:11       ` Felix Kuehling
  0 siblings, 0 replies; 30+ messages in thread
From: Felix Kuehling @ 2021-07-14 16:11 UTC (permalink / raw)
  To: Christian König, Daniel Vetter; +Cc: Alex Deucher, dri-devel, amd-gfx

Am 2021-07-14 um 6:51 a.m. schrieb Christian König:
> Am 14.07.21 um 12:44 schrieb Daniel Vetter:
>> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote:
>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>> is_cow_mapping returns true for these mappings. Add a check for
>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>> PROT_NONE mappings.
>>>
>>> v2: protect against mprotect making a mapping writable after the fact
>>> v3: update driver-specific vm_operations_structs
>>>
>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>> So looking at vmf_insert_pfn_prot() and the comment there we can't have
>> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms
>> without pte_special at least.
>
> Key idea is that we never end up in vmf_insert_pfn_prot() because the
> vma is mapped with PROT_NONE.

Ah, thanks for that pointer. I wasn't aware of that BUG_ON. I thought it
was more of an abstract "copy-on-write faults may be bad on these mappings."


>
>>
>> So I'm not sure this is a great idea, and definitely not for all drivers
>
> Yeah, I'm absolutely not happy with this either but it seemed to be
> the least painful thing to do.
>
>> ...
>>
>> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping
>> instead?
>
> Well we have considered forcefully setting VM_SHARED, which won't work
> easily for a couple of reasons.
>
> But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well.
>
> Felix can you test this?

Sounds like it should work and be straight forward (I thought that about
setting VM_SHARED, too ...). I'll give it a try.

Thanks,
  Felix


>
> Thanks,
> Christian.
>
>> -Daniel
>>
>>> ---
>>>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>   drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>   drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>   drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>   drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>   include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>   6 files changed, 24 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> index b3404c43a911..1aa750a6a5d2 100644
>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct
>>> amdgpu_gem_vm_ops = {
>>>       .fault = amdgpu_gem_fault,
>>>       .open = ttm_bo_vm_open,
>>>       .close = ttm_bo_vm_close,
>>> -    .access = ttm_bo_vm_access
>>> +    .access = ttm_bo_vm_access,
>>> +    .mprotect = ttm_bo_vm_mprotect
>>>   };
>>>     static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> index 5b27845075a1..164ea564bb7a 100644
>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct
>>> nouveau_ttm_vm_ops = {
>>>       .fault = nouveau_ttm_fault,
>>>       .open = ttm_bo_vm_open,
>>>       .close = ttm_bo_vm_close,
>>> -    .access = ttm_bo_vm_access
>>> +    .access = ttm_bo_vm_access,
>>> +    .mprotect = ttm_bo_vm_mprotect
>>>   };
>>>     void
>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c
>>> b/drivers/gpu/drm/radeon/radeon_gem.c
>>> index 458f92a70887..c19ad07eb7b5 100644
>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct
>>> radeon_gem_vm_ops = {
>>>       .fault = radeon_gem_fault,
>>>       .open = ttm_bo_vm_open,
>>>       .close = ttm_bo_vm_close,
>>> -    .access = ttm_bo_vm_access
>>> +    .access = ttm_bo_vm_access,
>>> +    .mprotect = ttm_bo_vm_mprotect
>>>   };
>>>     static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> index f56be5bc0861..fb325bad5db6 100644
>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct
>>> *vma, unsigned long addr,
>>>   }
>>>   EXPORT_SYMBOL(ttm_bo_vm_access);
>>>   +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long
>>> start,
>>> +               unsigned long end, unsigned long newflags)
>>> +{
>>> +    /* Enforce no COW since would have really strange behavior with
>>> it. */
>>> +    if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>> +        return -EINVAL;
>>> +
>>> +    return 0;
>>> +}
>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>> +
>>>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>       .fault = ttm_bo_vm_fault,
>>>       .open = ttm_bo_vm_open,
>>>       .close = ttm_bo_vm_close,
>>>       .access = ttm_bo_vm_access,
>>> +    .mprotect = ttm_bo_vm_mprotect,
>>>   };
>>>     int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct
>>> ttm_buffer_object *bo)
>>>   {
>>>       /* Enforce no COW since would have really strange behavior
>>> with it. */
>>> -    if (is_cow_mapping(vma->vm_flags))
>>> +    if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>           return -EINVAL;
>>>         ttm_bo_get(bo);
>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct
>>> vm_area_struct *vma)
>>>           .fault = vmw_bo_vm_fault,
>>>           .open = ttm_bo_vm_open,
>>>           .close = ttm_bo_vm_close,
>>> +        .mprotect = ttm_bo_vm_mprotect,
>>>   #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>           .huge_fault = vmw_bo_vm_huge_fault,
>>>   #endif
>>> diff --git a/include/drm/ttm/ttm_bo_api.h
>>> b/include/drm/ttm/ttm_bo_api.h
>>> index f681bbdbc698..40eb95875355 100644
>>> --- a/include/drm/ttm/ttm_bo_api.h
>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>     int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long
>>> addr,
>>>                void *buf, int len, int write);
>>> +
>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long
>>> start,
>>> +               unsigned long end, unsigned long newflags);
>>> +
>>>   bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>     vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t
>>> prot);
>>> -- 
>>> 2.32.0
>>>
>
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-14  8:51       ` Christian König
@ 2021-07-23  8:21         ` Daniel Vetter
  -1 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-23  8:21 UTC (permalink / raw)
  To: Christian König, Thomas Zimmermann
  Cc: Christian König, Felix Kuehling, amd-gfx list, Alex Deucher,
	Maling list - DRI developers

On Wed, Jul 14, 2021 at 10:51 AM Christian König
<christian.koenig@amd.com> wrote:
>
>
>
> Am 13.07.21 um 17:28 schrieb Alex Deucher:
> > On Tue, Jul 13, 2021 at 2:57 AM Christian König
> > <ckoenig.leichtzumerken@gmail.com> wrote:
> >>
> >>
> >> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
> >>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> >>> is_cow_mapping returns true for these mappings. Add a check for
> >>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> >>> PROT_NONE mappings.
> >>>
> >>> v2: protect against mprotect making a mapping writable after the fact
> >>> v3: update driver-specific vm_operations_structs
> >>>
> >>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> >>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> >>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> >> Reviewed-by: Christian König <christian.koenig@amd.com>
> > Are you planning to push this to drm-misc?
>
> Yes, just didn't found time yesterday.

This is pushed to the wrong tree drm-misc-next-fixes, should have been
in drm-misc-fixes. Please be careful with that because every time that
goes wrong the script gets confused about which the current tree is,
and pushes the wrong tree to linux-next branches.

