* [PATCH v2 1/4] mm: handle poisoning of pfn without struct pages
2023-11-23 0:35 [PATCH v2 0/4] mm: Implement ECC handling for pfn with no struct page ankita
@ 2023-11-23 0:35 ` ankita
2023-11-23 0:35 ` [PATCH v2 2/4] mm: Add poison error check in fixup_user_fault() for mapped pfn ankita
` (2 subsequent siblings)
3 siblings, 0 replies; 11+ messages in thread
From: ankita @ 2023-11-23 0:35 UTC (permalink / raw)
To: ankita, jgg, alex.williamson, naoya.horiguchi, akpm, tony.luck,
bp, linmiaohe, rafael, lenb, james.morse, shiju.jose, bhelgaas,
pabeni, yishaih, shameerali.kolothum.thodi, kevin.tian
Cc: aniketa, cjia, kwankhede, targupta, vsethi, acurrid, apopple,
anuaggarwal, jhubbard, danw, mochs, kvm, linux-kernel,
linux-arm-kernel, linux-mm, linux-edac, linux-acpi
From: Ankit Agrawal <ankita@nvidia.com>
The kernel MM currently does not handle ECC errors / poison on a memory
region that is not backed by struct pages. If a memory region is mapped
using remap_pfn_range(), but not added to the kernel, MM will not have
associated struct pages. Add a new mechanism to handle memory failure
on such memory.
Make kernel MM expose a function to allow modules managing the device
memory to register a failure function and the physical address space
associated with the device memory. MM maintains this information as
interval tree. The registered memory failure function is used by MM to
notify the kernel module managing the PFN, so that the module may take
any required action. The module for example may use the information
to track the poisoned pages.
In this implementation, kernel MM follows the following sequence similar
(mostly) to the memory_failure() handler for struct page backed memory:
1. memory_failure() is triggered on reception of a poison error. An
absence of struct page is detected and consequently memory_failure_pfn()
is executed.
2. memory_failure_pfn() call the newly introduced failure handler exposed
by the module managing the poisoned memory to notify it of the problematic
PFN.
3. memory_failure_pfn() unmaps the stage-2 mapping to the PFN.
4. memory_failure_pfn() collects the processes mapped to the PFN.
5. memory_failure_pfn() sends SIGBUS (BUS_MCEERR_AO) to all the processes
mapping the faulty PFN using kill_procs().
6. An access to the faulty PFN by an operation in VM at a later point
is trapped and user_mem_abort() is called.
7. The vma ops fault function gets called due to the absence of Stage-2
mapping. It is expected to return VM_FAULT_HWPOISON on the PFN.
8. __gfn_to_pfn_memslot() then returns KVM_PFN_ERR_HWPOISON, which cause
the poison with SIGBUS (BUS_MCEERR_AR) to be sent to the QEMU process
through kvm_send_hwpoison_signal().
Signed-off-by: Ankit Agrawal <ankita@nvidia.com>
---
include/linux/memory-failure.h | 22 +++++
include/linux/mm.h | 1 +
include/ras/ras_event.h | 1 +
mm/Kconfig | 1 +
mm/memory-failure.c | 146 +++++++++++++++++++++++++++------
5 files changed, 146 insertions(+), 25 deletions(-)
create mode 100644 include/linux/memory-failure.h
diff --git a/include/linux/memory-failure.h b/include/linux/memory-failure.h
new file mode 100644
index 000000000000..9a579960972a
--- /dev/null
+++ b/include/linux/memory-failure.h
@@ -0,0 +1,22 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_MEMORY_FAILURE_H
+#define _LINUX_MEMORY_FAILURE_H
+
+#include <linux/interval_tree.h>
+
+struct pfn_address_space;
+
+struct pfn_address_space_ops {
+ void (*failure)(struct pfn_address_space *pfn_space, unsigned long pfn);
+};
+
+struct pfn_address_space {
+ struct interval_tree_node node;
+ const struct pfn_address_space_ops *ops;
+ struct address_space *mapping;
+};
+
+int register_pfn_address_space(struct pfn_address_space *pfn_space);
+void unregister_pfn_address_space(struct pfn_address_space *pfn_space);
+
+#endif /* _LINUX_MEMORY_FAILURE_H */
