On Thu, Mar 15, 2018 at 03:48:29PM -0700, Andrew Morton wrote:
> On Thu, 15 Mar 2018 14:36:59 -0400 jglisse@xxxxxxxxxx wrote:
>
> > From: Ralph Campbell <rcampbell@xxxxxxxxxx>
> >
> > The hmm_mirror_register() function registers a callback for when
> > the CPU pagetable is modified. Normally, the device driver will
> > call hmm_mirror_unregister() when the process using the device is
> > finished. However, if the process exits uncleanly, the struct_mm
> > can be destroyed with no warning to the device driver.
>
> The changelog doesn't tell us what the runtime effects of the bug are.
> This makes it hard for me to answer the "did Jerome consider doing
> cc:stable" question.
The impact is low, they might be issue only if application is kill,
and we don't have any upstream user yet hence why i did not cc
stable.
>
> > --- a/mm/hmm.c
> > +++ b/mm/hmm.c
> > @@ -160,6 +160,23 @@ static void hmm_invalidate_range(struct hmm *hmm,
> > up_read(&hmm->mirrors_sem);
> > }
> >
> > +static void hmm_release(struct mmu_notifier *mn, struct mm_struct *mm)
> > +{
> > + struct hmm *hmm = mm->hmm;
> > + struct hmm_mirror *mirror;
> > + struct hmm_mirror *mirror_next;
> > +
> > + VM_BUG_ON(!hmm);
>
> This doesn't add much value. We'll reliably oops on the next statement
> anyway, which will provide the same info. And Linus gets all upset at
> new BUG_ON() instances.
It is true, this BUG_ON can be drop, you want me to respin ?
>
> > + down_write(&hmm->mirrors_sem);
> > + list_for_each_entry_safe(mirror, mirror_next, &hmm->mirrors, list) {
> > + list_del_init(&mirror->list);
> > + if (mirror->ops->release)
> > + mirror->ops->release(mirror);
> > + }
> > + up_write(&hmm->mirrors_sem);
> > +}
> > +
>