I'm going to hard-reset drm-misc-next-fixes now and hope that's good
enough to fix things up (since Thomas is not around all the time for
this merge window).
-Daniel


>
> Christian.
>
> >
> > Alex
> >
> >>> ---
> >>>    drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> >>>    drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> >>>    drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> >>>    drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> >>>    drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> >>>    include/drm/ttm/ttm_bo_api.h             |  4 ++++
> >>>    6 files changed, 24 insertions(+), 4 deletions(-)
> >>>
> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> >>> index b3404c43a911..1aa750a6a5d2 100644
> >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> >>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> >>>        .fault = amdgpu_gem_fault,
> >>>        .open = ttm_bo_vm_open,
> >>>        .close = ttm_bo_vm_close,
> >>> -     .access = ttm_bo_vm_access
> >>> +     .access = ttm_bo_vm_access,
> >>> +     .mprotect = ttm_bo_vm_mprotect
> >>>    };
> >>>
> >>>    static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> >>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> >>> index 5b27845075a1..164ea564bb7a 100644
> >>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> >>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> >>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> >>>        .fault = nouveau_ttm_fault,
> >>>        .open = ttm_bo_vm_open,
> >>>        .close = ttm_bo_vm_close,
> >>> -     .access = ttm_bo_vm_access
> >>> +     .access = ttm_bo_vm_access,
> >>> +     .mprotect = ttm_bo_vm_mprotect
> >>>    };
> >>>
> >>>    void
> >>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> >>> index 458f92a70887..c19ad07eb7b5 100644
> >>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
> >>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> >>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> >>>        .fault = radeon_gem_fault,
> >>>        .open = ttm_bo_vm_open,
> >>>        .close = ttm_bo_vm_close,
> >>> -     .access = ttm_bo_vm_access
> >>> +     .access = ttm_bo_vm_access,
> >>> +     .mprotect = ttm_bo_vm_mprotect
> >>>    };
> >>>
> >>>    static void radeon_gem_object_free(struct drm_gem_object *gobj)
> >>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> >>> index f56be5bc0861..fb325bad5db6 100644
> >>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> >>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> >>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >>>    }
> >>>    EXPORT_SYMBOL(ttm_bo_vm_access);
> >>>
> >>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> >>> +                    unsigned long end, unsigned long newflags)
> >>> +{
> >>> +     /* Enforce no COW since would have really strange behavior with it. */
> >>> +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> >>> +             return -EINVAL;
> >>> +
> >>> +     return 0;
> >>> +}
> >>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> >>> +
> >>>    static const struct vm_operations_struct ttm_bo_vm_ops = {
> >>>        .fault = ttm_bo_vm_fault,
> >>>        .open = ttm_bo_vm_open,
> >>>        .close = ttm_bo_vm_close,
> >>>        .access = ttm_bo_vm_access,
> >>> +     .mprotect = ttm_bo_vm_mprotect,
> >>>    };
> >>>
> >>>    int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> >>>    {
> >>>        /* Enforce no COW since would have really strange behavior with it. */
> >>> -     if (is_cow_mapping(vma->vm_flags))
> >>> +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> >>>                return -EINVAL;
> >>>
> >>>        ttm_bo_get(bo);
> >>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> >>> index e6b1f98ec99f..e4bf7dc99320 100644
> >>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> >>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> >>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> >>>                .fault = vmw_bo_vm_fault,
> >>>                .open = ttm_bo_vm_open,
> >>>                .close = ttm_bo_vm_close,
> >>> +             .mprotect = ttm_bo_vm_mprotect,
> >>>    #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> >>>                .huge_fault = vmw_bo_vm_huge_fault,
> >>>    #endif
> >>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> >>> index f681bbdbc698..40eb95875355 100644
> >>> --- a/include/drm/ttm/ttm_bo_api.h
> >>> +++ b/include/drm/ttm/ttm_bo_api.h
> >>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> >>>
> >>>    int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >>>                     void *buf, int len, int write);
> >>> +
> >>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> >>> +                    unsigned long end, unsigned long newflags);
> >>> +
> >>>    bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> >>>
> >>>    vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>


-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-23  8:21         ` Daniel Vetter
  0 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-23  8:21 UTC (permalink / raw)
  To: Christian König, Thomas Zimmermann
  Cc: Christian König, Felix Kuehling, amd-gfx list, Alex Deucher,
	Maling list - DRI developers, Alex Deucher

On Wed, Jul 14, 2021 at 10:51 AM Christian König
<christian.koenig@amd.com> wrote:
>
>
>
> Am 13.07.21 um 17:28 schrieb Alex Deucher:
> > On Tue, Jul 13, 2021 at 2:57 AM Christian König
> > <ckoenig.leichtzumerken@gmail.com> wrote:
> >>
> >>
> >> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
> >>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> >>> is_cow_mapping returns true for these mappings. Add a check for
> >>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> >>> PROT_NONE mappings.
> >>>
> >>> v2: protect against mprotect making a mapping writable after the fact
> >>> v3: update driver-specific vm_operations_structs
> >>>
> >>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> >>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> >>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> >> Reviewed-by: Christian König <christian.koenig@amd.com>
> > Are you planning to push this to drm-misc?
>
> Yes, just didn't found time yesterday.

This is pushed to the wrong tree drm-misc-next-fixes, should have been
in drm-misc-fixes. Please be careful with that because every time that
goes wrong the script gets confused about which the current tree is,
and pushes the wrong tree to linux-next branches.

I'm going to hard-reset drm-misc-next-fixes now and hope that's good
enough to fix things up (since Thomas is not around all the time for
this merge window).
-Daniel


>
> Christian.
>
> >
> > Alex
> >
> >>> ---
> >>>    drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> >>>    drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> >>>    drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> >>>    drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> >>>    drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> >>>    include/drm/ttm/ttm_bo_api.h             |  4 ++++
> >>>    6 files changed, 24 insertions(+), 4 deletions(-)
> >>>
> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> >>> index b3404c43a911..1aa750a6a5d2 100644
> >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> >>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> >>>        .fault = amdgpu_gem_fault,
> >>>        .open = ttm_bo_vm_open,
> >>>        .close = ttm_bo_vm_close,
> >>> -     .access = ttm_bo_vm_access
> >>> +     .access = ttm_bo_vm_access,
> >>> +     .mprotect = ttm_bo_vm_mprotect
> >>>    };
> >>>
> >>>    static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> >>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> >>> index 5b27845075a1..164ea564bb7a 100644
> >>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> >>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> >>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> >>>        .fault = nouveau_ttm_fault,
> >>>        .open = ttm_bo_vm_open,
> >>>        .close = ttm_bo_vm_close,
> >>> -     .access = ttm_bo_vm_access
> >>> +     .access = ttm_bo_vm_access,
> >>> +     .mprotect = ttm_bo_vm_mprotect
> >>>    };
> >>>
> >>>    void
> >>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> >>> index 458f92a70887..c19ad07eb7b5 100644
> >>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
> >>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> >>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> >>>        .fault = radeon_gem_fault,
> >>>        .open = ttm_bo_vm_open,
> >>>        .close = ttm_bo_vm_close,
> >>> -     .access = ttm_bo_vm_access
> >>> +     .access = ttm_bo_vm_access,
> >>> +     .mprotect = ttm_bo_vm_mprotect
> >>>    };
> >>>
> >>>    static void radeon_gem_object_free(struct drm_gem_object *gobj)
> >>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> >>> index f56be5bc0861..fb325bad5db6 100644
> >>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> >>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> >>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >>>    }
> >>>    EXPORT_SYMBOL(ttm_bo_vm_access);
> >>>
> >>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> >>> +                    unsigned long end, unsigned long newflags)
> >>> +{
> >>> +     /* Enforce no COW since would have really strange behavior with it. */
> >>> +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> >>> +             return -EINVAL;
> >>> +
> >>> +     return 0;
> >>> +}
> >>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> >>> +
> >>>    static const struct vm_operations_struct ttm_bo_vm_ops = {
> >>>        .fault = ttm_bo_vm_fault,
> >>>        .open = ttm_bo_vm_open,
> >>>        .close = ttm_bo_vm_close,
> >>>        .access = ttm_bo_vm_access,
> >>> +     .mprotect = ttm_bo_vm_mprotect,
> >>>    };
> >>>
> >>>    int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> >>>    {
> >>>        /* Enforce no COW since would have really strange behavior with it. */
> >>> -     if (is_cow_mapping(vma->vm_flags))
> >>> +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> >>>                return -EINVAL;
> >>>
> >>>        ttm_bo_get(bo);
> >>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> >>> index e6b1f98ec99f..e4bf7dc99320 100644
> >>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> >>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> >>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> >>>                .fault = vmw_bo_vm_fault,
> >>>                .open = ttm_bo_vm_open,
> >>>                .close = ttm_bo_vm_close,
> >>> +             .mprotect = ttm_bo_vm_mprotect,
> >>>    #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> >>>                .huge_fault = vmw_bo_vm_huge_fault,
> >>>    #endif
> >>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> >>> index f681bbdbc698..40eb95875355 100644
> >>> --- a/include/drm/ttm/ttm_bo_api.h
> >>> +++ b/include/drm/ttm/ttm_bo_api.h
> >>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> >>>
> >>>    int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> >>>                     void *buf, int len, int write);
> >>> +
> >>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> >>> +                    unsigned long end, unsigned long newflags);
> >>> +
> >>>    bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> >>>
> >>>    vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>


