Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp2044860pxu; Fri, 9 Oct 2020 06:39:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyz8QqEnFRCXY3lfICClYPB+v+p16fj6VKVn0wKC3kOMelkKqP7oikYGx2ZF5ctmyXhtV8S X-Received: by 2002:a17:907:435e:: with SMTP id oc22mr14976899ejb.485.1602250772229; Fri, 09 Oct 2020 06:39:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602250772; cv=none; d=google.com; s=arc-20160816; b=pZjVd+rE18ZJFUj0xo35nYWW7ObygzKMraaaZTUWAcLNSzn3KuU65IIGaw7mMaPwAb gYBqF76KnQDIaq1SZaafFHvCKuSke25rQvostYcYuIAKI2ZKsl6/GygqS+gtOAkDx/FK r4/5FLS63U/c98qS2fbxWwiI+X7X/866MW2LxHAj+hhQizuy6kz1D2Gwcudi6TvRsb15 k0mWPNgyJod+ZeLHPjl6zgOKAR2LnbPBiRlAGLqycAyZzqxS45Nju59zxPeHuxzBuRTY 1ZOQc/FurcIoHg8rAQADoVI6YtQ7n0hMGPw/5Dt8cLpPAgWSFmXs2FOwIUOJW5xTSmfl zxxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=bKAda/rTW4nq6+j1jXEBgS/13SJBQ2WY2j5bHQ+ISAM=; b=M7DKW0+PrNUmJPn2AhrK7L6xtKxMXh++l9CwD4W49Qajssnb5ys2WWaxrFrRkHmEjE ztHZSuR3g6/y0RJH0fxPdqfrerSZSLzPhU6olOyBuLUWbTws+J9HChFppwzjdbHtk4MS UMYRn3S1u3b9PSUC8Yvm6I39my91eyT862gSiR0C0X2HkC76K6sx2Fff389Sy3SbiKEt cYiMfC7Lqu/RbM+yf4DeEP8JtZlIE9yn1yP6uQ8T4C2RnqSuP1dj3jsqt4eCJDYF9vmi nF5my25z+fl9pvQjQabuaffJwShA//+A1V16cOSpbUri9rKyeAhiH1jsSJuARAj7ivtT oPHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b="HLVf/9fs"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m34si5843095ede.50.2020.10.09.06.39.08; Fri, 09 Oct 2020 06:39:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b="HLVf/9fs"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732579AbgJIMsx (ORCPT + 99 others); Fri, 9 Oct 2020 08:48:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732395AbgJIMsx (ORCPT ); Fri, 9 Oct 2020 08:48:53 -0400 Received: from mail-qk1-x743.google.com (mail-qk1-x743.google.com [IPv6:2607:f8b0:4864:20::743]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E381C0613D7 for ; Fri, 9 Oct 2020 05:48:52 -0700 (PDT) Received: by mail-qk1-x743.google.com with SMTP id y198so10416738qka.0 for ; Fri, 09 Oct 2020 05:48:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ziepe.ca; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=bKAda/rTW4nq6+j1jXEBgS/13SJBQ2WY2j5bHQ+ISAM=; b=HLVf/9fs3er+0kSwyJTggMLNde7v6twDJX2OORdUgNP4K/LTsJAusSj3xZhnK/9iEP 2MiDVI/gcY40GDzZOHFy1D1gUeZmYvK+y8q3WrgO2wIZyqUCgxZmIrGytraz5FbwrvVk FIWoQQ/EYzOwBXKaVfiWwe8sni4FQhNRH93rHGzY9G+WQBuX2toU0JYl3qUK8vxILogk CO/+6WIVejt98w1VEtO30gtBiu4FzGnjZIpjkg9+CRC8VLCjso0cqZThY5uICmC4Leel mG8PVTlyewS4MOqVzGOqsDKY0BxrcNvf/7YuapUiGj3wEjRkZ+Rv/IezCJ6KD+Oa9Tui 5i5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=bKAda/rTW4nq6+j1jXEBgS/13SJBQ2WY2j5bHQ+ISAM=; b=cfQm5DHNnX53a8n6PM4QhdFN+29TmwelpWPaBWJy6yU/hrxEXIA8Hfjx3qee+E6ws6 dogn8HXRi7DGWn22flCM6Cq1MMBvEKcn2WHVGUIrhYqf36P2WivnQW6v7BoEmcZQtLwZ esSDLiG9ZF/Of+L5Kwuepl0XCyZNrD9lZBkIrNeNYNVeEaV4Bni3Z5VibKLTTETtjERK AKZgvY0kzzIlOvP9MPOFAi21h5Gg9pjb+kHFfsqBoOVtQSuUuGY8U6iIEya4063udIcs i06S6LIcq9GRLwN5GG5x74FFi0cU/gLVD3yAeOkFEoLHkjnOyeQld3yzsXozmfioy+C1 vIJQ== X-Gm-Message-State: AOAM53339kMK7nNU/NBtAHj8MtdoqO2Myqg2CBdBaKJ013yt76Y6SwVa JncPOwxx6To04qVdK2qHMN56/Q== X-Received: by 2002:ae9:e702:: with SMTP id m2mr6280147qka.387.1602247731583; Fri, 09 Oct 2020 05:48:51 -0700 (PDT) Received: from ziepe.ca (hlfxns017vw-156-34-48-30.dhcp-dynamic.fibreop.ns.bellaliant.net. [156.34.48.30]) by smtp.gmail.com with ESMTPSA id m18sm4248636qkk.102.2020.10.09.05.48.