linux/drivers/misc
Frederic Barrat ad7b4e8022 cxl: Fix possible deadlock when processing page faults from cxllib
cxllib_handle_fault() is called by an external driver when it needs to
have the host resolve page faults for a buffer. The buffer can cover
several pages and VMAs. The function iterates over all the pages used
by the buffer, based on the page size of the VMA.

To ensure some stability while processing the faults, the thread T1
grabs the mm->mmap_sem semaphore with read access (R1). However, when
processing a page fault for a single page, one of the underlying
functions, copro_handle_mm_fault(), also grabs the same semaphore with
read access (R2). So the thread T1 takes the semaphore twice.

If another thread T2 tries to access the semaphore in write mode W1
(say, because it wants to allocate memory and calls 'brk'), then that
thread T2 will have to wait because there's a reader (R1). If the
thread T1 is processing a new page at that time, it won't get an
automatic grant at R2, because there's now a writer thread
waiting (T2). And we have a deadlock.

The timeline is:
1. thread T1 owns the semaphore with read access R1
2. thread T2 requests write access W1 and waits
3. thread T1 requests read access R2 and waits

The fix is for the thread T1 to release the semaphore R1 once it got
the information it needs from the current VMA. The address space/VMAs
could evolve while T1 iterates over the full buffer, but in the
unlikely case where T1 misses a page, the external driver will raise a
new page fault when retrying the memory access.