-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-23  8:21         ` Daniel Vetter
@ 2021-07-23  8:33           ` Christian König
  -1 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-23  8:33 UTC (permalink / raw)
  To: Daniel Vetter, Christian König, Thomas Zimmermann
  Cc: Alex Deucher, Felix Kuehling, amd-gfx list, Maling list - DRI developers



Am 23.07.21 um 10:21 schrieb Daniel Vetter:
> On Wed, Jul 14, 2021 at 10:51 AM Christian König
> <christian.koenig@amd.com> wrote:
>>
>>
>> Am 13.07.21 um 17:28 schrieb Alex Deucher:
>>> On Tue, Jul 13, 2021 at 2:57 AM Christian König
>>> <ckoenig.leichtzumerken@gmail.com> wrote:
>>>>
>>>> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
>>>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>>>> is_cow_mapping returns true for these mappings. Add a check for
>>>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>>>> PROT_NONE mappings.
>>>>>
>>>>> v2: protect against mprotect making a mapping writable after the fact
>>>>> v3: update driver-specific vm_operations_structs
>>>>>
>>>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>>>> Reviewed-by: Christian König <christian.koenig@amd.com>
>>> Are you planning to push this to drm-misc?
>> Yes, just didn't found time yesterday.
> This is pushed to the wrong tree drm-misc-next-fixes, should have been
> in drm-misc-fixes. Please be careful with that because every time that
> goes wrong the script gets confused about which the current tree is,
> and pushes the wrong tree to linux-next branches.
>
> I'm going to hard-reset drm-misc-next-fixes now and hope that's good
> enough to fix things up (since Thomas is not around all the time for
> this merge window).

STOP! I'm about to push a revert for this patch.

And yes that was pushed to the wrong branch, but it turned out that this 
was fortunate since the patch doesn't work correctly.

Christian.

> -Daniel
>
>
>> Christian.
>>
>>> Alex
>>>
>>>>> ---
>>>>>     drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>>>     drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>>>     drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>>>     drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>>>     drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>>>     include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>>>     6 files changed, 24 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>> index b3404c43a911..1aa750a6a5d2 100644
>>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>>>>         .fault = amdgpu_gem_fault,
>>>>>         .open = ttm_bo_vm_open,
>>>>>         .close = ttm_bo_vm_close,
>>>>> -     .access = ttm_bo_vm_access
>>>>> +     .access = ttm_bo_vm_access,
>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>     };
>>>>>
>>>>>     static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>> index 5b27845075a1..164ea564bb7a 100644
>>>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>>>>         .fault = nouveau_ttm_fault,
>>>>>         .open = ttm_bo_vm_open,
>>>>>         .close = ttm_bo_vm_close,
>>>>> -     .access = ttm_bo_vm_access
>>>>> +     .access = ttm_bo_vm_access,
>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>     };
>>>>>
>>>>>     void
>>>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>>>>> index 458f92a70887..c19ad07eb7b5 100644
>>>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>>>>         .fault = radeon_gem_fault,
>>>>>         .open = ttm_bo_vm_open,
>>>>>         .close = ttm_bo_vm_close,
>>>>> -     .access = ttm_bo_vm_access
>>>>> +     .access = ttm_bo_vm_access,
>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>     };
>>>>>
>>>>>     static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> index f56be5bc0861..fb325bad5db6 100644
>>>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>>     }
>>>>>     EXPORT_SYMBOL(ttm_bo_vm_access);
>>>>>
>>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>>> +                    unsigned long end, unsigned long newflags)
>>>>> +{
>>>>> +     /* Enforce no COW since would have really strange behavior with it. */
>>>>> +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>>>> +             return -EINVAL;
>>>>> +
>>>>> +     return 0;
>>>>> +}
>>>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>>>> +
>>>>>     static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>>>         .fault = ttm_bo_vm_fault,
>>>>>         .open = ttm_bo_vm_open,
>>>>>         .close = ttm_bo_vm_close,
>>>>>         .access = ttm_bo_vm_access,
>>>>> +     .mprotect = ttm_bo_vm_mprotect,
>>>>>     };
>>>>>
>>>>>     int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>>>     {
>>>>>         /* Enforce no COW since would have really strange behavior with it. */
>>>>> -     if (is_cow_mapping(vma->vm_flags))
>>>>> +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>>>                 return -EINVAL;
>>>>>
>>>>>         ttm_bo_get(bo);
>>>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>>>>                 .fault = vmw_bo_vm_fault,
>>>>>                 .open = ttm_bo_vm_open,
>>>>>                 .close = ttm_bo_vm_close,
>>>>> +             .mprotect = ttm_bo_vm_mprotect,
>>>>>     #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>>>                 .huge_fault = vmw_bo_vm_huge_fault,
>>>>>     #endif
>>>>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>>>>> index f681bbdbc698..40eb95875355 100644
>>>>> --- a/include/drm/ttm/ttm_bo_api.h
>>>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>>>
>>>>>     int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>>                      void *buf, int len, int write);
>>>>> +
>>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>>> +                    unsigned long end, unsigned long newflags);
>>>>> +
>>>>>     bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>>>
>>>>>     vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-23  8:33           ` Christian König
  0 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-23  8:33 UTC (permalink / raw)
  To: Daniel Vetter, Christian König, Thomas Zimmermann
  Cc: Alex Deucher, Alex Deucher, Felix Kuehling, amd-gfx list,
	Maling list - DRI developers



