From: Ira Weiny <ira.weiny@intel.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
Dan Williams <dan.j.williams@intel.com>,
John Hubbard <jhubbard@nvidia.com>
Subject: Re: [PATCH rc v2] mm/gup: use unpin_user_pages() in __gup_longterm_locked()
Date: Mon, 2 Nov 2020 11:04:33 -0800 [thread overview]
Message-ID: <20201102190433.GG971338@iweiny-DESK2.sc.intel.com> (raw)
In-Reply-To: <0-v2-3ae7d9d162e2+2a7-gup_cma_fix_jgg@nvidia.com>
On Mon, Nov 02, 2020 at 02:19:59PM -0400, Jason Gunthorpe wrote:
> When FOLL_PIN is passed to __get_user_pages() the page list must be put
> back using unpin_user_pages() otherwise the page pin reference persists in
> a corrupted state.
>
> There are two places in the unwind of __gup_longterm_locked() that put the
> pages back without checking. Normally on error this function would return
> the partial page list making this the caller's responsibility, but in
> these two cases the caller is not allowed to see these pages at all.
>
> Cc: <stable@kernel.org>
> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
> Fixes: 3faa52c03f44 ("mm/gup: track FOLL_PIN pages")
> Reported-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> ---
> mm/gup.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> v2:
> - Catch the DAX related case as well (Ira)
> v1: https://lore.kernel.org/r/0-v1-976effcd4468+d4-gup_cma_fix_jgg@nvidia.com
>
> Andrew, this version with a modified commit message and extra hunk replaces:
> mm-gup-use-unpin_user_pages-in-check_and_migrate_cma_pages.patch
>
> Thanks,
> Jason
>
> diff --git a/mm/gup.c b/mm/gup.c
> index 102877ed77a4b4..98eb8e6d2609c3 100644
> --- a/mm/gup.c
> +++ b/mm/gup.c
> @@ -1647,8 +1647,11 @@ static long check_and_migrate_cma_pages(struct mm_struct *mm,
> /*
> * drop the above get_user_pages reference.
> */
> - for (i = 0; i < nr_pages; i++)
> - put_page(pages[i]);
> + if (gup_flags & FOLL_PIN)
> + unpin_user_pages(pages, nr_pages);
> + else
> + for (i = 0; i < nr_pages; i++)
> + put_page(pages[i]);
>
> if (migrate_pages(&cma_page_list, alloc_migration_target, NULL,
> (unsigned long)&mtc, MIGRATE_SYNC, MR_CONTIG_RANGE)) {
> @@ -1728,8 +1731,11 @@ static long __gup_longterm_locked(struct mm_struct *mm,
> goto out;
>
> if (check_dax_vmas(vmas_tmp, rc)) {
> - for (i = 0; i < rc; i++)
> - put_page(pages[i]);
> + if (gup_flags & FOLL_PIN)
> + unpin_user_pages(pages, rc);
> + else
> + for (i = 0; i < rc; i++)
> + put_page(pages[i]);
> rc = -EOPNOTSUPP;
> goto out;
> }
> --
> 2.28.0
>
next prev parent reply other threads:[~2020-11-02 19:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-02 18:19 Jason Gunthorpe
2020-11-02 19:04 ` Ira Weiny [this message]
2020-11-02 19:19 ` John Hubbard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201102190433.GG971338@iweiny-DESK2.sc.intel.com \
--to=ira.weiny@intel.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=dan.j.williams@intel.com \
--cc=jgg@nvidia.com \
--cc=jhubbard@nvidia.com \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox