On Wed, Mar 24, 2021 at 09:52:11AM -0300, Jason Gunthorpe wrote:
On Tue, Mar 16, 2021 at 04:33:03PM +0100, Daniel Vetter wrote:
Both kvm (in bd2fae8da794 ("KVM: do not assume PTE is writable after follow_pfn")) and vfio (in 07956b6269d3 ("vfio/type1: Use follow_pte()")) have lost their callsites of follow_pfn(). All the other ones have been switched over to unsafe_follow_pfn because they cannot be fixed without breaking userspace api.
Argueably the vfio code is still racy, but that's kinda a bigger picture. But since it does leak the pte beyond where it drops the pt lock, without anything else like an mmu notifier guaranteeing coherence, the problem is at least clearly visible in the vfio code. So good enough with me.
I've decided to keep the explanation that after dropping the pt lock you must have an mmu notifier if you keep using the pte somehow by adjusting it and moving it into the kerneldoc for the new follow_pte() function.
Cc: 3pvd@google.com Cc: Jann Horn jannh@google.com Cc: Paolo Bonzini pbonzini@redhat.com Cc: Jason Gunthorpe jgg@nvidia.com Cc: Cornelia Huck cohuck@redhat.com Cc: Peter Xu peterx@redhat.com Cc: Alex Williamson alex.williamson@redhat.com Cc: linux-mm@kvack.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-samsung-soc@vger.kernel.org Cc: linux-media@vger.kernel.org Cc: kvm@vger.kernel.org Signed-off-by: Daniel Vetter daniel.vetter@intel.com
include/linux/mm.h | 2 -- mm/memory.c | 26 +++++--------------------- mm/nommu.c | 13 +------------ 3 files changed, 6 insertions(+), 35 deletions(-)
I think this is the right thing to do.
Was just about to smash this into the topic branch for testing in linux-next. Feel like an ack on the series, or at least the two mm patches? -Daniel
Alex is working on fixing VFIO and while kvm is still racy using follow pte, I think they are working on it too?
Jason