Am 23.07.21 um 10:21 schrieb Daniel Vetter:
> On Wed, Jul 14, 2021 at 10:51 AM Christian König
> <christian.koenig@amd.com> wrote:
>>
>>
>> Am 13.07.21 um 17:28 schrieb Alex Deucher:
>>> On Tue, Jul 13, 2021 at 2:57 AM Christian König
>>> <ckoenig.leichtzumerken@gmail.com> wrote:
>>>>
>>>> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
>>>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>>>> is_cow_mapping returns true for these mappings. Add a check for
>>>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>>>> PROT_NONE mappings.
>>>>>
>>>>> v2: protect against mprotect making a mapping writable after the fact
>>>>> v3: update driver-specific vm_operations_structs
>>>>>
>>>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>>>> Reviewed-by: Christian König <christian.koenig@amd.com>
>>> Are you planning to push this to drm-misc?
>> Yes, just didn't found time yesterday.
> This is pushed to the wrong tree drm-misc-next-fixes, should have been
> in drm-misc-fixes. Please be careful with that because every time that
> goes wrong the script gets confused about which the current tree is,
> and pushes the wrong tree to linux-next branches.
>
> I'm going to hard-reset drm-misc-next-fixes now and hope that's good
> enough to fix things up (since Thomas is not around all the time for
> this merge window).

STOP! I'm about to push a revert for this patch.

And yes that was pushed to the wrong branch, but it turned out that this 
was fortunate since the patch doesn't work correctly.

Christian.

> -Daniel
>
>
>> Christian.
>>
>>> Alex
>>>
>>>>> ---
>>>>>     drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>>>     drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>>>     drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>>>     drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>>>     drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>>>     include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>>>     6 files changed, 24 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>> index b3404c43a911..1aa750a6a5d2 100644
>>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>>>>         .fault = amdgpu_gem_fault,
>>>>>         .open = ttm_bo_vm_open,
>>>>>         .close = ttm_bo_vm_close,
>>>>> -     .access = ttm_bo_vm_access
>>>>> +     .access = ttm_bo_vm_access,
>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>     };
>>>>>
>>>>>     static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>> index 5b27845075a1..164ea564bb7a 100644
>>>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>>>>         .fault = nouveau_ttm_fault,
>>>>>         .open = ttm_bo_vm_open,
>>>>>         .close = ttm_bo_vm_close,
>>>>> -     .access = ttm_bo_vm_access
>>>>> +     .access = ttm_bo_vm_access,
>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>     };
>>>>>
>>>>>     void
>>>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>>>>> index 458f92a70887..c19ad07eb7b5 100644
>>>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>>>>         .fault = radeon_gem_fault,
>>>>>         .open = ttm_bo_vm_open,
>>>>>         .close = ttm_bo_vm_close,
>>>>> -     .access = ttm_bo_vm_access
>>>>> +     .access = ttm_bo_vm_access,
>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>     };
>>>>>
>>>>>     static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> index f56be5bc0861..fb325bad5db6 100644
>>>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>>     }
>>>>>     EXPORT_SYMBOL(ttm_bo_vm_access);
>>>>>
>>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>>> +                    unsigned long end, unsigned long newflags)
>>>>> +{
>>>>> +     /* Enforce no COW since would have really strange behavior with it. */
>>>>> +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>>>> +             return -EINVAL;
>>>>> +
>>>>> +     return 0;
>>>>> +}
>>>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>>>> +
>>>>>     static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>>>         .fault = ttm_bo_vm_fault,
>>>>>         .open = ttm_bo_vm_open,
>>>>>         .close = ttm_bo_vm_close,
>>>>>         .access = ttm_bo_vm_access,
>>>>> +     .mprotect = ttm_bo_vm_mprotect,
>>>>>     };
>>>>>
>>>>>     int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>>>     {
>>>>>         /* Enforce no COW since would have really strange behavior with it. */
>>>>> -     if (is_cow_mapping(vma->vm_flags))
>>>>> +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>>>                 return -EINVAL;
>>>>>
>>>>>         ttm_bo_get(bo);
>>>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>>>>                 .fault = vmw_bo_vm_fault,
>>>>>                 .open = ttm_bo_vm_open,
>>>>>                 .close = ttm_bo_vm_close,
>>>>> +             .mprotect = ttm_bo_vm_mprotect,
>>>>>     #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>>>                 .huge_fault = vmw_bo_vm_huge_fault,
>>>>>     #endif
>>>>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>>>>> index f681bbdbc698..40eb95875355 100644
>>>>> --- a/include/drm/ttm/ttm_bo_api.h
>>>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>>>
>>>>>     int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>>                      void *buf, int len, int write);
>>>>> +
>>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>>> +                    unsigned long end, unsigned long newflags);
>>>>> +
>>>>>     bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>>>
>>>>>     vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
>

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-23  8:33           ` Christian König
@ 2021-07-23  9:00             ` Daniel Vetter
  -1 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-23  9:00 UTC (permalink / raw)
  To: Christian König
  Cc: Felix Kuehling, Maling list - DRI developers, Alex Deucher,
	amd-gfx list, Thomas Zimmermann, Christian König

On Fri, Jul 23, 2021 at 10:33:48AM +0200, Christian König wrote:
> 
> 
> Am 23.07.21 um 10:21 schrieb Daniel Vetter:
> > On Wed, Jul 14, 2021 at 10:51 AM Christian König
> > <christian.koenig@amd.com> wrote:
> > > 
> > > 
> > > Am 13.07.21 um 17:28 schrieb Alex Deucher:
> > > > On Tue, Jul 13, 2021 at 2:57 AM Christian König
> > > > <ckoenig.leichtzumerken@gmail.com> wrote:
> > > > > 
> > > > > Am 13.07.21 um 00:06 schrieb Felix Kuehling:
> > > > > > KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> > > > > > is_cow_mapping returns true for these mappings. Add a check for
> > > > > > vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> > > > > > PROT_NONE mappings.
> > > > > > 
> > > > > > v2: protect against mprotect making a mapping writable after the fact
> > > > > > v3: update driver-specific vm_operations_structs
> > > > > > 
> > > > > > Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> > > > > > Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> > > > > > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> > > > > Reviewed-by: Christian König <christian.koenig@amd.com>
> > > > Are you planning to push this to drm-misc?
> > > Yes, just didn't found time yesterday.
> > This is pushed to the wrong tree drm-misc-next-fixes, should have been
> > in drm-misc-fixes. Please be careful with that because every time that
> > goes wrong the script gets confused about which the current tree is,
> > and pushes the wrong tree to linux-next branches.
> > 
> > I'm going to hard-reset drm-misc-next-fixes now and hope that's good
> > enough to fix things up (since Thomas is not around all the time for
> > this merge window).
> 
> STOP! I'm about to push a revert for this patch.
> 
> And yes that was pushed to the wrong branch, but it turned out that this was
> fortunate since the patch doesn't work correctly.

Well I just hard-reset, so you can push the right patch to the right
branch now. The trouble is that outside of the merge window no one is
allowed to push to drm-misc-next-fixes. If you do, then dim pushes
drm-misc-next-fixes to for-linux-next instead of drm-misc-next, and we
have bad surprises.

