From: Daniel Vetter <daniel@ffwll.ch>
To: christian.koenig@amd.com
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
linaro-mm-sig@lists.linaro.org, dri-devel@lists.freedesktop.org,
linux-media@vger.kernel.org, chris@chris-wilson.co.uk,
airlied@redhat.com, akpm@linux-foundation.org,
sumit.semwal@linaro.org
Subject: Re: [PATCH 1/4] mm: introduce vma_set_file function v2
Date: Fri, 9 Oct 2020 09:39:00 +0200 [thread overview]
Message-ID: <20201009073900.GL438822@phenom.ffwll.local> (raw)
In-Reply-To: <8fc28dfa-4bae-bee1-5aca-4e3c6e88b994@gmail.com>
On Fri, Oct 09, 2020 at 09:16:49AM +0200, Christian König wrote:
> Am 08.10.20 um 16:12 schrieb Daniel Vetter:
> > On Thu, Oct 08, 2020 at 01:23:39PM +0200, Christian König wrote:
> > > Add the new vma_set_file() function to allow changing
> > > vma->vm_file with the necessary refcount dance.
> > >
> > > v2: add more users of this.
> > >
> > > Signed-off-by: Christian König <christian.koenig@amd.com>
> > > ---
> > > drivers/dma-buf/dma-buf.c | 16 +++++-----------
> > > drivers/gpu/drm/etnaviv/etnaviv_gem.c | 4 +---
> > > drivers/gpu/drm/i915/gem/i915_gem_dmabuf.c | 3 +--
> > > drivers/gpu/drm/i915/gem/i915_gem_mman.c | 4 ++--
> > > drivers/gpu/drm/msm/msm_gem.c | 4 +---
> > > drivers/gpu/drm/omapdrm/omap_gem.c | 3 +--
> > > drivers/gpu/drm/vgem/vgem_drv.c | 3 +--
> > > drivers/staging/android/ashmem.c | 5 ++---
> > > include/linux/mm.h | 2 ++
> > > mm/mmap.c | 16 ++++++++++++++++
> > > 10 files changed, 32 insertions(+), 28 deletions(-)
> > >
> > > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
> > > index a6ba4d598f0e..e4316aa7e0f4 100644
> > > --- a/drivers/dma-buf/dma-buf.c
> > > +++ b/drivers/dma-buf/dma-buf.c
> > > @@ -1163,20 +1163,14 @@ int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma,
> > > return -EINVAL;
> > > /* readjust the vma */
> > > - get_file(dmabuf->file);
> > > - oldfile = vma->vm_file;
> > > - vma->vm_file = dmabuf->file;
> > > + oldfile = vma_set_file(vma, dmabuf->file);
> > > vma->vm_pgoff = pgoff;
> > > ret = dmabuf->ops->mmap(dmabuf, vma);
> > > - if (ret) {
> > > - /* restore old parameters on failure */
> > > - vma->vm_file = oldfile;
> > > - fput(dmabuf->file);
> > > - } else {
> > > - if (oldfile)
> > > - fput(oldfile);
> > > - }
> > > + /* restore old parameters on failure */
> > > + if (ret)
> > > + vma_set_file(vma, oldfile);
> > I think these two lines here are cargo-cult: If this fails, the mmap fails
> > and therefore the vma structure is kfreed. No point at all in restoring
> > anything.
>
> This was explicitly added with this patch to fix a problem:
>
> commit 495c10cc1c0c359871d5bef32dd173252fc17995
> Author: John Sheu <sheu@google.com>
> Date: Mon Feb 11 17:50:24 2013 -0800
>
> CHROMIUM: dma-buf: restore args on failure of dma_buf_mmap
>
> Callers to dma_buf_mmap expect to fput() the vma struct's vm_file
> themselves on failure. Not restoring the struct's data on failure
> causes a double-decrement of the vm_file's refcount.
>
> > With that: Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
>
> Can I keep that even with the error handling working? :)
Hm good find, I should have looked at git history myself.
I just noticed this here in the patch because everyone else does not do
this. But looking at the mmap_region() code in mmap.c we seem to indeed
have this problem for the error path:
unmap_and_free_vma:
vma->vm_file = NULL;
fput(file);
Note that the success path does things correctly (a bit above):
file = vma->vm_file;
out:
So it indeed looks like dma-buf is the only one that does this fully
correctly. So maybe we should do a follow-up patch to change the
mmap_region exit code to pick up whatever vma->vm_file was set instead,
and fput that?
