From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out4-smtp.messagingengine.com ([66.111.4.28]:54587 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752060AbbH0RPM (ORCPT ); Thu, 27 Aug 2015 13:15:12 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id BBE3C2091D for ; Thu, 27 Aug 2015 13:15:11 -0400 (EDT) Date: Thu, 27 Aug 2015 19:15:12 +0200 From: Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= To: Sasha Levin Cc: stable@vger.kernel.org, stable-commits@vger.kernel.org, David Vrabel Subject: Re: [added to the 3.18 stable tree] xen/gntdevt: Fix race condition in gntdev_release() Message-ID: <20150827171512.GV1345@mail-itl> References: <1440689954-10813-1-git-send-email-sasha.levin@oracle.com> <1440689954-10813-26-git-send-email-sasha.levin@oracle.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cd1j4nHwcOEAktEG" Content-Disposition: inline In-Reply-To: <1440689954-10813-26-git-send-email-sasha.levin@oracle.com> Sender: stable-owner@vger.kernel.org List-ID: --cd1j4nHwcOEAktEG Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 27, 2015 at 11:37:44AM -0400, Sasha Levin wrote: > From: Marek Marczykowski-G=C3=B3recki >=20 > This patch has been added to the 3.18 stable tree. If you have any > objections, please let us know. On 3.18 it should be spin_lock, not mutex_lock. Modified patch here: https://raw.githubusercontent.com/QubesOS/qubes-linux-kernel/stable-3.18/pa= tches.xen/0001-xen-grant-fix-race-condition-in-gntdev_release.patch > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > [ Upstream commit 30b03d05e07467b8c6ec683ea96b5bffcbcd3931 ] >=20 > While gntdev_release() is called the MMU notifier is still registered > and can traverse priv->maps list even if no pages are mapped (which is > the case -- gntdev_release() is called after all). But > gntdev_release() will clear that list, so make sure that only one of > those things happens at the same time. >=20 > Signed-off-by: Marek Marczykowski-G=C3=B3recki > Cc: > Signed-off-by: David Vrabel > Signed-off-by: Sasha Levin > --- > drivers/xen/gntdev.c | 2 ++ > 1 file changed, 2 insertions(+) >=20 > diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c > index 073b4a1..ff3c98f 100644 > --- a/drivers/xen/gntdev.c > +++ b/drivers/xen/gntdev.c > @@ -529,12 +529,14 @@ static int gntdev_release(struct inode *inode, stru= ct file *flip) > =20 > pr_debug("priv %p\n", priv); > =20 > + mutex_lock(&priv->lock); > while (!list_empty(&priv->maps)) { > map =3D list_entry(priv->maps.next, struct grant_map, next); > list_del(&map->next); > gntdev_put_map(NULL /* already removed */, map); > } > WARN_ON(!list_empty(&priv->freeable_maps)); > + mutex_unlock(&priv->lock); > =20 > if (use_ptemod) > mmu_notifier_unregister(&priv->mn, priv->mm); --=20 Best Regards, Marek Marczykowski-G=C3=B3recki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? --cd1j4nHwcOEAktEG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJV30WgAAoJENuP0xzK19csCJQH/2PDlpNMcPIok0a/tf6VmPg/ f2bEdh98PxGSca5j+rbnOTa88MziLgY0/bzg4mApQBhdMoopzwaUQN759+xed3eG gSSLqmYTQCuK9vHl/jaBvICMNN13qkZhMxLVKhvYQw+uf0gP8hqDNgcLci0vDPwu iLzmBc5kow9lDkIcfk677EIF7qO87GKQ7f4PPALCMyvLvrQQLarsKi740JyLw8/K yFonYbxADEqKwM9mmoFeLbj50kBt3uhlwSrbpnhlPRw5FGvC0Wfk1kEZw2/CoSM+ n7sc/nxNhIRcO3ryyGu5D+8Pq6TYivHCZPpt5UUet7R6kc2pWaCRvintJ9FHD5M= =uHGv -----END PGP SIGNATURE----- --cd1j4nHwcOEAktEG--