[10/22] memremap: add a migrate callback to struct dev_pagemap_ops

Submitted by Christoph Hellwig on June 13, 2019, 9:43 a.m.

Details

Message ID 20190613094326.24093-11-hch@lst.de
State New
Headers show
Series "Series without cover letter" ( rev: 3 2 1 ) in Nouveau

Not browsing as part of any series.

Commit Message

Christoph Hellwig June 13, 2019, 9:43 a.m.
This replaces the hacky ->fault callback, which is currently directly
called from common code through a hmm specific data structure as an
exercise in layering violations.

Signed-off-by: Christoph Hellwig <hch@lst.de>
---
 include/linux/hmm.h      |  6 ------
 include/linux/memremap.h |  6 ++++++
 include/linux/swapops.h  | 15 ---------------
 kernel/memremap.c        | 31 -------------------------------
 mm/hmm.c                 | 13 +++++--------
 mm/memory.c              |  9 ++-------
 6 files changed, 13 insertions(+), 67 deletions(-)

Patch hide | download patch | download mbox

diff --git a/include/linux/hmm.h b/include/linux/hmm.h
index 5761a39221a6..3c9a59dbfdb8 100644
--- a/include/linux/hmm.h
+++ b/include/linux/hmm.h
@@ -658,11 +658,6 @@  struct hmm_devmem_ops {
  * chunk, as an optimization. It must, however, prioritize the faulting address
  * over all the others.
  */
-typedef vm_fault_t (*dev_page_fault_t)(struct vm_area_struct *vma,
-				unsigned long addr,
-				const struct page *page,
-				unsigned int flags,
-				pmd_t *pmdp);
 
 struct hmm_devmem {
 	struct completion		completion;
@@ -673,7 +668,6 @@  struct hmm_devmem {
 	struct dev_pagemap		pagemap;
 	const struct hmm_devmem_ops	*ops;
 	struct percpu_ref		ref;
-	dev_page_fault_t		page_fault;
 };
 
 /*
diff --git a/include/linux/memremap.h b/include/linux/memremap.h
index 96a3a6d564ad..03a4099be701 100644
--- a/include/linux/memremap.h
+++ b/include/linux/memremap.h
@@ -75,6 +75,12 @@  struct dev_pagemap_ops {
 	 * Transition the percpu_ref in struct dev_pagemap to the dead state.
 	 */
 	void (*kill)(struct dev_pagemap *pgmap);
+
+	/*
+	 * Used for private (un-addressable) device memory only.  Must migrate
+	 * the page back to a CPU accessible page.
+	 */
+	vm_fault_t (*migrate)(struct vm_fault *vmf);
 };
 
 /**
diff --git a/include/linux/swapops.h b/include/linux/swapops.h
index 4d961668e5fc..15bdb6fe71e5 100644
--- a/include/linux/swapops.h
+++ b/include/linux/swapops.h
@@ -129,12 +129,6 @@  static inline struct page *device_private_entry_to_page(swp_entry_t entry)
 {
 	return pfn_to_page(swp_offset(entry));
 }
-
-vm_fault_t device_private_entry_fault(struct vm_area_struct *vma,
-		       unsigned long addr,
-		       swp_entry_t entry,
-		       unsigned int flags,
-		       pmd_t *pmdp);
 #else /* CONFIG_DEVICE_PRIVATE */
 static inline swp_entry_t make_device_private_entry(struct page *page, bool write)
 {
@@ -164,15 +158,6 @@  static inline struct page *device_private_entry_to_page(swp_entry_t entry)
 {
 	return NULL;
 }
-
-static inline vm_fault_t device_private_entry_fault(struct vm_area_struct *vma,
-				     unsigned long addr,
-				     swp_entry_t entry,
-				     unsigned int flags,
-				     pmd_t *pmdp)
-{
-	return VM_FAULT_SIGBUS;
-}
 #endif /* CONFIG_DEVICE_PRIVATE */
 
 #ifdef CONFIG_MIGRATION
diff --git a/kernel/memremap.c b/kernel/memremap.c
index 6a3183cac764..7167e717647d 100644
--- a/kernel/memremap.c
+++ b/kernel/memremap.c
@@ -11,7 +11,6 @@ 
 #include <linux/types.h>
 #include <linux/wait_bit.h>
 #include <linux/xarray.h>
-#include <linux/hmm.h>
 
 static DEFINE_XARRAY(pgmap_array);
 #define SECTION_MASK ~((1UL << PA_SECTION_SHIFT) - 1)
@@ -48,36 +47,6 @@  static inline int dev_pagemap_enable(struct device *dev)
 }
 #endif /* CONFIG_DEV_PAGEMAP_OPS */
 
