[Intel-gfx] [PATCH 4/4] i915: fix remap_io_sg to verify the pgprot
Thomas Hellström
thomas.hellstrom at linux.intel.com
Tue May 18 06:46:44 UTC 2021
On 5/17/21 11:46 PM, Thomas Hellström wrote:
>
> On 5/17/21 3:11 PM, Christoph Hellwig wrote:
>> On Mon, May 17, 2021 at 04:09:42PM +0300, Serge Belyshev wrote:
>>> Christoph Hellwig <hch at lst.de> writes:
>>>
>>>> As an ad-hoc experiment: can you replace the call to remap_pfn_range
>>>> with remap_pfn_range_notrack (and export it if you build i915 modular)
>>>> in remap_io_sg and see if that makes any difference?
>>> That worked, thanks -- no artifacts seen.
>> Looks like it is caused by the validation failure then. Which means the
>> existing code is doing something wrong in its choice of the page
>> protection bit. I really need help from the i915 maintainers here..
>
> Hmm,
>
> Apart from the caching aliasing Mattew brought up, doesn't the
> remap_pfn_range_xxx() family require the mmap_sem held in write mode
> since it modifies the vma structure? remap_io_sg() is called from the
> fault handler with the mmap_sem held in read mode only.
>
> /Thomas
And worse, if we prefault a user-space buffer object map using
remap_io_sg() and then zap some ptes using madvise(), the next time
those ptes are accessed, we'd trigger a new call to remap_io_sg() which
would now find already populated ptes. While the old code looks to just
silently overwrite those, it looks like the new code would BUG in
remap_pte_range()?
/Thomas
>
>> _______________________________________________
>> Intel-gfx mailing list
>> Intel-gfx at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/intel-gfx
More information about the Intel-gfx
mailing list