Am 27.10.2017 um 09:22 schrieb Christian König:
> Am 26.10.2017 um 20:54 schrieb Felix Kuehling:
>> On 2017-10-26 02:11 PM, Christian König wrote:
>>> But now reading the patch there is something else which I stumbled
>>> over:
>>>> - WARN_ON(atomic_read(&p->mm->mm_count) <= 0);
>>>> +Â Â Â /*
>>>> +Â Â Â Â * This cast should be safe here because we grabbed a
>>>> +Â Â Â Â * reference to the mm in kfd_process_notifier_release
>>>> +Â Â Â Â */
>>>> +Â Â Â WARN_ON(atomic_read(&((struct mm_struct *)p->mm)->mm_count) <=
>>>> 0);
>>>> Â Â Â Â Â Â Â Â mmdrop(p->mm);
>>> Well that isn't good coding style. You shouldn't obfuscate what
>>> pointer it is by changing it to "void*", but rather set it to NULL as
>>> soon as you know that it is stale.
>>>
>>> Additional to that it is certainly not job of the driver to warn on a
>>> run over mm_count.
>> Yeah. We don't have this in our current staging branch. The whole
>> process teardown has changed quite a bit. I just fixed this up to make
>> it work with current upstream.
>>
>> If you prefer, I could just remove the WARN_ON.
>
> That sounds like a good idea to me, yes.
Wait a second, now that I though once more about it what do you mean
with this comment:
> +Â Â Â /*
> +Â Â Â Â * Opaque pointer to mm_struct. We don't hold a reference to
> +Â Â Â Â * it so it should never be dereferenced from here. This is
> +Â Â Â Â * only used for looking up processes by their mm.
> +Â Â Â Â */
E.g. what means looking up the processes by their mm?
Do you use a hashtable or something like this and then check if you got
the correct mm structure by comparing the pointers?
If that is the case then you should certainly set p->mm to NULL after
mmdrop(p->mm).
Otherwise it can happen that a new mm structure is allocated at the same
location as the old one and you run into problems because the kernel
driver accidentally uses the wrong kfd_process structure.
Regards,
Christian.
>
> Regards,
> Christian.
>
>>
>> Regards,
>> Â Â Felix
>>
>>> Regards,
>>> Christian.
>>>
>>>> Regards,
>>>> Â Â Â Felix
>>>>
>>>>> Regards,
>>>>> Christian.
>>>>>
>>>>>> Signed-off-by: Felix Kuehling <Felix.Kuehling at amd.com>
>>>>>> ---
>>>>>>    drivers/gpu/drm/amd/amdkfd/kfd_events.c | 19
>>>>>> +++++++++++++++----
>>>>>>    drivers/gpu/drm/amd/amdkfd/kfd_priv.h   | 7 ++++++-
>>>>>> Â Â Â drivers/gpu/drm/amd/amdkfd/kfd_process.c |Â 6 +++++-
>>>>>> Â Â Â 3 files changed, 26 insertions(+), 6 deletions(-)
>>>>>>
>>>>>> diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_events.c
>>>>>> b/drivers/gpu/drm/amd/amdkfd/kfd_events.c
>>>>>> index 944abfa..61ce547 100644
>>>>>> --- a/drivers/gpu/drm/amd/amdkfd/kfd_events.c
>>>>>> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_events.c
>>>>>> @@ -24,8 +24,8 @@
>>>>>> Â Â Â #include <linux/slab.h>
>>>>>> Â Â Â #include <linux/types.h>
>>>>>> Â Â Â #include <linux/sched/signal.h>
>>>>>> +#include <linux/sched/mm.h>
>>>>>> Â Â Â #include <linux/uaccess.h>
>>>>>> -#include <linux/mm.h>
>>>>>> Â Â Â #include <linux/mman.h>
>>>>>> Â Â Â #include <linux/memory.h>
>>>>>> Â Â Â #include "kfd_priv.h"
>>>>>> @@ -904,14 +904,24 @@ void kfd_signal_iommu_event(struct kfd_dev
>>>>>> *dev, unsigned int pasid,
>>>>>> Â Â Â Â Â Â Â Â * running so the lookup function returns a locked process.
