From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ralph Campbell <rcampbell-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
Subject: Re: [PATCH v2 hmm 01/11] mm/hmm: fix use after free with struct hmm
 in the mmu notifiers
Date: Fri, 7 Jun 2019 11:12:14 -0700
Message-ID: <377cadfa-180e-9a6a-49df-0c2c27ae6fb3@nvidia.com>
References: <20190606184438.31646-1-jgg@ziepe.ca>
 <20190606184438.31646-2-jgg@ziepe.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Content-Transfer-Encoding: base64
Return-path: <amd-gfx-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>
In-Reply-To: <20190606184438.31646-2-jgg-uk2M96/98Pc@public.gmane.org>
Content-Language: en-US
List-Id: Discussion list for AMD gfx <amd-gfx.lists.freedesktop.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/amd-gfx>,
 <mailto:amd-gfx-request-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/amd-gfx>
List-Post: <mailto:amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>
List-Help: <mailto:amd-gfx-request-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/amd-gfx>,
 <mailto:amd-gfx-request-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org?subject=subscribe>
Errors-To: amd-gfx-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
Sender: "amd-gfx" <amd-gfx-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>
To: Jason Gunthorpe <jgg-uk2M96/98Pc@public.gmane.org>, Jerome Glisse <jglisse-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, John
 Hubbard <jhubbard-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>, Felix.Kuehling-5C7GfCeVMHo@public.gmane.org
Cc: Andrea Arcangeli <aarcange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, Jason Gunthorpe <jgg-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org

CgpPbiA2LzYvMTkgMTE6NDQgQU0sIEphc29uIEd1bnRob3JwZSB3cm90ZToKPiBGcm9tOiBKYXNv
biBHdW50aG9ycGUgPGpnZ0BtZWxsYW5veC5jb20+Cj4gCj4gbW11X25vdGlmaWVyX3VucmVnaXN0
ZXJfbm9fcmVsZWFzZSgpIGlzIG5vdCBhIGZlbmNlIGFuZCB0aGUgbW11X25vdGlmaWVyCj4gc3lz
dGVtIHdpbGwgY29udGludWUgdG8gcmVmZXJlbmNlIGhtbS0+bW4gdW50aWwgdGhlIHNyY3UgZ3Jh
Y2UgcGVyaW9kCj4gZXhwaXJlcy4KPiAKPiBSZXN1bHRpbmcgaW4gdXNlIGFmdGVyIGZyZWUgcmFj
ZXMgbGlrZSB0aGlzOgo+IAo+ICAgICAgICAgICBDUFUwICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIENQVTEKPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBfX21tdV9ub3RpZmllcl9pbnZhbGlkYXRlX3JhbmdlX3N0YXJ0KCkKPiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNyY3VfcmVhZF9s
b2NrCj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBo
bGlzdF9mb3JfZWFjaCAoKQo+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAvLyBtbiA9PSBobW0tPm1uCj4gaG1tX21pcnJvcl91bnJlZ2lzdGVyKCkK
