• Dean Luick's avatar
    IB/hfi1: Consistently call ops->remove outside spinlock · b85ced91
    Dean Luick authored
    The ops->remove() callback was called by hfi1_mmu_unregister() with a
    NULL mm argument while holding a spinlock.  In the case of sdma_rb_remove()
    this caused it to pass current->mm to hfi1_release_user_pages()
    
    This had 2 problems.  First this would attempt to acquire the mmap_sem
    under a spin lock.  Second the use of current->mm is not always guaranteed
    to be the proper mm when the fd is being closed.
    
    Rather than depend on this implicit behavior we move all calls to
    ops->remove outside of the spinlock.  This also allows the correct
    mm to be used in the remove callback without fear of deadlock.
    
    Because the MMU notifier is not guaranteed to hold mm->mmap_sem, but
    usually does, we must delay all remove callbacks until out of the notifier,
    when the callbacks can take the mmap_sem if they need to.
    
    Code comments were added to clarify what the expectations are for the
    users of the mmu rb tree.
    Suggested-by: default avatarJim Foraker <foraker1@llnl.gov>
    Reviewed-by: default avatarIra Weiny <ira.weiny@intel.com>
    Signed-off-by: default avatarDean Luick <dean.luick@intel.com>
    Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
    b85ced91
mmu_rb.c 10.7 KB