2018-07-20 12:01:47 +03:00
/* SPDX-License-Identifier: GPL-2.0 */
/*
* Common functionality of grant device .
*
* Copyright ( c ) 2006 - 2007 , D G Murray .
* ( c ) 2009 Gerd Hoffmann < kraxel @ redhat . com >
* ( c ) 2018 Oleksandr Andrushchenko , EPAM Systems Inc .
*/
# ifndef _GNTDEV_COMMON_H
# define _GNTDEV_COMMON_H
# include <linux/mm.h>
# include <linux/mman.h>
# include <linux/mmu_notifier.h>
# include <linux/types.h>
2020-03-23 18:15:11 +02:00
# include <xen/interface/event_channel.h>
xen/gntdev: Avoid blocking in unmap_grant_pages()
unmap_grant_pages() currently waits for the pages to no longer be used.
In https://github.com/QubesOS/qubes-issues/issues/7481, this lead to a
deadlock against i915: i915 was waiting for gntdev's MMU notifier to
finish, while gntdev was waiting for i915 to free its pages. I also
believe this is responsible for various deadlocks I have experienced in
the past.
Avoid these problems by making unmap_grant_pages async. This requires
making it return void, as any errors will not be available when the
function returns. Fortunately, the only use of the return value is a
WARN_ON(), which can be replaced by a WARN_ON when the error is
detected. Additionally, a failed call will not prevent further calls
from being made, but this is harmless.
Because unmap_grant_pages is now async, the grant handle will be sent to
INVALID_GRANT_HANDLE too late to prevent multiple unmaps of the same
handle. Instead, a separate bool array is allocated for this purpose.
This wastes memory, but stuffing this information in padding bytes is
too fragile. Furthermore, it is necessary to grab a reference to the
map before making the asynchronous call, and release the reference when
the call returns.
It is also necessary to guard against reentrancy in gntdev_map_put(),
and to handle the case where userspace tries to map a mapping whose
contents have not all been freed yet.
Fixes: 745282256c75 ("xen/gntdev: safely unmap grants in case they are still in use")
Cc: stable@vger.kernel.org
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220622022726.2538-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
2022-06-21 22:27:26 -04:00
# include <xen/grant_table.h>
2018-07-20 12:01:47 +03:00
2018-07-20 12:01:48 +03:00
struct gntdev_dmabuf_priv ;
2018-07-20 12:01:47 +03:00
struct gntdev_priv {
/* Maps with visible offsets in the file descriptor. */
struct list_head maps ;
/* lock protects maps and freeable_maps. */
struct mutex lock ;
# ifdef CONFIG_XEN_GRANT_DMA_ALLOC
/* Device for which DMA memory is allocated. */
struct device * dma_dev ;
# endif
2018-07-20 12:01:48 +03:00
# ifdef CONFIG_XEN_GNTDEV_DMABUF
struct gntdev_dmabuf_priv * dmabuf_priv ;
# endif
2018-07-20 12:01:47 +03:00
} ;
struct gntdev_unmap_notify {
int flags ;
/* Address relative to the start of the gntdev_grant_map. */
int addr ;
2020-03-23 18:15:11 +02:00
evtchn_port_t event ;
2018-07-20 12:01:47 +03:00
} ;
struct gntdev_grant_map {
2019-11-12 16:22:31 -04:00
struct mmu_interval_notifier notifier ;
2018-07-20 12:01:47 +03:00
struct list_head next ;
struct vm_area_struct * vma ;
int index ;
int count ;
int flags ;
refcount_t users ;
struct gntdev_unmap_notify notify ;
struct ioctl_gntdev_grant_ref * grants ;
struct gnttab_map_grant_ref * map_ops ;
struct gnttab_unmap_grant_ref * unmap_ops ;
struct gnttab_map_grant_ref * kmap_ops ;
struct gnttab_unmap_grant_ref * kunmap_ops ;
xen/gntdev: Avoid blocking in unmap_grant_pages()
unmap_grant_pages() currently waits for the pages to no longer be used.
