From: Ajay Kaher <akaher@vmware.com>
To: aarcange@redhat.com, jannh@google.com, oleg@redhat.com,
peterx@redhat.com, rppt@linux.ibm.com, jgg@mellanox.com,
mhocko@suse.com
Cc: jglisse@redhat.com, akpm@linux-foundation.org,
mike.kravetz@oracle.com, viro@zeniv.linux.org.uk,
riandrews@android.com, arve@android.com, yishaih@mellanox.com,
dledford@redhat.com, sean.hefty@intel.com,
hal.rosenstock@gmail.com, matanb@mellanox.com,
leonro@mellanox.com, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, devel@driverdev.osuosl.org,
linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org, akaher@vmware.com, srivatsab@vmware.com,
amakhalov@vmware.com
Subject: [PATCH v4 2/3][v4.9.y] coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
Date: Tue, 25 Jun 2019 02:33:04 +0530 [thread overview]
Message-ID: <1561410186-3919-2-git-send-email-akaher@vmware.com> (raw)
In-Reply-To: <1561410186-3919-1-git-send-email-akaher@vmware.com>
This patch is the extension of following upstream commit to fix
the race condition between get_task_mm() and core dumping
for IB->mlx4 and IB->mlx5 drivers:
commit 04f5866e41fb ("coredump: fix race condition between
mmget_not_zero()/get_task_mm() and core dumping")'
Thanks to Jason for pointing this.
Signed-off-by: Ajay Kaher <akaher@vmware.com>
---
drivers/infiniband/hw/mlx4/main.c | 4 +++-
drivers/infiniband/hw/mlx5/main.c | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c
index 8d59a59..7ccf722 100644
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -1172,6 +1172,8 @@ static void mlx4_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
* mlx4_ib_vma_close().
*/
down_write(&owning_mm->mmap_sem);
+ if (!mmget_still_valid(owning_mm))
+ goto skip_mm;
for (i = 0; i < HW_BAR_COUNT; i++) {
vma = context->hw_bar_info[i].vma;
if (!vma)
@@ -1190,7 +1192,7 @@ static void mlx4_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
/* context going to be destroyed, should not access ops any more */
context->hw_bar_info[i].vma->vm_ops = NULL;
}
-
+skip_mm:
up_write(&owning_mm->mmap_sem);
mmput(owning_mm);
put_task_struct(owning_process);
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index b1daf5c..f94df0e 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -1307,6 +1307,8 @@ static void mlx5_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
* mlx5_ib_vma_close.
*/
down_write(&owning_mm->mmap_sem);
+ if (!mmget_still_valid(owning_mm))
+ goto skip_mm;
list_for_each_entry_safe(vma_private, n, &context->vma_private_list,
list) {
vma = vma_private->vma;
@@ -1321,6 +1323,7 @@ static void mlx5_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
list_del(&vma_private->list);
kfree(vma_private);
}
+skip_mm:
up_write(&owning_mm->mmap_sem);
mmput(owning_mm);
put_task_struct(owning_process);
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Ajay Kaher <akaher@vmware.com>
To: <aarcange@redhat.com>, <jannh@google.com>, <oleg@redhat.com>,
<peterx@redhat.com>, <rppt@linux.ibm.com>, <jgg@mellanox.com>,
<mhocko@suse.com>
Cc: <jglisse@redhat.com>, <akpm@linux-foundation.org>,
<mike.kravetz@oracle.com>, <viro@zeniv.linux.org.uk>,
<riandrews@android.com>, <arve@android.com>,
<yishaih@mellanox.com>, <dledford@redhat.com>,
<sean.hefty@intel.com>, <hal.rosenstock@gmail.com>,
<matanb@mellanox.com>, <leonro@mellanox.com>,
<linux-fsdevel@vger.kernel.org>, <linux-mm@kvack.org>,
<devel@driverdev.osuosl.org>, <linux-rdma@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>,
<akaher@vmware.com>, <srivatsab@vmware.com>,
<amakhalov@vmware.com>
Subject: [PATCH v4 2/3][v4.9.y] coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
Date: Tue, 25 Jun 2019 02:33:04 +0530 [thread overview]
Message-ID: <1561410186-3919-2-git-send-email-akaher@vmware.com> (raw)
In-Reply-To: <1561410186-3919-1-git-send-email-akaher@vmware.com>
This patch is the extension of following upstream commit to fix
the race condition between get_task_mm() and core dumping
for IB->mlx4 and IB->mlx5 drivers:
commit 04f5866e41fb ("coredump: fix race condition between
mmget_not_zero()/get_task_mm() and core dumping")'
Thanks to Jason for pointing this.