Which unfortunately happens like every merge window a few times and always
takes a few days/weeks to get caught.
-Danie

> 
> Christian.
> 
> > -Daniel
> > 
> > 
> > > Christian.
> > > 
> > > > Alex
> > > > 
> > > > > > ---
> > > > > >     drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> > > > > >     drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> > > > > >     drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> > > > > >     drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> > > > > >     drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> > > > > >     include/drm/ttm/ttm_bo_api.h             |  4 ++++
> > > > > >     6 files changed, 24 insertions(+), 4 deletions(-)
> > > > > > 
> > > > > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > > > > index b3404c43a911..1aa750a6a5d2 100644
> > > > > > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > > > > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > > > > @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> > > > > >         .fault = amdgpu_gem_fault,
> > > > > >         .open = ttm_bo_vm_open,
> > > > > >         .close = ttm_bo_vm_close,
> > > > > > -     .access = ttm_bo_vm_access
> > > > > > +     .access = ttm_bo_vm_access,
> > > > > > +     .mprotect = ttm_bo_vm_mprotect
> > > > > >     };
> > > > > > 
> > > > > >     static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> > > > > > diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > > > > index 5b27845075a1..164ea564bb7a 100644
> > > > > > --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > > > > +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > > > > @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> > > > > >         .fault = nouveau_ttm_fault,
> > > > > >         .open = ttm_bo_vm_open,
> > > > > >         .close = ttm_bo_vm_close,
> > > > > > -     .access = ttm_bo_vm_access
> > > > > > +     .access = ttm_bo_vm_access,
> > > > > > +     .mprotect = ttm_bo_vm_mprotect
> > > > > >     };
> > > > > > 
> > > > > >     void
> > > > > > diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> > > > > > index 458f92a70887..c19ad07eb7b5 100644
> > > > > > --- a/drivers/gpu/drm/radeon/radeon_gem.c
> > > > > > +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> > > > > > @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> > > > > >         .fault = radeon_gem_fault,
> > > > > >         .open = ttm_bo_vm_open,
> > > > > >         .close = ttm_bo_vm_close,
> > > > > > -     .access = ttm_bo_vm_access
> > > > > > +     .access = ttm_bo_vm_access,
> > > > > > +     .mprotect = ttm_bo_vm_mprotect
> > > > > >     };
> > > > > > 
> > > > > >     static void radeon_gem_object_free(struct drm_gem_object *gobj)
> > > > > > diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > > > > index f56be5bc0861..fb325bad5db6 100644
> > > > > > --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > > > > +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > > > > @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> > > > > >     }
> > > > > >     EXPORT_SYMBOL(ttm_bo_vm_access);
> > > > > > 
> > > > > > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > > > > > +                    unsigned long end, unsigned long newflags)
> > > > > > +{
> > > > > > +     /* Enforce no COW since would have really strange behavior with it. */
> > > > > > +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> > > > > > +             return -EINVAL;
> > > > > > +
> > > > > > +     return 0;
> > > > > > +}
> > > > > > +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> > > > > > +
> > > > > >     static const struct vm_operations_struct ttm_bo_vm_ops = {
> > > > > >         .fault = ttm_bo_vm_fault,
> > > > > >         .open = ttm_bo_vm_open,
> > > > > >         .close = ttm_bo_vm_close,
> > > > > >         .access = ttm_bo_vm_access,
> > > > > > +     .mprotect = ttm_bo_vm_mprotect,
> > > > > >     };
> > > > > > 
> > > > > >     int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> > > > > >     {
> > > > > >         /* Enforce no COW since would have really strange behavior with it. */
> > > > > > -     if (is_cow_mapping(vma->vm_flags))
> > > > > > +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> > > > > >                 return -EINVAL;
> > > > > > 
> > > > > >         ttm_bo_get(bo);
> > > > > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > > > > index e6b1f98ec99f..e4bf7dc99320 100644
> > > > > > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > > > > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > > > > @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> > > > > >                 .fault = vmw_bo_vm_fault,
> > > > > >                 .open = ttm_bo_vm_open,
> > > > > >                 .close = ttm_bo_vm_close,
> > > > > > +             .mprotect = ttm_bo_vm_mprotect,
> > > > > >     #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> > > > > >                 .huge_fault = vmw_bo_vm_huge_fault,
> > > > > >     #endif
> > > > > > diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> > > > > > index f681bbdbc698..40eb95875355 100644
> > > > > > --- a/include/drm/ttm/ttm_bo_api.h
> > > > > > +++ b/include/drm/ttm/ttm_bo_api.h
> > > > > > @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> > > > > > 
> > > > > >     int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> > > > > >                      void *buf, int len, int write);
> > > > > > +
> > > > > > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > > > > > +                    unsigned long end, unsigned long newflags);
> > > > > > +
> > > > > >     bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> > > > > > 
> > > > > >     vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
> > 
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-23  9:00             ` Daniel Vetter
  0 siblings, 0 replies; 30+ messages in thread
From: Daniel Vetter @ 2021-07-23  9:00 UTC (permalink / raw)
  To: Christian König
  Cc: Daniel Vetter, Felix Kuehling, Maling list - DRI developers,
	Alex Deucher, amd-gfx list, Thomas Zimmermann, Alex Deucher,
	Christian König

On Fri, Jul 23, 2021 at 10:33:48AM +0200, Christian König wrote:
> 
> 
> Am 23.07.21 um 10:21 schrieb Daniel Vetter:
> > On Wed, Jul 14, 2021 at 10:51 AM Christian König
> > <christian.koenig@amd.com> wrote:
> > > 
> > > 
> > > Am 13.07.21 um 17:28 schrieb Alex Deucher:
> > > > On Tue, Jul 13, 2021 at 2:57 AM Christian König
> > > > <ckoenig.leichtzumerken@gmail.com> wrote:
> > > > > 
> > > > > Am 13.07.21 um 00:06 schrieb Felix Kuehling:
> > > > > > KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> > > > > > is_cow_mapping returns true for these mappings. Add a check for
> > > > > > vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> > > > > > PROT_NONE mappings.
> > > > > > 
> > > > > > v2: protect against mprotect making a mapping writable after the fact
> > > > > > v3: update driver-specific vm_operations_structs
> > > > > > 
> > > > > > Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> > > > > > Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> > > > > > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> > > > > Reviewed-by: Christian König <christian.koenig@amd.com>
> > > > Are you planning to push this to drm-misc?
> > > Yes, just didn't found time yesterday.
> > This is pushed to the wrong tree drm-misc-next-fixes, should have been
> > in drm-misc-fixes. Please be careful with that because every time that
> > goes wrong the script gets confused about which the current tree is,
> > and pushes the wrong tree to linux-next branches.
> > 
> > I'm going to hard-reset drm-misc-next-fixes now and hope that's good
> > enough to fix things up (since Thomas is not around all the time for
> > this merge window).
> 
> STOP! I'm about to push a revert for this patch.
> 
> And yes that was pushed to the wrong branch, but it turned out that this was
> fortunate since the patch doesn't work correctly.

Well I just hard-reset, so you can push the right patch to the right
branch now. The trouble is that outside of the merge window no one is
allowed to push to drm-misc-next-fixes. If you do, then dim pushes
drm-misc-next-fixes to for-linux-next instead of drm-misc-next, and we
have bad surprises.

