| From akaher@vmware.com Mon Aug 5 08:01:12 2019 |
| From: Ajay Kaher <akaher@vmware.com> |
| Date: Sun, 4 Aug 2019 09:29:26 +0530 |
| Subject: infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping |
| To: <aarcange@redhat.com>, <jannh@google.com>, <oleg@redhat.com>, <peterx@redhat.com>, <rppt@linux.ibm.com>, <jgg@mellanox.com>, <mhocko@suse.com> |
| Cc: srinidhir@vmware.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, amakhalov@vmware.com, sean.hefty@intel.com, srivatsa@csail.mit.edu, srivatsab@vmware.com, devel@driverdev.osuosl.org, linux-rdma@vger.kernel.org, bvikas@vmware.com, dledford@redhat.com, akaher@vmware.com, riandrews@android.com, hal.rosenstock@gmail.com, vsirnapalli@vmware.com, leonro@mellanox.com, jglisse@redhat.com, viro@zeniv.linux.org.uk, gregkh@linuxfoundation.org, yishaih@mellanox.com, matanb@mellanox.com, stable@vger.kernel.org, arve@android.com, linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org, torvalds@linux-foundation.org, mike.kravetz@oracle.com |
| Message-ID: <1564891168-30016-2-git-send-email-akaher@vmware.com> |
| |
| From: Ajay Kaher <akaher@vmware.com> |
| |
| This patch is the extension of following upstream commit to fix |
| the race condition between get_task_mm() and core dumping |
| for IB->mlx4 and IB->mlx5 drivers: |
| |
| commit 04f5866e41fb ("coredump: fix race condition between |
| mmget_not_zero()/get_task_mm() and core dumping")' |
| |
| Thanks to Jason for pointing this. |
| |
| Signed-off-by: Ajay Kaher <akaher@vmware.com> |
| Reviewed-by: Jason Gunthorpe <jgg@mellanox.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/infiniband/hw/mlx4/main.c | 4 +++- |
| drivers/infiniband/hw/mlx5/main.c | 3 +++ |
| 2 files changed, 6 insertions(+), 1 deletion(-) |
| |
| --- a/drivers/infiniband/hw/mlx4/main.c |
| +++ b/drivers/infiniband/hw/mlx4/main.c |
| @@ -1172,6 +1172,8 @@ static void mlx4_ib_disassociate_ucontex |
| * mlx4_ib_vma_close(). |
| */ |
| down_write(&owning_mm->mmap_sem); |
| + if (!mmget_still_valid(owning_mm)) |
| + goto skip_mm; |
| for (i = 0; i < HW_BAR_COUNT; i++) { |
| vma = context->hw_bar_info[i].vma; |
| if (!vma) |
| @@ -1190,7 +1192,7 @@ static void mlx4_ib_disassociate_ucontex |
| /* context going to be destroyed, should not access ops any more */ |
| context->hw_bar_info[i].vma->vm_ops = NULL; |
| } |
| - |
| +skip_mm: |
| up_write(&owning_mm->mmap_sem); |
| mmput(owning_mm); |
| put_task_struct(owning_process); |
| --- a/drivers/infiniband/hw/mlx5/main.c |
| +++ b/drivers/infiniband/hw/mlx5/main.c |
| @@ -1307,6 +1307,8 @@ static void mlx5_ib_disassociate_ucontex |
| * mlx5_ib_vma_close. |
| */ |
| down_write(&owning_mm->mmap_sem); |
| + if (!mmget_still_valid(owning_mm)) |
| + goto skip_mm; |
| list_for_each_entry_safe(vma_private, n, &context->vma_private_list, |
| list) { |
| vma = vma_private->vma; |
| @@ -1321,6 +1323,7 @@ static void mlx5_ib_disassociate_ucontex |
| list_del(&vma_private->list); |
| kfree(vma_private); |
| } |
| +skip_mm: |
| up_write(&owning_mm->mmap_sem); |
| mmput(owning_mm); |
| put_task_struct(owning_process); |
