2018-07-20 09:01:47 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Common functionality of grant device.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2006-2007, D G Murray.
|
|
|
|
|
* (c) 2009 Gerd Hoffmann <kraxel@redhat.com>
|
|
|
|
|
* (c) 2018 Oleksandr Andrushchenko, EPAM Systems Inc.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _GNTDEV_COMMON_H
|
|
|
|
|
#define _GNTDEV_COMMON_H
|
|
|
|
|
|
|
|
|
|
#include <linux/mm.h>
|
|
|
|
|
#include <linux/mman.h>
|
|
|
|
|
#include <linux/mmu_notifier.h>
|
|
|
|
|
#include <linux/types.h>
|
2020-03-23 16:15:11 +00:00
|
|
|
#include <xen/interface/event_channel.h>
|
xen/gntdev: Avoid blocking in unmap_grant_pages()
unmap_grant_pages() currently waits for the pages to no longer be used.
In https://github.com/QubesOS/qubes-issues/issues/7481, this lead to a
deadlock against i915: i915 was waiting for gntdev's MMU notifier to
finish, while gntdev was waiting for i915 to free its pages. I also
believe this is responsible for various deadlocks I have experienced in
the past.
Avoid these problems by making unmap_grant_pages async. This requires
making it return void, as any errors will not be available when the
function returns. Fortunately, the only use of the return value is a
WARN_ON(), which can be replaced by a WARN_ON when the error is
detected. Additionally, a failed call will not prevent further calls
from being made, but this is harmless.
Because unmap_grant_pages is now async, the grant handle will be sent to
INVALID_GRANT_HANDLE too late to prevent multiple unmaps of the same
handle. Instead, a separate bool array is allocated for this purpose.
This wastes memory, but stuffing this information in padding bytes is
too fragile. Furthermore, it is necessary to grab a reference to the
map before making the asynchronous call, and release the reference when
the call returns.
It is also necessary to guard against reentrancy in gntdev_map_put(),
and to handle the case where userspace tries to map a mapping whose
contents have not all been freed yet.
Fixes: 745282256c75 ("xen/gntdev: safely unmap grants in case they are still in use")
Cc: stable@vger.kernel.org
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220622022726.2538-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
2022-06-22 02:27:26 +00:00
|
|
|
#include <xen/grant_table.h>
|
2018-07-20 09:01:47 +00:00
|
|
|
|
2018-07-20 09:01:48 +00:00
|
|
|
struct gntdev_dmabuf_priv;
|
|
|
|
|
|
2018-07-20 09:01:47 +00:00
|
|
|
struct gntdev_priv {
|
|
|
|
|
/* Maps with visible offsets in the file descriptor. */
|
|
|
|
|
struct list_head maps;
|
|
|
|
|
/* lock protects maps and freeable_maps. */
|
|
|
|
|
struct mutex lock;
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_XEN_GRANT_DMA_ALLOC
|
|
|
|
|
/* Device for which DMA memory is allocated. */
|
|
|
|
|
struct device *dma_dev;
|
|
|
|
|
#endif
|
2018-07-20 09:01:48 +00:00
|
|
|
|
|
|
|
|
#ifdef CONFIG_XEN_GNTDEV_DMABUF
|
|
|
|
|
struct gntdev_dmabuf_priv *dmabuf_priv;
|
|
|
|
|
#endif
|
2018-07-20 09:01:47 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct gntdev_unmap_notify {
|
|
|
|
|
int flags;
|
|
|
|
|
/* Address relative to the start of the gntdev_grant_map. */
|
|
|
|
|
int addr;
|
2020-03-23 16:15:11 +00:00
|
|
|
evtchn_port_t event;
|
2018-07-20 09:01:47 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct gntdev_grant_map {
|
2019-11-12 20:22:31 +00:00
|
|
|
struct mmu_interval_notifier notifier;
|
2018-07-20 09:01:47 +00:00
|
|
|
struct list_head next;
|
|
|
|
|
struct vm_area_struct *vma;
|
|
|
|
|
int index;
|
|
|
|
|
int count;
|
|
|
|
|
int flags;
|
|
|
|
|
refcount_t users;
|
|
|
|
|
struct gntdev_unmap_notify notify;
|
|
|
|
|
struct ioctl_gntdev_grant_ref *grants;
|
|
|
|
|
struct gnttab_map_grant_ref *map_ops;
|
|
|
|
|
struct gnttab_unmap_grant_ref *unmap_ops;
|
|
|
|
|
struct gnttab_map_grant_ref *kmap_ops;
|
|
|
|
|
struct gnttab_unmap_grant_ref *kunmap_ops;
|
xen/gntdev: Avoid blocking in unmap_grant_pages()
unmap_grant_pages() currently waits for the pages to no longer be used.
