From: Jason Gunthorpe <jgg@ziepe.ca>
To: linux-rdma@vger.kernel.org, linux-mm@kvack.org,
Jerome Glisse <jglisse@redhat.com>,
Ralph Campbell <rcampbell@nvidia.com>,
John Hubbard <jhubbard@nvidia.com>
Subject: Re: [RFC PATCH 05/11] mm/hmm: Improve locking around hmm->dead
Date: Fri, 24 May 2019 10:40:35 -0300 [thread overview]
Message-ID: <20190524134035.GA12653@ziepe.ca> (raw)
In-Reply-To: <20190523153436.19102-6-jgg@ziepe.ca>
On Thu, May 23, 2019 at 12:34:30PM -0300, Jason Gunthorpe wrote:
> From: Jason Gunthorpe <jgg@mellanox.com>
>
> This value is being read without any locking, so it is just an unreliable
> hint, however in many cases we need to have certainty that code is not
> racing with mmput()/hmm_release().
>
> For the two functions doing find_vma(), document that the caller is
> expected to hold mmap_sem and thus also have a mmget().
>
> For hmm_range_register acquire a mmget internally as it must not race with
> hmm_release() when it sets valid.
>
> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
> mm/hmm.c | 27 +++++++++++++++++++--------
> 1 file changed, 19 insertions(+), 8 deletions(-)
>
> diff --git a/mm/hmm.c b/mm/hmm.c
> index ec54be54d81135..d97ec293336ea5 100644
> +++ b/mm/hmm.c
> @@ -909,8 +909,10 @@ int hmm_range_register(struct hmm_range *range,
> range->start = start;
> range->end = end;
>
> - /* Check if hmm_mm_destroy() was call. */
> - if (mirror->hmm->mm == NULL || mirror->hmm->dead)
> + /*
> + * We cannot set range->value to true if hmm_release has already run.
> + */
> + if (!mmget_not_zero(mirror->hmm->mm))
> return -EFAULT;
>
> range->hmm = mirror->hmm;
> @@ -928,6 +930,7 @@ int hmm_range_register(struct hmm_range *range,
> if (!range->hmm->notifiers)
> range->valid = true;
> mutex_unlock(&range->hmm->lock);
> + mmput(mirror->hmm->mm);
Hi Jerome, when you revised this patch to move the mmput to
hmm_range_unregister() it means hmm_release() cannot run while a range
exists, and thus we can have this futher simplification rolled into
this patch. Can you update your git? Thanks:
diff --git a/mm/hmm.c b/mm/hmm.c
index 2a08b78550b90d..ddd05f2ebe739a 100644
--- a/mm/hmm.c
+++ b/mm/hmm.c
@@ -128,17 +128,17 @@ static void hmm_release(struct mmu_notifier *mn, struct mm_struct *mm)
{
struct hmm *hmm = container_of(mn, struct hmm, mmu_notifier);
struct hmm_mirror *mirror;
- struct hmm_range *range;
/* hmm is in progress to free */
if (!kref_get_unless_zero(&hmm->kref))
return;
- /* Wake-up everyone waiting on any range. */
mutex_lock(&hmm->lock);
- list_for_each_entry(range, &hmm->ranges, list)
- range->valid = false;
- wake_up_all(&hmm->wq);
+ /*
+ * Since hmm_range_register() holds the mmget() lock hmm_release() is
+ * prevented as long as a range exists.
+ */
+ WARN_ON(!list_empty(&hmm->ranges));
mutex_unlock(&hmm->lock);
down_write(&hmm->mirrors_sem);
@@ -908,9 +908,7 @@ int hmm_range_register(struct hmm_range *range,
range->hmm = mm->hmm;
kref_get(&range->hmm->kref);
- /*
- * We cannot set range->value to true if hmm_release has already run.
