On 2017-10-26 02:11 PM, Christian König wrote:
> But now reading the patch there is something else which I stumbled over:
>> -Â Â Â WARN_ON(atomic_read(&p->mm->mm_count) <= 0);
>> +Â Â Â /*
>> +Â Â Â Â * This cast should be safe here because we grabbed a
>> +Â Â Â Â * reference to the mm in kfd_process_notifier_release
>> +Â Â Â Â */
>> +Â Â Â WARN_ON(atomic_read(&((struct mm_struct *)p->mm)->mm_count) <= 0);
>> Â Â Â Â Â Â Â mmdrop(p->mm);
> Well that isn't good coding style. You shouldn't obfuscate what
> pointer it is by changing it to "void*", but rather set it to NULL as
> soon as you know that it is stale.
>
> Additional to that it is certainly not job of the driver to warn on a
> run over mm_count.
Yeah. We don't have this in our current staging branch. The whole
process teardown has changed quite a bit. I just fixed this up to make
it work with current upstream.
If you prefer, I could just remove the WARN_ON.
Regards,
 Felix
>
> Regards,
> Christian.
>
>>
>> Regards,
>> Â Â Felix
>>
>>> Regards,
>>> Christian.
>>>
>>>> Signed-off-by: Felix Kuehling <Felix.Kuehling at amd.com>
>>>> ---
>>>>   drivers/gpu/drm/amd/amdkfd/kfd_events.c | 19 +++++++++++++++----
>>>>   drivers/gpu/drm/amd/amdkfd/kfd_priv.h   | 7 ++++++-
>>>> Â Â drivers/gpu/drm/amd/amdkfd/kfd_process.c |Â 6 +++++-
>>>> Â Â 3 files changed, 26 insertions(+), 6 deletions(-)
>>>>
>>>> diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_events.c
>>>> b/drivers/gpu/drm/amd/amdkfd/kfd_events.c
>>>> index 944abfa..61ce547 100644
>>>> --- a/drivers/gpu/drm/amd/amdkfd/kfd_events.c
>>>> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_events.c
>>>> @@ -24,8 +24,8 @@
>>>> Â Â #include <linux/slab.h>
>>>> Â Â #include <linux/types.h>
>>>> Â Â #include <linux/sched/signal.h>
>>>> +#include <linux/sched/mm.h>
>>>> Â Â #include <linux/uaccess.h>
>>>> -#include <linux/mm.h>
>>>> Â Â #include <linux/mman.h>
>>>> Â Â #include <linux/memory.h>
>>>> Â Â #include "kfd_priv.h"
>>>> @@ -904,14 +904,24 @@ void kfd_signal_iommu_event(struct kfd_dev
>>>> *dev, unsigned int pasid,
>>>> Â Â Â Â Â Â Â * running so the lookup function returns a locked process.
>>>> Â Â Â Â Â Â Â */
>>>> Â Â Â Â Â Â struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
>>>> +Â Â Â struct mm_struct *mm;
>>>> Â Â Â Â Â Â Â if (!p)
>>>> Â Â Â Â Â Â Â Â Â Â return; /* Presumably process exited. */
>>>> Â Â +Â Â Â /* Take a safe reference to the mm_struct, which may otherwise
>>>> +Â Â Â Â * disappear even while the kfd_process is still referenced.
>>>> +Â Â Â Â */
>>>> +Â Â Â mm = get_task_mm(p->lead_thread);
>>>> +Â Â Â if (!mm) {
>>>> +Â Â Â Â Â Â Â mutex_unlock(&p->mutex);
>>>> +Â Â Â Â Â Â Â return; /* Process is exiting */
>>>> +Â Â Â }
>>>> +
>>>> Â Â Â Â Â Â memset(&memory_exception_data, 0,
>>>> sizeof(memory_exception_data));
>>>> Â Â -Â Â Â down_read(&p->mm->mmap_sem);
>>>> -Â Â Â vma = find_vma(p->mm, address);
>>>> +Â Â Â down_read(&mm->mmap_sem);
>>>> +Â Â Â vma = find_vma(mm, address);
>>>> Â Â Â Â Â Â Â memory_exception_data.gpu_id = dev->id;
>>>> Â Â Â Â Â Â memory_exception_data.va = address;
>>>> @@ -937,7 +947,8 @@ void kfd_signal_iommu_event(struct kfd_dev *dev,
>>>> unsigned int pasid,
>>>> Â Â Â Â Â Â Â Â Â Â }
>>>> Â Â Â Â Â Â }
>>>> Â Â -Â Â Â up_read(&p->mm->mmap_sem);
>>>> +Â Â Â up_read(&mm->mmap_sem);
>>>> +Â Â Â mmput(mm);
>>>> Â Â Â Â Â Â Â mutex_lock(&p->event_mutex);
>>>> Â Â diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
>>>> b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
>>>> index 7d86ec9..1a483a7 100644
>>>> --- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
>>>> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
>>>> @@ -494,7 +494,12 @@ struct kfd_process {
>>>> Â Â Â Â Â Â Â */
>>>> Â Â Â Â Â Â struct hlist_node kfd_processes;
>>>> Â Â -Â Â Â struct mm_struct *mm;
>>>> +Â Â Â /*
>>>> +Â Â Â Â * Opaque pointer to mm_struct. We don't hold a reference to
>>>> +Â Â Â Â * it so it should never be dereferenced from here. This is
>>>> +Â Â Â Â * only used for looking up processes by their mm.
>>>> +Â Â Â Â */
>>>> +Â Â Â void *mm;
>>>> Â Â Â Â Â Â Â struct mutex mutex;
>>>> Â Â diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process.c
>>>> b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
>>>> index 3ccb3b5..21d27e5 100644
>>>> --- a/drivers/gpu/drm/amd/amdkfd/kfd_process.c
>>>> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
>>>> @@ -200,7 +200,11 @@ static void kfd_process_destroy_delayed(struct
>>>> rcu_head *rcu)
>>>> Â Â Â Â Â Â struct kfd_process *p;
>>>> Â Â Â Â Â Â Â p = container_of(rcu, struct kfd_process, rcu);
>>>> -Â Â Â WARN_ON(atomic_read(&p->mm->mm_count) <= 0);
>>>> +Â Â Â /*
>>>> +Â Â Â Â * This cast should be safe here because we grabbed a
>>>> +Â Â Â Â * reference to the mm in kfd_process_notifier_release
>>>> +Â Â Â Â */
>>>> +Â Â Â WARN_ON(atomic_read(&((struct mm_struct *)p->mm)->mm_count) <=
>>>> 0);
>>>> Â Â Â Â Â Â Â mmdrop(p->mm);
>>>> Â Â
>>>
>
