linux/drivers
Frederic Barrat ad7b4e8022 cxl: Fix possible deadlock when processing page faults from cxllib
cxllib_handle_fault() is called by an external driver when it needs to
have the host resolve page faults for a buffer. The buffer can cover
several pages and VMAs. The function iterates over all the pages used
by the buffer, based on the page size of the VMA.

To ensure some stability while processing the faults, the thread T1
grabs the mm->mmap_sem semaphore with read access (R1). However, when
processing a page fault for a single page, one of the underlying
functions, copro_handle_mm_fault(), also grabs the same semaphore with
read access (R2). So the thread T1 takes the semaphore twice.

If another thread T2 tries to access the semaphore in write mode W1
(say, because it wants to allocate memory and calls 'brk'), then that
thread T2 will have to wait because there's a reader (R1). If the
thread T1 is processing a new page at that time, it won't get an
automatic grant at R2, because there's now a writer thread
waiting (T2). And we have a deadlock.

The timeline is:
1. thread T1 owns the semaphore with read access R1
2. thread T2 requests write access W1 and waits
3. thread T1 requests read access R2 and waits

The fix is for the thread T1 to release the semaphore R1 once it got
the information it needs from the current VMA. The address space/VMAs
could evolve while T1 iterates over the full buffer, but in the
unlikely case where T1 misses a page, the external driver will raise a
new page fault when retrying the memory access.

