Re: WARNING in __mmdrop

From: Michael S. Tsirkin
Date: Tue Jul 23 2019 - 11:02:49 EST

Next message: Colin King: "[PATCH] tty/isicom: remove redundant assignment to variable word_count"
Previous message: Colin King: "[PATCH] staging: rtl8723bs: hal: remove redundant assignment to variable n"
In reply to: Jason Wang: "Re: WARNING in __mmdrop"
Next in thread: Jason Wang: "Re: WARNING in __mmdrop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 23, 2019 at 09:34:29PM +0800, Jason Wang wrote:
>
> On 2019/7/23 äå6:27, Michael S. Tsirkin wrote:
> > > Yes, since there could be multiple co-current invalidation requests. We need
> > > count them to make sure we don't pin wrong pages.
> > >
> > >
> > > > I also wonder about ordering. kvm has this:
> > > > /*
> > > > * Used to check for invalidations in progress, of the pfn that is
> > > > * returned by pfn_to_pfn_prot below.
> > > > */
> > > > mmu_seq = kvm->mmu_notifier_seq;
> > > > /*
> > > > * Ensure the read of mmu_notifier_seq isn't reordered with PTE reads in
> > > > * gfn_to_pfn_prot() (which calls get_user_pages()), so that we don't
> > > > * risk the page we get a reference to getting unmapped before we have a
> > > > * chance to grab the mmu_lock without mmu_notifier_retry() noticing.
> > > > *
> > > > * This smp_rmb() pairs with the effective smp_wmb() of the combination
> > > > * of the pte_unmap_unlock() after the PTE is zapped, and the
> > > > * spin_lock() in kvm_mmu_notifier_invalidate_<page|range_end>() before
> > > > * mmu_notifier_seq is incremented.
> > > > */
> > > > smp_rmb();
> > > >
> > > > does this apply to us? Can't we use a seqlock instead so we do
> > > > not need to worry?
> > > I'm not familiar with kvm MMU internals, but we do everything under of
> > > mmu_lock.
> > >
> > > Thanks
> > I don't think this helps at all.
> >
> > There's no lock between checking the invalidate counter and
> > get user pages fast within vhost_map_prefetch. So it's possible
> > that get user pages fast reads PTEs speculatively before
> > invalidate is read.
> >
> > --
>
>
> In vhost_map_prefetch() we do:
>
> ÂÂÂÂÂÂÂ spin_lock(&vq->mmu_lock);
>
> Â Â Â Â ...
>
> ÂÂÂÂÂÂÂ err = -EFAULT;
> ÂÂÂÂÂÂÂ if (vq->invalidate_count)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ goto err;
>
> ÂÂÂÂÂÂÂ ...
>
> ÂÂÂÂÂÂÂ npinned = __get_user_pages_fast(uaddr->uaddr, npages,
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ uaddr->write, pages);
>
> ÂÂÂÂÂÂÂ ...
>
> ÂÂÂ ÂÂÂ spin_unlock(&vq->mmu_lock);
>
> Is this not sufficient?
>
> Thanks

So what orders __get_user_pages_fast wrt invalidate_count read?

--
MST

Next message: Colin King: "[PATCH] tty/isicom: remove redundant assignment to variable word_count"
Previous message: Colin King: "[PATCH] staging: rtl8723bs: hal: remove redundant assignment to variable n"
In reply to: Jason Wang: "Re: WARNING in __mmdrop"
Next in thread: Jason Wang: "Re: WARNING in __mmdrop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]