71fb40ae9b
[ Upstream commit 0d979509539ed1df883a30d442177ca7be609565 ]
The huge page functionality in TTM does not work safely because PUD and
PMD entries do not have a special bit.
get_user_pages_fast() considers any page that passed pmd_huge() as
usable:
if (unlikely(pmd_trans_huge(pmd) || pmd_huge(pmd) ||
pmd_devmap(pmd))) {
And vmf_insert_pfn_pmd_prot() unconditionally sets
entry = pmd_mkhuge(pfn_t_pmd(pfn, prot));
eg on x86 the page will be _PAGE_PRESENT | PAGE_PSE.
As such gup_huge_pmd() will try to deref a struct page:
head = try_grab_compound_head(pmd_page(orig), refs, flags);
and thus crash.
Thomas further notices that the drivers are not expecting the struct page
to be used by anything - in particular the refcount incr above will cause
them to malfunction.
Thus everything about this is not able to fully work correctly considering
GUP_fast. Delete it entirely. It can return someday along with a proper
PMD/PUD_SPECIAL bit in the page table itself to gate GUP_fast.
Fixes:
|
||
|---|---|---|
| .. | ||
| ttm_bo_api.h | ||
| ttm_bo_driver.h | ||
| ttm_caching.h | ||
| ttm_device.h | ||
| ttm_execbuf_util.h | ||
| ttm_kmap_iter.h | ||
| ttm_placement.h | ||
| ttm_pool.h | ||
| ttm_range_manager.h | ||
| ttm_resource.h | ||
| ttm_tt.h | ||