From: Luis Henriques <luis.henriques@canonical.com>
To: Jiri Slaby <jslaby@suse.cz>
Cc: stable@vger.kernel.org, linux-kernel@vger.kernel.org,
"Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>,
"David Vrabel" <david.vrabel@citrix.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>
Subject: Re: [PATCH 3.12 49/82] xen/gntdevt: Fix race condition in gntdev_release()
Date: Tue, 25 Aug 2015 12:35:59 +0100 [thread overview]
Message-ID: <20150825113559.GD14096@ares> (raw)
In-Reply-To: <b8d47903a4adea2ff2638d3b1e03bd254b4544fc.1440407339.git.jslaby@suse.cz>
[ Adding Greg has he seems to have this patch queued for 3.10 and 3.14 ]
On Mon, Aug 24, 2015 at 11:09:09AM +0200, Jiri Slaby wrote:
> From: Marek Marczykowski-G�recki <marmarek@invisiblethingslab.com>
>
> 3.12-stable review patch. If anyone has any objections, please let me know.
>
> ===============
>
> commit 30b03d05e07467b8c6ec683ea96b5bffcbcd3931 upstream.
>
> While gntdev_release() is called the MMU notifier is still registered
> and can traverse priv->maps list even if no pages are mapped (which is
> the case -- gntdev_release() is called after all). But
> gntdev_release() will clear that list, so make sure that only one of
> those things happens at the same time.
>
> Signed-off-by: Marek Marczykowski-G�recki <marmarek@invisiblethingslab.com>
> Signed-off-by: David Vrabel <david.vrabel@citrix.com>
> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
> ---
> drivers/xen/gntdev.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
> index e41c79c986ea..f2ca8d0af55f 100644
> --- a/drivers/xen/gntdev.c
> +++ b/drivers/xen/gntdev.c
> @@ -529,12 +529,14 @@ static int gntdev_release(struct inode *inode, struct file *flip)
>
> pr_debug("priv %p\n", priv);
>
> + mutex_lock(&priv->lock);
Since 3.12 doesn't seem to include 1401c00e59ea ("xen/gntdev: convert
priv->lock to a mutex"), this shouldn't be applied as priv->lock is
actually a spinlock. So, you'll need to pick 1401c00e59ea or backport
this patch using the appropriate locking directives. Not sure what's
the best solution. Maybe Marek or David can help...?
Cheers,
--
Lu�s
> while (!list_empty(&priv->maps)) {
> map = list_entry(priv->maps.next, struct grant_map, next);
> list_del(&map->next);
> gntdev_put_map(NULL /* already removed */, map);
> }
> WARN_ON(!list_empty(&priv->freeable_maps));
> + mutex_unlock(&priv->lock);
>
> if (use_ptemod)
> mmu_notifier_unregister(&priv->mn, priv->mm);
> --
> 2.5.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-08-25 11:36 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-24 9:09 [PATCH 3.12 00/82] 3.12.47-stable review Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 01/82] efi: fix 32bit kernel boot failed problem using efi Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 02/82] futex: Fix a race condition between REQUEUE_PI and task death Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 03/82] HID: usbhid: add Chicony/Pixart usb optical mouse that needs QUIRK_ALWAYS_POLL Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 04/82] mm: avoid setting up anonymous pages into file mapping Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 05/82] freeing unlinked file indefinitely delayed Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 06/82] s390/sclp: clear upper register halves in _sclp_print_early Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 07/82] ARC: make sure instruction_pointer() returns unsigned value Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 08/82] genirq: Prevent resend to interrupts marked IRQ_NESTED_THREAD Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 09/82] ALSA: usb-audio: Add MIDI support for Steinberg MI2/MI4 Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 10/82] ALSA: usb-audio: add dB range mapping for some devices Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 11/82] ALSA: hda - Fix MacBook Pro 5,2 quirk Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 12/82] st: null pointer dereference panic caused by use after kref_put by st_open Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 13/82] mac80211: clear subdir_stations when removing debugfs Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 14/82] mmc: sdhci-esdhc: Make 8BIT bus work Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 15/82] mmc: sdhci-pxav3: fix platform_data is not initialized Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 16/82] md/raid1: fix test for 'was read error from last working device' Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 17/82] tile: use free_bootmem_late() for initrd Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 18/82] Input: usbtouchscreen - avoid unresponsive TSC-30 touch screen Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 19/82] blkcg: fix gendisk reference leak in blkg_conf_prep() Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 20/82] ata: pmp: add quirk for Marvell 4140 SATA PMP Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 21/82] usb-storage: ignore ZTE MF 823 card reader in mode 0x1225 Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 22/82] xhci: Calculate old endpoints correctly on device reset Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 23/82] xhci: report U3 when link is in resume state Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 24/82] xhci: prevent bus_suspend if SS port resuming in phase 1 Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 25/82] xhci: do not report PLC when link is in internal resume state Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 26/82] rds: rds_ib_device.refcount overflow Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 27/82] vhost: actually track log eventfd file Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 28/82] iscsi-target: Fix use-after-free during TPG session shutdown Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 29/82] iscsi-target: Fix iser explicit logout TX kthread leak Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 30/82] 3w-xxxx: fix mis-aligned struct accesses Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 31/82] hwrng: via-rng - Mark device ID table as __maybe_unused Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 32/82] ARM: realview: fix sparsemem build Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 33/82] MIPS: Fix sched_getaffinity with MT FPAFF enabled Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 34/82] MIPS: Make set_pte() SMP safe Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 35/82] fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 36/82] drm/radeon/combios: add some validation of lvds values Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 37/82] ipr: Fix locking for unit attention handling Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 38/82] ipr: Fix incorrect trace indexing Jiri Slaby
