Patch "infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping" has been added to the 4.9-stable tree

gregkh at linuxfoundation.org gregkh at linuxfoundation.org
Mon Aug 5 06:03:20 UTC 2019 

This is a note to let you know that I've just added the patch titled

    infiniband: fix race condition between infiniband mlx4, mlx5  driver and core dumping

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     infiniband-fix-race-condition-between-infiniband-mlx4-mlx5-driver-and-core-dumping.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable at vger.kernel.org> know about it.


>From akaher at vmware.com  Mon Aug  5 08:01:12 2019
From: Ajay Kaher <akaher at vmware.com>
Date: Sun, 4 Aug 2019 09:29:26 +0530
Subject: infiniband: fix race condition between infiniband mlx4, mlx5  driver and core dumping
To: <aarcange at redhat.com>, <jannh at google.com>, <oleg at redhat.com>, <peterx at redhat.com>, <rppt at linux.ibm.com>, <jgg at mellanox.com>, <mhocko at suse.com>
Cc: srinidhir at vmware.com, linux-kernel at vger.kernel.org, linux-mm at kvack.org, amakhalov at vmware.com, sean.hefty at intel.com, srivatsa at csail.mit.edu, srivatsab at vmware.com, devel at driverdev.osuosl.org, linux-rdma at vger.kernel.org, bvikas at vmware.com, dledford at redhat.com, akaher at vmware.com, riandrews at android.com, hal.rosenstock at gmail.com, vsirnapalli at vmware.com, leonro at mellanox.com, jglisse at redhat.com, viro at zeniv.linux.org.uk, gregkh at linuxfoundation.org, yishaih at mellanox.com, matanb at mellanox.com, stable at vger.kernel.org, arve at android.com, linux-fsdevel at vger.kernel.org, akpm at linux-foundation.org, torvalds at linux-foundation.org, mike.kravetz at oracle.com
Message-ID: <1564891168-30016-2-git-send-email-akaher at vmware.com>

From: Ajay Kaher <akaher at vmware.com>

This patch is the extension of following upstream commit to fix
the race condition between get_task_mm() and core dumping
for IB->mlx4 and IB->mlx5 drivers:

commit 04f5866e41fb ("coredump: fix race condition between
mmget_not_zero()/get_task_mm() and core dumping")'

Thanks to Jason for pointing this.

Signed-off-by: Ajay Kaher <akaher at vmware.com>
Reviewed-by: Jason Gunthorpe <jgg at mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
 drivers/infiniband/hw/mlx4/main.c |    4 +++-
 drivers/infiniband/hw/mlx5/main.c |    3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -1172,6 +1172,8 @@ static void mlx4_ib_disassociate_ucontex
 	 * mlx4_ib_vma_close().
 	 */
 	down_write(&owning_mm->mmap_sem);
+	if (!mmget_still_valid(owning_mm))
+		goto skip_mm;
 	for (i = 0; i < HW_BAR_COUNT; i++) {
 		vma = context->hw_bar_info[i].vma;
 		if (!vma)
@@ -1190,7 +1192,7 @@ static void mlx4_ib_disassociate_ucontex
 		/* context going to be destroyed, should not access ops any more */
 		context->hw_bar_info[i].vma->vm_ops = NULL;
 	}
-
+skip_mm:
 	up_write(&owning_mm->mmap_sem);
 	mmput(owning_mm);
 	put_task_struct(owning_process);
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -1307,6 +1307,8 @@ static void mlx5_ib_disassociate_ucontex
 	 * mlx5_ib_vma_close.
 	 */
 	down_write(&owning_mm->mmap_sem);
+	if (!mmget_still_valid(owning_mm))
+		goto skip_mm;
 	list_for_each_entry_safe(vma_private, n, &context->vma_private_list,
 				 list) {
 		vma = vma_private->vma;
@@ -1321,6 +1323,7 @@ static void mlx5_ib_disassociate_ucontex
 		list_del(&vma_private->list);
 		kfree(vma_private);
 	}
+skip_mm:
 	up_write(&owning_mm->mmap_sem);
 	mmput(owning_mm);
 	put_task_struct(owning_process);


Patches currently in stable-queue which might be from akaher at vmware.com are

queue-4.9/infiniband-fix-race-condition-between-infiniband-mlx4-mlx5-driver-and-core-dumping.patch
queue-4.9/coredump-fix-race-condition-between-collapse_huge_page-and-core-dumping.patch
queue-4.9/coredump-fix-race-condition-between-mmget_not_zero-get_task_mm-and-core-dumping.patch

More information about the devel mailing list