projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| 205ab887 GKH |
1 | From akaher@vmware.com Mon Aug 5 08:01:12 2019 |
| 2 | From: Ajay Kaher <akaher@vmware.com> | |
| 3 | Date: Sun, 4 Aug 2019 09:29:26 +0530 | |
| 4 | Subject: infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping | |
| 5 | To: <aarcange@redhat.com>, <jannh@google.com>, <oleg@redhat.com>, <peterx@redhat.com>, <rppt@linux.ibm.com>, <jgg@mellanox.com>, <mhocko@suse.com> | |
| 6 | Cc: srinidhir@vmware.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, amakhalov@vmware.com, sean.hefty@intel.com, srivatsa@csail.mit.edu, srivatsab@vmware.com, devel@driverdev.osuosl.org, linux-rdma@vger.kernel.org, bvikas@vmware.com, dledford@redhat.com, akaher@vmware.com, riandrews@android.com, hal.rosenstock@gmail.com, vsirnapalli@vmware.com, leonro@mellanox.com, jglisse@redhat.com, viro@zeniv.linux.org.uk, gregkh@linuxfoundation.org, yishaih@mellanox.com, matanb@mellanox.com, stable@vger.kernel.org, arve@android.com, linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org, torvalds@linux-foundation.org, mike.kravetz@oracle.com | |
| 7 | Message-ID: <1564891168-30016-2-git-send-email-akaher@vmware.com> | |
| 8 | ||
| 9 | From: Ajay Kaher <akaher@vmware.com> | |
| 10 | ||
| 11 | This patch is the extension of following upstream commit to fix | |
| 12 | the race condition between get_task_mm() and core dumping | |
| 13 | for IB->mlx4 and IB->mlx5 drivers: | |
| 14 | ||
| 15 | commit 04f5866e41fb ("coredump: fix race condition between | |
| 16 | mmget_not_zero()/get_task_mm() and core dumping")' | |
| 17 | ||
| 18 | Thanks to Jason for pointing this. | |
| 19 | ||
| 20 | Signed-off-by: Ajay Kaher <akaher@vmware.com> | |
| 21 | Reviewed-by: Jason Gunthorpe <jgg@mellanox.com> | |
| 22 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 23 | --- | |
| 24 | drivers/infiniband/hw/mlx4/main.c | 4 +++- | |
| 25 | drivers/infiniband/hw/mlx5/main.c | 3 +++ | |
| 26 | 2 files changed, 6 insertions(+), 1 deletion(-) | |
| 27 | ||
| 28 | --- a/drivers/infiniband/hw/mlx4/main.c | |
| 29 | +++ b/drivers/infiniband/hw/mlx4/main.c | |
| 30 | @@ -1172,6 +1172,8 @@ static void mlx4_ib_disassociate_ucontex | |
| 31 | * mlx4_ib_vma_close(). | |
| 32 | */ | |
| 33 | down_write(&owning_mm->mmap_sem); | |
| 34 | + if (!mmget_still_valid(owning_mm)) | |
| 35 | + goto skip_mm; | |
| 36 | for (i = 0; i < HW_BAR_COUNT; i++) { | |
| 37 | vma = context->hw_bar_info[i].vma; | |
| 38 | if (!vma) | |
| 39 | @@ -1190,7 +1192,7 @@ static void mlx4_ib_disassociate_ucontex | |
| 40 | /* context going to be destroyed, should not access ops any more */ | |
| 41 | context->hw_bar_info[i].vma->vm_ops = NULL; | |
| 42 | } | |
| 43 | - | |
| 44 | +skip_mm: | |
| 45 | up_write(&owning_mm->mmap_sem); | |
| 46 | mmput(owning_mm); | |
| 47 | put_task_struct(owning_process); | |
| 48 | --- a/drivers/infiniband/hw/mlx5/main.c | |
| 49 | +++ b/drivers/infiniband/hw/mlx5/main.c | |
| 50 | @@ -1307,6 +1307,8 @@ static void mlx5_ib_disassociate_ucontex | |
| 51 | * mlx5_ib_vma_close. | |
| 52 | */ | |
| 53 | down_write(&owning_mm->mmap_sem); | |
| 54 | + if (!mmget_still_valid(owning_mm)) | |
| 55 | + goto skip_mm; | |
| 56 | list_for_each_entry_safe(vma_private, n, &context->vma_private_list, | |
| 57 | list) { | |
| 58 | vma = vma_private->vma; | |
| 59 | @@ -1321,6 +1323,7 @@ static void mlx5_ib_disassociate_ucontex | |
| 60 | list_del(&vma_private->list); | |
| 61 | kfree(vma_private); | |
| 62 | } | |
| 63 | +skip_mm: | |
| 64 | up_write(&owning_mm->mmap_sem); | |
| 65 | mmput(owning_mm); | |
| 66 | put_task_struct(owning_process); |