Signed-off-by: Ajay Kaher <akaher@vmware.com>
---
drivers/infiniband/hw/mlx4/main.c | 4 +++-
drivers/infiniband/hw/mlx5/main.c | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c
index 8d59a59..7ccf722 100644
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -1172,6 +1172,8 @@ static void mlx4_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
* mlx4_ib_vma_close().
*/
down_write(&owning_mm->mmap_sem);
+ if (!mmget_still_valid(owning_mm))
+ goto skip_mm;
for (i = 0; i < HW_BAR_COUNT; i++) {
vma = context->hw_bar_info[i].vma;
if (!vma)
@@ -1190,7 +1192,7 @@ static void mlx4_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
/* context going to be destroyed, should not access ops any more */
context->hw_bar_info[i].vma->vm_ops = NULL;
}
-
+skip_mm:
up_write(&owning_mm->mmap_sem);
mmput(owning_mm);
put_task_struct(owning_process);
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index b1daf5c..f94df0e 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -1307,6 +1307,8 @@ static void mlx5_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
* mlx5_ib_vma_close.
*/
down_write(&owning_mm->mmap_sem);
+ if (!mmget_still_valid(owning_mm))
+ goto skip_mm;
list_for_each_entry_safe(vma_private, n, &context->vma_private_list,
list) {
vma = vma_private->vma;
@@ -1321,6 +1323,7 @@ static void mlx5_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
list_del(&vma_private->list);
kfree(vma_private);
}
+skip_mm:
up_write(&owning_mm->mmap_sem);
mmput(owning_mm);
put_task_struct(owning_process);
--
2.7.4
next prev parent reply other threads:[~2019-06-24 21:03 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-24 21:03 [PATCH v4 1/3] [v4.9.y] coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping Ajay Kaher
2019-06-24 21:03 ` Ajay Kaher
2019-06-24 21:03 ` Ajay Kaher [this message]
2019-06-24 21:03 ` [PATCH v4 2/3][v4.9.y] " Ajay Kaher
2019-06-24 13:12 ` Jason Gunthorpe
2019-06-24 13:12 ` Jason Gunthorpe
2019-06-24 21:03 ` [PATCH v4 3/3] [v4.9.y] " Ajay Kaher
2019-06-24 21:03 ` Ajay Kaher
2019-06-24 21:03 ` [PATCH v4 0/3] " Ajay Kaher
2019-06-24 21:03 ` Ajay Kaher
2019-06-24 20:21 ` Sasha Levin
2019-06-24 20:21 ` Sasha Levin
2019-06-25 6:10 ` Ajay Kaher
2019-06-25 6:10 ` Ajay Kaher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1561410186-3919-2-git-send-email-akaher@vmware.com \
--to=akaher@vmware.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=amakhalov@vmware.com \
--cc=arve@android.com \
--cc=devel@driverdev.osuosl.org \
--cc=dledford@redhat.com \
--cc=hal.rosenstock@gmail.com \
--cc=jannh@google.com \
--cc=jgg@mellanox.com \
--cc=jglisse@redhat.com \
--cc=leonro@mellanox.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-rdma@vger.kernel.org \
--cc=matanb@mellanox.com \
--cc=mhocko@suse.com \
--cc=mike.kravetz@oracle.com \
--cc=oleg@redhat.com \
--cc=peterx@redhat.com \
--cc=riandrews@android.com \
--cc=rppt@linux.ibm.com \
--cc=sean.hefty@intel.com \
--cc=srivatsab@vmware.com \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=yishaih@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.