Fixes: 3ced8d7300 ("cxl: Export library to support IBM XSL")
Cc: stable@vger.kernel.org # 4.13+
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2018-04-04 22:09:33 +10:00
..
altera-stapl misc: altera-stapl: drop Kconfig comment 2017-10-04 10:43:08 +02:00
c2port kmemcheck: remove annotations 2017-11-15 18:21:04 -08:00
cardreader - New Drivers 2018-01-29 10:59:24 -08:00
cb710
cxl cxl: Fix possible deadlock when processing page faults from cxllib 2018-04-04 22:09:33 +10:00
echo
eeprom Merge branch 'i2c/for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-02-04 10:57:43 -08:00
genwqe genwqe: Remove unused parameter in some functions 2017-12-19 10:54:44 +01:00
ibmasm Merge branch 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2017-11-15 10:14:11 -08:00
lis3lv02d vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mei mei: me: add cannon point device ids for 4th device 2018-02-20 08:58:42 +01:00
mic vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ocxl ocxl: Add get_metadata IOCTL to share OCXL information to userspace 2018-03-02 13:02:14 +11:00
sgi-gru mm, mmu_notifier: annotate mmu notifiers with blockable invalidate callbacks 2018-01-31 17:18:38 -08:00
sgi-xp Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
ti-st misc: ti-st: constify attribute_group structures. 2017-08-28 16:55:48 +02:00
vmw_vmci vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ad525x_dpot-i2c.c misc: ad525x_dpot: Remove unnecessary MODULE_ALIAS() 2015-09-20 19:33:29 -07:00
ad525x_dpot-spi.c spi: Drop owner assignment from spi_drivers 2015-10-28 10:30:17 +09:00
ad525x_dpot.c misc: ad525x_dpot: macros should not use a trailing semicolon 2017-12-18 16:02:26 +01:00
ad525x_dpot.h misc: ad525x_dpot: Unnecessary space before function pointer arguments 2017-12-18 15:59:17 +01:00
apds990x.c misc: apds990x: Missing a blank line after declarations. 2017-12-18 16:02:26 +01:00
apds9802als.c misc: apds9802als: constify i2c_device_id 2017-08-28 16:55:49 +02:00
aspeed-lpc-ctrl.c drivers/misc: aspeed-lpc-ctrl: fix printk format warning again 2017-04-08 17:37:20 +02:00
aspeed-lpc-snoop.c drivers/misc: (aspeed-lpc-snoop): Add ast2400 to compat 2017-07-17 17:23:16 +02:00
atmel_tclib.c misc: atmel_tclib: get and use slow clock 2015-10-06 12:33:14 +02:00
atmel-ssc.c misc: atmel-ssc: register as sound DAI if #sound-dai-cells is present 2016-12-15 12:13:31 +00:00
bh1770glc.c misc: bh1770glc: constify attribute_group structures. 2017-08-28 16:55:48 +02:00
cs5535-mfgpt.c
ds1682.c misc: ds1682: Ignore update-in-progress ETC reads 2018-01-09 17:03:57 +01:00
dummy-irq.c Annotate hardware config module parameters in drivers/misc/ 2017-04-20 12:02:32 +01:00
enclosure.c misc: enclosure: Remove unnecessary error check 2017-12-07 18:45:31 +01:00
fsa9480.c misc: fsa9480: Add blank line after declarations. 2018-01-09 17:03:57 +01:00
hmc6352.c misc: hmc6352: constify i2c_device_id 2017-08-28 16:55:49 +02:00
hpilo.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hpilo.h misc: hpilo: Use SPDX-License-Identifier 2017-12-07 18:45:31 +01:00
ics932s401.c misc: ics932s401: open brace should be on the previous line 2017-12-18 16:00:57 +01:00
ioc4.c misc: ioc4: constify pci_device_id. 2017-08-28 16:55:48 +02:00
isl29003.c misc: isl29003: Missing a blank line after declarations 2017-12-07 18:45:31 +01:00
isl29020.c misc: isl29020: constify i2c_device_id 2017-08-28 16:55:49 +02:00
Kconfig powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
kgdbts.c treewide: Fix function prototypes for module_param_call() 2017-10-31 15:30:37 +01:00
lattice-ecp3-config.c spi: Drop owner assignment from spi_drivers 2015-10-28 10:30:17 +09:00
lkdtm_bugs.c lkdtm: include WARN format string 2017-11-17 16:10:01 -08:00
lkdtm_core.c Currently, hardened usercopy performs dynamic bounds checking on slab 2018-02-03 16:25:42 -08:00
lkdtm_heap.c lkdtm: Missing kmalloc check 2017-11-28 16:33:03 +01:00
lkdtm_perms.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
lkdtm_refcount.c lkdtm: fix spelling mistake: "incremeted" -> "incremented" 2017-08-28 17:47:11 +02:00
lkdtm_rodata.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
lkdtm_usercopy.c lkdtm: Update usercopy tests for whitelisting 2018-01-15 12:08:09 -08:00
lkdtm.h lkdtm: Update usercopy tests for whitelisting 2018-01-15 12:08:09 -08:00
Makefile powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
pch_phub.c MISC: add const to bin_attribute structures 2017-08-28 16:55:48 +02:00
pci_endpoint_test.c misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi() 2017-10-31 15:33:46 -05:00
phantom.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pti.c drivers/misc/intel/pti: Rename the header file to free up the namespace 2017-12-17 12:52:34 +01:00
qcom-coincell.c ARM: qcom: silence an uninitialized variable warning 2016-05-01 14:20:04 -07:00
spear13xx_pcie_gadget.c spear13xx_pcie_gadget: use per-attribute show and store methods 2015-10-13 22:17:40 -07:00
sram-exec.c misc: sram-exec: Use aligned fncpy instead of memcpy 2017-05-18 17:37:52 +02:00
sram.c misc: Convert to using %pOF instead of full_name 2017-08-28 16:55:49 +02:00
sram.h misc: sram: Integrate protect-exec reserved sram area type 2017-01-25 11:48:03 +01:00
tifm_7xx1.c misc: tifm: constify pci_device_id. 2017-08-28 16:55:48 +02:00
tifm_core.c
tsl2550.c misc: tsl2550: Add OF device ID table 2017-04-08 18:22:59 +02:00
vexpress-syscfg.c misc: vexpress: Use PTR_ERR_OR_ZERO() 2017-12-07 18:45:31 +01:00
vmw_balloon.c x86/virt: Add enum for hypervisors to replace x86_hyper 2017-11-10 10:03:12 +01:00