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 418d26608ece..82b90e890b4b 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -4007,6 +4007,7 @@ enum mf_action_page_type {
MF_MSG_BUDDY,
MF_MSG_DAX,
MF_MSG_UNSPLIT_THP,
+ MF_MSG_PFN_MAP,
MF_MSG_UNKNOWN,
};
diff --git a/include/ras/ras_event.h b/include/ras/ras_event.h
index cbd3ddd7c33d..05c3e6f6bd02 100644
--- a/include/ras/ras_event.h
+++ b/include/ras/ras_event.h
@@ -373,6 +373,7 @@ TRACE_EVENT(aer_event,
EM ( MF_MSG_BUDDY, "free buddy page" ) \
EM ( MF_MSG_DAX, "dax page" ) \
EM ( MF_MSG_UNSPLIT_THP, "unsplit thp" ) \
+ EM ( MF_MSG_PFN_MAP, "non struct page pfn" ) \
EMe ( MF_MSG_UNKNOWN, "unknown page" )
/*
diff --git a/mm/Kconfig b/mm/Kconfig
index 89971a894b60..4f9533422887 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -774,6 +774,7 @@ config MEMORY_FAILURE
depends on ARCH_SUPPORTS_MEMORY_FAILURE
bool "Enable recovery from hardware memory errors"
select MEMORY_ISOLATION
+ select INTERVAL_TREE
select RAS
help
Enables code to recover from some memory failures on systems
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 660c21859118..4f7672775486 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -38,6 +38,7 @@
#include <linux/kernel.h>
#include <linux/mm.h>
+#include <linux/memory-failure.h>
#include <linux/page-flags.h>
#include <linux/sched/signal.h>
#include <linux/sched/task.h>
@@ -60,6 +61,7 @@
#include <linux/pagewalk.h>
#include <linux/shmem_fs.h>
#include <linux/sysctl.h>
+#include <linux/pfn_t.h>
#include "swap.h"
#include "internal.h"
#include "ras/ras_event.h"
@@ -144,6 +146,10 @@ static struct ctl_table memory_failure_table[] = {
{ }
};
+static struct rb_root_cached pfn_space_itree = RB_ROOT_CACHED;
+
+static DEFINE_MUTEX(pfn_space_lock);
+
/*
* Return values:
* 1: the page is dissolved (if needed) and taken off from buddy,
@@ -422,15 +428,16 @@ static unsigned long dev_pagemap_mapping_shift(struct vm_area_struct *vma,
* Schedule a process for later kill.
* Uses GFP_ATOMIC allocations to avoid potential recursions in the VM.
*
- * Note: @fsdax_pgoff is used only when @p is a fsdax page and a
- * filesystem with a memory failure handler has claimed the
- * memory_failure event. In all other cases, page->index and
- * page->mapping are sufficient for mapping the page back to its
- * corresponding user virtual address.
+ * Notice: @pgoff is used when:
+ * a. @p is a fsdax page and a filesystem with a memory failure handler
+ * has claimed the memory_failure event.
+ * b. pgoff is not backed by struct page.
+ * In all other cases, page->index and page->mapping are sufficient
+ * for mapping the page back to its corresponding user virtual address.
*/
static void __add_to_kill(struct task_struct *tsk, struct page *p,
struct vm_area_struct *vma, struct list_head *to_kill,
- unsigned long ksm_addr, pgoff_t fsdax_pgoff)
+ unsigned long ksm_addr, pgoff_t pgoff)
{
struct to_kill *tk;
@@ -440,13 +447,19 @@ static void __add_to_kill(struct task_struct *tsk, struct page *p,
return;
}
- tk->addr = ksm_addr ? ksm_addr : page_address_in_vma(p, vma);
- if (is_zone_device_page(p)) {
- if (fsdax_pgoff != FSDAX_INVALID_PGOFF)
- tk->addr = vma_pgoff_address(fsdax_pgoff, 1, vma);
- tk->size_shift = dev_pagemap_mapping_shift(vma, tk->addr);
- } else
- tk->size_shift = page_shift(compound_head(p));
+ /* Check for pgoff not backed by struct page */
+ if (!(pfn_valid(pgoff)) && (vma->vm_flags | PFN_MAP)) {
+ tk->addr = vma_pgoff_address(pgoff, 1, vma);
+ tk->size_shift = PAGE_SHIFT;
+ } else {
+ tk->addr = ksm_addr ? ksm_addr : page_address_in_vma(p, vma);
+ if (is_zone_device_page(p)) {
+ if (pgoff != FSDAX_INVALID_PGOFF)
+ tk->addr = vma_pgoff_address(pgoff, 1, vma);
+ tk->size_shift = dev_pagemap_mapping_shift(vma, tk->addr);
+ } else
+ tk->size_shift = page_shift(compound_head(p));
+ }
/*
* Send SIGKILL if "tk->addr == -EFAULT". Also, as
@@ -459,8 +472,8 @@ static void __add_to_kill(struct task_struct *tsk, struct page *p,
* has a mapping for the page.
