Excerpts from Haren Myneni's message of June 13, 2021 8:54 pm: > > The kernel handles the NX fault by updating CSB or sending > signal to process. In multithread applications, children can > open VAS windows and can exit without closing them. But the > parent can continue to send NX requests with these windows. To > prevent pid reuse, reference will be taken on pid and tgid > when the window is opened and release them during window close. > > The current code is not releasing the tgid reference which can > cause pid leak and this patch fixes the issue. > > Fixes: db1c08a740635 ("powerpc/vas: Take reference to PID and mm for user space windows") > Cc: stable@xxxxxxxxxxxxxxx # 5.8+ > Signed-off-by: Haren Myneni <haren@xxxxxxxxxxxxx> > Reported-by: Nicholas Piggin <npiggin@xxxxxxxxx> Reviewed-by: Nicholas Piggin <npiggin@xxxxxxxxx> Thanks, Nick > --- > arch/powerpc/platforms/powernv/vas-window.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/arch/powerpc/platforms/powernv/vas-window.c b/arch/powerpc/platforms/powernv/vas-window.c > index 5f5fe63a3d1c..7ba0840fc3b5 100644 > --- a/arch/powerpc/platforms/powernv/vas-window.c > +++ b/arch/powerpc/platforms/powernv/vas-window.c > @@ -1093,9 +1093,9 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop, > /* > * Process closes window during exit. In the case of > * multithread application, the child thread can open > - * window and can exit without closing it. Expects parent > - * thread to use and close the window. So do not need > - * to take pid reference for parent thread. > + * window and can exit without closing it. so takes tgid > + * reference until window closed to make sure tgid is not > + * reused. > */ > txwin->tgid = find_get_pid(task_tgid_vnr(current)); > /* > @@ -1339,8 +1339,9 @@ int vas_win_close(struct vas_window *window) > /* if send window, drop reference to matching receive window */ > if (window->tx_win) { > if (window->user_win) { > - /* Drop references to pid and mm */ > + /* Drop references to pid. tgid and mm */ > put_pid(window->pid); > + put_pid(window->tgid); > if (window->mm) { > mm_context_remove_vas_window(window->mm); > mmdrop(window->mm); > -- > 2.18.2 > > >