From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F042C4741F for ; Sun, 1 Nov 2020 21:13:18 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C5636223BF for ; Sun, 1 Nov 2020 21:13:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=nvidia.com header.i=@nvidia.com header.b="TG0DDiiN" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C5636223BF Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=nvidia.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 019456B005C; Sun, 1 Nov 2020 16:13:17 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id F35746B005D; Sun, 1 Nov 2020 16:13:16 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E4BBF6B0068; Sun, 1 Nov 2020 16:13:16 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0170.hostedemail.com [216.40.44.170]) by kanga.kvack.org (Postfix) with ESMTP id D045B6B005C for ; Sun, 1 Nov 2020 16:13:16 -0500 (EST) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 9814C180AD80F for ; Sun, 1 Nov 2020 21:13:16 +0000 (UTC) X-FDA: 77437099992.22.water41_480f693272aa Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin22.hostedemail.com (Postfix) with ESMTP id 766F118038E60 for ; Sun, 1 Nov 2020 21:13:16 +0000 (UTC) X-HE-Tag: water41_480f693272aa X-Filterd-Recvd-Size: 6808 Received: from hqnvemgate26.nvidia.com (hqnvemgate26.nvidia.com [216.228.121.65]) by imf44.hostedemail.com (Postfix) with ESMTP for ; Sun, 1 Nov 2020 21:13:15 +0000 (UTC) Received: from hqmail.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate26.nvidia.com (using TLS: TLSv1.2, AES256-SHA) id ; Sun, 01 Nov 2020 13:13:25 -0800 Received: from [10.2.57.191] (10.124.1.5) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 1 Nov 2020 21:13:08 +0000 Subject: Re: [PATCH v5 05/15] mm/frame-vector: Use FOLL_LONGTERM To: Daniel Vetter CC: DRI Development , LKML , KVM list , Linux MM , Linux ARM , linux-samsung-soc , "open list:DMA BUFFER SHARING FRAMEWORK" , Daniel Vetter , Jason Gunthorpe , Pawel Osciak , Marek Szyprowski , "Kyungmin Park" , Tomasz Figa , "Mauro Carvalho Chehab" , Andrew Morton , =?UTF-8?B?SsOpcsO0bWUgR2xpc3Nl?= , Jan Kara , Dan Williams References: <20201030100815.2269-1-daniel.vetter@ffwll.ch> <20201030100815.2269-6-daniel.vetter@ffwll.ch> <446b2d5b-a1a1-a408-f884-f17a04b72c18@nvidia.com> <1f7cf690-35e2-c56f-6d3f-94400633edd2@nvidia.com> From: John Hubbard Message-ID: <7f29a42a-c408-525d-90b7-ef3c12b5826c@nvidia.com> Date: Sun, 1 Nov 2020 13:13:07 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.124.1.5] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1604265205; bh=GWXSjI75ejnpzeAzx+sY3ihD8k46wdcZjw6eIUm7yio=; h=Subject:To:CC:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding:X-Originating-IP:X-ClientProxiedBy; b=TG0DDiiN9wLyRJWPF4CK0bEiJecwbW6ZaU1EN3hcK+iiLqOS9MI5dU3fkfekhcLSo D8Uroub9UM3IxPuTpp/mdgWWmHBWeS5eox6FXTaFdsBWTBNRSgl5Cu5ZtmfE5KMOE7 myLAKYSS+2WWJhxLFAZxS4gweCWLuvWhrXyo/YhKjdz4lKGmESIZ+FE4lXpbabFgXi pvFXgZ524Vh7ASupM1Te+PsZY8D0x5iGctVe+fU1Nuogn5PuHPjsxVHvqUnnw+jQJn V6H5EGgGWnRfNNY+MZZaEeCvQaNhrKoJRvhfG/sSJ5h2RgpbPxIN1qVGpViLA1sekZ JTKyA/FR7JJwQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 11/1/20 2:30 AM, Daniel Vetter wrote: > On Sun, Nov 1, 2020 at 6:22 AM John Hubbard wrote: >> >> On 10/31/20 7:45 AM, Daniel Vetter wrote: >>> On Sat, Oct 31, 2020 at 3:55 AM John Hubbard wrote: >>>> On 10/30/20 3:08 AM, Daniel Vetter wrote: >> ... >>>> By removing this check from this location, and changing from >>>> pin_user_pages_locked() to pin_user_pages_fast(), I *think* we end up >>>> losing the check entirely. Is that intended? If so it could use a comment >>>> somewhere to explain why. >>> >>> Yeah this wasn't intentional. I think I needed to drop the _locked >>> version to prep for FOLL_LONGTERM, and figured _fast is always better. >>> But I didn't realize that _fast doesn't have the vma checks, gup.c got >>> me a bit confused. >> >> Actually, I thought that the change to _fast was a very nice touch, btw. >> >>> >>> I'll remedy this in all the patches where this applies (because a >>> VM_IO | VM_PFNMAP can point at struct page backed memory, and that >>> exact use-case is what we want to stop with the unsafe_follow_pfn work >>> since it wreaks things like cma or security). >>> >>> Aside: I do wonder whether the lack for that check isn't a problem. >>> VM_IO | VM_PFNMAP generally means driver managed, which means the >>> driver isn't going to consult the page pin count or anything like that >>> (at least not necessarily) when revoking or moving that memory, since >>> we're assuming it's totally under driver control. So if pup_fast can >>> get into such a mapping, we might have a problem. >>> -Daniel >>> >> >> Yes. I don't know why that check is missing from the _fast path. >> Probably just an oversight, seeing as how it's in the slow path. Maybe >> the appropriate response here is to add a separate patch that adds the >> check. >> >> I wonder if I'm overlooking something, but it certainly seems correct to >> do that. > > You'll need the mmap_sem to get at the vma to be able to do this > check. If you add that to _fast, you made it as fast as the slow one. Arggh, yes of course. Strike that, please. :) > Plus there's _fast_only due to locking recurion issues in fast-paths > (I assume, I didn't check all the callers). > > I'm just wondering whether we have a bug somewhere with device > drivers. For CMA regions we always check in try_grab_page, but for dax OK, so here you're talking about a different bug than the VM_IO | VM_PFNMAP pages, I think. This is about the "FOLL_LONGTERM + CMA + gup/pup _fast" combination that is not allowed, right? For that: try_grab_page() doesn't check anything, but try_grab_compound_head() does, but only for pup_fast, not gup_fast. That was added by commit df3a0a21b698d ("mm/gup: fix omission of check on FOLL_LONGTERM in gup fast path") in April. I recall that the patch was just plugging a very specific hole, as opposed to locking down the API against mistakes or confused callers. And it does seem that there are some holes. > I'm not seeing where the checks in the _fast fastpaths are, and that > all still leaves random device driver mappings behind which aren't > backed by CMA but still point to something with a struct page behind > it. I'm probably just missing something, but no idea what. > -Daniel > Certainly we've established that we can't check VMA flags by that time, so I'm not sure that there is much we can check by the time we get to gup/pup _fast. Seems like the device drivers have to avoid calling _fast with pages that live in VM_IO | VM_PFNMAP, by design, right? Or maybe you're talking about CMA checks only? thanks, -- John Hubbard NVIDIA