lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210321184529.59006-2-thomas_os@shipmail.org>
Date:   Sun, 21 Mar 2021 19:45:28 +0100
From:   Thomas Hellström (Intel) 
        <thomas_os@...pmail.org>
To:     dri-devel@...ts.freedesktop.org
Cc:     Thomas Hellström (Intel) 
        <thomas_os@...pmail.org>,
        Christian Koenig <christian.koenig@....com>,
        David Airlie <airlied@...ux.ie>,
        Daniel Vetter <daniel@...ll.ch>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Jason Gunthorpe <jgg@...dia.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: [RFC PATCH 1/2] mm,drm/ttm: Block fast GUP to TTM huge pages

TTM sets up huge page-table-entries both to system- and device memory,
and we don't want gup to assume there are always valid backing struct
pages for these. For PTEs this is handled by setting the pte_special bit,
but for the huge PUDs and PMDs, we have neither pmd_special nor
pud_special. Normally, huge TTM entries are identified by looking at
vma_is_special_huge(), but fast gup can't do that, so as an alternative
define _devmap entries for which there are no backing dev_pagemap as
special, update documentation and make huge TTM entries _devmap, after
verifying that there is no backing dev_pagemap.

One other alternative would be to block TTM huge page-table-entries
completely, and while currently only vmwgfx use them, they would be
beneficial to other graphis drivers moving forward as well.

Cc: Christian Koenig <christian.koenig@....com>
Cc: David Airlie <airlied@...ux.ie>
Cc: Daniel Vetter <daniel@...ll.ch>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Jason Gunthorpe <jgg@...dia.com>
Cc: linux-mm@...ck.org
Cc: dri-devel@...ts.freedesktop.org
Cc: linux-kernel@...r.kernel.org
Signed-off-by: Thomas Hellström (Intel) <thomas_os@...pmail.org>
---
 drivers/gpu/drm/ttm/ttm_bo_vm.c | 17 ++++++++++++++++-
 mm/gup.c                        | 21 +++++++++++----------
 mm/memremap.c                   |  5 +++++
 3 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
index 6dc96cf66744..1c34983480e5 100644
--- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
+++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
@@ -195,6 +195,7 @@ static vm_fault_t ttm_bo_vm_insert_huge(struct vm_fault *vmf,
 	pfn_t pfnt;
 	struct ttm_tt *ttm = bo->ttm;
 	bool write = vmf->flags & FAULT_FLAG_WRITE;
+	struct dev_pagemap *pagemap;
 
 	/* Fault should not cross bo boundary. */
 	page_offset &= ~(fault_page_size - 1);
@@ -210,6 +211,20 @@ static vm_fault_t ttm_bo_vm_insert_huge(struct vm_fault *vmf,
 	if ((pfn & (fault_page_size - 1)) != 0)
 		goto out_fallback;
 
+	/*
+	 * Huge entries must be special, that is marking them as devmap
+	 * with no backing device map range. If there is a backing
+	 * range, Don't insert a huge entry.
+	 * If this check turns out to be too much of a performance hit,
+	 * we can instead have drivers indicate whether they may have
+	 * backing device map ranges and if not, skip this lookup.
+	 */
+	pagemap = get_dev_pagemap(pfn, NULL);
+	if (pagemap) {
+		put_dev_pagemap(pagemap);
+		goto out_fallback;
+	}
+
 	/* Check that memory is contiguous. */
 	if (!bo->mem.bus.is_iomem) {
 		for (i = 1; i < fault_page_size; ++i) {
@@ -223,7 +238,7 @@ static vm_fault_t ttm_bo_vm_insert_huge(struct vm_fault *vmf,
 		}
 	}
 
-	pfnt = __pfn_to_pfn_t(pfn, PFN_DEV);
+	pfnt = __pfn_to_pfn_t(pfn, PFN_DEV | PFN_MAP);
 	if (fault_page_size == (HPAGE_PMD_SIZE >> PAGE_SHIFT))
 		ret = vmf_insert_pfn_pmd_prot(vmf, pfnt, pgprot, write);
 #ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD
diff --git a/mm/gup.c b/mm/gup.c
index e40579624f10..1b6a127f0bdd 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1993,6 +1993,17 @@ static void __maybe_unused undo_dev_pagemap(int *nr, int nr_start,
 }
 
 #ifdef CONFIG_ARCH_HAS_PTE_SPECIAL
+/*
+ * If we can't determine whether or not a pte is special, then fail immediately
+ * for ptes. Note, we can still pin HugeTLB as it is guaranteed not to be
+ * special. For THP, special huge entries are indicated by xxx_devmap()
+ * returning true, but a corresponding call to get_dev_pagemap() will
+ * return NULL.
+ *
+ * For a futex to be placed on a THP tail page, get_futex_key requires a
+ * get_user_pages_fast_only implementation that can pin pages. Thus it's still
+ * useful to have gup_huge_pmd even if we can't operate on ptes.
+ */
 static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
 			 unsigned int flags, struct page **pages, int *nr)
 {
@@ -2069,16 +2080,6 @@ static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
 	return ret;
 }
 #else
-
-/*
- * If we can't determine whether or not a pte is special, then fail immediately
- * for ptes. Note, we can still pin HugeTLB and THP as these are guaranteed not
- * to be special.
- *
- * For a futex to be placed on a THP tail page, get_futex_key requires a
- * get_user_pages_fast_only implementation that can pin pages. Thus it's still
- * useful to have gup_huge_pmd even if we can't operate on ptes.
- */
 static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
 			 unsigned int flags, struct page **pages, int *nr)
 {
diff --git a/mm/memremap.c b/mm/memremap.c
index 7aa7d6e80ee5..757551cd2a4d 100644
--- a/mm/memremap.c
+++ b/mm/memremap.c
@@ -471,6 +471,11 @@ void vmem_altmap_free(struct vmem_altmap *altmap, unsigned long nr_pfns)
  *
  * If @pgmap is non-NULL and covers @pfn it will be returned as-is.  If @pgmap
  * is non-NULL but does not cover @pfn the reference to it will be released.
+ *
+ * Return: A referenced pointer to a struct dev_pagemap containing @pfn,
+ * or NULL if there was no such pagemap registered. For interpretion
+ * of NULL returns for pfns extracted from valid huge page table entries,
+ * please see gup_pte_range().
  */
 struct dev_pagemap *get_dev_pagemap(unsigned long pfn,
 		struct dev_pagemap *pgmap)
-- 
2.30.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