Hi, Jean and Baolu, On Fri, Apr 29, 2022 at 03:34:36PM +0100, Jean-Philippe Brucker wrote: > On Fri, Apr 29, 2022 at 06:51:17AM -0700, Fenghua Yu wrote: > > Hi, Baolu, > > > > On Fri, Apr 29, 2022 at 03:53:57PM +0800, Baolu Lu wrote: > > > On 2022/4/28 16:39, Jean-Philippe Brucker wrote: > > > > > The address space is what the OOM killer is after. That gets > > > > > refcounted > > > > > with mmget()/mmput()/mm->mm_users. The OOM killer is satiated by the > > > > > page freeing done in __mmput()->exit_mmap(). > > > > > > > > > > Also, all the VMAs should be gone after exit_mmap(). So, even if > > > > > vma->vm_file was holding a reference to a device driver, that > > > > > reference > > > > > should be gone by the time __mmdrop() is actually freeing the PASID. > > > > > > > > I agree with all that. The concern was about tearing down the PASID in > > > > the > > > > IOMMU and device from the release() MMU notifier, which would happen in > > > > exit_mmap(). But doing the teardown at or before __mmdrop() is fine. And > > > > since the IOMMU drivers need to hold mm->mm_count anyway between bind() > > > > and unbind(), I think Fenghua's fix works. > > > > > > But I didn't find mmgrab()/mmdrop() get called in both arm and intel > > > IOMMU drivers. > > > > > > $ git grep mmgrab drivers/iommu/ > > > [no output] > > > > > > Do we need to add these in a separated fix patch, or I missed anything > > > here? > > > > On both ARM and X86, sva_bind() calls mmu_notifier_register()->mmgrab() and > > sva_unbind() calls mmu_notifier_unregister()/mmu_notifier_put()->mmdrop(). > > Yes, although for Arm I realized the mmu_notifier grab wasn't sufficient > so I sent a separate fix that should go in 5.18 as well > https://lore.kernel.org/linux-iommu/[email protected]/ > The Arm driver still touches the arch mm context after mmu_notifier_put(). > I don't think X86 has that problem.
I think so too. On X86, the mm is not used after mmu_notifier_unregister(). In case of supervisor mode SVM (i.e. svm is bound to init_mm), the code is right too because init_mm and its PASID cannot be dropped and mmu_notifier_register()/mmu_notifier_unregister() are not called. So I think no extra fix patch is needed on X86. Thanks. -Fenghua _______________________________________________ iommu mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/iommu
