Jason Gunthorpe writes:
> On Mon, Sep 26, 2022 at 04:03:06PM +1000, Alistair Popple wrote:
>> Since 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page
>> refcount") device private pages have no longer had an extra reference
>> count when the page is in use. However before handing them
Felix Kuehling writes:
> On 2022-09-26 17:35, Lyude Paul wrote:
>> On Mon, 2022-09-26 at 16:03 +1000, Alistair Popple wrote:
>>> When the module is unloaded or a GPU is unbound from the module it is
>>> possible for device private pages to be left mapped in currently running
>>> processes.
John Hubbard writes:
> On 9/26/22 14:35, Lyude Paul wrote:
>>> + for (i = 0; i < npages; i++) {
>>> + if (src_pfns[i] & MIGRATE_PFN_MIGRATE) {
>>> + struct page *dpage;
>>> +
>>> + /*
>>> +* _GFP_NOFAIL because the GPU is
On 2022-09-26 17:35, Lyude Paul wrote:
On Mon, 2022-09-26 at 16:03 +1000, Alistair Popple wrote:
When the module is unloaded or a GPU is unbound from the module it is
possible for device private pages to be left mapped in currently running
processes. This leads to a kernel crash when the
On 9/26/22 14:35, Lyude Paul wrote:
>> +for (i = 0; i < npages; i++) {
>> +if (src_pfns[i] & MIGRATE_PFN_MIGRATE) {
>> +struct page *dpage;
>> +
>> +/*
>> + * _GFP_NOFAIL because the GPU is going away and there
>> +
When build Linux kernel with 'make C=2', encounter the following warnings:
./drivers/gpu/drm/nouveau/dispnv50/disp.c:134:34: warning: cast removes address
space '__iomem' of expression
./drivers/gpu/drm/nouveau/dispnv50/disp.c:197:34: warning: cast removes address
space '__iomem' of expression
The symbol is not used outside of the file, so mark it static.
Fixes the following warning:
./drivers/gpu/drm/nouveau/nvkm/engine/disp/gv100.c:591:1: warning:
symbol 'gv100_disp_core_mthd_base' was not declared. Should it be static?
Signed-off-by: ruanjinjie
---
On Mon, 2022-09-26 at 16:03 +1000, Alistair Popple wrote:
> When the module is unloaded or a GPU is unbound from the module it is
> possible for device private pages to be left mapped in currently running
> processes. This leads to a kernel crash when the pages are either freed
> or accessed from
On Mon, 2022-09-26 at 16:03 +1000, Alistair Popple wrote:
> nouveau_dmem_fault_copy_one() is used during handling of CPU faults via
> the migrate_to_ram() callback and is used to copy data from GPU to CPU
> memory. It is currently specific to fault handling, however a future
> patch implementing
On Mon, Sep 26, 2022 at 04:03:06PM +1000, Alistair Popple wrote:
> Since 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page
> refcount") device private pages have no longer had an extra reference
> count when the page is in use. However before handing them back to the
> owning device
Hi
Am 26.09.22 um 14:42 schrieb Maxime Ripard:
On Mon, Sep 26, 2022 at 01:17:52PM +0200, Thomas Zimmermann wrote:
Hi
Am 26.09.22 um 12:34 schrieb Geert Uytterhoeven:
Hi Maxime,
On Mon, Sep 26, 2022 at 12:17 PM Maxime Ripard wrote:
On Fri, Sep 23, 2022 at 11:05:48AM +0200, Thomas
Den 26.09.2022 12.01, skrev Maxime Ripard:
> On Sat, Sep 24, 2022 at 05:52:29PM +0200, Noralf Trønnes wrote:
>> Den 22.09.2022 16.25, skrev Maxime Ripard:
>>> The TV mode property has been around for a while now to select and get the
>>> current TV mode output on an analog TV connector.
