From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBBD0C3DA7F for ; Wed, 31 Jul 2024 03:58:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EE4D76B0082; Tue, 30 Jul 2024 23:58:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E6DCA6B0083; Tue, 30 Jul 2024 23:58:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CE7136B0085; Tue, 30 Jul 2024 23:58:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id AD60F6B0082 for ; Tue, 30 Jul 2024 23:58:31 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id EAEEC1401DD for ; Wed, 31 Jul 2024 03:58:30 +0000 (UTC) X-FDA: 82398690780.07.EDE0BCB Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf04.hostedemail.com (Postfix) with ESMTP id E5FF240003 for ; Wed, 31 Jul 2024 03:58:27 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=ak9Ifar5; spf=pass (imf04.hostedemail.com: domain of jasowang@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=jasowang@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722398280; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Vi79FakOmaGwzJiCvfN9dMzgsqZ/xgzfCFxHakMewQk=; b=WmdsUjU+1p+FNLaPoHD3w0lJ1KISEg8P65qTVEilAU6dyY47hEafNjRHUDMshsrXV18ZQr DNhUmN5BJMuiIu18sA42kNaOjQx4A3J09cFWxeeXFZl13cS0knOhaEEQrMKs38anriYCUw LYLHiBpAOWh/B8sFnJBnW1k3n8bapXw= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=ak9Ifar5; spf=pass (imf04.hostedemail.com: domain of jasowang@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=jasowang@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722398280; a=rsa-sha256; cv=none; b=ZLwYETRqCz01ekW/NQ+/fae8GBy13xAXs9EHhSJLiwLyFy7ydBjBt8OPSgUMDORDS/yd85 y9s0fHcMdXZOgzWS3HCnioVyayVCfMBKGeoekNWmpTNLjhjG4+q5l7D+9iyUEq1aU1eKH1 G0Tzph3qDGlG6tOIurwgCuDd/7SpYmM= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1722398307; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Vi79FakOmaGwzJiCvfN9dMzgsqZ/xgzfCFxHakMewQk=; b=ak9Ifar5qm/a3mMc7dzxnpJViEnzhNfYTqFGdwgwPlxC4OFp0uzPmiQgR3+gT9JOSkvMHp vmyVwWENuYSFNIL91KKi8eGYcoZPuLES9+bIP7Ve5IwL6lPxsNHJOeFIWBAdtlN5WC8p8H LlPVdqYNV3l6Udh9xr8NCZtEGaNqTG0= Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-182-gzFw4LEoMxa_Tg5uxRrJ8g-1; Tue, 30 Jul 2024 23:58:22 -0400 X-MC-Unique: gzFw4LEoMxa_Tg5uxRrJ8g-1 Received: by mail-pj1-f71.google.com with SMTP id 98e67ed59e1d1-2cb4bcd9671so7264948a91.1 for ; Tue, 30 Jul 2024 20:58:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722398301; x=1723003101; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Vi79FakOmaGwzJiCvfN9dMzgsqZ/xgzfCFxHakMewQk=; b=k2WZZ8/VsQ/uXrqVeBcWYds9hWhjy+OR2ZgNWQSwUb7fHbcrE9oUqyGuC6usfaxn2P 0KPfgdhxKu6tX9mZe3TLSdNPyQIz2d6lmq3O5D+iIAT2SoOW1un3bz2nd/al6rJ6R5lH maLjjhpD1h4QLg5UPhNu2YKYImR9S4lEI1gXY0qDv2gfYkF/xxXKknphy3YROIYIX7ni HA2GDa1wC24V/2j8Q8XmDlJX+x9LlWtAV/wjyUKwr2DYdBP/2xaGQ+/mU3uM4a9EFB6t /P4hyzpjxq9F/+jg7t0uUqFGwteG2R/Cj4LeIOO7pCV6N1GUor4UpHrkfvYAJEpBUIMX 9Nmg== X-Forwarded-Encrypted: i=1; AJvYcCUs6J/cphO/WXGe/8OHAY7Ejsilt/gok6SoJn9jR4KNDp+SaGZ6zz7eGkjWF/dEtuUcgSHPD/+4KxpV0dL+g2MQmpI= X-Gm-Message-State: AOJu0Yx2/bK4W0HWCp+teAd9DlC0R87Fgbc1L4M/7Vunxyt13QnFP78d XbHdxogi196+WVqhddt2vKLhfJv5lGvjMR0AxQZRUPz7sCEWxoY30d8Vjs+U5ZexINpVkNgY4ri C/3GLdhPengBMWPVnstVtlHad3rllv5Ii697zwjZC8ZlbM9+NU6uH3J5H51uC5f4BTPeiOalLol QAMpNX+p7aO3uZokz2OY+xNoA= X-Received: by 2002:a17:90a:a411:b0:2cb:3306:b2cc with SMTP id 98e67ed59e1d1-2cf7e19e197mr15653509a91.1.1722398301065; Tue, 