*/
if (tk->addr == -EFAULT) {
- pr_info("Unable to find user space address %lx in %s\n",
- page_to_pfn(p), tsk->comm);
+ pr_info("Unable to find address %lx in %s\n",
+ pfn_valid(pgoff) ? page_to_pfn(p) : pgoff, tsk->comm);
} else if (tk->size_shift == 0) {
kfree(tk);
return;
@@ -666,8 +679,7 @@ static void collect_procs_file(struct page *page, struct list_head *to_kill,
i_mmap_unlock_read(mapping);
}
-#ifdef CONFIG_FS_DAX
-static void add_to_kill_fsdax(struct task_struct *tsk, struct page *p,
+static void add_to_kill_pgoff(struct task_struct *tsk, struct page *p,
struct vm_area_struct *vma,
struct list_head *to_kill, pgoff_t pgoff)
{
@@ -675,11 +687,12 @@ static void add_to_kill_fsdax(struct task_struct *tsk, struct page *p,
}
/*
- * Collect processes when the error hit a fsdax page.
+ * Collect processes when the error hit a fsdax page or a PFN not backed by
+ * struct page.
*/
-static void collect_procs_fsdax(struct page *page,
- struct address_space *mapping, pgoff_t pgoff,
- struct list_head *to_kill)
+static void collect_procs_pgoff(struct page *page,
+ struct address_space *mapping, pgoff_t pgoff,
+ struct list_head *to_kill)
{
struct vm_area_struct *vma;
struct task_struct *tsk;
@@ -693,13 +706,12 @@ static void collect_procs_fsdax(struct page *page,
continue;
vma_interval_tree_foreach(vma, &mapping->i_mmap, pgoff, pgoff) {
if (vma->vm_mm == t->mm)
- add_to_kill_fsdax(t, page, vma, to_kill, pgoff);
+ add_to_kill_pgoff(t, page, vma, to_kill, pgoff);
}
}
rcu_read_unlock();
i_mmap_unlock_read(mapping);
}
-#endif /* CONFIG_FS_DAX */
/*
* Collect the processes who have the corrupted page mapped to kill.
@@ -893,6 +905,7 @@ static const char * const action_page_types[] = {
[MF_MSG_BUDDY] = "free buddy page",
[MF_MSG_DAX] = "dax page",
[MF_MSG_UNSPLIT_THP] = "unsplit thp",
+ [MF_MSG_PFN_MAP] = "non struct page pfn",
[MF_MSG_UNKNOWN] = "unknown page",
};
@@ -1324,7 +1337,8 @@ static int action_result(unsigned long pfn, enum mf_action_page_type type,
num_poisoned_pages_inc(pfn);
- update_per_node_mf_stats(pfn, result);
+ if (type != MF_MSG_PFN_MAP)
+ update_per_node_mf_stats(pfn, result);
pr_err("%#lx: recovery action for %s: %s\n",
pfn, action_page_types[type], action_name[result]);
@@ -1808,7 +1822,7 @@ int mf_dax_kill_procs(struct address_space *mapping, pgoff_t index,
SetPageHWPoison(page);
- collect_procs_fsdax(page, mapping, index, &to_kill);
+ collect_procs_pgoff(page, mapping, index, &to_kill);
unmap_and_kill(&to_kill, page_to_pfn(page), mapping,
index, mf_flags);