Which unfortunately happens like every merge window a few times and always
takes a few days/weeks to get caught.
-Danie

> 
> Christian.
> 
> > -Daniel
> > 
> > 
> > > Christian.
> > > 
> > > > Alex
> > > > 
> > > > > > ---
> > > > > >     drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
> > > > > >     drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
> > > > > >     drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
> > > > > >     drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
> > > > > >     drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
> > > > > >     include/drm/ttm/ttm_bo_api.h             |  4 ++++
> > > > > >     6 files changed, 24 insertions(+), 4 deletions(-)
> > > > > > 
> > > > > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > > > > index b3404c43a911..1aa750a6a5d2 100644
> > > > > > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > > > > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> > > > > > @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
> > > > > >         .fault = amdgpu_gem_fault,
> > > > > >         .open = ttm_bo_vm_open,
> > > > > >         .close = ttm_bo_vm_close,
> > > > > > -     .access = ttm_bo_vm_access
> > > > > > +     .access = ttm_bo_vm_access,
> > > > > > +     .mprotect = ttm_bo_vm_mprotect
> > > > > >     };
> > > > > > 
> > > > > >     static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
> > > > > > diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > > > > index 5b27845075a1..164ea564bb7a 100644
> > > > > > --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > > > > +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
> > > > > > @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
> > > > > >         .fault = nouveau_ttm_fault,
> > > > > >         .open = ttm_bo_vm_open,
> > > > > >         .close = ttm_bo_vm_close,
> > > > > > -     .access = ttm_bo_vm_access
> > > > > > +     .access = ttm_bo_vm_access,
> > > > > > +     .mprotect = ttm_bo_vm_mprotect
> > > > > >     };
> > > > > > 
> > > > > >     void
> > > > > > diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
> > > > > > index 458f92a70887..c19ad07eb7b5 100644
> > > > > > --- a/drivers/gpu/drm/radeon/radeon_gem.c
> > > > > > +++ b/drivers/gpu/drm/radeon/radeon_gem.c
> > > > > > @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
> > > > > >         .fault = radeon_gem_fault,
> > > > > >         .open = ttm_bo_vm_open,
> > > > > >         .close = ttm_bo_vm_close,
> > > > > > -     .access = ttm_bo_vm_access
> > > > > > +     .access = ttm_bo_vm_access,
> > > > > > +     .mprotect = ttm_bo_vm_mprotect
> > > > > >     };
> > > > > > 
> > > > > >     static void radeon_gem_object_free(struct drm_gem_object *gobj)
> > > > > > diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > > > > index f56be5bc0861..fb325bad5db6 100644
> > > > > > --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > > > > +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> > > > > > @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> > > > > >     }
> > > > > >     EXPORT_SYMBOL(ttm_bo_vm_access);
> > > > > > 
> > > > > > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > > > > > +                    unsigned long end, unsigned long newflags)
> > > > > > +{
> > > > > > +     /* Enforce no COW since would have really strange behavior with it. */
> > > > > > +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> > > > > > +             return -EINVAL;
> > > > > > +
> > > > > > +     return 0;
> > > > > > +}
> > > > > > +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
> > > > > > +
> > > > > >     static const struct vm_operations_struct ttm_bo_vm_ops = {
> > > > > >         .fault = ttm_bo_vm_fault,
> > > > > >         .open = ttm_bo_vm_open,
> > > > > >         .close = ttm_bo_vm_close,
> > > > > >         .access = ttm_bo_vm_access,
> > > > > > +     .mprotect = ttm_bo_vm_mprotect,
> > > > > >     };
> > > > > > 
> > > > > >     int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
> > > > > >     {
> > > > > >         /* Enforce no COW since would have really strange behavior with it. */
> > > > > > -     if (is_cow_mapping(vma->vm_flags))
> > > > > > +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
> > > > > >                 return -EINVAL;
> > > > > > 
> > > > > >         ttm_bo_get(bo);
> > > > > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > > > > index e6b1f98ec99f..e4bf7dc99320 100644
> > > > > > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > > > > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
> > > > > > @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
> > > > > >                 .fault = vmw_bo_vm_fault,
> > > > > >                 .open = ttm_bo_vm_open,
> > > > > >                 .close = ttm_bo_vm_close,
> > > > > > +             .mprotect = ttm_bo_vm_mprotect,
> > > > > >     #ifdef CONFIG_TRANSPARENT_HUGEPAGE
> > > > > >                 .huge_fault = vmw_bo_vm_huge_fault,
> > > > > >     #endif
> > > > > > diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
> > > > > > index f681bbdbc698..40eb95875355 100644
> > > > > > --- a/include/drm/ttm/ttm_bo_api.h
> > > > > > +++ b/include/drm/ttm/ttm_bo_api.h
> > > > > > @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
> > > > > > 
> > > > > >     int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
> > > > > >                      void *buf, int len, int write);
> > > > > > +
> > > > > > +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> > > > > > +                    unsigned long end, unsigned long newflags);
> > > > > > +
> > > > > >     bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
> > > > > > 
> > > > > >     vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);
> > 
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
  2021-07-23  9:00             ` Daniel Vetter
@ 2021-07-23  9:09               ` Christian König
  -1 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-23  9:09 UTC (permalink / raw)
  To: Daniel Vetter
  Cc: Felix Kuehling, Maling list - DRI developers, Alex Deucher,
	amd-gfx list, Thomas Zimmermann, Christian König

Am 23.07.21 um 11:00 schrieb Daniel Vetter:
> On Fri, Jul 23, 2021 at 10:33:48AM +0200, Christian König wrote:
>>
>> Am 23.07.21 um 10:21 schrieb Daniel Vetter:
>>> On Wed, Jul 14, 2021 at 10:51 AM Christian König
>>> <christian.koenig@amd.com> wrote:
>>>>
>>>> Am 13.07.21 um 17:28 schrieb Alex Deucher:
>>>>> On Tue, Jul 13, 2021 at 2:57 AM Christian König
>>>>> <ckoenig.leichtzumerken@gmail.com> wrote:
>>>>>> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
>>>>>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>>>>>> is_cow_mapping returns true for these mappings. Add a check for
>>>>>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>>>>>> PROT_NONE mappings.
>>>>>>>
>>>>>>> v2: protect against mprotect making a mapping writable after the fact
>>>>>>> v3: update driver-specific vm_operations_structs
>>>>>>>
>>>>>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>>>>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>>>>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>>>>>> Reviewed-by: Christian König <christian.koenig@amd.com>
>>>>> Are you planning to push this to drm-misc?
>>>> Yes, just didn't found time yesterday.
>>> This is pushed to the wrong tree drm-misc-next-fixes, should have been
>>> in drm-misc-fixes. Please be careful with that because every time that
>>> goes wrong the script gets confused about which the current tree is,
>>> and pushes the wrong tree to linux-next branches.
>>>
>>> I'm going to hard-reset drm-misc-next-fixes now and hope that's good
>>> enough to fix things up (since Thomas is not around all the time for
>>> this merge window).
>> STOP! I'm about to push a revert for this patch.
>>
>> And yes that was pushed to the wrong branch, but it turned out that this was
>> fortunate since the patch doesn't work correctly.
> Well I just hard-reset, so you can push the right patch to the right
> branch now. The trouble is that outside of the merge window no one is
> allowed to push to drm-misc-next-fixes. If you do, then dim pushes
> drm-misc-next-fixes to for-linux-next instead of drm-misc-next, and we
> have bad surprises.

