Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2135655rwd; Tue, 13 Jun 2023 21:05:37 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4/s2p2fbVkek+jc3/I/zjPmdSaVuKzIDhry210iRDYoCSdqS+hl5P/k3lrCc8D9MBqC154 X-Received: by 2002:a17:902:e543:b0:1b0:46af:7f15 with SMTP id n3-20020a170902e54300b001b046af7f15mr11859469plf.64.1686715536726; Tue, 13 Jun 2023 21:05:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686715536; cv=none; d=google.com; s=arc-20160816; b=QXuF5ge8g9cIRcn4vr9hV1+UmXQ4plBHi103bLNT8zkztvlvZAK6R6XVmtqdSR1dA+ xfV43lgblIaH6qfK3RTt385nyU6PLkJ0JbTzsnx43/oU2HizqngUkTSkLSkjkTtRHlrP yWkrplgDR7/tIaCvk27VO8jqCv2swdF0tbNQ2EtN0QMa1gKQF8EWHwSs3rMiT/Bw+x+H mK72vR6p6m2GO2YtW/1RAtv44gpzU8xaRvTkxS2jJavfHl8Grg5jat8oaTi6OuUTx+Ys TjYnHkQJNXjshivCzA/qIdiKxg0ynIvKFeFxUknOD+A14pK6d2UfwAFCyQDABQJFAsH5 W64Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date:dkim-signature; bh=89E/vNm15KXI4BNl5Qj1rAiYLsSjfnECEfyhr24KnlQ=; b=pVW/MJ0AKncgAtXz0OAeLmZYgqxsiAJRz16RGBT3C11Pq7gimKHUCni9tUTLNIW91m OF84O417mWY5+9mZpFeGBX5Z8OmIccPaDd0INgeCexRWJmSAlzV7JVRnKCotU2eR1U4k YlnhzFK7cCuGLVxqvEG/tekSePGBKxNs8ISSRScqrgoVxTw+qCQWVymGLiJUYeW4mlu7 Eh9yUu0jHLSq8MoH7MPiuXcJ0sX2/IUWS5b9TI7EDHgZjiRK9dpY1hoxMUWxNVc/k1bT 5bp3pWMF9yXCkRAqkTHMCV9i0/2RsdFYXHxSxczvQqyrAn4DbBtyFaWeCTZtiCQjz/2g d0QA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="vKTCEq/g"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jz7-20020a170903430700b0019ea8e6213esi6654303plb.102.2023.06.13.21.05.24; Tue, 13 Jun 2023 21:05:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="vKTCEq/g"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233639AbjFNDlO (ORCPT + 99 others); Tue, 13 Jun 2023 23:41:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233591AbjFNDlM (ORCPT ); Tue, 13 Jun 2023 23:41:12 -0400 Received: from mail-yw1-x112a.google.com (mail-yw1-x112a.google.com [IPv6:2607:f8b0:4864:20::112a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D6D2911B for ; Tue, 13 Jun 2023 20:41:10 -0700 (PDT) Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-56d0d574964so2829967b3.0 for ; Tue, 13 Jun 2023 20:41:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1686714070; x=1689306070; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=89E/vNm15KXI4BNl5Qj1rAiYLsSjfnECEfyhr24KnlQ=; b=vKTCEq/gV+PVeQNXgMkpr+n7v5Y/DXhSWm8RnVXfDxcCC+faivAk0lNIjtdHQFn8Sa BgWYqlj92ejqHVkr5i/UNnuCNju9kW52golDDRmlzB4jLuwh8zjt7CQofNLG+RhgD9FS x2io964yVNzQHIQprnB67rxEXKMUPeUAvM32bdh8zZcn3rxYJsLwEDgwkJIzFwtn9DQr pzIQ3oOLP1aaCBfAQ00kOxXpp68UriNs3EjF+FUBbb5pls3Z2TJMn+e9hmzPr2pKjffK JGuQhr4vY87GLfRZ92kpYzlDA2SL93gxuxlDYkT2a5N5IptTgXwoAd0wICSLzPvzIKuU WI1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686714070; x=1689306070; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=89E/vNm15KXI4BNl5Qj1rAiYLsSjfnECEfyhr24KnlQ=; b=If6I3DY+qwhbZiCEg2wsNyoCaqEx+U2S+NzqYw79xNfGU6NehYKEJeD9yg8wBPDecq gi4Xpsmg8/FieI37bE1a4mW16KVwmOXwacYDiAwD1+Gy2x4Jeu/PcyfCTLAOiNwIdMTx chyfzGmNDjkDGpc3r9U1hzM7N5EMhmEdI5J9B9UJC2ZDT3CTiH8I7DA7HBHKFoL0aLOV O7wygxVaOF1wTuaVh69DHRqKVJBzK2SDQ+WFlfXwFZOhFAjekWmWbWTDGRYm4iieV3vF h4SO40N3OHABvc+yMKy+n0/89GkfcbqGtrz5iWCbmACQlWnhLH642EUsbwIPOwk+0sCx WFWg== X-Gm-Message-State: AC+VfDyImsT1Y9Emq6Tn+U86eFWXBuR8WKmzE+PrR6AHWH9CIsB9cH5X riaHvz9fm8ADPRL3srMWpEsZtA== X-Received: by 2002:a0d:d6d5:0:b0:55d:626c:b62f with SMTP id y204-20020a0dd6d5000000b0055d626cb62fmr563052ywd.51.1686714069952; Tue, 13 Jun 2023 20:41:09 -0700 (PDT) Received: from ripple.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id f9-20020a816a09000000b00545dc7c4a9esm38074ywc.111.2023.06.13.20.41.