PiAgICBobW1fcHV0KCkKPiAgICAgIGhtbV9mcmVlKCkKPiAgICAgICAgbW11X25vdGlmaWVyX3Vu
cmVnaXN0ZXJfbm9fcmVsZWFzZSgpCj4gICAgICAgICAgIGhsaXN0X2RlbF9pbml0X3JjdShobW0t
bW4tPmxpc3QpCj4gCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgbW4tPm9wcy0+aW52YWxp
ZGF0ZV9yYW5nZV9zdGFydChtbiwgcmFuZ2UpOwo+IAkJCQkJICAgICAgICAgICAgIG1tX2dldF9o
bW0oKQo+ICAgICAgICBtbS0+aG1tID0gTlVMTDsKPiAgICAgICAga2ZyZWUoaG1tKQo+ICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG11dGV4X2xv
Y2soJmhtbS0+bG9jayk7Cj4gCj4gVXNlIFNSQ1UgdG8ga2ZyZWUgdGhlIGhtbSBtZW1vcnkgc28g
dGhhdCB0aGUgbm90aWZpZXJzIGNhbiByZWx5IG9uIGhtbQo+IGV4aXN0aW5nLiBHZXQgdGhlIG5v
dy1zYWZlIGhtbSBzdHJ1Y3QgdGhyb3VnaCBjb250YWluZXJfb2YgYW5kIGRpcmVjdGx5Cj4gY2hl
Y2sga3JlZl9nZXRfdW5sZXNzX3plcm8gdG8gbG9jayBpdCBhZ2FpbnN0IGZyZWUuCj4gCj4gU2ln
bmVkLW9mZi1ieTogSmFzb24gR3VudGhvcnBlIDxqZ2dAbWVsbGFub3guY29tPgoKWW91IGNhbiBh
ZGQKUmV2aWV3ZWQtYnk6IFJhbHBoIENhbXBiZWxsIDxyY2FtcGJlbGxAbnZpZGlhLmNvbT4KCj4g
LS0tCj4gdjI6Cj4gLSBTcGVsbCAnZnJlZScgcHJvcGVybHkgKEplcm9tZS9SYWxwaCkKPiAtLS0K
PiAgIGluY2x1ZGUvbGludXgvaG1tLmggfCAgMSArCj4gICBtbS9obW0uYyAgICAgICAgICAgIHwg
MjUgKysrKysrKysrKysrKysrKysrKy0tLS0tLQo+ICAgMiBmaWxlcyBjaGFuZ2VkLCAyMCBpbnNl
cnRpb25zKCspLCA2IGRlbGV0aW9ucygtKQo+IAo+IGRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4
L2htbS5oIGIvaW5jbHVkZS9saW51eC9obW0uaAo+IGluZGV4IDA5MmYwMjM0YmZlOTE3Li42ODhj
NWNhNzA2ODc5NSAxMDA2NDQKPiAtLS0gYS9pbmNsdWRlL2xpbnV4L2htbS5oCj4gKysrIGIvaW5j
bHVkZS9saW51eC9obW0uaAo+IEBAIC0xMDIsNiArMTAyLDcgQEAgc3RydWN0IGhtbSB7Cj4gICAJ
c3RydWN0IG1tdV9ub3RpZmllcgltbXVfbm90aWZpZXI7Cj4gICAJc3RydWN0IHJ3X3NlbWFwaG9y
ZQltaXJyb3JzX3NlbTsKPiAgIAl3YWl0X3F1ZXVlX2hlYWRfdAl3cTsKPiArCXN0cnVjdCByY3Vf
aGVhZAkJcmN1Owo+ICAgCWxvbmcJCQlub3RpZmllcnM7Cj4gICAJYm9vbAkJCWRlYWQ7Cj4gICB9
Owo+IGRpZmYgLS1naXQgYS9tbS9obW0uYyBiL21tL2htbS5jCj4gaW5kZXggOGU3NDAzZjA4MWY0
NGEuLjU0NzAwMmY1NmExNjNkIDEwMDY0NAo+IC0tLSBhL21tL2htbS5jCj4gKysrIGIvbW0vaG1t
LmMKPiBAQCAtMTEzLDYgKzExMywxMSBAQCBzdGF0aWMgc3RydWN0IGhtbSAqaG1tX2dldF9vcl9j
cmVhdGUoc3RydWN0IG1tX3N0cnVjdCAqbW0pCj4gICAJcmV0dXJuIE5VTEw7Cj4gICB9Cj4gICAK
PiArc3RhdGljIHZvaWQgaG1tX2ZyZWVfcmN1KHN0cnVjdCByY3VfaGVhZCAqcmN1KQo+ICt7Cj4g
KwlrZnJlZShjb250YWluZXJfb2YocmN1LCBzdHJ1Y3QgaG1tLCByY3UpKTsKPiArfQo+ICsKPiAg
IHN0YXRpYyB2b2lkIGhtbV9mcmVlKHN0cnVjdCBrcmVmICprcmVmKQo+ICAgewo+ICAgCXN0cnVj
dCBobW0gKmhtbSA9IGNvbnRhaW5lcl9vZihrcmVmLCBzdHJ1Y3QgaG1tLCBrcmVmKTsKPiBAQCAt
MTI1LDcgKzEzMCw3IEBAIHN0YXRpYyB2b2lkIGhtbV9mcmVlKHN0cnVjdCBrcmVmICprcmVmKQo+
ICAgCQltbS0+aG1tID0gTlVMTDsKPiAgIAlzcGluX3VubG9jaygmbW0tPnBhZ2VfdGFibGVfbG9j