Anyway I correct, r-b: as-is.
Cheers, Daniel
>
> Christian.
>
> >
> > > +
> > > return ret;
> > > }
> > > diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem.c b/drivers/gpu/drm/etnaviv/etnaviv_gem.c
> > > index 312e9d58d5a7..10ce267c0947 100644
> > > --- a/drivers/gpu/drm/etnaviv/etnaviv_gem.c
> > > +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem.c
> > > @@ -145,10 +145,8 @@ static int etnaviv_gem_mmap_obj(struct etnaviv_gem_object *etnaviv_obj,
> > > * address_space (so unmap_mapping_range does what we want,
> > > * in particular in the case of mmap'd dmabufs)
> > > */
> > > - fput(vma->vm_file);
> > > - get_file(etnaviv_obj->base.filp);
> > > vma->vm_pgoff = 0;
> > > - vma->vm_file = etnaviv_obj->base.filp;
> > > + vma_set_file(vma, etnaviv_obj->base.filp);
> > > vma->vm_page_prot = vm_page_prot;
> > > }
> > > diff --git a/drivers/gpu/drm/i915/gem/i915_gem_dmabuf.c b/drivers/gpu/drm/i915/gem/i915_gem_dmabuf.c
> > > index fec0e1e3dc3e..8ce4c9e28b87 100644
> > > --- a/drivers/gpu/drm/i915/gem/i915_gem_dmabuf.c
> > > +++ b/drivers/gpu/drm/i915/gem/i915_gem_dmabuf.c
> > > @@ -119,8 +119,7 @@ static int i915_gem_dmabuf_mmap(struct dma_buf *dma_buf, struct vm_area_struct *
> > > if (ret)
> > > return ret;
> > > - fput(vma->vm_file);
> > > - vma->vm_file = get_file(obj->base.filp);
> > > + vma_set_file(vma, obj->base.filp);
> > > return 0;
> > > }
> > > diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> > > index 3d69e51f3e4d..c9d5f1a38af3 100644
> > > --- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> > > +++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> > > @@ -893,8 +893,8 @@ int i915_gem_mmap(struct file *filp, struct vm_area_struct *vma)
> > > * requires avoiding extraneous references to their filp, hence why
> > > * we prefer to use an anonymous file for their mmaps.
> > > */
> > > - fput(vma->vm_file);
> > > - vma->vm_file = anon;
> > > + vma_set_file(vma, anon);
> > > + fput(anon);
> > > switch (mmo->mmap_type) {
> > > case I915_MMAP_TYPE_WC:
> > > diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c
> > > index de915ff6f4b4..a71f42870d5e 100644
> > > --- a/drivers/gpu/drm/msm/msm_gem.c
> > > +++ b/drivers/gpu/drm/msm/msm_gem.c
> > > @@ -223,10 +223,8 @@ int msm_gem_mmap_obj(struct drm_gem_object *obj,
> > > * address_space (so unmap_mapping_range does what we want,
> > > * in particular in the case of mmap'd dmabufs)
> > > */
> > > - fput(vma->vm_file);
> > > - get_file(obj->filp);
> > > vma->vm_pgoff = 0;
> > > - vma->vm_file = obj->filp;
> > > + vma_set_file(vma, obj->filp);
> > > vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
> > > }
> > > diff --git a/drivers/gpu/drm/omapdrm/omap_gem.c b/drivers/gpu/drm/omapdrm/omap_gem.c
> > > index 979d53a93c2b..0d4542ff1d7d 100644
> > > --- a/drivers/gpu/drm/omapdrm/omap_gem.c
> > > +++ b/drivers/gpu/drm/omapdrm/omap_gem.c
> > > @@ -564,9 +564,8 @@ int omap_gem_mmap_obj(struct drm_gem_object *obj,
> > > * address_space (so unmap_mapping_range does what we want,
> > > * in particular in the case of mmap'd dmabufs)
> > > */
> > > - fput(vma->vm_file);
> > > vma->vm_pgoff = 0;
> > > - vma->vm_file = get_file(obj->filp);
> > > + vma_set_file(vma, obj->filp);
> > > vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
> > > }
> > > diff --git a/drivers/gpu/drm/vgem/vgem_drv.c b/drivers/gpu/drm/vgem/vgem_drv.c
> > > index fa54a6d1403d..ea0eecae5153 100644
> > > --- a/drivers/gpu/drm/vgem/vgem_drv.c
> > > +++ b/drivers/gpu/drm/vgem/vgem_drv.c