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 20:41:09 -0700 (PDT) Date: Tue, 13 Jun 2023 20:40:58 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@ripple.attlocal.net To: David Hildenbrand cc: "Kasireddy, Vivek" , Mike Kravetz , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , "dri-devel@lists.freedesktop.org" , "qemu-devel@nongnu.org" , Hugh Dickins , Gerd Hoffmann , "Kim, Dongwon" , "Chang, Junxiao" , "kirill.shutemov@linux.intel.com" , "Hocko, Michal" , "jmarchan@redhat.com" , "muchun.song@linux.dev" , James Houghton , Greg Kroah-Hartman , Andrew Morton , "stable@vger.kernel.org" Subject: Re: [PATCH] udmabuf: revert 'Add support for mapping hugepages (v4)' In-Reply-To: <676ee47d-8ca0-94c4-7454-46e9915ea36a@redhat.com> Message-ID: <5dd5b94c-7bf-4de-40db-aeea8aa7b45e@google.com> References: <20230608204927.88711-1-mike.kravetz@oracle.com> <281caf4f-25da-3a73-554b-4fb252963035@redhat.com> <676ee47d-8ca0-94c4-7454-46e9915ea36a@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 13 Jun 2023, David Hildenbrand wrote: > On 13.06.23 10:26, Kasireddy, Vivek wrote: > >> On 12.06.23 09:10, Kasireddy, Vivek wrote: > >>> Sorry for the late reply; I just got back from vacation. > >>> If it is unsafe to directly use the subpages of a hugetlb page, then > >>> reverting > >>> this patch seems like the only option for addressing this issue > >>> immediately. > >>> So, this patch is > >>> Acked-by: Vivek Kasireddy > >>> > >>> As far as the use-case is concerned, there are two main users of the > >> udmabuf > >>> driver: Qemu and CrosVM VMMs. However, it appears Qemu is the only > >> one > >>> that uses hugetlb pages (when hugetlb=on is set) as the backing store for > >>> Guest (Linux, Android and Windows) system memory. The main goal is to > >>> share the pages associated with the Guest allocated framebuffer (FB) with > >>> the Host GPU driver and other components in a zero-copy way. To that > >> end, > >>> the guest GPU driver (virtio-gpu) allocates 4k size pages (associated with > >>> the FB) and pins them before sharing the (guest) physical (or dma) > >> addresses > >>> (and lengths) with Qemu. Qemu then translates the addresses into file > >>> offsets and shares these offsets with udmabuf. > >> > >> Is my understanding correct, that we can effectively long-term pin > >> (worse than mlock) 64 MiB per UDMABUF_CREATE, allowing eventually !root > > The 64 MiB limit is the theoretical upper bound that we have not seen hit in > > practice. Typically, for a 1920x1080 resolution (commonly used in Guests), > > the size of the FB is ~8 MB (1920x1080x4). And, most modern Graphics > > compositors flip between two FBs. > > > > Okay, but users with privileges to open that file can just create as many as > they want? I think I'll have to play with it. > > >> users > >> > >> ll /dev/udmabuf > >> crw-rw---- 1 root kvm 10, 125 12. Jun 08:12 /dev/udmabuf > >> > >> to bypass there effective MEMLOCK limit, fragmenting physical memory and > >> breaking swap? > > Right, it does not look like the mlock limits are honored. > > > > That should be added. Agreed. > > >> > >> Regarding the udmabuf_vm_fault(), I assume we're mapping pages we > >> obtained from the memfd ourselves into a special VMA (mmap() of the > > mmap operation is really needed only if any component on the Host needs > > CPU access to the buffer. But in most scenarios, we try to ensure direct GPU > > access (h/w acceleration via gl) to these pages. > > > >> udmabuf). I'm not sure how well shmem pages are prepared for getting > >> mapped by someone else into an arbitrary VMA (page->index?). > > Most drm/gpu drivers use shmem pages as the backing store for FBs and > > other buffers and also provide mmap capability. What concerns do you see > > with this approach? > > Are these