All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] cxl: Fix leaking pid refs in some error paths
@ 2016-10-21  5:46 Vaibhav Jain
  2016-10-21  6:19 ` Andrew Donnellan
  0 siblings, 1 reply; 2+ messages in thread
From: Vaibhav Jain @ 2016-10-21  5:46 UTC (permalink / raw)
  To: Frederic Barrat, linuxppc-dev
  Cc: Vaibhav Jain, Ian Munsie, Andrew Donnellan, Christophe Lombard,
	Philippe Bergheaud, gkurz

In some error paths in functions cxl_start_context and
afu_ioctl_start_work pid references to the current & group-leader tasks
can leak after they are taken. This patch fixes these error paths to
release these pid references before exiting the error path.

This patch is based on earlier patch "cxl: Prevent adapter reset
if an active context exists" at
https://patchwork.ozlabs.org/patch/682187/

Fixes: 7b8ad495("cxl: Fix DSI misses when the context owning task exits")
Reported-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
---
 drivers/misc/cxl/api.c  |  2 ++
 drivers/misc/cxl/file.c | 22 +++++++++++++---------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/drivers/misc/cxl/api.c b/drivers/misc/cxl/api.c
index af23d7d..2e5233b 100644
--- a/drivers/misc/cxl/api.c
+++ b/drivers/misc/cxl/api.c
@@ -247,7 +247,9 @@ int cxl_start_context(struct cxl_context *ctx, u64 wed,
 	cxl_ctx_get();
 
 	if ((rc = cxl_ops->attach_process(ctx, kernel, wed, 0))) {
+		put_pid(ctx->glpid);
 		put_pid(ctx->pid);
+		ctx->glpid = ctx->pid = NULL;
 		cxl_adapter_context_put(ctx->afu->adapter);
 		cxl_ctx_put();
 		goto out;
diff --git a/drivers/misc/cxl/file.c b/drivers/misc/cxl/file.c
index d0b421f..77080cc 100644
--- a/drivers/misc/cxl/file.c
+++ b/drivers/misc/cxl/file.c
@@ -194,6 +194,16 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
 	ctx->mmio_err_ff = !!(work.flags & CXL_START_WORK_ERR_FF);
 
 	/*
+	 * Increment the mapped context count for adapter. This also checks
+	 * if adapter_context_lock is taken.
+	 */
+	rc = cxl_adapter_context_get(ctx->afu->adapter);
+	if (rc) {
+		afu_release_irqs(ctx, ctx);
+		goto out;
+	}
+
+	/*
 	 * We grab the PID here and not in the file open to allow for the case
 	 * where a process (master, some daemon, etc) has opened the chardev on
 	 * behalf of another process, so the AFU's mm gets bound to the process
@@ -205,15 +215,6 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
 	ctx->pid = get_task_pid(current, PIDTYPE_PID);
 	ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID);
 
-	/*
-	 * Increment the mapped context count for adapter. This also checks
-	 * if adapter_context_lock is taken.
-	 */
-	rc = cxl_adapter_context_get(ctx->afu->adapter);
-	if (rc) {
-		afu_release_irqs(ctx, ctx);
-		goto out;
-	}
 
 	trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr);
 
@@ -221,6 +222,9 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
 							amr))) {
 		afu_release_irqs(ctx, ctx);
 		cxl_adapter_context_put(ctx->afu->adapter);
+		put_pid(ctx->glpid);
+		put_pid(ctx->pid);
+		ctx->glpid = ctx->pid = NULL;
 		goto out;
 	}
 
-- 
2.7.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] cxl: Fix leaking pid refs in some error paths
  2016-10-21  5:46 [PATCH] cxl: Fix leaking pid refs in some error paths Vaibhav Jain
@ 2016-10-21  6:19 ` Andrew Donnellan
  0 siblings, 0 replies; 2+ messages in thread
From: Andrew Donnellan @ 2016-10-21  6:19 UTC (permalink / raw)
  To: Vaibhav Jain, Frederic Barrat, linuxppc-dev
  Cc: Ian Munsie, Christophe Lombard, Philippe Bergheaud, gkurz

On 21/10/16 16:46, Vaibhav Jain wrote:
> In some error paths in functions cxl_start_context and
> afu_ioctl_start_work pid references to the current & group-leader tasks
> can leak after they are taken. This patch fixes these error paths to
> release these pid references before exiting the error path.
>
> This patch is based on earlier patch "cxl: Prevent adapter reset
> if an active context exists" at
> https://patchwork.ozlabs.org/patch/682187/

Put this paragraph under the ---.

>
> Fixes: 7b8ad495("cxl: Fix DSI misses when the context owning task exits")
> Reported-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
> Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>

Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>

> ---
>  drivers/misc/cxl/api.c  |  2 ++
>  drivers/misc/cxl/file.c | 22 +++++++++++++---------
>  2 files changed, 15 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/misc/cxl/api.c b/drivers/misc/cxl/api.c
> index af23d7d..2e5233b 100644
> --- a/drivers/misc/cxl/api.c
> +++ b/drivers/misc/cxl/api.c
> @@ -247,7 +247,9 @@ int cxl_start_context(struct cxl_context *ctx, u64 wed,
>  	cxl_ctx_get();
>
>  	if ((rc = cxl_ops->attach_process(ctx, kernel, wed, 0))) {
> +		put_pid(ctx->glpid);
>  		put_pid(ctx->pid);
> +		ctx->glpid = ctx->pid = NULL;

This is only needed if task != NULL, but I think it should be okay as 
long as ctx->[gl]pid is already NULL in that situation (which I haven't 
checked but I think that's the case).

-- 
Andrew Donnellan              OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com  IBM Australia Limited

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-10-21  6:19 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-21  5:46 [PATCH] cxl: Fix leaking pid refs in some error paths Vaibhav Jain
2016-10-21  6:19 ` Andrew Donnellan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.