Re: [PATCH] drm/ttm: don't set page->mapping

[Daniel Vetter <daniel@ffwll.ch>]

On Thu, Nov 5, 2020 at 4:15 PM Christian König <christian.koenig@amd.com> wrote:
>
> Am 05.11.20 um 15:38 schrieb Daniel Vetter:
> > On Thu, Nov 5, 2020 at 3:31 PM Daniel Vetter <daniel@ffwll.ch> wrote:
> >> On Thu, Nov 5, 2020 at 2:22 PM Christian König <christian.koenig@amd.com> wrote:
> >>> Am 05.11.20 um 14:20 schrieb Daniel Vetter:
> >>>> On Thu, Nov 05, 2020 at 01:56:22PM +0100, Christian König wrote:
> >>>>> Am 05.11.20 um 13:50 schrieb Daniel Vetter:
> >>>>>> On Thu, Nov 05, 2020 at 01:29:50PM +0100, Christian König wrote:
> >>>>>>> Am 05.11.20 um 10:11 schrieb Daniel Vetter:
> >>>>>>>> On Thu, Nov 5, 2020 at 9:00 AM Christian König <christian.koenig@amd.com> wrote:
> >>>>>>>>> Am 04.11.20 um 17:50 schrieb Daniel Vetter:
> >>>>>>>>>> Random observation while trying to review Christian's patch series to
> >>>>>>>>>> stop looking at struct page for dma-buf imports.
> >>>>>>>>>>
> >>>>>>>>>> This was originally added in
> >>>>>>>>>>
> >>>>>>>>>> commit 58aa6622d32af7d2c08d45085f44c54554a16ed7
> >>>>>>>>>> Author: Thomas Hellstrom <thellstrom@vmware.com>
> >>>>>>>>>> Date:   Fri Jan 3 11:47:23 2014 +0100
> >>>>>>>>>>
> >>>>>>>>>>          drm/ttm: Correctly set page mapping and -index members
> >>>>>>>>>>
> >>>>>>>>>>          Needed for some vm operations; most notably unmap_mapping_range() with
> >>>>>>>>>>          even_cows = 0.
> >>>>>>>>>>
> >>>>>>>>>>          Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
> >>>>>>>>>>          Reviewed-by: Brian Paul <brianp@vmware.com>
> >>>>>>>>>>
> >>>>>>>>>> but we do not have a single caller of unmap_mapping_range with
> >>>>>>>>>> even_cows == 0. And all the gem drivers don't do this, so another
> >>>>>>>>>> small thing we could standardize between drm and ttm drivers.
> >>>>>>>>>>
> >>>>>>>>>> Plus I don't really see a need for unamp_mapping_range where we don't
> >>>>>>>>>> want to indiscriminately shoot down all ptes.
> >>>>>>>>> NAK, we use this to determine if a pages belongs to the driver or not in
> >>>>>>>>> amdgpu for example.
> >>>>>>>>>
> >>>>>>>>> Mostly used for debugging, but I would really like to keep that.
> >>>>>>>> Can you pls point me at that code? A quick grep hasn't really found much at all.
> >>>>>>> See amdgpu_iomem_read() for an example:
> >>>>>> Why do you reject this?
> >>>>> When IOMMU is disabled or uses an 1 to 1 mapping we would otherwise give the
> >>>>> same access as /dev/mem to system memory and that is forbidden. But as I
> >>>>> noted this is just for the debugfs file.
> >>>> Ah, there's a config option for that. Plus it's debugfs, anything goes in
> >>>> debugfs, but if you're worried about that hole we should just disable the
> >>>> entire debugfs file for CONFIG_STRICT_DEVMEM. I can perhaps throw that on
> >>>> top, that follow_pfn patch series I'm baking is all about this kind of
> >>>> fun.
> >>> And exactly that would get a NAK from us.
> >>>
> >>> We have specially created that debugfs file as an alternative when
> >>> CONFIG_STRICT_DEVMEM is set.
> >> Uh that doesn't work if you work around core restrictions with your
> >> own debugfs paths.
>
> That's why we have the restriction to check the mapping of the pages.
>
> This way we only expose the memory which was allocated by our driver and
> don't allow any uncontrolled access to the whole system memory.
>
> We have something similar for radeon as well, but there we have a global
> GART table which we can use for validating stuff.

The check doesn't take any locks over the check and copy*user, I don't
think it's protecting anything really against somewhat adverse
userspace.

I mean fundamentally locking down stuff like STRICT_DEVMEM or all the
others makes debugging harder, that's kinda the expected tradeoff.

> >>   Maybe you can do fun like this in your dkms, but
> >> not in upstream. Like if this was specifically created to work around
> >> CONFIG_STRICT_DEVMEM (and it sounds like that) then I think this
> >> should never have landed in upstream to begin with.
> > I'm also kinda confused that there's distros with CONFIG_STRICT_DEVMEM
> > which allow debugfs. debugfs is a pretty bad root hole all around, or
> > at least that's been the assumption all the time.
>
> Yeah, completely agree :) But that's not my problem.