mmaping the pages the way udmabuf maps these pages (IOW, on-demand > fault where we core-mm will adjust the mapcount etc)? > > Skimming over at shmem_read_mapping_page() users, I assume most of them use a > VM_PFNMAP mapping (or don't mmap them at all), where we won't be messing with > the struct page at all. > > (That might even allow you to mmap hugetlb sub-pages, because the struct page > -- and mapcount -- will be ignored completely and not touched.) You're well ahead of me: I didn't reach an understanding of whether or not mapcount would get manipulated here - though if Junxiao's original patch did fix the immediate hugetlb symptoms, presumably it is (and without much point, since udmabuf holds on to that extra reference which pins each page for the duration). > > > > >> > >> ... also, just imagine someone doing FALLOC_FL_PUNCH_HOLE / ftruncate() > >> on the memfd. What's mapped into the memfd no longer corresponds to > >> what's pinned / mapped into the VMA. > > IIUC, making use of the DMA_BUF_IOCTL_SYNC ioctl would help with any > > coherency issues: > > https://www.kernel.org/doc/html/v6.2/driver-api/dma-buf.html#c.dma_buf_sync > > > > Would it as of now? udmabuf_create() pulls the shmem pages out of the memfd, > not sure how DMA_BUF_IOCTL_SYNC would help to update that whenever the pages > inside the memfd would change (e.g., FALLOC_FL_PUNCH_HOLE + realloc). > > But that's most probably simply "not supported". Yes, the pages which udmabuf is holding would be the originals: they will then be detached from the hole-punched file, and subsequent faults or writes to that backing file (through shmem, rather than through udmabuf) can fill in the holes with new, different pages. So long as that's well understood, then it's not necessarily a disaster. I see udmabuf asks for SEAL_SHRINK (I guess to keep away from SIGBUS), but refuses SEAL_WRITE - so hole-punching remains permitted. > > >> > >> > >> Was linux-mm (and especially shmem maintainers, ccing Hugh) involved in > >> the upstreaming of udmabuf? Thanks for the Cc, David. No, I wasn't involved at all; but I probably would not have understood their needs much better then than now. I don't see anything obviously wrong with its use of shmem, aside from the unlimited pinning of pages which you pointed out; and I'll tend to assume that it's okay, from its five years of use. But certainly the more recent addition of hugetlb was mistaken, and needs to be reverted. > > It does not appear so from the link below although other key lists were > > cc'd: > > https://patchwork.freedesktop.org/patch/246100/?series=39879&rev=7 The i915 folks (looks like Daniel Vetter was involved there) have been using shmem_read_mapping_page() for a very long time: but they take care to register a shrinker and swap out under pressure, rather than holding pins indefinitely. I wonder, if we're taking MFD_HUGETLB away from them, whether this would be another call for MFD_HUGEPAGE (shmem memfd using THPs): https://lore.kernel.org/linux-mm/c140f56a-1aa3-f7ae-b7d1-93da7d5a3572@google.com/ And that series did also support F_MEM_LOCK, which could be used to help with the accounting of the locked pages. (But IIRC the necessary way of accounting changed just afterwards - or was it just before? - so that old series may not show what's needed today.) I was happy with using fcntls in that series; but could not decide the right restrictionss for F_MEM_UNLOCK (how assured is a memlock if anyone can unlock it?) - maybe F_MEM_UNLOCK should be refused while pins are outstanding. But I digress. Yes, please do revert that hugetlb usage from udmabuf. Hugh > > That's unfortunate :( > > -- > Cheers, > > David / dhildenb