30 Jul 2024 20:58:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHVgnyGi+k0636c/0aO8rPRZzfZMMFmp0fVj/pXyBVQgNUFIT7NYlm5KokNpBngX2C8OF6GrULIQ+CoSKtgXwQ= X-Received: by 2002:a17:90a:a411:b0:2cb:3306:b2cc with SMTP id 98e67ed59e1d1-2cf7e19e197mr15653491a91.1.1722398300545; Tue, 30 Jul 2024 20:58:20 -0700 (PDT) MIME-Version: 1.0 References: <20240731000155.109583-1-21cnbao@gmail.com> <20240731000155.109583-2-21cnbao@gmail.com> In-Reply-To: From: Jason Wang Date: Wed, 31 Jul 2024 11:58:08 +0800 Message-ID: Subject: Re: [PATCH RFT v2 1/4] vpda: try to fix the potential crash due to misusing __GFP_NOFAIL To: Barry Song <21cnbao@gmail.com> Cc: akpm@linux-foundation.org, linux-mm@kvack.org, 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, "Michael S. Tsirkin" , Xuan Zhuo , =?UTF-8?Q?Eugenio_P=C3=A9rez?= , Maxime Coquelin X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: E5FF240003 X-Stat-Signature: i7zz381dz89arzfwwpgfgarj1e15bakn X-HE-Tag: 1722398307-588222 X-HE-Meta: U2FsdGVkX19tYT+r0Y7jp+inStN9Uz34y0PGsrbof8g7YBg+mqZ718xSQ+HCOr9cOoeotgG56H9Szwb9JrtPSuC2RY3QrDZX0JGsUctgBNHxAFD7obRPiKhCeF8rWNA+ux2vlUcxJrxiDFVc5fOH5VIV5vFP5U4qJmtlk0zS/kY673eV0JqgmYBudxDb8VzjeXatMdaEXAopi0rIPoEIr+sGaezNIkTKLvAXYroD1lOYXPB1z7UQSJlEGiLoM9Gokab6XOO71aXlGLyZSgrdIQHBb5tpZtp7l0qTueIap29xisrHMOuYcujiPzhxBjs/buk3loSDwVxi1ovDD76Z67/0AEQ+atmFXBwu6VsfAWQv26jqVYLnY/bh2I6NbEx5VppE5P8Pc33PDYSwwvHW34w1l4dw/BNPI2ROgoCWIej05wOAFO/WhCqO0iFA69qAXWhQGcGHGT3EZuILPZV/79buBC2fb3Su37mcX0Pq8lkccpH11+LkhB1THbj7hiFEog4YM1M2IHdIhGlH1b4fp7/x5yNIkz3wsP72d5SJKOoYfuQb4jCoWbOvIHAKPD5mUjbokpblOPbeqm2RUwfJUQVTfAielFex9oUAoS4DVd4Rid92uyL0cKmDgQ9vfrFEpEZYFTXWsbPqa0Rz7UOGD9/6g5H189znjXjJNBCNQLg2T6NXu9I1xe+PKUzajj6hi9RvEB5gAovC6DLsc7tk9GBpr4Tc/4zcajwNv5KO6x6zBu1sOI3WKLZBW2uJhyoEb/Dxa4GkKqI5Z/Mbyg+vfHQRrMnPY3crg0MNU5aBPk8SncqzYRYyrh1CD6ID6CkaW+Eipe1NnZwgTus8hRoT0drbYdirkkE0O0xNmPk1dQX+NEolDaza6oVFd8/fP71J8VVFIvuZnFP4G555kaXapxN0TQxoiNnWD583neICM3wNa11sYxHcBnuuB+R6gr+2l51z912FFnaYqzJwhKv w4/AcTK4 28PIXpZPdaNWVoXXnp3r8f3QmDL19xNVBVaXBaE9fZSiRTc+WWfAE1JijhqHzrm/2feanRhIyg98+6umsO0W6nr8IOpHOGc+/Rt7F+nJVrTaHMm1rlS+SEajbIQYofHZUguqyDdhRoVJ6PbaBFElHxgrdIfA/vFFYcxVOJni2YjnnkBFAs0M1ottNRHlIxp4kqDQPAptYPtXxDrm3CIRgX+nAyO61mdgwX8VGr7mYe7nfQZgMTSijWI1HIm85YvEhIwSiHj8hbxzBbdxxZAlD67+wdpf22gLwLJKcEjn/ZgfE+VS+7Vq/uRGPJdqjLxVp+Tz6XhkCjdBPv+SeBSwLOy3P+FOyyBD/jOYIv6MENMtYGsGIb7JyC6xdhoXkenyfJE4Ij0y1vIjhgX1NXZM1eWDHN6u1249IKdkpgYKFfAngtLR4unY9K1uudt7GvXNgkweHm3De/JZXDVU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jul 31, 2024 at 11:15=E2=80=AFAM Barry Song <21cnbao@gmail.com> wro= te: > > On Wed, Jul 31, 2024 at 11:10=E2=80=AFAM Jason Wang = wrote: > > > > On Wed, Jul 31, 2024 at 8:03=E2=80=AFAM Barry Song <21cnbao@gmail.com> = wrote: > > > > > > From: Barry Song > > > > > > mm doesn't support non-blockable __GFP_NOFAIL allocation. Because > > > __GFP_NOFAIL without direct reclamation may just result in a busy > > > loop within non-sleepable contexts. > > > > > > static inline struct page * > > > __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, > > > struct alloc_context = *ac) > > > { > > > ... > > > /* > > > * Make sure that __GFP_NOFAIL request doesn't leak out and m= ake sure > > > * we always retry > > > */ > > > if (gfp_mask & __GFP_NOFAIL) { > > > /* > > > * All existing users of the __GFP_NOFAIL are