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Oct 2020 05:48:50 -0700 (PDT) Received: from jgg by mlx with local (Exim 4.94) (envelope-from ) id 1kQrpK-001y6e-9J; Fri, 09 Oct 2020 09:48:50 -0300 Date: Fri, 9 Oct 2020 09:48:50 -0300 From: Jason Gunthorpe To: Mauro Carvalho Chehab Cc: Daniel Vetter , DRI Development , LKML , kvm@vger.kernel.org, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, linux-samsung-soc@vger.kernel.org, linux-media@vger.kernel.org, linux-s390@vger.kernel.org, Daniel Vetter , Kees Cook , Dan Williams , Andrew Morton , John Hubbard , =?utf-8?B?SsOpcsO0bWU=?= Glisse , Jan Kara , Linus Torvalds Subject: Re: [PATCH v2 09/17] mm: Add unsafe_follow_pfn Message-ID: <20201009124850.GP5177@ziepe.ca> References: <20201009075934.3509076-1-daniel.vetter@ffwll.ch> <20201009075934.3509076-10-daniel.vetter@ffwll.ch> <20201009123421.67a80d72@coco.lan> <20201009122111.GN5177@ziepe.ca> <20201009143723.45609bfb@coco.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201009143723.45609bfb@coco.lan> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 09, 2020 at 02:37:23PM +0200, Mauro Carvalho Chehab wrote: > I'm not a mm/ expert, but, from what I understood from Daniel's patch > description is that this is unsafe *only if* __GFP_MOVABLE is used. No, it is unconditionally unsafe. The CMA movable mappings are specific VMAs that will have bad issues here, but there are other types too. The only way to do something at a VMA level is to have a list of OK VMAs, eg because they were creatd via a special mmap helper from the media subsystem. > Well, no drivers inside the media subsystem uses such flag, although > they may rely on some infrastructure that could be using it behind > the bars. It doesn't matter, nothing prevents the user from calling media APIs on mmaps it gets from other subsystems. > If this is the case, the proper fix seems to have a GFP_NOT_MOVABLE > flag that it would be denying the core mm code to set __GFP_MOVABLE. We can't tell from the VMA these kinds of details.. It has to go the other direction, evey mmap that might be used as a userptr here has to be found and the VMA specially created to allow its use. At least that is a kernel only change, but will need people with the HW to do this work. > Please let address the issue on this way, instead of broken an > userspace API that it is there since 1991. It has happened before :( It took 4 years for RDMA to undo the uAPI breakage caused by a security fix for something that was a 15 years old bug. Jason