[PATCH v2] powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close
@ 2023-07-16 10:05 Haren Myneni
  2023-07-20 13:50 ` Michael Ellerman
  0 siblings, 1 reply; 2+ messages in thread
From: Haren Myneni @ 2023-07-16 10:05 UTC (permalink / raw)
  To: linuxppc-dev; +Cc: nathanl, Haren Myneni, npiggin

Commit 8ef7b9e1765a ("powerpc/pseries/vas: Close windows with DLPAR
core removal") unmaps the window paste address and issues HCALL to
close window in the hypervisor for migration or DLPAR core removal
events. So holds mmap_mutex and then mmap lock before unmap the
paste address. But if the user space issue mmap paste address at
the same time with the migration event, coproc_mmap() is called
after holding the mmap lock which can trigger deadlock when trying
to acquire mmap_mutex in coproc_mmap().

t1: mmap() call to mmap              t2: Migration event
    window paste address

do_mmap2()                           migration_store()
 ksys_mmap_pgoff()                    pseries_migrate_partition()
  vm_mmap_pgoff()                      vas_migration_handler()
    Acquire mmap lock                   reconfig_close_windows()
    do_mmap()                             lock mmap_mutex
     mmap_region()                        Acquire mmap lock
      call_mmap()                         //Wait for mmap lock
       coproc_mmap()                        unmap vma
         lock mmap_mutex                    update window status
         //wait for mmap_mutex            Release mmap lock
          mmap vma                        unlock mmap_mutex
          update window status
         unlock mmap_mutex
    ...
    Release mmap lock

Fix this deadlock issue by holding mmap lock first before mmap_mutex
in reconfig_close_windows().

Fixes: 8ef7b9e1765a ("powerpc/pseries/vas: Close windows with DLPAR core removal")
Signed-off-by: Haren Myneni <haren@linux.ibm.com>

---
Changes from v1:
- Update commit log with more description on deadlock traces
---
 arch/powerpc/platforms/pseries/vas.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/platforms/pseries/vas.c b/arch/powerpc/platforms/pseries/vas.c
index 513180467562..15d958e38eca 100644
--- a/arch/powerpc/platforms/pseries/vas.c
+++ b/arch/powerpc/platforms/pseries/vas.c
@@ -744,6 +744,12 @@ static int reconfig_close_windows(struct vas_caps *vcap, int excess_creds,
 		}
 
 		task_ref = &win->vas_win.task_ref;
+		/*
+		 * VAS mmap (coproc_mmap()) and its fault handler
+		 * (vas_mmap_fault()) are called after holding mmap lock.
+		 * So hold mmap mutex after mmap_lock to avoid deadlock.
+		 */
+		mmap_write_lock(task_ref->mm);
 		mutex_lock(&task_ref->mmap_mutex);
 		vma = task_ref->vma;
 		/*
@@ -752,7 +758,6 @@ static int reconfig_close_windows(struct vas_caps *vcap, int excess_creds,
 		 */
 		win->vas_win.status |= flag;
 
-		mmap_write_lock(task_ref->mm);
 		/*
 		 * vma is set in the original mapping. But this mapping
 		 * is done with mmap() after the window is opened with ioctl.
@@ -762,8 +767,8 @@ static int reconfig_close_windows(struct vas_caps *vcap, int excess_creds,
 		if (vma)
 			zap_vma_pages(vma);
 
-		mmap_write_unlock(task_ref->mm);
 		mutex_unlock(&task_ref->mmap_mutex);
+		mmap_write_unlock(task_ref->mm);
 		/*
 		 * Close VAS window in the hypervisor, but do not
 		 * free vas_window struct since it may be reused
-- 
2.26.3


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v2] powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close
  2023-07-16 10:05 [PATCH v2] powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close Haren Myneni
@ 2023-07-20 13:50 ` Michael Ellerman
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Ellerman @ 2023-07-20 13:50 UTC (permalink / raw)
  To: linuxppc-dev, Haren Myneni; +Cc: nathanl, npiggin

On Sun, 16 Jul 2023 03:05:06 -0700, Haren Myneni wrote:
> Commit 8ef7b9e1765a ("powerpc/pseries/vas: Close windows with DLPAR
> core removal") unmaps the window paste address and issues HCALL to
> close window in the hypervisor for migration or DLPAR core removal
> events. So holds mmap_mutex and then mmap lock before unmap the
> paste address. But if the user space issue mmap paste address at
> the same time with the migration event, coproc_mmap() is called
> after holding the mmap lock which can trigger deadlock when trying
> to acquire mmap_mutex in coproc_mmap().
> 
> [...]

Applied to powerpc/fixes.

[1/1] powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close
      https://git.kernel.org/powerpc/c/b59c9dc4d9d47b3c4572d826603fde507055b656

cheers

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-07-20 13:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-16 10:05 [PATCH v2] powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close Haren Myneni
2023-07-20 13:50 ` Michael Ellerman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).