unlock:
@@ -2147,6 +2161,83 @@ static int memory_failure_dev_pagemap(unsigned long pfn, int flags,
return rc;
}
+int register_pfn_address_space(struct pfn_address_space *pfn_space)
+{
+ if (!pfn_space)
+ return -EINVAL;
+
+ if (!request_mem_region(pfn_space->node.start << PAGE_SHIFT,
+ (pfn_space->node.last - pfn_space->node.start + 1) << PAGE_SHIFT, ""))
+ return -EBUSY;
+
+ mutex_lock(&pfn_space_lock);
+ interval_tree_insert(&pfn_space->node, &pfn_space_itree);
+ mutex_unlock(&pfn_space_lock);
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(register_pfn_address_space);
+
+void unregister_pfn_address_space(struct pfn_address_space *pfn_space)
+{
+ if (!pfn_space)
+ return;
+
+ mutex_lock(&pfn_space_lock);
+ interval_tree_remove(&pfn_space->node, &pfn_space_itree);
+ mutex_unlock(&pfn_space_lock);
+ release_mem_region(pfn_space->node.start << PAGE_SHIFT,
+ (pfn_space->node.last - pfn_space->node.start + 1) << PAGE_SHIFT);
+}
+EXPORT_SYMBOL_GPL(unregister_pfn_address_space);
+
+static int memory_failure_pfn(unsigned long pfn, int flags)
+{
+ struct interval_tree_node *node;
+ int res = MF_FAILED;
+ LIST_HEAD(tokill);
+
+ mutex_lock(&pfn_space_lock);
+ /*
+ * Modules registers with MM the address space mapping to the device memory they
+ * manage. Iterate to identify exactly which address space has mapped to this
+ * failing PFN.
+ */
+ for (node = interval_tree_iter_first(&pfn_space_itree, pfn, pfn); node;
+ node = interval_tree_iter_next(node, pfn, pfn)) {
+ struct pfn_address_space *pfn_space =
+ container_of(node, struct pfn_address_space, node);
+ /*
+ * Modules managing the device memory need to be conveyed about the
+ * memory failure so that the poisoned PFN can be tracked.
+ */
+ if (pfn_space->ops)
+ pfn_space->ops->failure(pfn_space, pfn);
+
+ collect_procs_pgoff(NULL, pfn_space->mapping, pfn, &tokill);
+
+ unmap_mapping_range(pfn_space->mapping, pfn << PAGE_SHIFT,
+ PAGE_SIZE, 0);
+
+ res = MF_RECOVERED;
+ }
+ mutex_unlock(&pfn_space_lock);
+
+ if (res == MF_FAILED)
+ return action_result(pfn, MF_MSG_PFN_MAP, res);
+
+ /*
+ * Unlike System-RAM there is no possibility to swap in a different
+ * physical page at a given virtual address, so all userspace
+ * consumption of direct PFN memory necessitates SIGBUS (i.e.
+ * MF_MUST_KILL)
+ */
+ flags |= MF_ACTION_REQUIRED | MF_MUST_KILL;
+ kill_procs(&tokill, true, false, pfn, flags);
+
+ return action_result(pfn, MF_MSG_PFN_MAP, MF_RECOVERED);
+}
+
/**
* memory_failure - Handle memory failure of a page.