Could we then make the branch read-only for that time?

> Which unfortunately happens like every merge window a few times and always
> takes a few days/weeks to get caught.

Yeah, at least to me it's absolutely not obvious when the merge windows 
for a certain version start/end.

Christian.

> -Danie
>
>> Christian.
>>
>>> -Daniel
>>>
>>>
>>>> Christian.
>>>>
>>>>> Alex
>>>>>
>>>>>>> ---
>>>>>>>      drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>>>>>      drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>>>>>      drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>>>>>      drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>>>>>      drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>>>>>      include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>>>>>      6 files changed, 24 insertions(+), 4 deletions(-)
>>>>>>>
>>>>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>>>> index b3404c43a911..1aa750a6a5d2 100644
>>>>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>>>>>>          .fault = amdgpu_gem_fault,
>>>>>>>          .open = ttm_bo_vm_open,
>>>>>>>          .close = ttm_bo_vm_close,
>>>>>>> -     .access = ttm_bo_vm_access
>>>>>>> +     .access = ttm_bo_vm_access,
>>>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>>>      };
>>>>>>>
>>>>>>>      static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>>>>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>>>> index 5b27845075a1..164ea564bb7a 100644
>>>>>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>>>>>>          .fault = nouveau_ttm_fault,
>>>>>>>          .open = ttm_bo_vm_open,
>>>>>>>          .close = ttm_bo_vm_close,
>>>>>>> -     .access = ttm_bo_vm_access
>>>>>>> +     .access = ttm_bo_vm_access,
>>>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>>>      };
>>>>>>>
>>>>>>>      void
>>>>>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>>>>>>> index 458f92a70887..c19ad07eb7b5 100644
>>>>>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>>>>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>>>>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>>>>>>          .fault = radeon_gem_fault,
>>>>>>>          .open = ttm_bo_vm_open,
>>>>>>>          .close = ttm_bo_vm_close,
>>>>>>> -     .access = ttm_bo_vm_access
>>>>>>> +     .access = ttm_bo_vm_access,
>>>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>>>      };
>>>>>>>
>>>>>>>      static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>>>>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>>>> index f56be5bc0861..fb325bad5db6 100644
>>>>>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>>>>      }
>>>>>>>      EXPORT_SYMBOL(ttm_bo_vm_access);
>>>>>>>
>>>>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>>>>> +                    unsigned long end, unsigned long newflags)
>>>>>>> +{
>>>>>>> +     /* Enforce no COW since would have really strange behavior with it. */
>>>>>>> +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>>>>>> +             return -EINVAL;
>>>>>>> +
>>>>>>> +     return 0;
>>>>>>> +}
>>>>>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>>>>>> +
>>>>>>>      static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>>>>>          .fault = ttm_bo_vm_fault,
>>>>>>>          .open = ttm_bo_vm_open,
>>>>>>>          .close = ttm_bo_vm_close,
>>>>>>>          .access = ttm_bo_vm_access,
>>>>>>> +     .mprotect = ttm_bo_vm_mprotect,
>>>>>>>      };
>>>>>>>
>>>>>>>      int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>>>>>      {
>>>>>>>          /* Enforce no COW since would have really strange behavior with it. */
>>>>>>> -     if (is_cow_mapping(vma->vm_flags))
>>>>>>> +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>>>>>                  return -EINVAL;
>>>>>>>
>>>>>>>          ttm_bo_get(bo);
>>>>>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>>>>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>>>>>>                  .fault = vmw_bo_vm_fault,
>>>>>>>                  .open = ttm_bo_vm_open,
>>>>>>>                  .close = ttm_bo_vm_close,
>>>>>>> +             .mprotect = ttm_bo_vm_mprotect,
>>>>>>>      #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>>>>>                  .huge_fault = vmw_bo_vm_huge_fault,
>>>>>>>      #endif
>>>>>>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>>>>>>> index f681bbdbc698..40eb95875355 100644
>>>>>>> --- a/include/drm/ttm/ttm_bo_api.h
>>>>>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>>>>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>>>>>
>>>>>>>      int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>>>>                       void *buf, int len, int write);
>>>>>>> +
>>>>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>>>>> +                    unsigned long end, unsigned long newflags);
>>>>>>> +
>>>>>>>      bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>>>>>
>>>>>>>      vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);


^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH v3 1/1] drm/ttm: Fix COW check
@ 2021-07-23  9:09               ` Christian König
  0 siblings, 0 replies; 30+ messages in thread
From: Christian König @ 2021-07-23  9:09 UTC (permalink / raw)
  To: Daniel Vetter
  Cc: Felix Kuehling, Maling list - DRI developers, Alex Deucher,
	amd-gfx list, Thomas Zimmermann, Alex Deucher,
	Christian König

Am 23.07.21 um 11:00 schrieb Daniel Vetter:
> On Fri, Jul 23, 2021 at 10:33:48AM +0200, Christian König wrote:
>>
>> Am 23.07.21 um 10:21 schrieb Daniel Vetter:
>>> On Wed, Jul 14, 2021 at 10:51 AM Christian König
>>> <christian.koenig@amd.com> wrote:
>>>>
>>>> Am 13.07.21 um 17:28 schrieb Alex Deucher:
>>>>> On Tue, Jul 13, 2021 at 2:57 AM Christian König
>>>>> <ckoenig.leichtzumerken@gmail.com> wrote:
>>>>>> Am 13.07.21 um 00:06 schrieb Felix Kuehling:
>>>>>>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
>>>>>>> is_cow_mapping returns true for these mappings. Add a check for
>>>>>>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
>>>>>>> PROT_NONE mappings.
>>>>>>>
>>>>>>> v2: protect against mprotect making a mapping writable after the fact
>>>>>>> v3: update driver-specific vm_operations_structs
>>>>>>>
>>>>>>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
>>>>>>> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
>>>>>>> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
>>>>>> Reviewed-by: Christian König <christian.koenig@amd.com>
>>>>> Are you planning to push this to drm-misc?
>>>> Yes, just didn't found time yesterday.
>>> This is pushed to the wrong tree drm-misc-next-fixes, should have been
>>> in drm-misc-fixes. Please be careful with that because every time that
>>> goes wrong the script gets confused about which the current tree is,
>>> and pushes the wrong tree to linux-next branches.
>>>
>>> I'm going to hard-reset drm-misc-next-fixes now and hope that's good
>>> enough to fix things up (since Thomas is not around all the time for
>>> this merge window).
>> STOP! I'm about to push a revert for this patch.
>>
>> And yes that was pushed to the wrong branch, but it turned out that this was
>> fortunate since the patch doesn't work correctly.
> Well I just hard-reset, so you can push the right patch to the right
> branch now. The trouble is that outside of the merge window no one is
> allowed to push to drm-misc-next-fixes. If you do, then dim pushes
> drm-misc-next-fixes to for-linux-next instead of drm-misc-next, and we
> have bad surprises.

Could we then make the branch read-only for that time?

> Which unfortunately happens like every merge window a few times and always
> takes a few days/weeks to get caught.

Yeah, at least to me it's absolutely not obvious when the merge windows 
for a certain version start/end.

Christian.

> -Danie
>
>> Christian.
>>
>>> -Daniel
>>>
>>>
>>>> Christian.
>>>>
>>>>> Alex
>>>>>
>>>>>>> ---
>>>>>>>      drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c  |  3 ++-
>>>>>>>      drivers/gpu/drm/nouveau/nouveau_gem.c    |  3 ++-
>>>>>>>      drivers/gpu/drm/radeon/radeon_gem.c      |  3 ++-
>>>>>>>      drivers/gpu/drm/ttm/ttm_bo_vm.c          | 14 +++++++++++++-
>>>>>>>      drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c |  1 +
>>>>>>>      include/drm/ttm/ttm_bo_api.h             |  4 ++++
>>>>>>>      6 files changed, 24 insertions(+), 4 deletions(-)
>>>>>>>
>>>>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>>>> index b3404c43a911..1aa750a6a5d2 100644
>>>>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
>>>>>>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct amdgpu_gem_vm_ops = {
>>>>>>>          .fault = amdgpu_gem_fault,
>>>>>>>          .open = ttm_bo_vm_open,
>>>>>>>          .close = ttm_bo_vm_close,
>>>>>>> -     .access = ttm_bo_vm_access
>>>>>>> +     .access = ttm_bo_vm_access,
>>>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>>>      };
>>>>>>>
>>>>>>>      static void amdgpu_gem_object_free(struct drm_gem_object *gobj)
>>>>>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>>>> index 5b27845075a1..164ea564bb7a 100644
>>>>>>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>>>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
>>>>>>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct nouveau_ttm_vm_ops = {
>>>>>>>          .fault = nouveau_ttm_fault,
>>>>>>>          .open = ttm_bo_vm_open,
>>>>>>>          .close = ttm_bo_vm_close,
>>>>>>> -     .access = ttm_bo_vm_access
>>>>>>> +     .access = ttm_bo_vm_access,
>>>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>>>      };
>>>>>>>
>>>>>>>      void
>>>>>>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
>>>>>>> index 458f92a70887..c19ad07eb7b5 100644
>>>>>>> --- a/drivers/gpu/drm/radeon/radeon_gem.c
>>>>>>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c
>>>>>>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct radeon_gem_vm_ops = {
>>>>>>>          .fault = radeon_gem_fault,
>>>>>>>          .open = ttm_bo_vm_open,
>>>>>>>          .close = ttm_bo_vm_close,
>>>>>>> -     .access = ttm_bo_vm_access
>>>>>>> +     .access = ttm_bo_vm_access,
>>>>>>> +     .mprotect = ttm_bo_vm_mprotect
>>>>>>>      };
>>>>>>>
>>>>>>>      static void radeon_gem_object_free(struct drm_gem_object *gobj)
>>>>>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>>>> index f56be5bc0861..fb325bad5db6 100644
>>>>>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>>>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>>>>      }
>>>>>>>      EXPORT_SYMBOL(ttm_bo_vm_access);
>>>>>>>
>>>>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>>>>> +                    unsigned long end, unsigned long newflags)
>>>>>>> +{
>>>>>>> +     /* Enforce no COW since would have really strange behavior with it. */
>>>>>>> +     if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
>>>>>>> +             return -EINVAL;
>>>>>>> +
>>>>>>> +     return 0;
>>>>>>> +}
>>>>>>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect);
>>>>>>> +
>>>>>>>      static const struct vm_operations_struct ttm_bo_vm_ops = {
>>>>>>>          .fault = ttm_bo_vm_fault,
>>>>>>>          .open = ttm_bo_vm_open,
>>>>>>>          .close = ttm_bo_vm_close,
>>>>>>>          .access = ttm_bo_vm_access,
>>>>>>> +     .mprotect = ttm_bo_vm_mprotect,
>>>>>>>      };
>>>>>>>
>>>>>>>      int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>>>>>      {
>>>>>>>          /* Enforce no COW since would have really strange behavior with it. */
>>>>>>> -     if (is_cow_mapping(vma->vm_flags))
>>>>>>> +     if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>>>>>>>                  return -EINVAL;
>>>>>>>
>>>>>>>          ttm_bo_get(bo);
>>>>>>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>>>> index e6b1f98ec99f..e4bf7dc99320 100644
>>>>>>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>>>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c
>>>>>>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma)
>>>>>>>                  .fault = vmw_bo_vm_fault,
>>>>>>>                  .open = ttm_bo_vm_open,
>>>>>>>                  .close = ttm_bo_vm_close,
>>>>>>> +             .mprotect = ttm_bo_vm_mprotect,
>>>>>>>      #ifdef CONFIG_TRANSPARENT_HUGEPAGE
>>>>>>>                  .huge_fault = vmw_bo_vm_huge_fault,
>>>>>>>      #endif
>>>>>>> diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
>>>>>>> index f681bbdbc698..40eb95875355 100644
>>>>>>> --- a/include/drm/ttm/ttm_bo_api.h
>>>>>>> +++ b/include/drm/ttm/ttm_bo_api.h
>>>>>>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma);
>>>>>>>
>>>>>>>      int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>>>>>>>                       void *buf, int len, int write);
>>>>>>> +
>>>>>>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
>>>>>>> +                    unsigned long end, unsigned long newflags);
>>>>>>> +
>>>>>>>      bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all);
>>>>>>>
>>>>>>>      vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t prot);

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 30+ messages in thread

end of thread, other threads:[~2021-07-23  9:09 UTC | newest]

Thread overview: 30+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-12 22:06 [PATCH v3 1/1] drm/ttm: Fix COW check Felix Kuehling
2021-07-12 22:06 ` Felix Kuehling
2021-07-13  6:57 ` Christian König
2021-07-13  6:57   ` Christian König
2021-07-13 15:28   ` Alex Deucher
2021-07-13 15:28     ` Alex Deucher
2021-07-14  8:51     ` Christian König
2021-07-14  8:51       ` Christian König
2021-07-23  8:21       ` Daniel Vetter
2021-07-23  8:21         ` Daniel Vetter
2021-07-23  8:33         ` Christian König
2021-07-23  8:33           ` Christian König
2021-07-23  9:00           ` Daniel Vetter
2021-07-23  9:00             ` Daniel Vetter
2021-07-23  9:09             ` Christian König
2021-07-23  9:09               ` Christian König
2021-07-13 15:29   ` Felix Kuehling
2021-07-13 15:29     ` Felix Kuehling
2021-07-14 10:44 ` Daniel Vetter
2021-07-14 10:44   ` Daniel Vetter
2021-07-14 10:46   ` Daniel Vetter
2021-07-14 10:46     ` Daniel Vetter
2021-07-14 10:51   ` Christian König
2021-07-14 10:51     ` Christian König
2021-07-14 11:15     ` Daniel Vetter
2021-07-14 11:15       ` Daniel Vetter
2021-07-14 13:09       ` Christian König
2021-07-14 13:09         ` Christian König
2021-07-14 16:11     ` Felix Kuehling
2021-07-14 16:11       ` Felix Kuehling

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.