From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Jason Gunthorpe <jgg@mellanox.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.14 31/46] IB/usnic: Update with bug fixes from core code
Date: Thu, 25 Oct 2018 10:10:38 -0400 [thread overview]
Message-ID: <20181025141053.213330-31-sashal@kernel.org> (raw)
In-Reply-To: <20181025141053.213330-1-sashal@kernel.org>
From: Jason Gunthorpe <jgg@mellanox.com>
[ Upstream commit 43cbd64b1fdc1da89abdad88a022d9e87a98e9c6 ]
usnic has a modified version of the core codes' ib_umem_get() and
related, and the copy misses many of the bug fixes done over the years:
Commit bc3e53f682d9 ("mm: distinguish between mlocked and pinned pages")
Commit 87773dd56d54 ("IB: ib_umem_release() should decrement mm->pinned_vm
from ib_umem_get")
Commit 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get
address arithmetic")
Commit 8abaae62f3fd ("IB/core: disallow registering 0-sized memory region")
Commit 66578b0b2f69 ("IB/core: don't disallow registering region starting
at 0x0")
Commit 53376fedb9da ("RDMA/core: not to set page dirty bit if it's already
set.")
Commit 8e907ed48827 ("IB/umem: Use the correct mm during ib_umem_release")
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/usnic/usnic_ib_verbs.c | 2 +-
drivers/infiniband/hw/usnic/usnic_uiom.c | 40 ++++++++++++++------
drivers/infiniband/hw/usnic/usnic_uiom.h | 5 ++-
3 files changed, 33 insertions(+), 14 deletions(-)
diff --git a/drivers/infiniband/hw/usnic/usnic_ib_verbs.c b/drivers/infiniband/hw/usnic/usnic_ib_verbs.c
index e4113ef09315..3c3453d213dc 100644
--- a/drivers/infiniband/hw/usnic/usnic_ib_verbs.c
+++ b/drivers/infiniband/hw/usnic/usnic_ib_verbs.c
@@ -642,7 +642,7 @@ int usnic_ib_dereg_mr(struct ib_mr *ibmr)
usnic_dbg("va 0x%lx length 0x%zx\n", mr->umem->va, mr->umem->length);
- usnic_uiom_reg_release(mr->umem, ibmr->pd->uobject->context->closing);
+ usnic_uiom_reg_release(mr->umem, ibmr->uobject->context);
kfree(mr);
return 0;
}
diff --git a/drivers/infiniband/hw/usnic/usnic_uiom.c b/drivers/infiniband/hw/usnic/usnic_uiom.c
index 4381c0a9a873..9dd39daa602b 100644
--- a/drivers/infiniband/hw/usnic/usnic_uiom.c
+++ b/drivers/infiniband/hw/usnic/usnic_uiom.c
@@ -41,6 +41,7 @@
#include <linux/workqueue.h>
#include <linux/list.h>
#include <linux/pci.h>
+#include <rdma/ib_verbs.h>
#include "usnic_log.h"
#include "usnic_uiom.h"
@@ -88,7 +89,7 @@ static void usnic_uiom_put_pages(struct list_head *chunk_list, int dirty)
for_each_sg(chunk->page_list, sg, chunk->nents, i) {
page = sg_page(sg);
pa = sg_phys(sg);
- if (dirty)
+ if (!PageDirty(page) && dirty)
set_page_dirty_lock(page);
put_page(page);
usnic_dbg("pa: %pa\n", &pa);
@@ -114,6 +115,16 @@ static int usnic_uiom_get_pages(unsigned long addr, size_t size, int writable,
dma_addr_t pa;
unsigned int gup_flags;
+ /*
+ * If the combination of the addr and size requested for this memory
+ * region causes an integer overflow, return error.
+ */
+ if (((addr + size) < addr) || PAGE_ALIGN(addr + size) < (addr + size))
+ return -EINVAL;
+
+ if (!size)
+ return -EINVAL;
+
if (!can_do_mlock())
return -EPERM;
@@ -127,7 +138,7 @@ static int usnic_uiom_get_pages(unsigned long addr, size_t size, int writable,
down_write(¤t->mm->mmap_sem);
- locked = npages + current->mm->locked_vm;
+ locked = npages + current->mm->pinned_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
if ((locked > lock_limit) && !capable(CAP_IPC_LOCK)) {
@@ -143,7 +154,7 @@ static int usnic_uiom_get_pages(unsigned long addr, size_t size, int writable,
ret = 0;
while (npages) {
- ret = get_user_pages(cur_base,
+ ret = get_user_pages_longterm(cur_base,
min_t(unsigned long, npages,
PAGE_SIZE / sizeof(struct page *)),
gup_flags, page_list, NULL);
@@ -186,7 +197,7 @@ static int usnic_uiom_get_pages(unsigned long addr, size_t size, int writable,
if (ret < 0)
usnic_uiom_put_pages(chunk_list, 0);
else
- current->mm->locked_vm = locked;
+ current->mm->pinned_vm = locked;
up_write(¤t->mm->mmap_sem);
free_page((unsigned long) page_list);
@@ -420,18 +431,22 @@ struct usnic_uiom_reg *usnic_uiom_reg_get(struct usnic_uiom_pd *pd,
return ERR_PTR(err);
}
-void usnic_uiom_reg_release(struct usnic_uiom_reg *uiomr, int closing)
+void usnic_uiom_reg_release(struct usnic_uiom_reg *uiomr,
+ struct ib_ucontext *ucontext)
{
+ struct task_struct *task;
struct mm_struct *mm;
unsigned long diff;
__usnic_uiom_reg_release(uiomr->pd, uiomr, 1);
- mm = get_task_mm(current);
- if (!mm) {
- kfree(uiomr);
- return;
- }
+ task = get_pid_task(ucontext->tgid, PIDTYPE_PID);
+ if (!task)
+ goto out;
+ mm = get_task_mm(task);
+ put_task_struct(task);
+ if (!mm)
+ goto out;
diff = PAGE_ALIGN(uiomr->length + uiomr->offset) >> PAGE_SHIFT;
@@ -443,7 +458,7 @@ void usnic_uiom_reg_release(struct usnic_uiom_reg *uiomr, int closing)
* up here and not be able to take the mmap_sem. In that case
* we defer the vm_locked accounting to the system workqueue.