* @pfn: Page Number of the corrupted page
@@ -2186,6 +2277,11 @@ int memory_failure(unsigned long pfn, int flags)
if (!(flags & MF_SW_SIMULATED))
hw_memory_failure = true;
+ if (!pfn_valid(pfn) && !arch_is_platform_page(PFN_PHYS(pfn))) {
+ res = memory_failure_pfn(pfn, flags);
+ goto unlock_mutex;
+ }
+
p = pfn_to_online_page(pfn);
if (!p) {
res = arch_memory_failure(pfn, flags);
--
2.17.1
^ permalink raw reply [flat|nested] 11+ messages in thread* [PATCH v2 2/4] mm: Add poison error check in fixup_user_fault() for mapped pfn
2023-11-23 0:35 [PATCH v2 0/4] mm: Implement ECC handling for pfn with no struct page ankita
2023-11-23 0:35 ` [PATCH v2 1/4] mm: handle poisoning of pfn without struct pages ankita
@ 2023-11-23 0:35 ` ankita
2023-12-01 17:04 ` Sean Christopherson
2023-11-23 0:35 ` [PATCH v2 3/4] mm: Change ghes code to allow poison of non-struct pfn ankita
2023-11-23 0:35 ` [PATCH v2 4/4] vfio/nvgpu: register device memory for poison handling ankita
3 siblings, 1 reply; 11+ messages in thread
From: ankita @ 2023-11-23 0:35 UTC (permalink / raw)
To: ankita, jgg, alex.williamson, naoya.horiguchi, akpm, tony.luck,
bp, linmiaohe, rafael, lenb, james.morse, shiju.jose, bhelgaas,
pabeni, yishaih, shameerali.kolothum.thodi, kevin.tian
Cc: aniketa, cjia, kwankhede, targupta, vsethi, acurrid, apopple,
anuaggarwal, jhubbard, danw, mochs, kvm, linux-kernel,
linux-arm-kernel, linux-mm, linux-edac, linux-acpi
From: Ankit Agrawal <ankita@nvidia.com>
The fixup_user_fault() currently does not expect a VM_FAULT_HWPOISON
and hence does not check for it while calling vm_fault_to_errno(). Since
we now have a new code path which can trigger such case, change
fixup_user_fault to look for VM_FAULT_HWPOISON.
Also make hva_to_pfn_remapped check for -EHWPOISON and communicate the
poison fault up to the user_mem_abort().
Signed-off-by: Ankit Agrawal <ankita@nvidia.com>
---
mm/gup.c | 2 +-
virt/kvm/kvm_main.c | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/mm/gup.c b/mm/gup.c
index 231711efa390..b78af20a0f52 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1414,7 +1414,7 @@ int fixup_user_fault(struct mm_struct *mm,
}
if (ret & VM_FAULT_ERROR) {
- int err = vm_fault_to_errno(ret, 0);
+ int err = vm_fault_to_errno(ret, FOLL_HWPOISON);
if (err)
return err;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 486800a7024b..2ff067f21a7c 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2731,6 +2731,12 @@ kvm_pfn_t hva_to_pfn(unsigned long addr, bool atomic, bool interruptible,
r = hva_to_pfn_remapped(vma, addr, write_fault, writable, &pfn);
if (r == -EAGAIN)
goto retry;
+
+ if (r == -EHWPOISON) {
+ pfn = KVM_PFN_ERR_HWPOISON;
+ goto exit;
+ }
+
if (r < 0)
pfn = KVM_PFN_ERR_FAULT;
} else {
--
2.17.1
^ permalink raw reply [flat|nested] 11+ messages in thread* [PATCH v2 4/4] vfio/nvgpu: register device memory for poison handling
2023-11-23 0:35 [PATCH v2 0/4] mm: Implement ECC handling for pfn with no struct page ankita
` (2 preceding siblings ...)
2023-11-23 0:35 ` [PATCH v2 3/4] mm: Change ghes code to allow poison of non-struct pfn ankita
@ 2023-11-23 0:35 ` ankita
3 siblings, 0 replies; 11+ messages in thread
From: ankita @ 2023-11-23 0:35 UTC (permalink / raw)
To: ankita, jgg, alex.williamson, naoya.horiguchi, akpm, tony.luck,
bp, linmiaohe, rafael, lenb, james.morse, shiju.jose, bhelgaas,
pabeni, yishaih, shameerali.kolothum.thodi, kevin.tian
Cc: aniketa, cjia, kwankhede, targupta, vsethi, acurrid, apopple,
anuaggarwal, jhubbard, danw, mochs, kvm, linux-kernel,
linux-arm-kernel, linux-mm, linux-edac, linux-acpi
From: Ankit Agrawal <ankita@nvidia.com>
The nvgrace-gpu-vfio-pci module [1] maps the device memory to the user VA
(Qemu) using remap_pfn_range() without adding the memory to the kernel.
The device memory pages are not backed by struct page. Patches 1-3
implements the mechanism to handle ECC/poison on memory page without
struct page and expose a registration function. This new mechanism is
leveraged here.
The module registers its memory region with the kernel MM for ECC handling
using the register_pfn_address_space() registration API exposed by the
kernel. It also defines a failure callback function pfn_memory_failure()
to get the poisoned PFN from the MM.
