On Thu, Aug 15, 2019 at 01:47:12PM -0700, Dan Williams wrote: > On Thu, Aug 15, 2019 at 1:41 PM Jason Gunthorpe <jgg@xxxxxxxxxxxx> wrote: > > > > On Thu, Aug 15, 2019 at 04:33:06PM -0400, Jerome Glisse wrote: > > > > > So nor HMM nor driver should dereference the struct page (i do not > > > think any iommu driver would either), > > > > Er, they do technically deref the struct page: > > > > nouveau_dmem_convert_pfn(struct nouveau_drm *drm, > > struct hmm_range *range) > > struct page *page; > > page = hmm_pfn_to_page(range, range->pfns[i]); > > if (!nouveau_dmem_page(drm, page)) { > > > > > > nouveau_dmem_page(struct nouveau_drm *drm, struct page *page) > > { > > return is_device_private_page(page) && drm->dmem == page_to_dmem(page) > > > > > > Which does touch 'page->pgmap' > > > > Is this OK without having a get_dev_pagemap() ? > > > > Noting that the collision-retry scheme doesn't protect anything here > > as we can have a concurrent invalidation while doing the above deref. > > As long take_driver_page_table_lock() in Jerome's flow can replace > percpu_ref_tryget_live() on the pagemap reference. It seems > nouveau_dmem_convert_pfn() happens after: > > mutex_lock(&svmm->mutex); > if (!nouveau_range_done(&range)) { > > ...so I would expect that to be functionally equivalent to validating > the reference count. Yes, OK, that makes sense, I was mostly surprised by the statement the driver doesn't touch the struct page.. I suppose "doesn't touch the struct page out of the driver lock" is the case. However, this means we cannot do any processing of ZONE_DEVICE pages outside the driver lock, so eg, doing any DMA map that might rely on MEMORY_DEVICE_PCI_P2PDMA has to be done in the driver lock, which is a bit unfortunate. Jason