-#if IS_ENABLED(CONFIG_DEVICE_PRIVATE)
-vm_fault_t device_private_entry_fault(struct vm_area_struct *vma,
-		       unsigned long addr,
-		       swp_entry_t entry,
-		       unsigned int flags,
-		       pmd_t *pmdp)
-{
-	struct page *page = device_private_entry_to_page(entry);
-	struct hmm_devmem *devmem;
-
-	devmem = container_of(page->pgmap, typeof(*devmem), pagemap);
-
-	/*
-	 * The page_fault() callback must migrate page back to system memory
-	 * so that CPU can access it. This might fail for various reasons
-	 * (device issue, device was unsafely unplugged, ...). When such
-	 * error conditions happen, the callback must return VM_FAULT_SIGBUS.
-	 *
-	 * Note that because memory cgroup charges are accounted to the device
-	 * memory, this should never fail because of memory restrictions (but
-	 * allocation of regular system page might still fail because we are
-	 * out of memory).
-	 *
-	 * There is a more in-depth description of what that callback can and
-	 * cannot do, in include/linux/memremap.h
-	 */
-	return devmem->page_fault(vma, addr, page, flags, pmdp);
-}
-#endif /* CONFIG_DEVICE_PRIVATE */
-
 static void pgmap_array_delete(struct resource *res)
 {
 	xa_store_range(&pgmap_array, PHYS_PFN(res->start), PHYS_PFN(res->end),
diff --git a/mm/hmm.c b/mm/hmm.c
index 6dc769feb2e1..aab799677c7d 100644
--- a/mm/hmm.c
+++ b/mm/hmm.c
@@ -1330,15 +1330,12 @@  static void hmm_devmem_ref_kill(struct dev_pagemap *pgmap)
 	percpu_ref_kill(pgmap->ref);
 }
 
-static vm_fault_t hmm_devmem_fault(struct vm_area_struct *vma,
-			    unsigned long addr,
-			    const struct page *page,
-			    unsigned int flags,
-			    pmd_t *pmdp)
+static vm_fault_t hmm_devmem_migrate(struct vm_fault *vmf)
 {
-	struct hmm_devmem *devmem = page->pgmap->data;
+	struct hmm_devmem *devmem = vmf->page->pgmap->data;
 
-	return devmem->ops->fault(devmem, vma, addr, page, flags, pmdp);
+	return devmem->ops->fault(devmem, vmf->vma, vmf->address, vmf->page,
+			vmf->flags, vmf->pmd);
 }
 
 static void hmm_devmem_free(struct page *page, void *data)
@@ -1351,6 +1348,7 @@  static void hmm_devmem_free(struct page *page, void *data)
 static const struct dev_pagemap_ops hmm_pagemap_ops = {
 	.page_free		= hmm_devmem_free,
 	.kill			= hmm_devmem_ref_kill,
+	.migrate		= hmm_devmem_migrate,
 };
 
 /*
@@ -1405,7 +1403,6 @@  struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops,
 	devmem->pfn_first = devmem->resource->start >> PAGE_SHIFT;
 	devmem->pfn_last = devmem->pfn_first +
 			   (resource_size(devmem->resource) >> PAGE_SHIFT);
-	devmem->page_fault = hmm_devmem_fault;
 
 	devmem->pagemap.type = MEMORY_DEVICE_PRIVATE;
 	devmem->pagemap.res = *devmem->resource;
diff --git a/mm/memory.c b/mm/memory.c
index ddf20bd0c317..cbf3cb598436 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2782,13 +2782,8 @@  vm_fault_t do_swap_page(struct vm_fault *vmf)
 			migration_entry_wait(vma->vm_mm, vmf->pmd,
 					     vmf->address);
 		} else if (is_device_private_entry(entry)) {
-			/*
-			 * For un-addressable device memory we call the pgmap
-			 * fault handler callback. The callback must migrate
-			 * the page back to some CPU accessible page.
-			 */
-			ret = device_private_entry_fault(vma, vmf->address, entry,
-						 vmf->flags, vmf->pmd);
+			vmf->page = device_private_entry_to_page(entry);
+			ret = page->pgmap->ops->migrate(vmf);
 		} else if (is_hwpoison_entry(entry)) {
 			ret = VM_FAULT_HWPOISON;
 		} else {