Fixes: 3ced8d7300 ("cxl: Export library to support IBM XSL")
Cc: stable@vger.kernel.org # 4.13+
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2018-04-04 22:09:33 +10:00
..
accessibility
acpi Merge branches 'acpi-ec', 'acpi-tables' and 'acpi-doc' 2018-02-15 12:02:42 +01:00
amba
android ANDROID: binder: synchronize_rcu() when using POLLFREE. 2018-02-16 11:16:38 +01:00
ata pci-v4.16-changes 2018-02-06 09:59:40 -08:00
atm atm: he: use 64-bit arithmetic instead of 32-bit 2018-02-08 15:05:16 -05:00
auxdisplay
base ACPI updates for v4.16-rc2 2018-02-15 14:50:32 -08:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-19 22:59:33 -05:00
block block: fix a typo 2018-03-01 08:41:27 -07:00
bluetooth vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
bus bus: ti-sysc: Fix checking of no-reset-on-init quirk 2018-02-15 09:18:55 -08:00
cdrom
char tpm: fix potential buffer overruns caused by bit glitches on the bus 2018-02-26 15:43:46 -08:00
clk MIPS changes for 4.16 2018-02-07 11:22:44 -08:00
clocksource clocksource/drivers/arc_timer: Update some comments 2018-02-28 13:55:14 +01:00
connector
cpufreq Merge branch 'cpufreq-scpi' 2018-03-02 10:44:44 +01:00
cpuidle powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
crypto s390: 2018-02-26 09:28:35 -08:00
dax dax: ->direct_access does not sleep anymore 2018-02-26 12:32:29 -08:00
dca
devfreq
dio
dma Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-02-02 09:50:51 -08:00
dma-buf vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
edac EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL 2018-02-23 12:05:37 +01:00
eisa EISA: Delete error message for a failed memory allocation in eisa_probe() 2018-01-23 09:04:10 +01:00
extcon extcon: int3496: process id-pin first so that we start with the right status 2018-02-14 06:37:33 +09:00
firewire vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
firmware 2nd set of arm64 updates for 4.16: 2018-02-08 10:44:25 -08:00
fmc
fpga
fsi
gpio gpio: Handle deferred probing in of_find_gpio() properly 2018-02-27 09:48:07 +01:00
gpu Merge branch 'drm-fixes-4.16' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 2018-03-01 14:03:14 +10:00
hid usb: ldusb: add PIDs for new CASSY devices supported by this driver 2018-02-15 18:44:03 +01:00
hsi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hv vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hwmon Fix bad temperature display on Ryzen/Threadripper 2018-02-15 14:31:28 -08:00
hwspinlock
hwtracing Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
i2c i2c: octeon: Prevent error message on bus error 2018-03-02 11:11:15 +01:00
ide genhd: Rename get_disk() to get_disk_and_module() 2018-02-26 09:48:42 -07:00
idle
iio First round of IIO fixes for the 4.16 cycle. 2018-02-20 10:03:22 +01:00
infiniband RDMA/uverbs: Fix kernel panic while using XRC_TGT QP type 2018-02-21 13:52:19 -05:00
input vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
iommu treewide/trivial: Remove ';;$' typo noise 2018-02-22 10:59:33 +01:00
ipack
irqchip irqchip/bcm: Remove hashed address printing 2018-02-16 14:22:16 +00:00
isdn vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
leds vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
lightnvm
macintosh drivers: macintosh: rack-meter: really fix bogus memsets 2018-03-31 00:10:35 +11:00
mailbox vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mcb
md for-linus-20180302 2018-03-02 09:35:36 -08:00
media media: vb2: Makefile: place vb2-trace together with vb2-core 2018-02-26 11:39:04 -05:00
memory memory: brcmstb: dpfe: support new way of passing data from the DCPU 2018-02-23 10:56:59 -08:00
memstick
message scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() 2018-01-30 21:32:06 -05:00
mfd vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
misc cxl: Fix possible deadlock when processing page faults from cxllib 2018-04-04 22:09:33 +10:00
mmc mmc: core: Avoid hanging to claim host for mmc via some nested calls 2018-02-27 15:12:37 +01:00
mtd mtd: nand: MTD_NAND_MARVELL should depend on HAS_DMA 2018-02-12 10:57:20 +01:00
mux Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
net xen: fixes for v4.16-rc4 2018-03-02 10:19:57 -08:00
nfc
ntb NTB: ntb_perf: fix cast to restricted __le32 2018-01-28 22:17:24 -05:00
nubus
nvdimm libnvdimm: re-enable deep flush for pmem devices via fsync() 2018-03-02 19:31:40 -08:00
nvme Merge branch 'for-jens' of git://git.infradead.org/nvme into for-linus 2018-02-28 12:18:58 -07:00
nvmem
of device property: Constify device_get_match_data() 2018-02-12 10:41:11 +01:00
opp opp: cpu: Replace GFP_ATOMIC with GFP_KERNEL in dev_pm_opp_init_cpufreq_table 2018-02-12 15:07:46 +05:30
oprofile
parisc
parport
pci PCI/hotplug: ppc: correct a php_slot usage after free 2018-03-13 15:50:32 +11:00
pcmcia Merge branch 'pcmcia' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia 2018-02-08 11:48:49 -08:00
perf arm_pmu: acpi: request IRQs up-front 2018-02-20 11:34:54 +00:00
phy USB/PHY updates for 4.16-rc1 2018-02-01 09:40:49 -08:00
pinctrl pinctrl: meson-axg: adjust uart_ao_b pin group naming 2018-02-12 10:47:36 +01:00
platform platform/x86: wmi: Fix misuse of vsprintf extension %pULL 2018-03-01 10:01:39 -08:00
pnp
power power supply and reset changes for the v4.16 series 2018-01-31 12:55:31 -08:00
powercap
pps vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ps3
ptp vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pwm
rapidio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ras mm/memory_failure: Remove unused trapno from memory_failure 2018-01-23 12:17:42 -06:00
regulator regulator: Fix suspend to idle 2018-01-30 12:25:59 +00:00
remoteproc remoteproc updates for v4.16 2018-02-05 10:07:40 -08:00
reset
rpmsg vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
rtc vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
s390 virtio: bugfixes 2018-02-15 14:29:27 -08:00
sbus pci-v4.16-changes 2018-02-06 09:59:40 -08:00
scsi SCSI fixes on 20180222 2018-02-23 14:09:43 -08:00
sfi
sh cpufreq: Add and use cpufreq_for_each_{valid_,}entry_idx() 2018-02-08 10:21:39 +01:00
siox
slimbus
sn
soc ARM: SoC fixes for 4.16 2018-02-28 16:11:04 -08:00
soundwire soundwire: Fix a signedness bug 2018-01-22 16:45:26 +01:00
spi Merge remote-tracking branch 'spi/topic/xilinx' into spi-next 2018-01-26 17:57:34 +00:00
spmi
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git 2018-02-01 10:37:39 +02:00
staging Staging/IIO fixes for 4.16-rc2 2018-02-22 12:05:43 -08:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2018-02-09 14:49:46 -08:00
tc
tee
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2018-02-06 15:04:58 -08:00
thunderbolt
tty vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
uio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
usb USB fixes for 4.16-rc3 2018-02-22 12:13:01 -08:00
uwb
vfio vfio: disable filesystem-dax page pinning 2018-03-02 18:00:04 -08:00
vhost vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
video Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-02-14 17:02:15 -08:00
virt vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
virtio virtio_pci: don't kfree device on register failure 2018-02-01 16:26:45 +02:00
visorbus
vlynq
vme
w1 Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
watchdog watchdog: sp5100_tco.c: fix potential build failure 2018-02-19 17:44:05 +01:00
xen xen: fixes for v4.16-rc4 2018-03-02 10:19:57 -08:00
zorro
Kconfig Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
Makefile pci-v4.16-changes 2018-02-06 09:59:40 -08:00