From: Michael Ellerman <patch-notifications@ellerman.id.au>
To: Frederic Barrat <fbarrat@linux.ibm.com>,
andrew.donnellan@au1.ibm.com, alastair@d-silva.org,
linuxppc-dev@lists.ozlabs.org
Cc: clombard@linux.ibm.com, vaibhav@linux.ibm.com
Subject: Re: ocxl: Fix page fault handler in case of fault on dying process
Date: Wed, 11 Jul 2018 23:24:10 +1000 (AEST) [thread overview]
Message-ID: <41Qft404HLzB4MY@ozlabs.org> (raw)
In-Reply-To: <20180618121436.20479-1-fbarrat@linux.ibm.com>
On Mon, 2018-06-18 at 12:14:36 UTC, Frederic Barrat wrote:
> If a process exits without doing proper cleanup, there's a window
> where an opencapi device can try to access the memory of the dying
> process and may trigger a page fault. That's an expected scenario and
> the ocxl driver holds a reference on the mm_struct of the process
> until the opencapi device is notified of the process exiting.
> However, if mm_users is already at 0, i.e. the address space of the
> process has already been destroyed, the driver shouldn't try resolving
> the page fault, as it will fail, but it can also try accessing already
> freed data.
>
> It is fixed by only calling the bottom half of the page fault handler
> if mm_users is greater than 0 and get a reference on mm_users instead
> of mm_count. Otherwise, we can safely return a translation fault to
> the device, as its associated memory context is being removed. The
> opencapi device will be properly cleaned up shortly after when closing
> the file descriptors.
>
> Fixes: 5ef3166e8a32 ("ocxl: Driver code for 'generic' opencapi devices")
> Cc: stable@vger.kernel.org # v4.16+
> Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com>
> Reviewed-By: Alastair D'Silva <alastair@d-silva.org>
> Acked-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/d497ebf5fb3a026c0817f8c96cde57
cheers
prev parent reply other threads:[~2018-07-11 13:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-18 12:14 [PATCH] ocxl: Fix page fault handler in case of fault on dying process Frederic Barrat
2018-06-20 1:39 ` Alastair D'Silva
2018-06-21 8:07 ` Andrew Donnellan
2018-07-11 13:24 ` Michael Ellerman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41Qft404HLzB4MY@ozlabs.org \
--to=patch-notifications@ellerman.id.au \
--cc=alastair@d-silva.org \
--cc=andrew.donnellan@au1.ibm.com \
--cc=clombard@linux.ibm.com \
--cc=fbarrat@linux.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=vaibhav@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.