*/
- if (closing) {
+ if (ucontext->closing) {
if (!down_write_trylock(&mm->mmap_sem)) {
INIT_WORK(&uiomr->work, usnic_uiom_reg_account);
uiomr->mm = mm;
@@ -455,9 +470,10 @@ void usnic_uiom_reg_release(struct usnic_uiom_reg *uiomr, int closing)
} else
down_write(&mm->mmap_sem);
- current->mm->locked_vm -= diff;
+ mm->pinned_vm -= diff;
up_write(&mm->mmap_sem);
mmput(mm);
+out:
kfree(uiomr);
}
diff --git a/drivers/infiniband/hw/usnic/usnic_uiom.h b/drivers/infiniband/hw/usnic/usnic_uiom.h
index 431efe4143f4..8c096acff123 100644
--- a/drivers/infiniband/hw/usnic/usnic_uiom.h
+++ b/drivers/infiniband/hw/usnic/usnic_uiom.h
@@ -39,6 +39,8 @@
#include "usnic_uiom_interval_tree.h"
+struct ib_ucontext;
+
#define USNIC_UIOM_READ (1)
#define USNIC_UIOM_WRITE (2)
@@ -89,7 +91,8 @@ void usnic_uiom_free_dev_list(struct device **devs);
struct usnic_uiom_reg *usnic_uiom_reg_get(struct usnic_uiom_pd *pd,
unsigned long addr, size_t size,
int access, int dmasync);
-void usnic_uiom_reg_release(struct usnic_uiom_reg *uiomr, int closing);
+void usnic_uiom_reg_release(struct usnic_uiom_reg *uiomr,
+ struct ib_ucontext *ucontext);
int usnic_uiom_init(char *drv_name);
void usnic_uiom_fini(void);
#endif /* USNIC_UIOM_H_ */
--
2.17.1
next prev parent reply other threads:[~2018-10-25 14:11 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-25 14:10 [PATCH AUTOSEL 4.14 01/46] iwlwifi: mvm: check for short GI only for OFDM Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 02/46] iwlwifi: dbg: allow wrt collection before ALIVE Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 03/46] iwlwifi: fix the ALIVE notification layout Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 04/46] x86/power: Fix some ordering bugs in __restore_processor_context() Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 05/46] tools/testing/nvdimm: unit test clear-error commands Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 06/46] usbip: vhci_hcd: update 'status' file header and format Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 07/46] scsi: aacraid: address UBSAN warning regression Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 08/46] IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 09/46] IB/rxe: put the pool on allocation failure Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 10/46] s390/qeth: fix error handling in adapter command callbacks Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 11/46] net/mlx5: Fix mlx5_get_vector_affinity function Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 12/46] powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 13/46] dm integrity: fail early if required HMAC key is not available Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 14/46] net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 15/46] net: phy: Add general dummy stubs for MMD register access Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 16/46] net/mlx5e: Refine ets validation function Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 17/46] scsi: qla2xxx: Avoid double completion of abort command Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 18/46] kbuild: set no-integrated-as before incl. arch Makefile Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 19/46] IB/mlx5: Avoid passing an invalid QP type to firmware Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 20/46] ARM: tegra: Fix ULPI regression on Tegra20 Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 21/46] l2tp: remove configurable payload offset Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 22/46] cifs: Use ULL suffix for 64-bit constant Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 23/46] test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 24/46] KVM: x86: Update the exit_qualification access bits while walking an address Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 25/46] sparc64: Fix regression in pmdp_invalidate() Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 26/46] tpm: move the delay_msec increment after sleep in tpm_transmit() Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 27/46] bpf: sockmap, map_release does not hold refcnt for pinned maps Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 28/46] tpm: tpm_crb: relinquish locality on error path Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 29/46] xen-netfront: Update features after registering netdev Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 30/46] xen-netfront: Fix mismatched rtnl_unlock Sasha Levin
2018-10-25 14:10 ` Sasha Levin [this message]
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 32/46] mmc: dw_mmc-rockchip: correct property names in debug Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 33/46] MIPS: Workaround GCC __builtin_unreachable reordering bug Sasha Levin
2018-10-25 19:52 ` Paul Burton
2018-10-26 7:36 ` Arnd Bergmann
2018-10-29 13:36 ` Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 34/46] lan78xx: Don't reset the interface on open Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 35/46] enic: do not overwrite error code Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 36/46] iio: buffer: fix the function signature to match implementation Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 37/46] selftests/powerpc: Add ptrace hw breakpoint test Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 38/46] scsi: ibmvfc: Avoid unnecessary port relogin Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 39/46] scsi: sd: Remember that READ CAPACITY(16) succeeded Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 40/46] btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 41/46] net: phy: phylink: Don't release NULL GPIO Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 42/46] x86/paravirt: Fix some warning messages Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 43/46] net: stmmac: mark PM functions as __maybe_unused Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 44/46] kconfig: fix the rule of mainmenu_stmt symbol Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 45/46] libertas: call into generic suspend code before turning off power Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 46/46] perf tests: Fix indexing when invoking subtests Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181025141053.213330-31-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=jgg@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).