Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp3771287rdb; Thu, 14 Sep 2023 01:58:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGvp4Oo2NKKRVv0riVT77zuD7olXluirFW8ivKyv5ZWbNAUs2KbRN/avcBKqRm7axiOWCRB X-Received: by 2002:a05:6a20:4289:b0:13e:9dba:ea43 with SMTP id o9-20020a056a20428900b0013e9dbaea43mr1771106pzj.2.1694681939561; Thu, 14 Sep 2023 01:58:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694681939; cv=none; d=google.com; s=arc-20160816; b=ArOE4hx5KESbTmPOx6zYei5I8nE8mBcTaZk3oeMKulA1JIJW8AldCQ+otOvfGCKC4R DtKTBLsnFcFVpcsRNdtzwV89Rup3StOmgnupbPepQL3UmiZGrZdLCm5jUEx9Om63G8iU hq47ZyLagtF/8W6rsMLwnc0KTbt65VnM2i6Z/DmLzZXuu+Si0CYIcCttjj2B4pT9pSAj xv7EuWZP3xjInn9zMbWIssofj/UBe9zJu1oLDBccxXEoHkxLHRQxddX+33ryBDmU0mAf eO0r0eLaQwa/QGXzGA64TTAPLCS18b1OfiGByGQbtu+cEz/lfLBDi1C0hhUER+CnNW4g Iblg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=6K7SHMMdqK7dm2XYSlQafNTEgw9pt8EkScZcYG9d6FM=; fh=TLdaYVTYpkOucWp2gi2TZIRkEiwPxZ330gpwGOOjymo=; b=chcZx9vSsJqadU1ZGVpgymgFOpkMtH6ezGvmW2V85An52Q+/BVMP+i5LVV2IDWGU1J x8sVLyyApAIOnZQbpHkXhbIvy2192PWjkYZ1S62mhyjhQZEqmHs0LZOgJKX1zeCPT8Eu cuIXf8R9+0Iu26LfFwH+RzFfxX57o44NI3MuxI4l6u0Sa3fc75dBO84f+FM3E9sqbyEW BzPoPuwHvtBVNTCAZLTSEEMV+OKbcRyggqTlfcQ+f8VGoyC0Fk1YIOr99oi45tUMFSzb buJNBpCT68ILFYY+qvYIHi0Kfj7DvN2iF0nKRdAgrzTtBM6jAggGgT8BucFIAstdjb3P Knyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=KD5Ipjf9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id d24-20020a637358000000b0054fd947f66dsi1116935pgn.210.2023.09.14.01.58.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 01:58:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=KD5Ipjf9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id F0EC18224D8A; Thu, 14 Sep 2023 00:50:46 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230137AbjINHun (ORCPT + 99 others); Thu, 14 Sep 2023 03:50:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229890AbjINHum (ORCPT ); Thu, 14 Sep 2023 03:50:42 -0400 Received: from madras.collabora.co.uk (madras.collabora.co.uk [46.235.227.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9D61CC3 for ; Thu, 14 Sep 2023 00:50:38 -0700 (PDT) Received: from [192.168.2.134] (109-252-153-31.dynamic.spd-mgts.ru [109.252.153.31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: dmitry.osipenko) by madras.collabora.co.uk (Postfix) with ESMTPSA id EC4EE6607328; Thu, 14 Sep 2023 08:50:35 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1694677837; bh=+t94FHno8EI7tdTZCjTtriG4Jaov6Eg5SgnYWwDQgB8=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=KD5Ipjf9j8o8530Jp8JUIXTZ+QU4czaZHq5CVr7TLQ/rRBOXY2Ild68jnkcbss0ye kbxXZueIvBUWnPgmfUuyonSRrIXt0Q2wtL3BRfHD9kJsNs9sdl8JSpMJdm5rDOKf1X r1HIw8dwaS6U/Ij2TIdGESrfLKZsj0AQvPw7cifexw1ZMFVXBtLogbwWki3EHlil6y jP8dOoy9R+MynPjMPHygTTtEsY5L1C7jy8VnDsTHpWQN6cssW9Q89cjP16Tn8JBbA2 px9HKnrtoaE/i6SsviuNcTVct5iOC9AN3xNRdyiP/ejPIv2r3tI3YW5SrPKjNnYzs4 kUC5pa7dMJ6Ew== Message-ID: <21dda0bd-4264-b480-dbbc-29a7744bc96c@collabora.com> Date: Thu, 14 Sep 2023 10:50:32 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH v16 15/20] drm/shmem-helper: Add memory shrinker Content-Language: en-US To: Boris Brezillon Cc: David Airlie , Gerd Hoffmann , Gurchetan Singh , Chia-I Wu , Daniel Vetter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , =?UTF-8?Q?Christian_K=c3=b6nig?