blockab= le, so warn > > > * of any new users that actually require GFP_NOWAIT > > > */ > > > if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask)) > > > goto fail; > > > ... > > > } > > > ... > > > fail: > > > warn_alloc(gfp_mask, ac->nodemask, > > > "page allocation failure: order:%u", order); > > > got_pg: > > > return page; > > > } > > > > > > Let's move the memory allocation out of the atomic context and use > > > the normal sleepable context to get pages. > > > > > > [RFT]: This has only been compile-tested; I'd prefer if the VDPA main= tainers > > > handles it. > > > > > > Cc: "Michael S. Tsirkin" > > > Cc: Jason Wang > > > Cc: Xuan Zhuo > > > Cc: "Eugenio P=C3=A9rez" > > > Cc: Maxime Coquelin > > > Signed-off-by: Barry Song > > > --- > > > drivers/vdpa/vdpa_user/iova_domain.c | 31 +++++++++++++++++++++++---= -- > > > drivers/vdpa/vdpa_user/iova_domain.h | 5 ++++- > > > drivers/vdpa/vdpa_user/vduse_dev.c | 4 +++- > > > 3 files changed, 33 insertions(+), 7 deletions(-) > > > > > > diff --git a/drivers/vdpa/vdpa_user/iova_domain.c b/drivers/vdpa/vdpa= _user/iova_domain.c > > > index 791d38d6284c..9318f059a8b5 100644 > > > --- a/drivers/vdpa/vdpa_user/iova_domain.c > > > +++ b/drivers/vdpa/vdpa_user/iova_domain.c > > > @@ -283,7 +283,23 @@ int vduse_domain_add_user_bounce_pages(struct vd= use_iova_domain *domain, > > > return ret; > > > } > > > > > > -void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain = *domain) > > > +struct page **vduse_domain_alloc_pages_to_remove_bounce(struct vduse= _iova_domain *domain) > > > +{ > > > + struct page **pages; > > > + unsigned long count, i; > > > + > > > + if (!domain->user_bounce_pages) > > > + return NULL; > > > + > > > + count =3D domain->bounce_size >> PAGE_SHIFT; > > > + pages =3D kmalloc_array(count, sizeof(*pages), GFP_KERNEL | _= _GFP_NOFAIL); > > > + for (i =3D 0; i < count; i++) > > > + pages[i] =3D alloc_page(GFP_KERNEL | __GFP_NOFAIL); > > > + > > > + return pages; > > > +} > > > + > > > +void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain = *domain, struct page **pages) > > > { > > > struct vduse_bounce_map *map; > > > unsigned long i, count; > > > @@ -294,15 +310,16 @@ void vduse_domain_remove_user_bounce_pages(stru= ct vduse_iova_domain *domain) > > > > > > count =3D domain->bounce_size >> PAGE_SHIFT; > > > for (i =3D 0; i < count; i++) { > > > - struct page *page =3D NULL; > > > + struct page *page =3D pages[i]; > > > > > > map =3D &domain->bounce_maps[i]; > > > - if (WARN_ON(!map->bounce_page)) > > > + if (WARN_ON(!map->bounce_page)) { > > > + put_page(page); > > > continue; > > > + } > > > > > > /* Copy user page to kernel page if it's in use */ > > > if (map->orig_phys !=3D INVALID_PHYS_ADDR) { > > > - page =3D alloc_page(GFP_ATOMIC | __GFP_NOFAIL= ); > > > memcpy_from_page(page_address(page), > > > map->bounce_page, 0, PAGE_SI= ZE); > > > } > > > @@ -310,6 +327,7 @@ void vduse_domain_remove_user_bounce_pages(struct= vduse_iova_domain *domain) > > > map->bounce_page =3D page; > > > } > > > domain->user_bounce_pages =3D false; > > > + kfree(pages); > > > out: > > > write_unlock(&domain->bounce_lock); > > > } > > > @@ -543,10 +561,13 @@ static int vduse_domain_mmap(struct file *file,= struct vm_area_struct *vma) > > > static int vduse_domain_release(struct inode *inode, struct file *fi= le) > > > { > > > struct vduse_iova_domain *domain =3D file->private_data; > > > + struct page **pages; > > > + > > > + pages =3D vduse_domain_alloc_pages_to_remove_bounce(domain); > > > > > > spin_lock(&domain->iotlb_lock); > > > vduse_iotlb_del_range(domain, 0, ULLONG_MAX); > > > - vduse_domain_remove_user_bounce_pages(domain); > > > + vduse_domain_remove_user_bounce_pages(domain, pages); > > > vduse_domain_free_kernel_bounce_pages(domain); > > > spin_unlock(&domain->iotlb_lock); > > > put_iova_domain(&domain->stream_iovad); > > > diff --git a/drivers/vdpa/vdpa_user/iova_domain.h b/drivers/vdpa/vdpa= _user/iova_domain.h > > > index f92f22a7267d..17efa5555b3f 100644 > > > --- a/drivers/vdpa/vdpa_user/iova_domain.h > > > +++ b/drivers/vdpa/vdpa_user/iova_domain.h > > > @@ -74,7 +74,10 @@ void vduse_domain_reset_bounce_map(struct vduse_io= va_domain *domain); > > > int vduse_domain_add_user_bounce_pages(struct vduse_iova_domain *dom= ain, > > > struct page **pages, int count= ); > > > > > > -void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain = *domain); > > > +void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain = *domain, > > > + struct page **pages); > > > + > > > +struct page **vduse_domain_alloc_pages_to_remove_bounce(struct vduse= _iova_domain *domain); > > > > > > void vduse_domain_destroy(struct vduse_iova_domain *domain); > > > > > > diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_u= ser/vduse_dev.c > > > index 7ae99691efdf..5d8d5810df57 100644 > > > --- a/drivers/vdpa/vdpa_user/vduse_dev.c > > > +++ b/drivers/vdpa/vdpa_user/vduse_dev.c > > > @@ -1030,6 +1030,7 @@ static int vduse_dev_queue_irq_work(struct vdus= e_dev *dev, > > > static int vduse_dev_dereg_umem(struct vduse_dev *dev, > > > u64 iova, u64 size) > > > { > > > + struct page **pages; > > > int ret; > > > > > > mutex_lock(&dev->mem_lock); > > > @@ -1044,7 +1045,8 @@ static int vduse_dev_dereg_umem(struct vduse_de= v *dev, > > > if (dev->umem->iova !=3D iova || size !=3D dev->domain->bounc= e_size) > > > goto unlock; > > > > > > - vduse_domain_remove_user_bounce_pages(dev->domain); > > > + pages =3D vduse_domain_alloc_pages_to_remove_bounce(dev->doma= in); > > > + vduse_domain_remove_user_bounce_pages(dev->domain, pages); > > > unpin_user_pages_dirty_lock(dev->umem->pages, > > > dev->umem->npages, true); > > > atomic64_sub(dev->umem->npages, &dev->umem->mm->pinned_vm); > > > > We miss a kfree(pages); here? > no. > i've moved it into vduse_domain_remove_user_bounce_pages. Ok, but it seems tricky e.g allocated by the caller but freed in callee. And I think I missed some important issues in the previous review: The check of user_bounce_pages must be done under the bounce_lock, otherwise it might race with umem_reg. So in the case of release(), we know the device is gone, so there's no need to allocate pages that will be released soon. So we can pass NULL as a hint and just assign bounce_page to NULL in vduse_domain_remove_user_bounce_pages(). And in the case of vduse_dev_dereg_umem(), we need to allocate the pages without checking user_bounce_pages. So in vduse_domain_remove_user_bounce_pages() if we can free the allocated pages as well as the pages in the following check if (!domain->user_bounce_pages) goto out; What do you think? Thanks > > > > > Thanks > > > > > -- > > > 2.34.1 > > > > > >