On Wed, Nov 23, 2022 at 01:49:41PM +0100, Christian König wrote: > Am 23.11.22 um 13:46 schrieb Jason Gunthorpe: > > On Wed, Nov 23, 2022 at 11:06:55AM +0100, Daniel Vetter wrote: > > > > > > Maybe a GFP flag to set the page reference count to zero or something > > > > like this? > > > Hm yeah that might work. I'm not sure what it will all break though? > > > And we'd need to make sure that underflowing the page refcount dies in > > > a backtrace. > > Mucking with the refcount like this to protect against crazy out of > > tree drives seems horrible.. > > Well not only out of tree drivers. The intree KVM got that horrible > wrong as well, those where the latest guys complaining about it. kvm was taking refs on special PTEs? That seems really unlikely? > > The WARN_ON(pag_count(p) != 1) seems like a reasonable thing to do > > though, though you must combine this with the special PTE flag.. > > That's not sufficient. The pages are released much later than things > actually go wrong. In most cases this WARN_ON here won't hit. How so? As long as the page is mapped into the PTE there is no issue with corruption. If dmabuf checks the refcount after it does the unmap mapping range it should catch any bogus pin that might be confused about address coherency. Jason