Comments

On 6/13/19 2:43 AM, Christoph Hellwig wrote:
> This replaces the hacky ->fault callback, which is currently directly
> called from common code through a hmm specific data structure as an
> exercise in layering violations.
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
>   include/linux/hmm.h      |  6 ------
>   include/linux/memremap.h |  6 ++++++
>   include/linux/swapops.h  | 15 ---------------
>   kernel/memremap.c        | 31 -------------------------------
>   mm/hmm.c                 | 13 +++++--------
>   mm/memory.c              |  9 ++-------
>   6 files changed, 13 insertions(+), 67 deletions(-)
> 
> diff --git a/include/linux/hmm.h b/include/linux/hmm.h
> index 5761a39221a6..3c9a59dbfdb8 100644
> --- a/include/linux/hmm.h
> +++ b/include/linux/hmm.h
> @@ -658,11 +658,6 @@ struct hmm_devmem_ops {
>    * chunk, as an optimization. It must, however, prioritize the faulting address
>    * over all the others.
>    */
> -typedef vm_fault_t (*dev_page_fault_t)(struct vm_area_struct *vma,
> -				unsigned long addr,
> -				const struct page *page,
> -				unsigned int flags,
> -				pmd_t *pmdp);
>   
>   struct hmm_devmem {
>   	struct completion		completion;
> @@ -673,7 +668,6 @@ struct hmm_devmem {
>   	struct dev_pagemap		pagemap;
>   	const struct hmm_devmem_ops	*ops;
>   	struct percpu_ref		ref;
> -	dev_page_fault_t		page_fault;
>   };
>   
>   /*
> diff --git a/include/linux/memremap.h b/include/linux/memremap.h
> index 96a3a6d564ad..03a4099be701 100644
> --- a/include/linux/memremap.h
> +++ b/include/linux/memremap.h
> @@ -75,6 +75,12 @@ struct dev_pagemap_ops {
>   	 * Transition the percpu_ref in struct dev_pagemap to the dead state.
>   	 */
>   	void (*kill)(struct dev_pagemap *pgmap);
> +
> +	/*
> +	 * Used for private (un-addressable) device memory only.  Must migrate
> +	 * the page back to a CPU accessible page.
> +	 */
> +	vm_fault_t (*migrate)(struct vm_fault *vmf);
>   };
>   
>   /**
> diff --git a/include/linux/swapops.h b/include/linux/swapops.h
> index 4d961668e5fc..15bdb6fe71e5 100644
> --- a/include/linux/swapops.h
> +++ b/include/linux/swapops.h
> @@ -129,12 +129,6 @@ static inline struct page *device_private_entry_to_page(swp_entry_t entry)
>   {
>   	return pfn_to_page(swp_offset(entry));
>   }
> -
> -vm_fault_t device_private_entry_fault(struct vm_area_struct *vma,
> -		       unsigned long addr,
> -		       swp_entry_t entry,
> -		       unsigned int flags,
> -		       pmd_t *pmdp);
>   #else /* CONFIG_DEVICE_PRIVATE */
>   static inline swp_entry_t make_device_private_entry(struct page *page, bool write)
>   {
> @@ -164,15 +158,6 @@ static inline struct page *device_private_entry_to_page(swp_entry_t entry)
>   {
>   	return NULL;
>   }
> -
> -static inline vm_fault_t device_private_entry_fault(struct vm_area_struct *vma,
> -				     unsigned long addr,
> -				     swp_entry_t entry,
> -				     unsigned int flags,
> -				     pmd_t *pmdp)
> -{
> -	return VM_FAULT_SIGBUS;
> -}
>   #endif /* CONFIG_DEVICE_PRIVATE */
>   
>   #ifdef CONFIG_MIGRATION
> diff --git a/kernel/memremap.c b/kernel/memremap.c
> index 6a3183cac764..7167e717647d 100644
> --- a/kernel/memremap.c
> +++ b/kernel/memremap.c
> @@ -11,7 +11,6 @@
>   #include <linux/types.h>
>   #include <linux/wait_bit.h>
>   #include <linux/xarray.h>
> -#include <linux/hmm.h>
>   
>   static DEFINE_XARRAY(pgmap_array);
>   #define SECTION_MASK ~((1UL << PA_SECTION_SHIFT) - 1)
> @@ -48,36 +47,6 @@ static inline int dev_pagemap_enable(struct device *dev)
>   }
>   #endif /* CONFIG_DEV_PAGEMAP_OPS */
>   
> -#if IS_ENABLED(CONFIG_DEVICE_PRIVATE)
> -vm_fault_t device_private_entry_fault(struct vm_area_struct *vma,
> -		       unsigned long addr,
> -		       swp_entry_t entry,
> -		       unsigned int flags,
> -		       pmd_t *pmdp)
> -{
