Received: by 10.223.176.46 with SMTP id f43csp2353047wra; Thu, 25 Jan 2018 08:35:22 -0800 (PST) X-Google-Smtp-Source: AH8x2243DEzNlrsk/PgiSuSaXNBVXYplY+fjzqV2+8K4tH3QfD2HMoTnurfj4yRK92i/qL2Y8XzK X-Received: by 10.98.134.206 with SMTP id x197mr4871481pfd.82.1516898122480; Thu, 25 Jan 2018 08:35:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516898122; cv=none; d=google.com; s=arc-20160816; b=wU0VIOeiuvaZZ1Ax8qSmSH7fTgpFkHzGQzTksyRMwYce1yXj2h/4Sj4Rd9hJmfIPZ0 Vzv/DQ0NfdOsLHYfQfsu7s1ReDzmBQSCbHiFvEin8JCDuiRnEoxPmYkcXUqg+7BfgXUw +r1I3OP40FgD62D5Z3YAErfjhBbC1gQrsbDZ7hNZzoJWj+P3On/DNxwpVSqaO+EAg52Z XouCDWmaT6vgVy7Z1ONtACAzfmvyTgUa95QkwX13vkq8tNXnAGDu/T2Pi8FB9u0p45nb MIjyuqizdrBF8covU7nTZFL0+uVVmFhkxUA8tIrudjhnrgbImzJZhXic9vqm7op1oflX +ySg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:organization:references :in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=xhzqXD782D5uz+NCHWM3ht7fgaU7ohV5pXg2YQ0OHiA=; b=U9yw+3yukqLm2FsHoYF1IynoOSuQjzPA9D/0V7kJ8YxWEn2b9uMaWizVCAtFeAfp6+ 0clhIIE47EXL8UhoJpgo8o/T2LfvvolGPomZRbcc21YkflL9IB+D3kWYLN7Kk4ZH2P43 /fXqRI5Jzz4K8kLtHTIQs9yb/3NM4uqYmSQKD6NWXh7g511EdZxaNFgrhNIBcpaP4CgN 8xsVFe8EBAX14MDD5YTfdoGWsYJ3CkITrqlJ9UoLEGpwFlJTFe2J4wHTKS+YPOsQ9w9l 7Mxy3Yfb0MvE4zggOY3rTDdMACEt0OLITsj4YV/KxJttMWWBkSZuHo10ShNJwS0OMHVQ mFUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w9-v6si2262500plq.598.2018.01.25.08.35.08; Thu, 25 Jan 2018 08:35:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751404AbeAYQe1 (ORCPT + 99 others); Thu, 25 Jan 2018 11:34:27 -0500 Received: from mx1.redhat.com ([209.132.183.28]:52980 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751086AbeAYQeZ (ORCPT ); Thu, 25 Jan 2018 11:34:25 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 894592CE929; Thu, 25 Jan 2018 16:34:25 +0000 (UTC) Received: from haswell-e.nc.xsintricity.com (ovpn-120-73.rdu2.redhat.com [10.10.120.73]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D81B95D720; Thu, 25 Jan 2018 16:34:24 +0000 (UTC) Message-ID: <1516898063.27592.136.camel@redhat.com> Subject: Re: [PATCH] IB/mthca: Fix how mthca_map_user_db() calls gup From: Doug Ledford To: Davidlohr Bueso , roland@purestorage.com, linux-rdma@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Davidlohr Bueso Date: Thu, 25 Jan 2018 11:34:23 -0500 In-Reply-To: <20180123205459.432-1-dave@stgolabs.net> References: <20180123205459.432-1-dave@stgolabs.net> Organization: Red Hat, Inc. Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-51VuIibPf54zlRZ/lY0I" Mime-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 25 Jan 2018 16:34:25 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-51VuIibPf54zlRZ/lY0I Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2018-01-23 at 12:54 -0800, Davidlohr Bueso wrote: > mthca_map_user_db() has two problems regarding the call to > get_user_pages(): >=20 > (i) It is not done under mmap_sem. >=20 > (ii) It is done under the db_table mutex, which protects all > database related operations. Should any of these be called > under mmap_sem, we get an ABBA deadlock. In addition, gup can > be performance intensive, which could contend other mapping/ > unmapping ops. >=20 > To fix this, we can drop the mutex while doing a gup_fast(), > once done, recheck to see the page was mapped while we didn't > hold the mutex, and exit out with the corresponding housekeeping. >=20 > Suggested-by: Al Viro > Signed-off-by: Davidlohr Bueso > --- >=20 > - Compile tested only. Jason and I talked about this offline a bit. We're concerned about taking a patch like this into an ancient, unmaintained, but working driver. Especially when it's only compile tested. I have mthca hardware on hand and I can test it, but in this case, testing your patch would require triggering a race condition that we really don't have a way to test. > - Should I be wrong about no callers already holding mmap_sem, > I still think calling gup without the mutex makes sense for > improved paralellism. Now, if callers can hold the mmap_sem, > it's wrong to do copy_from_user right before calling mthca_map_user_db. So, if I understand you correctly, we (well, you and Al would be more correct, we haven't looked into the situation yet, so Mellanox people that worked on this in the day might now, or someone taking the time to research it could find out) don't have a clear understanding of all the conditions this function is called under, and so we actually don't know what the best way forward is to fix it? >=20 > drivers/infiniband/hw/mthca/mthca_memfree.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) >=20 > diff --git a/drivers/infiniband/hw/mthca/mthca_memfree.c b/drivers/infini= band/hw/mthca/mthca_memfree.c > index c6fe89d79248..046871878a02 100644 > --- a/drivers/infiniband/hw/mthca/mthca_memfree.c > +++ b/drivers/infiniband/hw/mthca/mthca_memfree.c > @@ -472,9 +472,27 @@ int mthca_map_user_db(struct mthca_dev *dev, struct = mthca_uar *uar, > goto out; > } > =20 > - ret =3D get_user_pages(uaddr & PAGE_MASK, 1, FOLL_WRITE, pages, NULL); > + mutex_unlock(&db_tab->mutex); > + > + ret =3D get_user_pages_fast(uaddr & PAGE_MASK, 1, FOLL_WRITE, pages); > if (ret < 0) > + return ret; > + > + mutex_lock(&db_tab->mutex); > + > + if (db_tab->page[i].refcount >=3D MTHCA_DB_REC_PER_PAGE || > + (db_tab->page[i].uvirt && db_tab->page[i].uvirt !=3D uaddr)) { > + put_page(pages[0]); > + ret =3D -EINVAL; > goto out; > + } > + > + /* page was already mapped by another task while we were doing gup */ > + if (db_tab->page[i].refcount) { > + put_page(pages[0]); > + ++db_tab->page[i].refcount; > + goto out; > + } > =20 > sg_set_page(&db_tab->page[i].mem, pages[0], MTHCA_ICM_PAGE_SIZE, > uaddr & ~PAGE_MASK); --=20 Doug Ledford GPG KeyID: B826A3330E572FDD Key fingerprint =3D AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD --=-51VuIibPf54zlRZ/lY0I Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEErmsb2hIrI7QmWxJ0uCajMw5XL90FAlpqBw8ACgkQuCajMw5X L91p/Q//WH3kmpy7ALnuTsHePayW70IfTG9ipOs5k5+0ixHrVRP3QKqVqzUSI9Xs YbbodVVCS1fXnCHG5dwV4nRo74KVrX688fTUApS2IJ8SNESKnQl/Fjtzo0gYBSPs 1xNiRMvd2PCjbQqqGBJ0heAx1PT8iWNdoD0wBiBy8siIxWhxp/AipWroeMo3KdhR AOsfNZZdoU2r8kkY5eFT6cxYSp7FIboE+IQ//OEgPh2HvC76HYDx+F1T3N0ZZ/9o v5C2/TCwFjemjhvrqZLMETlBTZtgmgEb7NV+KuRAvkfZR+r2DPUjFuqVfWjxx3mN xmM4ybMMsNyE8/eLywiAhCfkpUlIZZNC4AceoLKcm6AQTDMkWa+PkKCbhRDsRdmw JkELmtVCfYyj7cDfSmS0Bc7h5ocHz398VECUwcEROq0NH2Du6MUvCfU1UsPoO7ZE sz3BumX/kdMOjL7AxknXQZxkrcrXSSKQ76Lpo7rylMkGGNvfPgK1JlGymuSaTPZJ Oj+pcR6S0hs9SpRIn7Ara3QPFmHsI6vAB0GXEZb5HOfbRuosi02UsOFJP7ciM7Bq poZ4mZxV+gTKluXnbwEAI6X6w1MGu5zTq39SgMDMFift0utakcw06J12+oWBNCOX +NKC+DbxvTqO7h3BSPZ0o47Rv68YdOk5h6UWLnGa0SEJf05qGtc= =WT2Y -----END PGP SIGNATURE----- --=-51VuIibPf54zlRZ/lY0I--