| Message ID | 20201026105818.2585306-1-daniel.vetter@ffwll.ch (mailing list archive) |
|---|---|
| Headers | show |
| Series | follow_pfn and other iomap races | expand |
Maybe I'm missing something, but shouldn't follow_pfn be unexported at the end of the series?
On Thu, Oct 29, 2020 at 9:57 AM Christoph Hellwig <hch@infradead.org> wrote: > > Maybe I'm missing something, but shouldn't follow_pfn be unexported > at the end of the series? kvm is a legit user and modular afaict. But since you can't use this without an mmu_notifier anyway (or digging around in pagetable locking), maybe it should be EXPORT_SYMBOL_GPL now at least? -Daniel
On Thu, Oct 29, 2020 at 10:25:16AM +0100, Daniel Vetter wrote: > On Thu, Oct 29, 2020 at 9:57 AM Christoph Hellwig <hch@infradead.org> wrote: > > > > Maybe I'm missing something, but shouldn't follow_pfn be unexported > > at the end of the series? > > kvm is a legit user and modular afaict. But since you can't use this > without an mmu_notifier anyway (or digging around in pagetable > locking), maybe it should be EXPORT_SYMBOL_GPL now at least? I think it should then take the notifier as an argument even if it isn't diretly used as a safety check, and get a new name describing it. EXPORT_SYMBOL_GPL is probably ok for now, but I'm drafting a new EXPORT_SYMBOL_FOR_MODULE() which will export symbols that can only be used by one specific module, with kvm being a prime user due to all the odd exports it requires that aren't really the kernel interface by any normal means.
On Thu, Oct 29, 2020 at 10:28 AM Christoph Hellwig <hch@infradead.org> wrote: > > On Thu, Oct 29, 2020 at 10:25:16AM +0100, Daniel Vetter wrote: > > On Thu, Oct 29, 2020 at 9:57 AM Christoph Hellwig <hch@infradead.org> wrote: > > > > > > Maybe I'm missing something, but shouldn't follow_pfn be unexported > > > at the end of the series? > > > > kvm is a legit user and modular afaict. But since you can't use this > > without an mmu_notifier anyway (or digging around in pagetable > > locking), maybe it should be EXPORT_SYMBOL_GPL now at least? > > I think it should then take the notifier as an argument even if it isn't > diretly used as a safety check, and get a new name describing it. Hm so Jason and me discussed this, but e.g. the s390 is safe with with just the pagetable locks. So we'd need two versions. The more practical problem is that I haven't found a reasonable way to check that a passed in mmu_notifier is registered against the mm we're working on, and without that check it feels a bit silly. But if you see how to do that I think we can do an EXPORT_SYMBOL_GPL follow_pfn which takes the notifier, and an __follow_pfn for s390 and similar internal code which isn't exported. > EXPORT_SYMBOL_GPL is probably ok for now, but I'm drafting a new > EXPORT_SYMBOL_FOR_MODULE() which will export symbols that can only be > used by one specific module, with kvm being a prime user due to all > the odd exports it requires that aren't really the kernel interface by > any normal means. Hm yeah that's another one. There's also some virt stuff that's currently on unsafe_follow_pfn and needs to be switched over, and I think that would also need an mmu notifier of some sorts to close the gaps. -Daniel
On Thu, Oct 29, 2020 at 10:38:16AM +0100, Daniel Vetter wrote: > Hm so Jason and me discussed this, but e.g. the s390 is safe with with > just the pagetable locks. So we'd need two versions. > > The more practical problem is that I haven't found a reasonable way to > check that a passed in mmu_notifier is registered against the mm we're > working on, and without that check it feels a bit silly. But if you > see how to do that I think we can do an EXPORT_SYMBOL_GPL follow_pfn > which takes the notifier, and an __follow_pfn for s390 and similar > internal code which isn't exported. True, this is a bit of a mess. So maybe just rename it to __follow_pfn, proper documentation of the requirements and a switch to EXPORT_SYMBOL_GPL.
