queue-4.14/infiniband-fix-race-condition-between-infiniband-mlx4-mlx5-driver-and-core-dumping.patch

   1 From akaher@vmware.com  Thu Jun 20 16:25:33 2019
   2 From: Ajay Kaher <akaher@vmware.com>
   3 Date: Tue, 11 Jun 2019 02:22:17 +0530
   4 Subject: infiniband: fix race condition between infiniband mlx4, mlx5  driver and core dumping
   5 To: <aarcange@redhat.com>, <jannh@google.com>, <oleg@redhat.com>, <peterx@redhat.com>, <rppt@linux.ibm.com>, <jgg@mellanox.com>, <mhocko@suse.com>
   6 Cc: <yishaih@mellanox.com>, <dledford@redhat.com>, <sean.hefty@intel.com>, <hal.rosenstock@gmail.com>, <matanb@mellanox.com>, <leonro@mellanox.com>, <linux-rdma@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>, <akaher@vmware.com>, <srivatsab@vmware.com>, <amakhalov@vmware.com>
   7 Message-ID: <1560199937-23476-1-git-send-email-akaher@vmware.com>
   8
   9 From: Ajay Kaher <akaher@vmware.com>
  10
  11 This patch is the extension of following upstream commit to fix
  12 the race condition between get_task_mm() and core dumping
  13 for IB->mlx4 and IB->mlx5 drivers:
  14
  15 commit 04f5866e41fb ("coredump: fix race condition between
  16 mmget_not_zero()/get_task_mm() and core dumping")'
  17
  18 Thanks to Jason for pointing this.
  19
  20 Signed-off-by: Ajay Kaher <akaher@vmware.com>
  21 Acked-by: Jason Gunthorpe <jgg@mellanox.com>
  22 ---
  23  drivers/infiniband/hw/mlx4/main.c |    4 +++-
  24  drivers/infiniband/hw/mlx5/main.c |    3 +++
  25  2 files changed, 6 insertions(+), 1 deletion(-)
  26
  27 --- a/drivers/infiniband/hw/mlx4/main.c
  28 +++ b/drivers/infiniband/hw/mlx4/main.c
  29 @@ -1197,6 +1197,8 @@ static void mlx4_ib_disassociate_ucontex
  30          * mlx4_ib_vma_close().
  31          */
  32         down_write(&owning_mm->mmap_sem);
  33 +       if (!mmget_still_valid(owning_mm))
  34 +               goto skip_mm;
  35         for (i = 0; i < HW_BAR_COUNT; i++) {
  36                 vma = context->hw_bar_info[i].vma;
  37                 if (!vma)
  38 @@ -1215,7 +1217,7 @@ static void mlx4_ib_disassociate_ucontex
  39                 /* context going to be destroyed, should not access ops any more */
  40                 context->hw_bar_info[i].vma->vm_ops = NULL;
  41         }
  42 -
  43 +skip_mm:
  44         up_write(&owning_mm->mmap_sem);
  45         mmput(owning_mm);
  46         put_task_struct(owning_process);
  47 --- a/drivers/infiniband/hw/mlx5/main.c
  48 +++ b/drivers/infiniband/hw/mlx5/main.c
  49 @@ -1646,6 +1646,8 @@ static void mlx5_ib_disassociate_ucontex
  50          * mlx5_ib_vma_close.
  51          */
  52         down_write(&owning_mm->mmap_sem);
  53 +       if (!mmget_still_valid(owning_mm))
  54 +               goto skip_mm;
  55         mutex_lock(&context->vma_private_list_mutex);
  56         list_for_each_entry_safe(vma_private, n, &context->vma_private_list,
  57                                  list) {
  58 @@ -1662,6 +1664,7 @@ static void mlx5_ib_disassociate_ucontex
  59                 kfree(vma_private);
  60         }
  61         mutex_unlock(&context->vma_private_list_mutex);
  62 +skip_mm:
  63         up_write(&owning_mm->mmap_sem);
  64         mmput(owning_mm);
  65         put_task_struct(owning_process);