- */
+ /* Prevent hmm_release() from running while the range is valid */
if (!mmget_not_zero(mm))
return -EFAULT;
next prev parent reply other threads:[~2019-05-24 13:40 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-23 15:34 [RFC PATCH 00/11] mm/hmm: Various revisions from a locking/code review Jason Gunthorpe
2019-05-23 15:34 ` [RFC PATCH 01/11] mm/hmm: Fix use after free with struct hmm in the mmu notifiers Jason Gunthorpe
2019-06-06 23:54 ` Ira Weiny
2019-06-07 14:17 ` Jason Gunthorpe
2019-05-23 15:34 ` [RFC PATCH 02/11] mm/hmm: Use hmm_mirror not mm as an argument for hmm_register_range Jason Gunthorpe
2019-05-23 18:22 ` Christoph Hellwig
2019-05-23 15:34 ` [RFC PATCH 03/11] mm/hmm: Hold a mmgrab from hmm to mm Jason Gunthorpe
2019-05-23 15:34 ` [RFC PATCH 04/11] mm/hmm: Simplify hmm_get_or_create and make it reliable Jason Gunthorpe
2019-05-23 23:38 ` Ralph Campbell
2019-05-24 1:23 ` Jason Gunthorpe
2019-05-24 17:06 ` Ralph Campbell
2019-05-23 15:34 ` [RFC PATCH 05/11] mm/hmm: Improve locking around hmm->dead Jason Gunthorpe
2019-05-24 13:40 ` Jason Gunthorpe [this message]
2019-05-23 15:34 ` [RFC PATCH 06/11] mm/hmm: Remove duplicate condition test before wait_event_timeout Jason Gunthorpe
2019-05-23 15:34 ` [RFC PATCH 07/11] mm/hmm: Delete hmm_mirror_mm_is_alive() Jason Gunthorpe
2019-05-23 15:34 ` [RFC PATCH 08/11] mm/hmm: Use lockdep instead of comments Jason Gunthorpe
2019-06-07 19:33 ` Souptick Joarder
2019-06-07 19:39 ` Jason Gunthorpe
2019-06-07 21:02 ` Souptick Joarder
2019-06-08 1:15 ` Jason Gunthorpe
2019-05-23 15:34 ` [RFC PATCH 09/11] mm/hmm: Remove racy protection against double-unregistration Jason Gunthorpe
2019-06-07 19:38 ` Souptick Joarder
2019-06-07 19:37 ` Jason Gunthorpe
2019-06-07 19:55 ` Souptick Joarder
2019-05-23 15:34 ` [RFC PATCH 10/11] mm/hmm: Poison hmm_range during unregister Jason Gunthorpe
2019-06-07 20:13 ` Souptick Joarder
2019-06-07 20:18 ` Jason Gunthorpe
2019-05-23 15:34 ` [RFC PATCH 11/11] mm/hmm: Do not use list*_rcu() for hmm->ranges Jason Gunthorpe
2019-06-07 20:22 ` Souptick Joarder
2019-05-23 19:04 ` [RFC PATCH 00/11] mm/hmm: Various revisions from a locking/code review John Hubbard
2019-05-23 19:37 ` Jason Gunthorpe
2019-05-23 20:59 ` Jerome Glisse
2019-05-24 13:35 ` Jason Gunthorpe
2019-05-24 14:36 ` Jason Gunthorpe
2019-05-24 16:49 ` Jerome Glisse
2019-05-24 16:59 ` Jason Gunthorpe
2019-05-24 17:01 ` Jerome Glisse
2019-05-24 17:52 ` Jason Gunthorpe
2019-05-24 18:03 ` Jerome Glisse
2019-05-24 18:32 ` Jason Gunthorpe
2019-05-24 18:46 ` Jerome Glisse
2019-05-24 22:09 ` Jason Gunthorpe
2019-05-27 19:58 ` Jason Gunthorpe
2019-05-24 17:47 ` Ralph Campbell
2019-05-24 17:51 ` Jerome Glisse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190524134035.GA12653@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=jglisse@redhat.com \
--cc=jhubbard@nvidia.com \
--cc=linux-mm@kvack.org \
--cc=linux-rdma@vger.kernel.org \
--cc=rcampbell@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).