vfio: disable filesystem-dax page pinning
authorDan Williams <dan.j.williams@intel.com>
Sun, 4 Feb 2018 18:34:02 +0000 (10:34 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 9 Mar 2018 06:41:06 +0000 (22:41 -0800)
commit 94db151dc89262bfa82922c44e8320cea2334667 upstream.

Filesystem-DAX is incompatible with 'longterm' page pinning. Without
page cache indirection a DAX mapping maps filesystem blocks directly.
This means that the filesystem must not modify a file's block map while
any page in a mapping is pinned. In order to prevent the situation of
userspace holding of filesystem operations indefinitely, disallow
'longterm' Filesystem-DAX mappings.

RDMA has the same conflict and the plan there is to add a 'with lease'
mechanism to allow the kernel to notify userspace that the mapping is
being torn down for block-map maintenance. Perhaps something similar can
be put in place for vfio.

Note that xfs and ext4 still report:

   "DAX enabled. Warning: EXPERIMENTAL, use at your own risk"

...at mount time, and resolving the dax-dma-vs-truncate problem is one
of the last hurdles to remove that designation.

Acked-by: Alex Williamson <alex.williamson@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org>
Reported-by: Haozhong Zhang <haozhong.zhang@intel.com>
Tested-by: Haozhong Zhang <haozhong.zhang@intel.com>
Fixes: d475c6346a38 ("dax,ext2: replace XIP read and write with DAX I/O")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/vfio/vfio_iommu_type1.c

index 92155cce926d1c38bdfc5fb415b43ade481d1591..fb4e6a7ee52158c4d8e7b07750ab2cc29ed5641b 100644 (file)
@@ -338,11 +338,12 @@ static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr,
 {
        struct page *page[1];
        struct vm_area_struct *vma;
+       struct vm_area_struct *vmas[1];
        int ret;
 
        if (mm == current->mm) {
-               ret = get_user_pages_fast(vaddr, 1, !!(prot & IOMMU_WRITE),
-                                         page);
+               ret = get_user_pages_longterm(vaddr, 1, !!(prot & IOMMU_WRITE),
+                                             page, vmas);
        } else {
                unsigned int flags = 0;
 
@@ -351,7 +352,18 @@ static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr,
 
                down_read(&mm->mmap_sem);
                ret = get_user_pages_remote(NULL, mm, vaddr, 1, flags, page,
-                                           NULL, NULL);
+                                           vmas, NULL);
+               /*
+                * The lifetime of a vaddr_get_pfn() page pin is
+                * userspace-controlled. In the fs-dax case this could
+                * lead to indefinite stalls in filesystem operations.
+                * Disallow attempts to pin fs-dax pages via this
+                * interface.
+                */
+               if (ret > 0 && vma_is_fsdax(vmas[0])) {
+                       ret = -EOPNOTSUPP;
+                       put_page(page[0]);
+               }
                up_read(&mm->mmap_sem);
        }