Patch "IB/mlx4: Take write semaphore when changing the vma struct" has been added to the 4.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 22 Mar 2018 15:01:33 +0100

This is a note to let you know that I've just added the patch titled

    IB/mlx4: Take write semaphore when changing the vma struct

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ib-mlx4-take-write-semaphore-when-changing-the-vma-struct.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Thu Mar 22 14:57:32 CET 2018
From: Maor Gottlieb <maorg@xxxxxxxxxxxx>
Date: Wed, 29 Mar 2017 06:03:00 +0300
Subject: IB/mlx4: Take write semaphore when changing the vma struct

From: Maor Gottlieb <maorg@xxxxxxxxxxxx>


[ Upstream commit 22c3653d04bd0c67b75e99d85e0c0bdf83947df5 ]

When the driver disassociate user context, it changes the vma to
anonymous by setting the vm_ops to null and zap the vma ptes.

In order to avoid race in the kernel, we need to take write lock
before we change the vma entries.

Fixes: ae184ddeca5db ('IB/mlx4_ib: Disassociate support')
Signed-off-by: Maor Gottlieb <maorg@xxxxxxxxxxxx>
Signed-off-by: Leon Romanovsky <leon@xxxxxxxxxx>
Signed-off-by: Doug Ledford <dledford@xxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/infiniband/hw/mlx4/main.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -1041,7 +1041,7 @@ static void mlx4_ib_disassociate_ucontex
 	/* need to protect from a race on closing the vma as part of
 	 * mlx4_ib_vma_close().
 	 */
-	down_read(&owning_mm->mmap_sem);
+	down_write(&owning_mm->mmap_sem);
 	for (i = 0; i < HW_BAR_COUNT; i++) {
 		vma = context->hw_bar_info[i].vma;
 		if (!vma)
@@ -1059,7 +1059,7 @@ static void mlx4_ib_disassociate_ucontex
 		context->hw_bar_info[i].vma->vm_ops = NULL;
 	}
 
-	up_read(&owning_mm->mmap_sem);
+	up_write(&owning_mm->mmap_sem);
 	mmput(owning_mm);
 	put_task_struct(owning_process);
 }


Patches currently in stable-queue which might be from maorg@xxxxxxxxxxxx are

queue-4.4/ib-mlx4-change-vma-from-shared-to-private.patch
queue-4.4/ib-mlx4-take-write-semaphore-when-changing-the-vma-struct.patch