ayk7Cj4gICAKPiAtCWtmcmVlKGhtbSk7Cj4gKwltbXVfbm90aWZpZXJfY2FsbF9zcmN1KCZobW0t
PnJjdSwgaG1tX2ZyZWVfcmN1KTsKPiAgIH0KPiAgIAo+ICAgc3RhdGljIGlubGluZSB2b2lkIGht
bV9wdXQoc3RydWN0IGhtbSAqaG1tKQo+IEBAIC0xNTMsMTAgKzE1OCwxNCBAQCB2b2lkIGhtbV9t
bV9kZXN0cm95KHN0cnVjdCBtbV9zdHJ1Y3QgKm1tKQo+ICAgCj4gICBzdGF0aWMgdm9pZCBobW1f
cmVsZWFzZShzdHJ1Y3QgbW11X25vdGlmaWVyICptbiwgc3RydWN0IG1tX3N0cnVjdCAqbW0pCj4g
ICB7Cj4gLQlzdHJ1Y3QgaG1tICpobW0gPSBtbV9nZXRfaG1tKG1tKTsKPiArCXN0cnVjdCBobW0g
KmhtbSA9IGNvbnRhaW5lcl9vZihtbiwgc3RydWN0IGhtbSwgbW11X25vdGlmaWVyKTsKPiAgIAlz
dHJ1Y3QgaG1tX21pcnJvciAqbWlycm9yOwo+ICAgCXN0cnVjdCBobW1fcmFuZ2UgKnJhbmdlOwo+
ICAgCj4gKwkvKiBobW0gaXMgaW4gcHJvZ3Jlc3MgdG8gZnJlZSAqLwo+ICsJaWYgKCFrcmVmX2dl
dF91bmxlc3NfemVybygmaG1tLT5rcmVmKSkKPiArCQlyZXR1cm47Cj4gKwo+ICAgCS8qIFJlcG9y
dCB0aGlzIEhNTSBhcyBkeWluZy4gKi8KPiAgIAlobW0tPmRlYWQgPSB0cnVlOwo+ICAgCj4gQEAg
LTE5NCwxMyArMjAzLDE1IEBAIHN0YXRpYyB2b2lkIGhtbV9yZWxlYXNlKHN0cnVjdCBtbXVfbm90
aWZpZXIgKm1uLCBzdHJ1Y3QgbW1fc3RydWN0ICptbSkKPiAgIHN0YXRpYyBpbnQgaG1tX2ludmFs
aWRhdGVfcmFuZ2Vfc3RhcnQoc3RydWN0IG1tdV9ub3RpZmllciAqbW4sCj4gICAJCQljb25zdCBz
dHJ1Y3QgbW11X25vdGlmaWVyX3JhbmdlICpucmFuZ2UpCj4gICB7Cj4gLQlzdHJ1Y3QgaG1tICpo
bW0gPSBtbV9nZXRfaG1tKG5yYW5nZS0+bW0pOwo+ICsJc3RydWN0IGhtbSAqaG1tID0gY29udGFp
bmVyX29mKG1uLCBzdHJ1Y3QgaG1tLCBtbXVfbm90aWZpZXIpOwo+ICAgCXN0cnVjdCBobW1fbWly
cm9yICptaXJyb3I7Cj4gICAJc3RydWN0IGhtbV91cGRhdGUgdXBkYXRlOwo+ICAgCXN0cnVjdCBo
bW1fcmFuZ2UgKnJhbmdlOwo+ICAgCWludCByZXQgPSAwOwo+ICAgCj4gLQlWTV9CVUdfT04oIWht
bSk7Cj4gKwkvKiBobW0gaXMgaW4gcHJvZ3Jlc3MgdG8gZnJlZSAqLwo+ICsJaWYgKCFrcmVmX2dl
dF91bmxlc3NfemVybygmaG1tLT5rcmVmKSkKPiArCQlyZXR1cm4gMDsKPiAgIAo+ICAgCXVwZGF0
ZS5zdGFydCA9IG5yYW5nZS0+c3RhcnQ7Cj4gICAJdXBkYXRlLmVuZCA9IG5yYW5nZS0+ZW5kOwo+
IEBAIC0yNDUsOSArMjU2LDExIEBAIHN0YXRpYyBpbnQgaG1tX2ludmFsaWRhdGVfcmFuZ2Vfc3Rh
cnQoc3RydWN0IG1tdV9ub3RpZmllciAqbW4sCj4gICBzdGF0aWMgdm9pZCBobW1faW52YWxpZGF0
ZV9yYW5nZV9lbmQoc3RydWN0IG1tdV9ub3RpZmllciAqbW4sCj4gICAJCQljb25zdCBzdHJ1Y3Qg
bW11X25vdGlmaWVyX3JhbmdlICpucmFuZ2UpCj4gICB7Cj4gLQlzdHJ1Y3QgaG1tICpobW0gPSBt
bV9nZXRfaG1tKG5yYW5nZS0+bW0pOwo+ICsJc3RydWN0IGhtbSAqaG1tID0gY29udGFpbmVyX29m
KG1uLCBzdHJ1Y3QgaG1tLCBtbXVfbm90aWZpZXIpOwo+ICAgCj4gLQlWTV9CVUdfT04oIWhtbSk7
Cj4gKwkvKiBobW0gaXMgaW4gcHJvZ3Jlc3MgdG8gZnJlZSAqLwo+ICsJaWYgKCFrcmVmX2dldF91
bmxlc3NfemVybygmaG1tLT5rcmVmKSkKPiArCQlyZXR1cm47Cj4gICAKPiAgIAltdXRleF9sb2Nr
KCZobW0tPmxvY2spOwo+ICAgCWhtbS0+bm90aWZpZXJzLS07Cj4gCl9fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmFtZC1nZnggbWFpbGluZyBsaXN0CmFtZC1n
ZnhAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHBzOi8vbGlzdHMuZnJlZWRlc2t0b3Aub3JnL21h
aWxtYW4vbGlzdGluZm8vYW1kLWdmeA==