> > > @@ -397,8 +397,7 @@ static int vgem_prime_mmap(struct drm_gem_object *obj,
> > > if (ret)
> > > return ret;
> > > - fput(vma->vm_file);
> > > - vma->vm_file = get_file(obj->filp);
> > > + vma_set_file(vma, obj->filp);
> > > vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
> > > vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
> > > diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
> > > index 10b4be1f3e78..a51dc089896e 100644
> > > --- a/drivers/staging/android/ashmem.c
> > > +++ b/drivers/staging/android/ashmem.c
> > > @@ -450,9 +450,8 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma)
> > > vma_set_anonymous(vma);
> > > }
> > > - if (vma->vm_file)
> > > - fput(vma->vm_file);
> > > - vma->vm_file = asma->file;
> > > + vma_set_file(vma, asma->file);
> > > + fput(asma->file);
> > > out:
> > > mutex_unlock(&ashmem_mutex);
> > > diff --git a/include/linux/mm.h b/include/linux/mm.h
> > > index ca6e6a81576b..a558602afe1b 100644
> > > --- a/include/linux/mm.h
> > > +++ b/include/linux/mm.h
> > > @@ -2693,6 +2693,8 @@ static inline void vma_set_page_prot(struct vm_area_struct *vma)
> > > }
> > > #endif
> > > +struct file *vma_set_file(struct vm_area_struct *vma, struct file *file);
> > > +
> > > #ifdef CONFIG_NUMA_BALANCING
> > > unsigned long change_prot_numa(struct vm_area_struct *vma,
> > > unsigned long start, unsigned long end);
> > > diff --git a/mm/mmap.c b/mm/mmap.c
> > > index 40248d84ad5f..d3c3c510f643 100644
> > > --- a/mm/mmap.c
> > > +++ b/mm/mmap.c
> > > @@ -136,6 +136,22 @@ void vma_set_page_prot(struct vm_area_struct *vma)
> > > WRITE_ONCE(vma->vm_page_prot, vm_page_prot);
> > > }
> > > +/*
> > > + * Change backing file, only valid to use during initial VMA setup.
> > > + */
> > > +struct file *vma_set_file(struct vm_area_struct *vma, struct file *file)
> > > +{
> > > + if (file)
> > > + get_file(file);
> > > +
> > > + swap(vma->vm_file, file);
> > > +
> > > + if (file)
> > > + fput(file);
> > > +
> > > + return file;
> > > +}
> > > +
> > > /*
> > > * Requires inode->i_mapping->i_mmap_rwsem
> > > */
> > > --
> > > 2.17.1
> > >
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
next prev parent reply other threads:[~2020-10-09 7:39 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-08 11:23 [PATCH 1/4] mm: introduce vma_set_file function v2 Christian König
2020-10-08 11:23 ` [PATCH 2/4] drm/prime: document that use the page array is deprecated Christian König
2020-10-08 14:09 ` Daniel Vetter
2020-10-08 14:14 ` Daniel Vetter
2020-10-09 7:36 ` Christian König
2020-10-09 7:40 ` Daniel Vetter
2020-10-08 11:23 ` [PATCH 3/4] drm/radeon: stop using pages with drm_prime_sg_to_page_addr_arrays Christian König
2020-10-08 11:23 ` [PATCH 4/4] drm/amdgpu: " Christian König
2020-10-08 11:39 ` [PATCH 1/4] mm: introduce vma_set_file function v2 Matthew Wilcox
2020-10-08 12:06 ` Christian König
2020-10-08 14:12 ` Daniel Vetter
2020-10-09 7:16 ` Christian König
2020-10-09 7:39 ` Daniel Vetter [this message]
2020-10-09 12:12 ` Jason Gunthorpe
2020-10-09 12:15 ` Christian König
2020-10-08 15:35 ` kernel test robot
2020-10-08 16:19 ` kernel test robot
2020-10-08 21:49 ` John Hubbard
2020-10-09 7:33 ` Christian König
2020-10-09 7:36 ` John Hubbard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201009073900.GL438822@phenom.ffwll.local \
--to=daniel@ffwll.ch \
--cc=airlied@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=chris@chris-wilson.co.uk \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=sumit.semwal@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).