2015-08-24 9:08 ` [PATCH 3.12 39/82] ipr: Fix invalid array indexing for HRRQ Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 40/82] xhci: fix off by one error in TRB DMA address boundary check Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 41/82] USB: sierra: add 1199:68AB device ID Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 42/82] ima: add support for new "euid" policy condition Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 43/82] ima: extend "mask" policy matching support Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 44/82] ipmi: fix timeout calculation when bmc is disconnected Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 45/82] sparc64: Fix userspace FPU register corruptions Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 46/82] md: use kzalloc() when bitmap is disabled Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 47/82] ASoC: pcm1681: Fix setting de-emphasis sampling rate selection Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 48/82] x86/xen: Probe target addresses in set_aliased_prot() before the hypercall Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 49/82] xen/gntdevt: Fix race condition in gntdev_release() Jiri Slaby
2015-08-25 11:35 ` Luis Henriques [this message]
2015-08-25 11:52 ` Marek Marczykowski-Górecki
2015-08-25 13:18 ` Jiri Slaby
2015-08-25 14:08 ` Marek Marczykowski-Górecki
2015-08-27 7:59 ` Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 50/82] crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 51/82] ARM: OMAP2+: hwmod: Fix _wait_target_ready() for hwmods without sysc Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 52/82] iscsi-target: Fix iscsit_start_kthreads failure OOPs Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 53/82] ALSA: hda - fix cs4210_spdif_automute() Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 54/82] ipc: modify message queue accounting to not take kernel data structures into account Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 55/82] ocfs2: fix BUG in ocfs2_downconvert_thread_do_work() Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 56/82] md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 57/82] x86/nmi: Enable nested do_nmi() handling for 64-bit kernels Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 58/82] x86/nmi/64: Remove asm code that saves CR2 Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 59/82] x86/nmi/64: Switch stacks on userspace NMI entry Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 60/82] arch: Introduce smp_load_acquire(), smp_store_release() Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 61/82] rcu: Provide counterpart to rcu_dereference() for non-RCU situations Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 62/82] rcu: Move lockless_dereference() out of rcupdate.h Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 63/82] x86/ldt: Make modify_ldt synchronous Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 64/82] x86/ldt: Correct LDT access in single stepping logic Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 65/82] x86/ldt: Correct FPU emulation access to LDT Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 66/82] x86/ldt: Further fix FPU emulation Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 67/82] signalfd: fix information leak in signalfd_copyinfo Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 68/82] signal: fix information leak in copy_siginfo_to_user Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 69/82] signal: fix information leak in copy_siginfo_from_user32 Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 70/82] path_openat(): fix double fput() Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 71/82] md/bitmap: return an error when bitmap superblock is corrupt Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 72/82] mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 73/82] ipc/sem.c: update/correct memory barriers Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 74/82] ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 75/82] mm/hwpoison: fix page refcount of unknown non LRU page Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 76/82] xen-blkfront: don't add indirect pages to list when !feature_persistent Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 77/82] perf: Fix fasync handling on inherited events Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 78/82] dm thin metadata: delete btrees when releasing metadata snapshot Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 79/82] localmodconfig: Use Kbuild files too Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 80/82] EDAC, ppc4xx: Access mci->csrows array elements properly Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 81/82] drm/radeon: add new OLAND pci id Jiri Slaby
2015-08-24 9:09 ` [PATCH 3.12 82/82] rbd: fix copyup completion race Jiri Slaby
2015-08-24 16:09 ` [PATCH 3.12 00/82] 3.12.47-stable review Guenter Roeck
2015-08-27 8:10 ` Jiri Slaby
2015-08-24 23:36 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150825113559.GD14096@ares \
--to=luis.henriques@canonical.com \
--cc=david.vrabel@citrix.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=marmarek@invisiblethingslab.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).