In https://github.com/QubesOS/qubes-issues/issues/7481, this lead to a
deadlock against i915: i915 was waiting for gntdev's MMU notifier to
finish, while gntdev was waiting for i915 to free its pages. I also
believe this is responsible for various deadlocks I have experienced in
the past.
Avoid these problems by making unmap_grant_pages async. This requires
making it return void, as any errors will not be available when the
function returns. Fortunately, the only use of the return value is a
WARN_ON(), which can be replaced by a WARN_ON when the error is
detected. Additionally, a failed call will not prevent further calls
from being made, but this is harmless.
Because unmap_grant_pages is now async, the grant handle will be sent to
INVALID_GRANT_HANDLE too late to prevent multiple unmaps of the same
handle. Instead, a separate bool array is allocated for this purpose.
This wastes memory, but stuffing this information in padding bytes is
too fragile. Furthermore, it is necessary to grab a reference to the
map before making the asynchronous call, and release the reference when
the call returns.
It is also necessary to guard against reentrancy in gntdev_map_put(),
and to handle the case where userspace tries to map a mapping whose
contents have not all been freed yet.
Fixes: 745282256c75 ("xen/gntdev: safely unmap grants in case they are still in use")
Cc: stable@vger.kernel.org
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220622022726.2538-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
2022-06-22 02:27:26 +00:00
|
|
|
bool *being_removed;
|
2018-07-20 09:01:47 +00:00
|
|
|
struct page **pages;
|
|
|
|
|
unsigned long pages_vm_start;
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_XEN_GRANT_DMA_ALLOC
|
|
|
|
|
/*
|
|
|
|
|
* If dmabuf_vaddr is not NULL then this mapping is backed by DMA
|
|
|
|
|
* capable memory.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
struct device *dma_dev;
|
|
|
|
|
/* Flags used to create this DMA buffer: GNTDEV_DMA_FLAG_XXX. */
|
|
|
|
|
int dma_flags;
|
|
|
|
|
void *dma_vaddr;
|
|
|
|
|
dma_addr_t dma_bus_addr;
|
|
|
|
|
/* Needed to avoid allocation in gnttab_dma_free_pages(). */
|
|
|
|
|
xen_pfn_t *frames;
|
|
|
|
|
#endif
|
xen/gntdev: Avoid blocking in unmap_grant_pages()
unmap_grant_pages() currently waits for the pages to no longer be used.
In https://github.com/QubesOS/qubes-issues/issues/7481, this lead to a
deadlock against i915: i915 was waiting for gntdev's MMU notifier to
finish, while gntdev was waiting for i915 to free its pages. I also
believe this is responsible for various deadlocks I have experienced in
the past.
Avoid these problems by making unmap_grant_pages async. This requires
making it return void, as any errors will not be available when the
function returns. Fortunately, the only use of the return value is a
WARN_ON(), which can be replaced by a WARN_ON when the error is
detected. Additionally, a failed call will not prevent further calls
from being made, but this is harmless.
Because unmap_grant_pages is now async, the grant handle will be sent to
INVALID_GRANT_HANDLE too late to prevent multiple unmaps of the same
handle. Instead, a separate bool array is allocated for this purpose.
This wastes memory, but stuffing this information in padding bytes is
too fragile. Furthermore, it is necessary to grab a reference to the
map before making the asynchronous call, and release the reference when
the call returns.
It is also necessary to guard against reentrancy in gntdev_map_put(),
and to handle the case where userspace tries to map a mapping whose
contents have not all been freed yet.
Fixes: 745282256c75 ("xen/gntdev: safely unmap grants in case they are still in use")
Cc: stable@vger.kernel.org
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220622022726.2538-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
2022-06-22 02:27:26 +00:00
|
|
|
|
|
|
|
|
/* Number of live grants */
|
|
|
|
|
atomic_t live_grants;
|
|
|
|
|
/* Needed to avoid allocation in __unmap_grant_pages */
|
|
|
|
|
struct gntab_unmap_queue_data unmap_data;
|
2018-07-20 09:01:47 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct gntdev_grant_map *gntdev_alloc_map(struct gntdev_priv *priv, int count,
|
|
|
|
|
int dma_flags);
|
|
|
|
|
|
|
|
|
|
void gntdev_add_map(struct gntdev_priv *priv, struct gntdev_grant_map *add);
|
|
|
|
|
|
|
|
|
|
void gntdev_put_map(struct gntdev_priv *priv, struct gntdev_grant_map *map);
|
|
|
|
|
|
2019-11-07 11:15:45 +00:00
|
|
|
bool gntdev_test_page_count(unsigned int count);
|
2018-07-20 09:01:47 +00:00
|
|
|
|
|
|
|
|
int gntdev_map_grant_pages(struct gntdev_grant_map *map);
|
|
|
|
|
|
|
|
|
|
#endif
|