>>>>>> Â Â Â Â Â Â Â Â */
>>>>>> Â Â Â Â Â Â Â struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
>>>>>> +Â Â Â struct mm_struct *mm;
>>>>>> Â Â Â Â Â Â Â Â if (!p)
>>>>>> Â Â Â Â Â Â Â Â Â Â Â return; /* Presumably process exited. */
>>>>>> Â Â Â +Â Â Â /* Take a safe reference to the mm_struct, which may
>>>>>> otherwise
>>>>>> +Â Â Â Â * disappear even while the kfd_process is still referenced.
>>>>>> +Â Â Â Â */
>>>>>> +Â Â Â mm = get_task_mm(p->lead_thread);
>>>>>> +Â Â Â if (!mm) {
>>>>>> +Â Â Â Â Â Â Â mutex_unlock(&p->mutex);
>>>>>> +Â Â Â Â Â Â Â return; /* Process is exiting */
>>>>>> +Â Â Â }
>>>>>> +
>>>>>> Â Â Â Â Â Â Â memset(&memory_exception_data, 0,
>>>>>> sizeof(memory_exception_data));
>>>>>> Â Â Â -Â Â Â down_read(&p->mm->mmap_sem);
>>>>>> -Â Â Â vma = find_vma(p->mm, address);
>>>>>> +Â Â Â down_read(&mm->mmap_sem);
>>>>>> +Â Â Â vma = find_vma(mm, address);
>>>>>> Â Â Â Â Â Â Â Â memory_exception_data.gpu_id = dev->id;
>>>>>> Â Â Â Â Â Â Â memory_exception_data.va = address;
>>>>>> @@ -937,7 +947,8 @@ void kfd_signal_iommu_event(struct kfd_dev *dev,
>>>>>> unsigned int pasid,
>>>>>> Â Â Â Â Â Â Â Â Â Â Â }
>>>>>> Â Â Â Â Â Â Â }
>>>>>> Â Â Â -Â Â Â up_read(&p->mm->mmap_sem);
>>>>>> +Â Â Â up_read(&mm->mmap_sem);
>>>>>> +Â Â Â mmput(mm);
>>>>>> Â Â Â Â Â Â Â Â mutex_lock(&p->event_mutex);
>>>>>> Â Â Â diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
>>>>>> b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
>>>>>> index 7d86ec9..1a483a7 100644
>>>>>> --- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
>>>>>> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
>>>>>> @@ -494,7 +494,12 @@ struct kfd_process {
>>>>>> Â Â Â Â Â Â Â Â */
>>>>>> Â Â Â Â Â Â Â struct hlist_node kfd_processes;
>>>>>> Â Â Â -Â Â Â struct mm_struct *mm;
>>>>>> +Â Â Â /*
>>>>>> +Â Â Â Â * Opaque pointer to mm_struct. We don't hold a reference to
>>>>>> +Â Â Â Â * it so it should never be dereferenced from here. This is
>>>>>> +Â Â Â Â * only used for looking up processes by their mm.
>>>>>> +Â Â Â Â */
>>>>>> +Â Â Â void *mm;
>>>>>> Â Â Â Â Â Â Â Â struct mutex mutex;
>>>>>> Â Â Â diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process.c
>>>>>> b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
>>>>>> index 3ccb3b5..21d27e5 100644
>>>>>> --- a/drivers/gpu/drm/amd/amdkfd/kfd_process.c
>>>>>> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
>>>>>> @@ -200,7 +200,11 @@ static void kfd_process_destroy_delayed(struct
>>>>>> rcu_head *rcu)
>>>>>> Â Â Â Â Â Â Â struct kfd_process *p;
>>>>>> Â Â Â Â Â Â Â Â p = container_of(rcu, struct kfd_process, rcu);
>>>>>> -Â Â Â WARN_ON(atomic_read(&p->mm->mm_count) <= 0);
>>>>>> +Â Â Â /*
>>>>>> +Â Â Â Â * This cast should be safe here because we grabbed a
>>>>>> +Â Â Â Â * reference to the mm in kfd_process_notifier_release
>>>>>> +Â Â Â Â */
>>>>>> +Â Â Â WARN_ON(atomic_read(&((struct mm_struct *)p->mm)->mm_count) <=
>>>>>> 0);
>>>>>> Â Â Â Â Â Â Â Â mmdrop(p->mm);
>> _______________________________________________
>> amd-gfx mailing list
>> amd-gfx at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
>
>
