lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YFnST5VLcEgv9q+s@phenom.ffwll.local>
Date:   Tue, 23 Mar 2021 12:34:39 +0100
From:   Daniel Vetter <daniel@...ll.ch>
To:     Thomas Hellström (Intel) 
        <thomas_os@...pmail.org>
Cc:     dri-devel@...ts.freedesktop.org,
        Christian Koenig <christian.koenig@....com>,
        David Airlie <airlied@...ux.ie>,
        Daniel Vetter <daniel@...ll.ch>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Jason Gunthorpe <jgg@...dia.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 1/2] mm,drm/ttm: Block fast GUP to TTM huge pages

On Sun, Mar 21, 2021 at 07:45:28PM +0100, Thomas Hellström (Intel) wrote:
> TTM sets up huge page-table-entries both to system- and device memory,
> and we don't want gup to assume there are always valid backing struct
> pages for these. For PTEs this is handled by setting the pte_special bit,
> but for the huge PUDs and PMDs, we have neither pmd_special nor
> pud_special. Normally, huge TTM entries are identified by looking at
> vma_is_special_huge(), but fast gup can't do that, so as an alternative
> define _devmap entries for which there are no backing dev_pagemap as
> special, update documentation and make huge TTM entries _devmap, after
> verifying that there is no backing dev_pagemap.
> 
> One other alternative would be to block TTM huge page-table-entries
> completely, and while currently only vmwgfx use them, they would be
> beneficial to other graphis drivers moving forward as well.
> 
> Cc: Christian Koenig <christian.koenig@....com>
> Cc: David Airlie <airlied@...ux.ie>
> Cc: Daniel Vetter <daniel@...ll.ch>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Jason Gunthorpe <jgg@...dia.com>
> Cc: linux-mm@...ck.org
> Cc: dri-devel@...ts.freedesktop.org
> Cc: linux-kernel@...r.kernel.org
> Signed-off-by: Thomas Hellström (Intel) <thomas_os@...pmail.org>
> ---
>  drivers/gpu/drm/ttm/ttm_bo_vm.c | 17 ++++++++++++++++-
>  mm/gup.c                        | 21 +++++++++++----------
>  mm/memremap.c                   |  5 +++++
>  3 files changed, 32 insertions(+), 11 deletions(-)
> 
> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> index 6dc96cf66744..1c34983480e5 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> @@ -195,6 +195,7 @@ static vm_fault_t ttm_bo_vm_insert_huge(struct vm_fault *vmf,
>  	pfn_t pfnt;
>  	struct ttm_tt *ttm = bo->ttm;
>  	bool write = vmf->flags & FAULT_FLAG_WRITE;
> +	struct dev_pagemap *pagemap;
>  
>  	/* Fault should not cross bo boundary. */
>  	page_offset &= ~(fault_page_size - 1);
> @@ -210,6 +211,20 @@ static vm_fault_t ttm_bo_vm_insert_huge(struct vm_fault *vmf,
>  	if ((pfn & (fault_page_size - 1)) != 0)
>  		goto out_fallback;
>  
> +	/*
> +	 * Huge entries must be special, that is marking them as devmap
> +	 * with no backing device map range. If there is a backing
> +	 * range, Don't insert a huge entry.
> +	 * If this check turns out to be too much of a performance hit,
> +	 * we can instead have drivers indicate whether they may have
> +	 * backing device map ranges and if not, skip this lookup.
> +	 */

I think we can do this statically:
- if it's system memory we know there's no devmap for it, and we do the
  trick to block gup_fast
- if it's iomem, we know gup_fast wont work anyway if don't set PFN_DEV,
  so might as well not do that

I think that would cover all cases without this check here?
-Daniel

> +	pagemap = get_dev_pagemap(pfn, NULL);
> +	if (pagemap) {
> +		put_dev_pagemap(pagemap);
> +		goto out_fallback;
> +	}
> +
>  	/* Check that memory is contiguous. */
>  	if (!bo->mem.bus.is_iomem) {
>  		for (i = 1; i < fault_page_size; ++i) {
> @@ -223,7 +238,7 @@ static vm_fault_t ttm_bo_vm_insert_huge(struct vm_fault *vmf,
>  		}
>  	}
>  
> -	pfnt = __pfn_to_pfn_t(pfn, PFN_DEV);
> +	pfnt = __pfn_to_pfn_t(pfn, PFN_DEV | PFN_MAP);
>  	if (fault_page_size == (HPAGE_PMD_SIZE >> PAGE_SHIFT))
>  		ret = vmf_insert_pfn_pmd_prot(vmf, pfnt, pgprot, write);
>  #ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD
> diff --git a/mm/gup.c b/mm/gup.c
> index e40579624f10..1b6a127f0bdd 100644
> --- a/mm/gup.c
> +++ b/mm/gup.c
> @@ -1993,6 +1993,17 @@ static void __maybe_unused undo_dev_pagemap(int *nr, int nr_start,
>  }
>  
>  #ifdef CONFIG_ARCH_HAS_PTE_SPECIAL
> +/*
> + * If we can't determine whether or not a pte is special, then fail immediately
> + * for ptes. Note, we can still pin HugeTLB as it is guaranteed not to be
> + * special. For THP, special huge entries are indicated by xxx_devmap()
> + * returning true, but a corresponding call to get_dev_pagemap() will
> + * return NULL.
> + *
> + * For a futex to be placed on a THP tail page, get_futex_key requires a
> + * get_user_pages_fast_only implementation that can pin pages. Thus it's still
> + * useful to have gup_huge_pmd even if we can't operate on ptes.
> + */
>  static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
>  			 unsigned int flags, struct page **pages, int *nr)
>  {
> @@ -2069,16 +2080,6 @@ static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
>  	return ret;
>  }
>  #else
> -
> -/*
> - * If we can't determine whether or not a pte is special, then fail immediately
> - * for ptes. Note, we can still pin HugeTLB and THP as these are guaranteed not
> - * to be special.
> - *
> - * For a futex to be placed on a THP tail page, get_futex_key requires a
> - * get_user_pages_fast_only implementation that can pin pages. Thus it's still
> - * useful to have gup_huge_pmd even if we can't operate on ptes.
> - */
>  static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
>  			 unsigned int flags, struct page **pages, int *nr)
>  {
> diff --git a/mm/memremap.c b/mm/memremap.c
> index 7aa7d6e80ee5..757551cd2a4d 100644
> --- a/mm/memremap.c
> +++ b/mm/memremap.c
> @@ -471,6 +471,11 @@ void vmem_altmap_free(struct vmem_altmap *altmap, unsigned long nr_pfns)
>   *
>   * If @pgmap is non-NULL and covers @pfn it will be returned as-is.  If @pgmap
>   * is non-NULL but does not cover @pfn the reference to it will be released.
> + *
> + * Return: A referenced pointer to a struct dev_pagemap containing @pfn,
> + * or NULL if there was no such pagemap registered. For interpretion
> + * of NULL returns for pfns extracted from valid huge page table entries,
> + * please see gup_pte_range().
>   */
>  struct dev_pagemap *get_dev_pagemap(unsigned long pfn,
>  		struct dev_pagemap *pgmap)
> -- 
> 2.30.2
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