[vfio] vfio: Use get_user_pages_longterm correctly

Commit Message

Alex Williamson June 30, 2018, 8:17 p.m. UTC

On Fri, 29 Jun 2018 11:31:50 -0600
Jason Gunthorpe <jgg@mellanox.com> wrote:

> The patch noted in the fixes below converted get_user_pages_fast() to
> get_user_pages_longterm(), however the two calls differ in a few ways.
> 
> First _fast() is documented to not require the mmap_sem, while _longterm()
> is documented to need it. Hold the mmap sem as required.
> 
> Second, _fast accepts an 'int write' while _longterm uses 'unsigned int
> gup_flags', so the expression '!!(prot & IOMMU_WRITE)' is only working by
> luck as FOLL_WRITE is currently == 0x1. Use the expected FOLL_WRITE
> constant instead.
> 
> Fixes: 94db151dc892 ("vfio: disable filesystem-dax page pinning")
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
> ---
>  drivers/vfio/vfio_iommu_type1.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Minor change as shown below, we don't need both branches coming up with
the FOLL_WRITE flag in slightly different ways.

> I noticed this while trying to review some RDMA code that was touching
> our get_user_pages_longterm() call site and wanted to see what others
> are doing..
> 
> If someone can explain that get_user_pages_longterm() is safe to call
> without the mmap_sem held I'd love to here it!

Me too :-\

> The comments in gup.c do seem to pretty clearly state the
> __get_user_pages_locked() called internally by
> get_user_pages_longterm() needs mmap_sem held..
> 
> This is confusing me because this is the only
> get_user_pages_longterm() callsite that doesn't hold the mmap_sem, and
> if it really isn't required I'd like to remove it from the RDMA code
> as well :)

commit 0e81a8fc0411c9baec88f3f65154285fede473f6
Author: Jason Gunthorpe <jgg@mellanox.com>
Date:   Fri Jun 29 11:31:50 2018 -0600

    vfio: Use get_user_pages_longterm correctly
    
    The patch noted in the fixes below converted get_user_pages_fast() to
    get_user_pages_longterm(), however the two calls differ in a few ways.
    
    First _fast() is documented to not require the mmap_sem, while _longterm()
    is documented to need it. Hold the mmap sem as required.
    
    Second, _fast accepts an 'int write' while _longterm uses 'unsigned int
    gup_flags', so the expression '!!(prot & IOMMU_WRITE)' is only working by
    luck as FOLL_WRITE is currently == 0x1. Use the expected FOLL_WRITE
    constant instead.
    
    Fixes: 94db151dc892 ("vfio: disable filesystem-dax page pinning")
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
    Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

Comments

Jason Gunthorpe July 3, 2018, 4:54 p.m. UTC | #1

On Sat, Jun 30, 2018 at 02:17:48PM -0600, Alex Williamson wrote:
> On Fri, 29 Jun 2018 11:31:50 -0600
> Jason Gunthorpe <jgg@mellanox.com> wrote:
> 
> > The patch noted in the fixes below converted get_user_pages_fast() to
> > get_user_pages_longterm(), however the two calls differ in a few ways.
> > 
> > First _fast() is documented to not require the mmap_sem, while _longterm()
> > is documented to need it. Hold the mmap sem as required.
> > 
> > Second, _fast accepts an 'int write' while _longterm uses 'unsigned int
> > gup_flags', so the expression '!!(prot & IOMMU_WRITE)' is only working by
> > luck as FOLL_WRITE is currently == 0x1. Use the expected FOLL_WRITE
> > constant instead.
> > 
> > Fixes: 94db151dc892 ("vfio: disable filesystem-dax page pinning")
> > Cc: <stable@vger.kernel.org>
> > Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
> >  drivers/vfio/vfio_iommu_type1.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> Minor change as shown below, we don't need both branches coming up with
> the FOLL_WRITE flag in slightly different ways.

Looks good, thanks

Jason

Patch

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 2c75b33db4ac..3e5b17710a4f 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -343,18 +343,16 @@  static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr,
 	struct page *page[1];
 	struct vm_area_struct *vma;
 	struct vm_area_struct *vmas[1];
+	unsigned int flags = 0;
 	int ret;
 
+	if (prot & IOMMU_WRITE)
+		flags |= FOLL_WRITE;
+
+	down_read(&mm->mmap_sem);
 	if (mm == current->mm) {
-		ret = get_user_pages_longterm(vaddr, 1, !!(prot & IOMMU_WRITE),
-					      page, vmas);
+		ret = get_user_pages_longterm(vaddr, 1, flags, page, vmas);
 	} else {
-		unsigned int flags = 0;
-
-		if (prot & IOMMU_WRITE)
-			flags |= FOLL_WRITE;
-
-		down_read(&mm->mmap_sem);
 		ret = get_user_pages_remote(NULL, mm, vaddr, 1, flags, page,
 					    vmas, NULL);
 		/*
@@ -368,8 +366,8 @@  static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr,
 			ret = -EOPNOTSUPP;
 			put_page(page[0]);
 		}
-		up_read(&mm->mmap_sem);
 	}
+	up_read(&mm->mmap_sem);
 
 	if (ret == 1) {
 		*pfn = page_to_pfn(page[0]);