mm/hmm: Remove confusing comment and logic from hmm_release - linux-dev - Linux kernel development work

diff options

author	Jason Gunthorpe <jgg@mellanox.com>	2019-05-24 12:14:08 -0300
committer	Jason Gunthorpe <jgg@mellanox.com>	2019-06-24 17:38:18 -0300
commit	14331726a3c47bb1649dab155a84610f509d414e (patch)
tree	9dc1a6341e79bdaf3c3ac93bd6fa23ac8c316eae /include/linux
parent	mm/hmm: Poison hmm_range during unregister (diff)
download	linux-dev-14331726a3c47bb1649dab155a84610f509d414e.tar.xz linux-dev-14331726a3c47bb1649dab155a84610f509d414e.zip

mm/hmm: Remove confusing comment and logic from hmm_release

hmm_release() is called exactly once per hmm. ops->release() cannot accidentally trigger any action that would recurse back onto hmm->mirrors_sem. This fixes a use after-free race of the form: CPU0 CPU1 hmm_release() up_write(&hmm->mirrors_sem); hmm_mirror_unregister(mirror) down_write(&hmm->mirrors_sem); up_write(&hmm->mirrors_sem); kfree(mirror) mirror->ops->release(mirror) The only user we have today for ops->release is an empty function, so this is unambiguously safe. As a consequence of plugging this race drivers are not allowed to register/unregister mirrors from within a release op. Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Tested-by: Philip Yang <Philip.Yang@amd.com>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: