[PATCH v5 01/17] powerpc/powernv/vas: Release reference to tgid during window close
Nicholas Piggin
npiggin at gmail.com
Mon Jun 14 12:11:41 AEST 2021
Excerpts from Haren Myneni's message of June 13, 2021 8:54 pm:
>
> The kernel handles the NX fault by updating CSB or sending
> signal to process. In multithread applications, children can
> open VAS windows and can exit without closing them. But the
> parent can continue to send NX requests with these windows. To
> prevent pid reuse, reference will be taken on pid and tgid
> when the window is opened and release them during window close.
>
> The current code is not releasing the tgid reference which can
> cause pid leak and this patch fixes the issue.
>
> Fixes: db1c08a740635 ("powerpc/vas: Take reference to PID and mm for user space windows")
> Cc: stable at vger.kernel.org # 5.8+
> Signed-off-by: Haren Myneni <haren at linux.ibm.com>
> Reported-by: Nicholas Piggin <npiggin at gmail.com>
Reviewed-by: Nicholas Piggin <npiggin at gmail.com>
Thanks,
Nick
> ---
> arch/powerpc/platforms/powernv/vas-window.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/arch/powerpc/platforms/powernv/vas-window.c b/arch/powerpc/platforms/powernv/vas-window.c
> index 5f5fe63a3d1c..7ba0840fc3b5 100644
> --- a/arch/powerpc/platforms/powernv/vas-window.c
> +++ b/arch/powerpc/platforms/powernv/vas-window.c
> @@ -1093,9 +1093,9 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop,
> /*
> * Process closes window during exit. In the case of
> * multithread application, the child thread can open
> - * window and can exit without closing it. Expects parent
> - * thread to use and close the window. So do not need
> - * to take pid reference for parent thread.
> + * window and can exit without closing it. so takes tgid
> + * reference until window closed to make sure tgid is not
> + * reused.
> */
> txwin->tgid = find_get_pid(task_tgid_vnr(current));
> /*
> @@ -1339,8 +1339,9 @@ int vas_win_close(struct vas_window *window)
> /* if send window, drop reference to matching receive window */
> if (window->tx_win) {
> if (window->user_win) {
> - /* Drop references to pid and mm */
> + /* Drop references to pid. tgid and mm */
> put_pid(window->pid);
> + put_pid(window->tgid);
> if (window->mm) {
> mm_context_remove_vas_window(window->mm);
> mmdrop(window->mm);
> --
> 2.18.2
>
>
>
More information about the Linuxppc-dev
mailing list