> -	struct page *page = device_private_entry_to_page(entry);
> -	struct hmm_devmem *devmem;
> -
> -	devmem = container_of(page->pgmap, typeof(*devmem), pagemap);
> -
> -	/*
> -	 * The page_fault() callback must migrate page back to system memory
> -	 * so that CPU can access it. This might fail for various reasons
> -	 * (device issue, device was unsafely unplugged, ...). When such
> -	 * error conditions happen, the callback must return VM_FAULT_SIGBUS.
> -	 *
> -	 * Note that because memory cgroup charges are accounted to the device
> -	 * memory, this should never fail because of memory restrictions (but
> -	 * allocation of regular system page might still fail because we are
> -	 * out of memory).
> -	 *
> -	 * There is a more in-depth description of what that callback can and
> -	 * cannot do, in include/linux/memremap.h
> -	 */
> -	return devmem->page_fault(vma, addr, page, flags, pmdp);
> -}
> -#endif /* CONFIG_DEVICE_PRIVATE */
> -
>   static void pgmap_array_delete(struct resource *res)
>   {
>   	xa_store_range(&pgmap_array, PHYS_PFN(res->start), PHYS_PFN(res->end),
> diff --git a/mm/hmm.c b/mm/hmm.c
> index 6dc769feb2e1..aab799677c7d 100644
> --- a/mm/hmm.c
> +++ b/mm/hmm.c
> @@ -1330,15 +1330,12 @@ static void hmm_devmem_ref_kill(struct dev_pagemap *pgmap)
>   	percpu_ref_kill(pgmap->ref);
>   }
>   
> -static vm_fault_t hmm_devmem_fault(struct vm_area_struct *vma,
> -			    unsigned long addr,
> -			    const struct page *page,
> -			    unsigned int flags,
> -			    pmd_t *pmdp)
> +static vm_fault_t hmm_devmem_migrate(struct vm_fault *vmf)
>   {
> -	struct hmm_devmem *devmem = page->pgmap->data;
> +	struct hmm_devmem *devmem = vmf->page->pgmap->data;
>   
> -	return devmem->ops->fault(devmem, vma, addr, page, flags, pmdp);
> +	return devmem->ops->fault(devmem, vmf->vma, vmf->address, vmf->page,
> +			vmf->flags, vmf->pmd);
>   }
>   
>   static void hmm_devmem_free(struct page *page, void *data)
> @@ -1351,6 +1348,7 @@ static void hmm_devmem_free(struct page *page, void *data)
>   static const struct dev_pagemap_ops hmm_pagemap_ops = {
>   	.page_free		= hmm_devmem_free,
>   	.kill			= hmm_devmem_ref_kill,
> +	.migrate		= hmm_devmem_migrate,
>   };
>   
>   /*
> @@ -1405,7 +1403,6 @@ struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops,
>   	devmem->pfn_first = devmem->resource->start >> PAGE_SHIFT;
>   	devmem->pfn_last = devmem->pfn_first +
>   			   (resource_size(devmem->resource) >> PAGE_SHIFT);
> -	devmem->page_fault = hmm_devmem_fault;
>   
>   	devmem->pagemap.type = MEMORY_DEVICE_PRIVATE;
>   	devmem->pagemap.res = *devmem->resource;
> diff --git a/mm/memory.c b/mm/memory.c
> index ddf20bd0c317..cbf3cb598436 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -2782,13 +2782,8 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
>   			migration_entry_wait(vma->vm_mm, vmf->pmd,
>   					     vmf->address);
>   		} else if (is_device_private_entry(entry)) {
> -			/*
> -			 * For un-addressable device memory we call the pgmap
> -			 * fault handler callback. The callback must migrate
> -			 * the page back to some CPU accessible page.
> -			 */
> -			ret = device_private_entry_fault(vma, vmf->address, entry,
> -						 vmf->flags, vmf->pmd);
> +			vmf->page = device_private_entry_to_page(entry);
> +			ret = page->pgmap->ops->migrate(vmf);

This needs to either initialize "page" or be changed to "vmf->page".
Otherwise, it is a NULL pointer dereference.

>   		} else if (is_hwpoison_entry(entry)) {
>   			ret = VM_FAULT_HWPOISON;
>   		} else {
> 

You can add:
Reviewed-by: Ralph Campbell <rcampbell@nvidia.com>
On Thu, Jun 13, 2019 at 04:42:07PM -0700, Ralph Campbell wrote:
> This needs to either initialize "page" or be changed to "vmf->page".
> Otherwise, it is a NULL pointer dereference.

Thanks, fixed.