Am 2021-07-14 um 6:51 a.m. schrieb Christian König: > Am 14.07.21 um 12:44 schrieb Daniel Vetter: >> On Mon, Jul 12, 2021 at 06:06:36PM -0400, Felix Kuehling wrote: >>> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE. >>> is_cow_mapping returns true for these mappings. Add a check for >>> vm_flags & VM_WRITE to avoid mmap failures on private read-only or >>> PROT_NONE mappings. >>> >>> v2: protect against mprotect making a mapping writable after the fact >>> v3: update driver-specific vm_operations_structs >>> >>> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3") >>> Signed-off-by: Felix Kuehling <Felix.Kuehling@xxxxxxx> >>> Signed-off-by: Alex Deucher <alexander.deucher@xxxxxxx> >> So looking at vmf_insert_pfn_prot() and the comment there we can't have >> VM_PFNMAP and is_cow_mapping ever be true, or things break. On platforms >> without pte_special at least. > > Key idea is that we never end up in vmf_insert_pfn_prot() because the > vma is mapped with PROT_NONE. Ah, thanks for that pointer. I wasn't aware of that BUG_ON. I thought it was more of an abstract "copy-on-write faults may be bad on these mappings." > >> >> So I'm not sure this is a great idea, and definitely not for all drivers > > Yeah, I'm absolutely not happy with this either but it seemed to be > the least painful thing to do. > >> ... >> >> Can we clear VM_MAYWRITE instead to force this to be a non-cow mapping >> instead? > > Well we have considered forcefully setting VM_SHARED, which won't work > easily for a couple of reasons. > > But clearing VM_MAYWRITE in amdgpu/amdkfd may actually work as well. > > Felix can you test this? Sounds like it should work and be straight forward (I thought that about setting VM_SHARED, too ...). I'll give it a try. Thanks, Felix > > Thanks, > Christian. > >> -Daniel >> >>> --- >>> drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 3 ++- >>> drivers/gpu/drm/nouveau/nouveau_gem.c | 3 ++- >>> drivers/gpu/drm/radeon/radeon_gem.c | 3 ++- >>> drivers/gpu/drm/ttm/ttm_bo_vm.c | 14 +++++++++++++- >>> drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c | 1 + >>> include/drm/ttm/ttm_bo_api.h | 4 ++++ >>> 6 files changed, 24 insertions(+), 4 deletions(-) >>> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c >>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c >>> index b3404c43a911..1aa750a6a5d2 100644 >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c >>> @@ -79,7 +79,8 @@ static const struct vm_operations_struct >>> amdgpu_gem_vm_ops = { >>> .fault = amdgpu_gem_fault, >>> .open = ttm_bo_vm_open, >>> .close = ttm_bo_vm_close, >>> - .access = ttm_bo_vm_access >>> + .access = ttm_bo_vm_access, >>> + .mprotect = ttm_bo_vm_mprotect >>> }; >>> static void amdgpu_gem_object_free(struct drm_gem_object *gobj) >>> diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c >>> b/drivers/gpu/drm/nouveau/nouveau_gem.c >>> index 5b27845075a1..164ea564bb7a 100644 >>> --- a/drivers/gpu/drm/nouveau/nouveau_gem.c >>> +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c >>> @@ -70,7 +70,8 @@ static const struct vm_operations_struct >>> nouveau_ttm_vm_ops = { >>> .fault = nouveau_ttm_fault, >>> .open = ttm_bo_vm_open, >>> .close = ttm_bo_vm_close, >>> - .access = ttm_bo_vm_access >>> + .access = ttm_bo_vm_access, >>> + .mprotect = ttm_bo_vm_mprotect >>> }; >>> void >>> diff --git a/drivers/gpu/drm/radeon/radeon_gem.c >>> b/drivers/gpu/drm/radeon/radeon_gem.c >>> index 458f92a70887..c19ad07eb7b5 100644 >>> --- a/drivers/gpu/drm/radeon/radeon_gem.c >>> +++ b/drivers/gpu/drm/radeon/radeon_gem.c >>> @@ -77,7 +77,8 @@ static const struct vm_operations_struct >>> radeon_gem_vm_ops = { >>> .fault = radeon_gem_fault, >>> .open = ttm_bo_vm_open, >>> .close = ttm_bo_vm_close, >>> - .access = ttm_bo_vm_access >>> + .access = ttm_bo_vm_access, >>> + .mprotect = ttm_bo_vm_mprotect >>> }; >>> static void radeon_gem_object_free(struct drm_gem_object *gobj) >>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c >>> b/drivers/gpu/drm/ttm/ttm_bo_vm.c >>> index f56be5bc0861..fb325bad5db6 100644 >>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c >>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c >>> @@ -542,17 +542,29 @@ int ttm_bo_vm_access(struct vm_area_struct >>> *vma, unsigned long addr, >>> } >>> EXPORT_SYMBOL(ttm_bo_vm_access); >>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long >>> start, >>> + unsigned long end, unsigned long newflags) >>> +{ >>> + /* Enforce no COW since would have really strange behavior with >>> it. */ >>> + if (is_cow_mapping(newflags) && (newflags & VM_WRITE)) >>> + return -EINVAL; >>> + >>> + return 0; >>> +} >>> +EXPORT_SYMBOL(ttm_bo_vm_mprotect); >>> + >>> static const struct vm_operations_struct ttm_bo_vm_ops = { >>> .fault = ttm_bo_vm_fault, >>> .open = ttm_bo_vm_open, >>> .close = ttm_bo_vm_close, >>> .access = ttm_bo_vm_access, >>> + .mprotect = ttm_bo_vm_mprotect, >>> }; >>> int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct >>> ttm_buffer_object *bo) >>> { >>> /* Enforce no COW since would have really strange behavior >>> with it. */ >>> - if (is_cow_mapping(vma->vm_flags)) >>> + if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE)) >>> return -EINVAL; >>> ttm_bo_get(bo); >>> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c >>> b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c >>> index e6b1f98ec99f..e4bf7dc99320 100644 >>> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c >>> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c >>> @@ -61,6 +61,7 @@ int vmw_mmap(struct file *filp, struct >>> vm_area_struct *vma) >>> .fault = vmw_bo_vm_fault, >>> .open = ttm_bo_vm_open, >>> .close = ttm_bo_vm_close, >>> + .mprotect = ttm_bo_vm_mprotect, >>> #ifdef CONFIG_TRANSPARENT_HUGEPAGE >>> .huge_fault = vmw_bo_vm_huge_fault, >>> #endif >>> diff --git a/include/drm/ttm/ttm_bo_api.h >>> b/include/drm/ttm/ttm_bo_api.h >>> index f681bbdbc698..40eb95875355 100644 >>> --- a/include/drm/ttm/ttm_bo_api.h >>> +++ b/include/drm/ttm/ttm_bo_api.h >>> @@ -605,6 +605,10 @@ void ttm_bo_vm_close(struct vm_area_struct *vma); >>> int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long >>> addr, >>> void *buf, int len, int write); >>> + >>> +int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long >>> start, >>> + unsigned long end, unsigned long newflags); >>> + >>> bool ttm_bo_delayed_delete(struct ttm_device *bdev, bool remove_all); >>> vm_fault_t ttm_bo_vm_dummy_page(struct vm_fault *vmf, pgprot_t >>> prot); >>> -- >>> 2.32.0 >>> >