The module track poisoned PFN using a hastable. The PFN is communicated
by the kernel MM to the module through the failure function, which push
the appropriate memory offset to the hashtable.
The module also defines a VMA fault ops for the module. It returns
VM_FAULT_HWPOISON in case the memory offset is found in the hashtable.
[1] https://lore.kernel.org/all/20231114081611.30550-1-ankita@nvidia.com/
Signed-off-by: Ankit Agrawal <ankita@nvidia.com>
---
drivers/vfio/pci/nvgrace-gpu/main.c | 123 +++++++++++++++++++++++++++-
drivers/vfio/vfio_main.c | 3 +-
2 files changed, 124 insertions(+), 2 deletions(-)
diff --git a/drivers/vfio/pci/nvgrace-gpu/main.c b/drivers/vfio/pci/nvgrace-gpu/main.c
index b8634974e5cc..5a567375bd14 100644
--- a/drivers/vfio/pci/nvgrace-gpu/main.c
+++ b/drivers/vfio/pci/nvgrace-gpu/main.c
@@ -6,6 +6,16 @@
#include <linux/pci.h>
#include <linux/vfio_pci_core.h>
#include <linux/vfio.h>
+#ifdef CONFIG_MEMORY_FAILURE
+#include <linux/bitmap.h>
+#include <linux/memory-failure.h>
+#include <linux/hashtable.h>
+#endif
+
+struct h_node {
+ unsigned long mem_offset;
+ struct hlist_node node;
+};
struct nvgrace_gpu_vfio_pci_core_device {
struct vfio_pci_core_device core_device;
@@ -13,8 +23,96 @@ struct nvgrace_gpu_vfio_pci_core_device {
size_t memlength;
void *memmap;
struct mutex memmap_lock;
+#ifdef CONFIG_MEMORY_FAILURE
+ struct pfn_address_space pfn_address_space;
+ DECLARE_HASHTABLE(htbl, 8);
+#endif
+};
+
+#ifdef CONFIG_MEMORY_FAILURE
+static void
+nvgrace_gpu_vfio_pci_pfn_memory_failure(struct pfn_address_space *pfn_space,
+ unsigned long pfn)
+{
+ struct nvgrace_gpu_vfio_pci_core_device *nvdev = container_of(
+ pfn_space, struct nvgrace_gpu_vfio_pci_core_device, pfn_address_space);
+ unsigned long mem_offset = pfn - pfn_space->node.start;
+ struct h_node *ecc;
+
+ if (mem_offset >= (nvdev->memlength >> PAGE_SHIFT))
+ return;
+
+ /*
+ * MM has called to notify a poisoned page. Track that in the hastable.
+ */
+ ecc = (struct h_node *)(vzalloc(sizeof(struct h_node)));
+ ecc->mem_offset = mem_offset;
+ hash_add(nvdev->htbl, &(ecc->node), ecc->mem_offset);
+}
+
+struct pfn_address_space_ops nvgrace_gpu_vfio_pci_pas_ops = {
+ .failure = nvgrace_gpu_vfio_pci_pfn_memory_failure,
};
+static int
+nvgrace_gpu_vfio_pci_register_pfn_range(struct nvgrace_gpu_vfio_pci_core_device *nvdev,
+ struct vm_area_struct *vma)
+{
+ unsigned long nr_pages;
+ int ret = 0;
+
+ nr_pages = nvdev->memlength >> PAGE_SHIFT;
+
+ nvdev->pfn_address_space.node.start = vma->vm_pgoff;
+ nvdev->pfn_address_space.node.last = vma->vm_pgoff + nr_pages - 1;
+ nvdev->pfn_address_space.ops = &nvgrace_gpu_vfio_pci_pas_ops;
+ nvdev->pfn_address_space.mapping = vma->vm_file->f_mapping;
+
+ ret = register_pfn_address_space(&(nvdev->pfn_address_space));
+
+ return ret;
+}
+
+extern struct vfio_device *vfio_device_from_file(struct file *file);
+
+static vm_fault_t nvgrace_gpu_vfio_pci_fault(struct vm_fault *vmf)
+{
+ unsigned long mem_offset = vmf->pgoff - vmf->vma->vm_pgoff;
+ struct vfio_device *core_vdev;
+ struct nvgrace_gpu_vfio_pci_core_device *nvdev;
+ bool found = false;
+ struct h_node *cur;
+
+ if (!(vmf->vma->vm_file))
+ goto error_exit;
+
+ core_vdev = vfio_device_from_file(vmf->vma->vm_file);
+
+ if (!core_vdev)
+ goto error_exit;
+
+ nvdev = container_of(core_vdev,
+ struct nvgrace_gpu_vfio_pci_core_device, core_device.vdev);
+
+ if (mem_offset < (nvdev->memlength >> PAGE_SHIFT)) {
+ /*
+ * Check if the page is poisoned.