= , Qiang Yu , Steven Price , Emma Anholt , Melissa Wen , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, kernel@collabora.com, virtualization@lists.linux-foundation.org References: <20230903170736.513347-1-dmitry.osipenko@collabora.com> <20230903170736.513347-16-dmitry.osipenko@collabora.com> <20230905100306.3564e729@collabora.com> <26f7ba6d-3520-0311-35e2-ef5706a98232@collabora.com> <20230913094832.3317c2df@collabora.com> <20230914093626.19692c24@collabora.com> From: Dmitry Osipenko In-Reply-To: <20230914093626.19692c24@collabora.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 14 Sep 2023 00:50:47 -0700 (PDT) X-Spam-Status: No, score=-2.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email On 9/14/23 10:36, Boris Brezillon wrote: > On Thu, 14 Sep 2023 07:02:52 +0300 > Dmitry Osipenko wrote: > >> On 9/13/23 10:48, Boris Brezillon wrote: >>> On Wed, 13 Sep 2023 03:56:14 +0300 >>> Dmitry Osipenko wrote: >>> >>>> On 9/5/23 11:03, Boris Brezillon wrote: >>>>>> * But >>>>>> + * acquiring the obj lock in drm_gem_shmem_release_pages_locked() can >>>>>> + * cause a locking order inversion between reservation_ww_class_mutex >>>>>> + * and fs_reclaim. >>>>>> + * >>>>>> + * This deadlock is not actually possible, because no one should >>>>>> + * be already holding the lock when drm_gem_shmem_free() is called. >>>>>> + * Unfortunately lockdep is not aware of this detail. So when the >>>>>> + * refcount drops to zero, don't touch the reservation lock. >>>>>> + */ >>>>>> + if (shmem->got_pages_sgt && >>>>>> + refcount_dec_and_test(&shmem->pages_use_count)) { >>>>>> + drm_gem_shmem_do_release_pages_locked(shmem); >>>>>> + shmem->got_pages_sgt = false; >>>>>> } >>>>> Leaking memory is the right thing to do if pages_use_count > 1 (it's >>>>> better to leak than having someone access memory it no longer owns), but >>>>> I think it's worth mentioning in the above comment. >>>> >>>> It's unlikely that it will be only a leak without a following up >>>> use-after-free. Neither is acceptable. >>> >>> Not necessarily, if you have a page leak, it could be that the GPU has >>> access to those pages, but doesn't need the GEM object anymore >>> (pages are mapped by the iommu, which doesn't need shmem->sgt or >>> shmem->pages after the mapping is created). Without a WARN_ON(), this >>> can go unnoticed and lead to memory corruptions/information leaks. >>> >>>> >>>> The drm_gem_shmem_free() could be changed such that kernel won't blow up >>>> on a refcnt bug, but that's not worthwhile doing because drivers >>>> shouldn't have silly bugs. >>> >>> We definitely don't want to fix that, but we want to complain loudly >>> (WARN_ON()), and make sure the risk is limited (preventing memory from >>> being re-assigned to someone else by not freeing it). >> >> That's what the code did and continues to do here. Not exactly sure what >> you're trying to say. I'm going to relocate the comment in v17 to >> put_pages(), we can continue discussing it there if I'm missing yours point. >> > > I'm just saying it would be worth mentioning that we're intentionally > leaking memory if shmem->pages_use_count > 1. Something like: > > /** > * shmem->pages_use_count should be 1 when ->sgt != NULL and > * zero otherwise. If some users still hold a pages reference > * that's a bug, and we intentionally leak the pages so they > * can't be re-allocated to someone else while the GPU/CPU > * still have access to it. > */ > drm_WARN_ON(drm, > refcount_read(&shmem->pages_use_count) == (shmem->sgt ? 1 : 0)); > if (shmem->sgt && refcount_dec_and_test(&shmem->pages_use_count)) > drm_gem_shmem_free_pages(shmem); That may be acceptable, but only once there will a driver using this feature. -- Best regards, Dmitry