>>>
>>>
On Mon, Sep 26, 2022 at 01:17:52PM +0200, Thomas Zimmermann wrote:
> Hi
>
> Am 26.09.22 um 12:34 schrieb Geert Uytterhoeven:
> > Hi Maxime,
> >
> > On Mon, Sep 26, 2022 at 12:17 PM Maxime Ripard wrote:
> > > On Fri, Sep 23, 2022 at 11:05:48AM +0200, Thomas Zimmermann wrote:
> > > > > + /*
Hi
Am 26.09.22 um 11:50 schrieb Maxime Ripard:
Hi Thomas,
On Fri, Sep 23, 2022 at 10:19:08AM +0200, Thomas Zimmermann wrote:
Hi
Am 22.09.22 um 16:25 schrieb Maxime Ripard:
The current tv_mode has driver-specific values that don't allow to
easily share code using it, either at the userspace
Den 26.09.2022 11.36, skrev Maxime Ripard:
> Hi Noralf,
>
> On Sat, Sep 24, 2022 at 08:06:17PM +0200, Noralf Trønnes wrote:
>> Den 24.09.2022 19.56, skrev Noralf Trønnes:
>>>
>>>
>>> Den 22.09.2022 16.25, skrev Maxime Ripard:
As the number of kunit tests in KMS grows further, we start to
Hi
Am 26.09.22 um 12:34 schrieb Geert Uytterhoeven:
Hi Maxime,
On Mon, Sep 26, 2022 at 12:17 PM Maxime Ripard wrote:
On Fri, Sep 23, 2022 at 11:05:48AM +0200, Thomas Zimmermann wrote:
+ /* 63.556us * 13.5MHz = 858 pixels */
I kind of get what the comment wants to tell me, but the units
Hi
Am 26.09.22 um 12:18 schrieb Maxime Ripard:
On Fri, Sep 23, 2022 at 12:16:13PM +0200, Thomas Zimmermann wrote:
Hi
Am 23.09.22 um 11:18 schrieb Jani Nikula:
On Fri, 23 Sep 2022, Thomas Zimmermann wrote:
Am 22.09.22 um 16:25 schrieb Maxime Ripard:
+ drm_dbg_kms(dev,
+
Hi Maxime,
On Mon, Sep 26, 2022 at 12:17 PM Maxime Ripard wrote:
> On Fri, Sep 23, 2022 at 11:05:48AM +0200, Thomas Zimmermann wrote:
> > > + /* 63.556us * 13.5MHz = 858 pixels */
> >
> > I kind of get what the comment wants to tell me, but the units don't add up.
>
> I'm not sure how it
On Fri, Sep 23, 2022 at 12:16:13PM +0200, Thomas Zimmermann wrote:
> Hi
>
> Am 23.09.22 um 11:18 schrieb Jani Nikula:
> > On Fri, 23 Sep 2022, Thomas Zimmermann wrote:
> > > Am 22.09.22 um 16:25 schrieb Maxime Ripard:
> > > > + drm_dbg_kms(dev,
> > > > + "Generating a
Hi,
On Fri, Sep 23, 2022 at 11:05:48AM +0200, Thomas Zimmermann wrote:
> > + /* 63.556us * 13.5MHz = 858 pixels */
>
> I kind of get what the comment wants to tell me, but the units don't add up.
I'm not sure how it doesn't add up?
We have a frequency in Hz (equivalent to s^-1) and a
On Sat, Sep 24, 2022 at 05:52:29PM +0200, Noralf Trønnes wrote:
> Den 22.09.2022 16.25, skrev Maxime Ripard:
> > The TV mode property has been around for a while now to select and get the
> > current TV mode output on an analog TV connector.
> >
> > Despite that property name being generic, its
Hi Thomas,
On Fri, Sep 23, 2022 at 10:19:08AM +0200, Thomas Zimmermann wrote:
> Hi
>
> Am 22.09.22 um 16:25 schrieb Maxime Ripard:
> > The current tv_mode has driver-specific values that don't allow to
> > easily share code using it, either at the userspace or kernel level.
> >
> > Since we're
Hi Noralf,
On Sat, Sep 24, 2022 at 08:06:17PM +0200, Noralf Trønnes wrote:
> Den 24.09.2022 19.56, skrev Noralf Trønnes:
> >
> >
> > Den 22.09.2022 16.25, skrev Maxime Ripard:
> >> As the number of kunit tests in KMS grows further, we start to have
> >> multiple test suites that, for example,
Signed-off-by: Alistair Popple
---
lib/test_hmm.c | 119 +-
lib/test_hmm_uapi.h| 1 +-
tools/testing/selftests/vm/hmm-tests.c | 49 +++-
3 files changed, 148 insertions(+), 21 deletions(-)
diff --git a/lib/test_hmm.c
When the module is unloaded or a GPU is unbound from the module it is
possible for device private pages to be left mapped in currently running
processes. This leads to a kernel crash when the pages are either freed
or accessed from the CPU because the GPU and associated data structures
and
nouveau_dmem_fault_copy_one() is used during handling of CPU faults via
the migrate_to_ram() callback and is used to copy data from GPU to CPU
memory. It is currently specific to fault handling, however a future
patch implementing eviction of data during teardown needs similar
functionality.
Device drivers can use the migrate_vma family of functions to migrate
existing private anonymous mappings to device private pages. These pages
are backed by memory on the device with drivers being responsible for
copying data to and from device memory.
Device private pages are freed via the
migrate_device_coherent_page() reuses the existing migrate_vma family of
functions to migrate a specific page without providing a valid mapping
or vma. This looks a bit odd because it means we are calling
migrate_vma_*() without setting a valid vma, however it was considered
acceptable at the time
Since 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page
refcount") device private pages have no longer had an extra reference
count when the page is in use. However before handing them back to the
owning device driver we add an extra reference count such that free
pages have a reference
When the CPU tries to access a device private page the migrate_to_ram()
callback associated with the pgmap for the page is called. However no
reference is taken on the faulting page. Therefore a concurrent
migration of the device private page can free the page and possibly the
underlying pgmap.
This series aims to fix a number of page reference counting issues in drivers
dealing with device private ZONE_DEVICE pages. These result in use-after-free
type bugs, either from accessing a struct page which no longer exists because it
has been removed or accessing fields within the struct page
31 matches
Mail list logo