Hi all Round 3 of my patch series to clamp down a bunch of races and gaps around follow_pfn and other access to iomem mmaps. Previous version: v1: https://lore.kernel.org/dri-devel/20201007164426.1812530-1-daniel.vetter@ffwll.ch/ v2: https://lore.kernel.org/dri-devel/20201009075934.3509076-1-daniel.vetter@ffwll.ch v3: https://lore.kernel.org/dri-devel/20201021085655.1192025-1-daniel.vetter@ffwll.ch/ And the discussion that sparked this journey: https://lore.kernel.org/dri-devel/20201007164426.1812530-1-daniel.vetter@ffwll.ch/ Changes in v4: - Drop the s390 patch, that was very stand-alone and now queued up to land through s390 trees. - Comment polish per Dan's review. Changes in v3: - Bunch of polish all over, no functional changes aside from one barrier in the resource code, for consistency. - A few more r-b tags. Changes in v2: - tons of small polish&fixes all over, thanks to all the reviewers who spotted issues - I managed to test at least the generic_access_phys and pci mmap revoke stuff with a few gdb sessions using our i915 debug tools (hence now also the drm/i915 patch to properly request all the pci bar regions) - reworked approach for the pci mmap revoke: Infrastructure moved into kernel/resource.c, address_space mapping is now set up at open time for everyone (which required some sysfs changes). Does indeed look a lot cleaner and a lot less invasive than I feared at first. I feel like this is ready for some wider soaking. Since the remaining bits are all kinda connnected probably simplest if it all goes through -mm. Cheers, Daniel Daniel Vetter (15): drm/exynos: Stop using frame_vector helpers drm/exynos: Use FOLL_LONGTERM for g2d cmdlists misc/habana: Stop using frame_vector helpers misc/habana: Use FOLL_LONGTERM for userptr mm/frame-vector: Use FOLL_LONGTERM media: videobuf2: Move frame_vector into media subsystem mm: Close race in generic_access_phys mm: Add unsafe_follow_pfn media/videbuf1|2: Mark follow_pfn usage as unsafe vfio/type1: Mark follow_pfn as unsafe PCI: Obey iomem restrictions for procfs mmap /dev/mem: Only set filp->f_mapping resource: Move devmem revoke code to resource framework sysfs: Support zapping of binary attr mmaps PCI: Revoke mappings like devmem drivers/char/mem.c | 86 +-------------- drivers/gpu/drm/exynos/Kconfig | 1 - drivers/gpu/drm/exynos/exynos_drm_g2d.c | 48 ++++----- drivers/media/common/videobuf2/Kconfig | 1 - drivers/media/common/videobuf2/Makefile | 1 + .../media/common/videobuf2}/frame_vector.c | 54 ++++------ drivers/media/platform/omap/Kconfig | 1 - drivers/media/v4l2-core/videobuf-dma-contig.c | 2 +- drivers/misc/habanalabs/Kconfig | 1 - drivers/misc/habanalabs/common/habanalabs.h | 6 +- drivers/misc/habanalabs/common/memory.c | 50 ++++----- drivers/pci/pci-sysfs.c | 4 + drivers/pci/proc.c | 6 ++ drivers/vfio/vfio_iommu_type1.c | 4 +- fs/sysfs/file.c | 11 ++ include/linux/ioport.h | 6 +- include/linux/mm.h | 47 +------- include/linux/sysfs.h | 2 + include/media/frame_vector.h | 47 ++++++++ include/media/videobuf2-core.h | 1 + kernel/resource.c | 101 +++++++++++++++++- mm/Kconfig | 3 - mm/Makefile | 1 - mm/memory.c | 78 +++++++++++++- mm/nommu.c | 17 +++ security/Kconfig | 13 +++ 26 files changed, 347 insertions(+), 245 deletions(-) rename {mm => drivers/media/common/videobuf2}/frame_vector.c (85%) create mode 100644 include/media/frame_vector.h