+ */
+ hash_for_each_possible(nvdev->htbl, cur, node, mem_offset) {
+ if (cur->mem_offset == mem_offset)
+ return VM_FAULT_HWPOISON;
+ }
+ }
+
+error_exit:
+ return VM_FAULT_ERROR;
+}
+
+static const struct vm_operations_struct nvgrace_gpu_vfio_pci_mmap_ops = {
+ .fault = nvgrace_gpu_vfio_pci_fault,
+};
+#endif
+
static int nvgrace_gpu_vfio_pci_open_device(struct vfio_device *core_vdev)
{
struct vfio_pci_core_device *vdev =
@@ -46,6 +144,9 @@ static void nvgrace_gpu_vfio_pci_close_device(struct vfio_device *core_vdev)
mutex_destroy(&nvdev->memmap_lock);
+#ifdef CONFIG_MEMORY_FAILURE
+ unregister_pfn_address_space(&(nvdev->pfn_address_space));
+#endif
vfio_pci_core_close_device(core_vdev);
}
@@ -103,8 +204,12 @@ static int nvgrace_gpu_vfio_pci_mmap(struct vfio_device *core_vdev,
return ret;
vma->vm_pgoff = start_pfn;
+#ifdef CONFIG_MEMORY_FAILURE
+ vma->vm_ops = &nvgrace_gpu_vfio_pci_mmap_ops;
- return 0;
+ ret = nvgrace_gpu_vfio_pci_register_pfn_range(nvdev, vma);
+#endif
+ return ret;
}
static long
@@ -413,6 +518,12 @@ nvgrace_gpu_vfio_pci_fetch_memory_property(struct pci_dev *pdev,
nvdev->memlength = memlength;
+#ifdef CONFIG_MEMORY_FAILURE
+ /*
+ * Initialize the hashtable tracking the poisoned pages.
+ */
+ hash_init(nvdev->htbl);
+#endif
return ret;
}
@@ -448,6 +559,16 @@ static void nvgrace_gpu_vfio_pci_remove(struct pci_dev *pdev)
{
struct nvgrace_gpu_vfio_pci_core_device *nvdev = nvgrace_gpu_drvdata(pdev);
struct vfio_pci_core_device *vdev = &nvdev->core_device;
+#ifdef CONFIG_MEMORY_FAILURE
+ struct h_node *cur;
+ unsigned long bkt;
+ struct hlist_node *tmp_node;
+
+ hash_for_each_safe(nvdev->htbl, bkt, tmp_node, cur, node) {
+ hash_del(&cur->node);
+ vfree(cur);
+ }
+#endif
vfio_pci_core_unregister_device(vdev);
vfio_put_device(&vdev->vdev);
diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
index 8d4995ada74a..290431ac2e00 100644
--- a/drivers/vfio/vfio_main.c
+++ b/drivers/vfio/vfio_main.c
@@ -1319,7 +1319,7 @@ const struct file_operations vfio_device_fops = {
.mmap = vfio_device_fops_mmap,
};
-static struct vfio_device *vfio_device_from_file(struct file *file)
+struct vfio_device *vfio_device_from_file(struct file *file)
{
struct vfio_device_file *df = file->private_data;
@@ -1327,6 +1327,7 @@ static struct vfio_device *vfio_device_from_file(struct file *file)
return NULL;
return df->device;
}
+EXPORT_SYMBOL_GPL(vfio_device_from_file);
/**
* vfio_file_is_valid - True if the file is valid vfio file
--
2.17.1
^ permalink raw reply [flat|nested] 11+ messages in thread