In https://github.com/QubesOS/qubes-issues/issues/7481, this lead to a
deadlock against i915: i915 was waiting for gntdev's MMU notifier to
finish, while gntdev was waiting for i915 to free its pages. I also
believe this is responsible for various deadlocks I have experienced in
the past.
Avoid these problems by making unmap_grant_pages async. This requires
making it return void, as any errors will not be available when the
function returns. Fortunately, the only use of the return value is a
WARN_ON(), which can be replaced by a WARN_ON when the error is
detected. Additionally, a failed call will not prevent further calls
from being made, but this is harmless.
Because unmap_grant_pages is now async, the grant handle will be sent to
INVALID_GRANT_HANDLE too late to prevent multiple unmaps of the same
handle. Instead, a separate bool array is allocated for this purpose.
This wastes memory, but stuffing this information in padding bytes is
too fragile. Furthermore, it is necessary to grab a reference to the
map before making the asynchronous call, and release the reference when
the call returns.
It is also necessary to guard against reentrancy in gntdev_map_put(),
and to handle the case where userspace tries to map a mapping whose
contents have not all been freed yet.
Fixes: 745282256c75 ("xen/gntdev: safely unmap grants in case they are still in use")
Cc: stable@vger.kernel.org
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220622022726.2538-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
2022-06-21 22:27:26 -04:00
bool * being_removed ;
2018-07-20 12:01:47 +03:00
struct page * * pages ;
unsigned long pages_vm_start ;
# ifdef CONFIG_XEN_GRANT_DMA_ALLOC
/*
* If dmabuf_vaddr is not NULL then this mapping is backed by DMA
* capable memory .
*/
struct device * dma_dev ;
/* Flags used to create this DMA buffer: GNTDEV_DMA_FLAG_XXX. */
int dma_flags ;
void * dma_vaddr ;
dma_addr_t dma_bus_addr ;
/* Needed to avoid allocation in gnttab_dma_free_pages(). */
xen_pfn_t * frames ;
# endif
xen/gntdev: Avoid blocking in unmap_grant_pages()
unmap_grant_pages() currently waits for the pages to no longer be used.
In https://github.com/QubesOS/qubes-issues/issues/7481, this lead to a
deadlock against i915: i915 was waiting for gntdev's MMU notifier to
finish, while gntdev was waiting for i915 to free its pages. I also
believe this is responsible for various deadlocks I have experienced in
the past.
Avoid these problems by making unmap_grant_pages async. This requires
making it return void, as any errors will not be available when the
function returns. Fortunately, the only use of the return value is a
WARN_ON(), which can be replaced by a WARN_ON when the error is
detected. Additionally, a failed call will not prevent further calls
from being made, but this is harmless.
Because unmap_grant_pages is now async, the grant handle will be sent to
INVALID_GRANT_HANDLE too late to prevent multiple unmaps of the same
handle. Instead, a separate bool array is allocated for this purpose.
This wastes memory, but stuffing this information in padding bytes is
too fragile. Furthermore, it is necessary to grab a reference to the
map before making the asynchronous call, and release the reference when
the call returns.
It is also necessary to guard against reentrancy in gntdev_map_put(),
and to handle the case where userspace tries to map a mapping whose
contents have not all been freed yet.
Fixes: 745282256c75 ("xen/gntdev: safely unmap grants in case they are still in use")
Cc: stable@vger.kernel.org
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220622022726.2538-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
2022-06-21 22:27:26 -04:00
/* Number of live grants */
atomic_t live_grants ;
/* Needed to avoid allocation in __unmap_grant_pages */
struct gntab_unmap_queue_data unmap_data ;
2018-07-20 12:01:47 +03:00
} ;
struct gntdev_grant_map * gntdev_alloc_map ( struct gntdev_priv * priv , int count ,
int dma_flags ) ;
void gntdev_add_map ( struct gntdev_priv * priv , struct gntdev_grant_map * add ) ;
void gntdev_put_map ( struct gntdev_priv * priv , struct gntdev_grant_map * map ) ;
2019-11-07 12:15:45 +01:00
bool gntdev_test_page_count ( unsigned int count ) ;
2018-07-20 12:01:47 +03:00
int gntdev_map_grant_pages ( struct gntdev_grant_map * map ) ;
# endif
