On Mon, May 20, 2019 at 12:27 PM Jerome Glisse <jglisse@xxxxxxxxxx> wrote: > > On Mon, May 20, 2019 at 11:07:38AM +0530, Anshuman Khandual wrote: > > On 05/18/2019 03:20 AM, Andrew Morton wrote: > > > On Fri, 17 May 2019 16:08:34 +0530 Anshuman Khandual <anshuman.khandual@xxxxxxx> wrote: > > > > > >> The presence of struct page does not guarantee linear mapping for the pfn > > >> physical range. Device private memory which is non-coherent is excluded > > >> from linear mapping during devm_memremap_pages() though they will still > > >> have struct page coverage. Just check for device private memory before > > >> giving out virtual address for a given pfn. > > > > > > I was going to give my standard "what are the user-visible runtime > > > effects of this change?", but... > > > > > >> All these helper functions are all pfn_t related but could not figure out > > >> another way of determining a private pfn without looking into it's struct > > >> page. pfn_t_to_virt() is not getting used any where in mainline kernel.Is > > >> it used by out of tree drivers ? Should we then drop it completely ? > > > > > > Yeah, let's kill it. > > > > > > But first, let's fix it so that if someone brings it back, they bring > > > back a non-buggy version. > > > > Makes sense. > > > > > > > > So... what (would be) the user-visible runtime effects of this change? > > > > I am not very well aware about the user interaction with the drivers which > > hotplug and manage ZONE_DEVICE memory in general. Hence will not be able to > > comment on it's user visible runtime impact. I just figured this out from > > code audit while testing ZONE_DEVICE on arm64 platform. But the fix makes > > the function bit more expensive as it now involve some additional memory > > references. > > A device private pfn can never leak outside code that does not understand it > So this change is useless for any existing users and i would like to keep the > existing behavior ie never leak device private pfn. The issue is that only an HMM expert might know that such a pfn can never leak, in other words the pfn concept from a code perspective is already leaked / widespread. Ideally any developer familiar with a pfn and the core-mm pfn helpers need only worry about pfn semantics without being required to go audit HMM users.
