From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jason Gunthorpe <jgg-uk2M96/98Pc@public.gmane.org>
Subject: [PATCH v4 hmm 01/12] mm/hmm: fix use after free with struct hmm in
 the mmu notifiers
Date: Mon, 24 Jun 2019 18:00:59 -0300
Message-ID: <20190624210110.5098-2-jgg@ziepe.ca>
References: <20190624210110.5098-1-jgg@ziepe.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <amd-gfx-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>
In-Reply-To: <20190624210110.5098-1-jgg-uk2M96/98Pc@public.gmane.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/amd-gfx>,
 <mailto:amd-gfx-request-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/amd-gfx>
List-Post: <mailto:amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>
List-Help: <mailto:amd-gfx-request-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/amd-gfx>,
 <mailto:amd-gfx-request-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org?subject=subscribe>
Errors-To: amd-gfx-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
Sender: "amd-gfx" <amd-gfx-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>
To: Jerome Glisse <jglisse-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Ralph Campbell <rcampbell-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>, John Hubbard <jhubbard-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>, Felix.Kuehling-5C7GfCeVMHo@public.gmane.org
Cc: Andrea Arcangeli <aarcange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Philip Yang <Philip.Yang-5C7GfCeVMHo@public.gmane.org>, linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, Jason Gunthorpe <jgg-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org, Ira Weiny <ira.weiny-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>, Ben Skeggs <bskeggs-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
List-Id: linux-rdma@vger.kernel.org

RnJvbTogSmFzb24gR3VudGhvcnBlIDxqZ2dAbWVsbGFub3guY29tPgoKbW11X25vdGlmaWVyX3Vu
cmVnaXN0ZXJfbm9fcmVsZWFzZSgpIGlzIG5vdCBhIGZlbmNlIGFuZCB0aGUgbW11X25vdGlmaWVy
CnN5c3RlbSB3aWxsIGNvbnRpbnVlIHRvIHJlZmVyZW5jZSBobW0tPm1uIHVudGlsIHRoZSBzcmN1
IGdyYWNlIHBlcmlvZApleHBpcmVzLgoKUmVzdWx0aW5nIGluIHVzZSBhZnRlciBmcmVlIHJhY2Vz
IGxpa2UgdGhpczoKCiAgICAgICAgIENQVTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgQ1BVMQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IF9fbW11X25vdGlmaWVyX2ludmFsaWRhdGVfcmFuZ2Vfc3RhcnQoKQogICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3JjdV9yZWFkX2xvY2sKICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhsaXN0X2Zvcl9lYWNoICgp
CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC8vIG1u
ID09IGhtbS0+bW4KaG1tX21pcnJvcl91bnJlZ2lzdGVyKCkKICBobW1fcHV0KCkKICAgIGhtbV9m
cmVlKCkKICAgICAgbW11X25vdGlmaWVyX3VucmVnaXN0ZXJfbm9fcmVsZWFzZSgpCiAgICAgICAg
IGhsaXN0X2RlbF9pbml0X3JjdShobW0tbW4tPmxpc3QpCgkJCSAgICAgICAgICAgICAgICAgICAg
ICAgICAgIG1uLT5vcHMtPmludmFsaWRhdGVfcmFuZ2Vfc3RhcnQobW4sIHJhbmdlKTsKCQkJCQkg
ICAgICAgICAgICAgbW1fZ2V0X2htbSgpCiAgICAgIG1tLT5obW0gPSBOVUxMOwogICAgICBrZnJl
ZShobW0pCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgbXV0ZXhfbG9jaygmaG1tLT5sb2NrKTsKClVzZSBTUkNVIHRvIGtmcmVlIHRoZSBobW0gbWVt
b3J5IHNvIHRoYXQgdGhlIG5vdGlmaWVycyBjYW4gcmVseSBvbiBobW0KZXhpc3RpbmcuIEdldCB0
aGUgbm93LXNhZmUgaG1tIHN0cnVjdCB0aHJvdWdoIGNvbnRhaW5lcl9vZiBhbmQgZGlyZWN0bHkK
Y2hlY2sga3JlZl9nZXRfdW5sZXNzX3plcm8gdG8gbG9jayBpdCBhZ2FpbnN0IGZyZWUuCgpTaWdu
ZWQtb2ZmLWJ5OiBKYXNvbiBHdW50aG9ycGUgPGpnZ0BtZWxsYW5veC5jb20+ClJldmlld2VkLWJ5
OiBJcmEgV2VpbnkgPGlyYS53ZWlueUBpbnRlbC5jb20+ClJldmlld2VkLWJ5OiBKb2huIEh1YmJh
cmQgPGpodWJiYXJkQG52aWRpYS5jb20+ClJldmlld2VkLWJ5OiBSYWxwaCBDYW1wYmVsbCA8cmNh
bXBiZWxsQG52aWRpYS5jb20+ClJldmlld2VkLWJ5OiBDaHJpc3RvcGggSGVsbHdpZyA8aGNoQGxz
dC5kZT4KVGVzdGVkLWJ5OiBQaGlsaXAgWWFuZyA8UGhpbGlwLllhbmdAYW1kLmNvbT4KLS0tCnYy
OgotIFNwZWxsICdmcmVlJyBwcm9wZXJseSAoSmVyb21lL1JhbHBoKQp2MzoKLSBIYXZlIG9ubHkg
b25lIGNsZWFyZXIgY29tbWVudCBhYm91dCBrcmVmX2dldF91bmxlc3NfemVybyAoSm9obikKLS0t
CiBpbmNsdWRlL2xpbnV4L2htbS5oIHwgIDEgKwogbW0vaG1tLmMgICAgICAgICAgICB8IDIzICsr
KysrKysrKysrKysrKysrLS0tLS0tCiAyIGZpbGVzIGNoYW5nZWQsIDE4IGluc2VydGlvbnMoKyks
IDYgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9obW0uaCBiL2luY2x1
ZGUvbGludXgvaG1tLmgKaW5kZXggNzAwNzEyMzg0MmJhNzYuLmNiMDFjZjFmYTNjMDhiIDEwMDY0
NAotLS0gYS9pbmNsdWRlL2xpbnV4L2htbS5oCisrKyBiL2luY2x1ZGUvbGludXgvaG1tLmgKQEAg
LTkzLDYgKzkzLDcgQEAgc3RydWN0IGhtbSB7CiAJc3RydWN0IG1tdV9ub3RpZmllcgltbXVfbm90
aWZpZXI7CiAJc3RydWN0IHJ3X3NlbWFwaG9yZQltaXJyb3JzX3NlbTsKIAl3YWl0X3F1ZXVlX2hl
YWRfdAl3cTsKKwlzdHJ1Y3QgcmN1X2hlYWQJCXJjdTsKIAlsb25nCQkJbm90aWZpZXJzOwogCWJv
b2wJCQlkZWFkOwogfTsKZGlmZiAtLWdpdCBhL21tL2htbS5jIGIvbW0vaG1tLmMKaW5kZXggODI2
ODE2YWIyMzc3OTkuLmY2OTU2ZDc4ZTNjYjI1IDEwMDY0NAotLS0gYS9tbS9obW0uYworKysgYi9t
bS9obW0uYwpAQCAtMTA0LDYgKzEwNCwxMSBAQCBzdGF0aWMgc3RydWN0IGhtbSAqaG1tX2dldF9v
cl9jcmVhdGUoc3RydWN0IG1tX3N0cnVjdCAqbW0pCiAJcmV0dXJuIE5VTEw7CiB9CiAKK3N0YXRp
YyB2b2lkIGhtbV9mcmVlX3JjdShzdHJ1Y3QgcmN1X2hlYWQgKnJjdSkKK3sKKwlrZnJlZShjb250
YWluZXJfb2YocmN1LCBzdHJ1Y3QgaG1tLCByY3UpKTsKK30KKwogc3RhdGljIHZvaWQgaG1tX2Zy
ZWUoc3RydWN0IGtyZWYgKmtyZWYpCiB7CiAJc3RydWN0IGhtbSAqaG1tID0gY29udGFpbmVyX29m
KGtyZWYsIHN0cnVjdCBobW0sIGtyZWYpOwpAQCAtMTE2LDcgKzEyMSw3IEBAIHN0YXRpYyB2b2lk
IGhtbV9mcmVlKHN0cnVjdCBrcmVmICprcmVmKQogCQltbS0+aG1tID0gTlVMTDsKIAlzcGluX3Vu
bG9jaygmbW0tPnBhZ2VfdGFibGVfbG9jayk7CiAKLQlrZnJlZShobW0pOworCW1tdV9ub3RpZmll
cl9jYWxsX3NyY3UoJmhtbS0+cmN1LCBobW1fZnJlZV9yY3UpOwogfQogCiBzdGF0aWMgaW5saW5l
IHZvaWQgaG1tX3B1dChzdHJ1Y3QgaG1tICpobW0pCkBAIC0xNDQsMTAgKzE0OSwxNCBAQCB2b2lk
IGhtbV9tbV9kZXN0cm95KHN0cnVjdCBtbV9zdHJ1Y3QgKm1tKQogCiBzdGF0aWMgdm9pZCBobW1f
cmVsZWFzZShzdHJ1Y3QgbW11X25vdGlmaWVyICptbiwgc3RydWN0IG1tX3N0cnVjdCAqbW0pCiB7
Ci0Jc3RydWN0IGhtbSAqaG1tID0gbW1fZ2V0X2htbShtbSk7CisJc3RydWN0IGhtbSAqaG1tID0g
Y29udGFpbmVyX29mKG1uLCBzdHJ1Y3QgaG1tLCBtbXVfbm90aWZpZXIpOwogCXN0cnVjdCBobW1f
bWlycm9yICptaXJyb3I7CiAJc3RydWN0IGhtbV9yYW5nZSAqcmFuZ2U7CiAKKwkvKiBCYWlsIG91
dCBpZiBobW0gaXMgaW4gdGhlIHByb2Nlc3Mgb2YgYmVpbmcgZnJlZWQgKi8KKwlpZiAoIWtyZWZf
Z2V0X3VubGVzc196ZXJvKCZobW0tPmtyZWYpKQorCQlyZXR1cm47CisKIAkvKiBSZXBvcnQgdGhp
cyBITU0gYXMgZHlpbmcuICovCiAJaG1tLT5kZWFkID0gdHJ1ZTsKIApAQCAtMTg1LDEzICsxOTQs
MTQgQEAgc3RhdGljIHZvaWQgaG1tX3JlbGVhc2Uoc3RydWN0IG1tdV9ub3RpZmllciAqbW4sIHN0
cnVjdCBtbV9zdHJ1Y3QgKm1tKQogc3RhdGljIGludCBobW1faW52YWxpZGF0ZV9yYW5nZV9zdGFy
dChzdHJ1Y3QgbW11X25vdGlmaWVyICptbiwKIAkJCWNvbnN0IHN0cnVjdCBtbXVfbm90aWZpZXJf
cmFuZ2UgKm5yYW5nZSkKIHsKLQlzdHJ1Y3QgaG1tICpobW0gPSBtbV9nZXRfaG1tKG5yYW5nZS0+
bW0pOworCXN0cnVjdCBobW0gKmhtbSA9IGNvbnRhaW5lcl9vZihtbiwgc3RydWN0IGhtbSwgbW11
X25vdGlmaWVyKTsKIAlzdHJ1Y3QgaG1tX21pcnJvciAqbWlycm9yOwogCXN0cnVjdCBobW1fdXBk
YXRlIHVwZGF0ZTsKIAlzdHJ1Y3QgaG1tX3JhbmdlICpyYW5nZTsKIAlpbnQgcmV0ID0gMDsKIAot
CVZNX0JVR19PTighaG1tKTsKKwlpZiAoIWtyZWZfZ2V0X3VubGVzc196ZXJvKCZobW0tPmtyZWYp
KQorCQlyZXR1cm4gMDsKIAogCXVwZGF0ZS5zdGFydCA9IG5yYW5nZS0+c3RhcnQ7CiAJdXBkYXRl
LmVuZCA9IG5yYW5nZS0+ZW5kOwpAQCAtMjM2LDkgKzI0NiwxMCBAQCBzdGF0aWMgaW50IGhtbV9p
bnZhbGlkYXRlX3JhbmdlX3N0YXJ0KHN0cnVjdCBtbXVfbm90aWZpZXIgKm1uLAogc3RhdGljIHZv
aWQgaG1tX2ludmFsaWRhdGVfcmFuZ2VfZW5kKHN0cnVjdCBtbXVfbm90aWZpZXIgKm1uLAogCQkJ
Y29uc3Qgc3RydWN0IG1tdV9ub3RpZmllcl9yYW5nZSAqbnJhbmdlKQogewotCXN0cnVjdCBobW0g
KmhtbSA9IG1tX2dldF9obW0obnJhbmdlLT5tbSk7CisJc3RydWN0IGhtbSAqaG1tID0gY29udGFp
bmVyX29mKG1uLCBzdHJ1Y3QgaG1tLCBtbXVfbm90aWZpZXIpOwogCi0JVk1fQlVHX09OKCFobW0p
OworCWlmICgha3JlZl9nZXRfdW5sZXNzX3plcm8oJmhtbS0+a3JlZikpCisJCXJldHVybjsKIAog
CW11dGV4X2xvY2soJmhtbS0+bG9jayk7CiAJaG1tLT5ub3RpZmllcnMtLTsKLS0gCjIuMjIuMAoK
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KYW1kLWdmeCBt
YWlsaW5nIGxpc3QKYW1kLWdmeEBsaXN0cy5mcmVlZGVza3RvcC5vcmcKaHR0cHM6Ly9saXN0cy5m
cmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0aW5mby9hbWQtZ2Z4