I guess I'll do another rfc series and poke a pile of people ... seems
to be a habit I'm developing :-)
-Daniel

>
> Christian.
>
> > -Daniel
> >
> >>>>> When I tried a few years ago to not set the page->mapping I immediately ran
> >>>>> into issues with our eviction test. So I think that this is used elsewhere
> >>>>> as well.
> >>>> That's the kind of interaction I'm worried about here tbh. If this does
> >>>> some kind of shrinking of some sorts, I think a real shrinker should take
> >>>> over.
> >>>>
> >>>> An improved grep shows nothing else, so the only the above is the only
> >>>> thing I can think of. What kind of eviction test goes boom if you clear
> >>>> ->mapping here? I'd be happy to type up the clever trick for the debugfs
> >>>> files.
> >>>> -Daniel
> >>>>
> >>>>> Regards,
> >>>>> Christian.
> >>>>>
> >>>>>> If this is to avoid issues with userptr, then I think there's a simple
> >>>>>> trick:
> >>>>>> - grab page reference
> >>>>>> - recheck that the iova still points at the same address
> >>>>>> - do read/write, safe in the knowledge that this page cannot be reused for
> >>>>>>      anything else
> >>>>>> - drop page reference
> >>>>>>
> >>>>>> Of course this can still race against iova updates, but that seems to be a
> >>>>>> fundamental part of your debug interface here.
> >>>>>>
> >>>>>> Or am I missing something?
> >>>>>>
> >>>>>> Just pondering this more since setting the page->mapping pointer for just
> >>>>>> this seems somewhat wild abuse of ->mapping semantics :-)
> >>>>>> -Daniel
> >>>>>>
> >>>>>>>>                    if (p->mapping != adev->mman.bdev.dev_mapping)
> >>>>>>>>                            return -EPERM;
> >>>>>>> Christian.
> >>>>>>>
> >>>>>>>> -Daniel
> >>>>>>>>
> >>>>>>>>> Christian.
> >>>>>>>>>
> >>>>>>>>>> Cc: Thomas Hellstrom <thellstrom@vmware.com>
> >>>>>>>>>> Cc: Brian Paul <brianp@vmware.com>
> >>>>>>>>>> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> >>>>>>>>>> Cc: Christian Koenig <christian.koenig@amd.com>
> >>>>>>>>>> Cc: Huang Rui <ray.huang@amd.com>
> >>>>>>>>>> ---
> >>>>>>>>>>       drivers/gpu/drm/ttm/ttm_tt.c | 12 ------------
> >>>>>>>>>>       1 file changed, 12 deletions(-)
> >>>>>>>>>>
> >>>>>>>>>> diff --git a/drivers/gpu/drm/ttm/ttm_tt.c b/drivers/gpu/drm/ttm/ttm_tt.c
> >>>>>>>>>> index 8861a74ac335..438ea43fd8c1 100644
> >>>>>>>>>> --- a/drivers/gpu/drm/ttm/ttm_tt.c
> >>>>>>>>>> +++ b/drivers/gpu/drm/ttm/ttm_tt.c
> >>>>>>>>>> @@ -291,17 +291,6 @@ int ttm_tt_swapout(struct ttm_bo_device *bdev, struct ttm_tt *ttm)
> >>>>>>>>>>           return ret;
> >>>>>>>>>>       }
> >>>>>>>>>>
> >>>>>>>>>> -static void ttm_tt_add_mapping(struct ttm_bo_device *bdev, struct ttm_tt *ttm)
> >>>>>>>>>> -{
> >>>>>>>>>> -     pgoff_t i;
> >>>>>>>>>> -
> >>>>>>>>>> -     if (ttm->page_flags & TTM_PAGE_FLAG_SG)
> >>>>>>>>>> -             return;
> >>>>>>>>>> -
> >>>>>>>>>> -     for (i = 0; i < ttm->num_pages; ++i)
> >>>>>>>>>> -             ttm->pages[i]->mapping = bdev->dev_mapping;
> >>>>>>>>>> -}
> >>>>>>>>>> -
> >>>>>>>>>>       int ttm_tt_populate(struct ttm_bo_device *bdev,
> >>>>>>>>>>                       struct ttm_tt *ttm, struct ttm_operation_ctx *ctx)
> >>>>>>>>>>       {
> >>>>>>>>>> @@ -320,7 +309,6 @@ int ttm_tt_populate(struct ttm_bo_device *bdev,
> >>>>>>>>>>           if (ret)
> >>>>>>>>>>                   return ret;
> >>>>>>>>>>
> >>>>>>>>>> -     ttm_tt_add_mapping(bdev, ttm);
> >>>>>>>>>>           ttm->page_flags |= TTM_PAGE_FLAG_PRIV_POPULATED;
> >>>>>>>>>>           if (unlikely(ttm->page_flags & TTM_PAGE_FLAG_SWAPPED)) {
> >>>>>>>>>>                   ret = ttm_tt_swapin(ttm);
> >>
> >> --
> >> Daniel Vetter
> >> Software Engineer, Intel Corporation
> >> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblog.ffwll.ch%2F&amp;data=04%7C01%7Cchristian.koenig%40amd.com%7C619e6a6113674691eb9708d8819874f4%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637401839082694450%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Uo7UXS7y%2BU%2FHfnBenx2vQXuyyB%2FCuOULLOp1uL0eg4I%3D&amp;reserved=0
> >
> >
>


-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel