From patchwork Thu Oct 18 15:41:01 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoph Hellwig <hch@lst.de>
X-Patchwork-Id: 10647557
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8041D1057
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 18 Oct 2018 15:41:12 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7265628FB7
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 18 Oct 2018 15:41:12 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 698BC29040; Thu, 18 Oct 2018 15:41:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=2.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B09DE28E9D
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 18 Oct 2018 15:41:11 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B59CE6B0010; Thu, 18 Oct 2018 11:41:10 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B06E16B0266; Thu, 18 Oct 2018 11:41:10 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 9F6616B0269; Thu, 18 Oct 2018 11:41:10 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com
 [209.85.214.197])
	by kanga.kvack.org (Postfix) with ESMTP id 5F5196B0010
	for <linux-mm@kvack.org>; Thu, 18 Oct 2018 11:41:10 -0400 (EDT)
Received: by mail-pl1-f197.google.com with SMTP id d63-v6so23282573pld.18
        for <linux-mm@kvack.org>; Thu, 18 Oct 2018 08:41:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:dkim-signature:from:to:cc:subject:date
         :message-id:mime-version:content-transfer-encoding;
        bh=iHkkl+cL3VDpvUaVFp4zartRJI9ljpRA2EZaEhLXPJs=;
        b=uRdCgew/9pDl1zU9vrnOb/ZS+HcjSbqswj/ezki4d9knpP3ArVE4XZWbomoRPbyERC
         0Ekw/R4hkt6kbW/pYTnHoxieY2F7oM8p7NpRhERmVVn13W3OjpNDBspUr0WzSkFCdlVD
         yw3Muo6r1fXWJbtR8WWC8J0G7XB6HZJrXlEg9NyhHlqWja+J49XCsQfD9OWffl+HaISM
         RoHznzZdlNSgTc6qSBAQk2MKoCoB4zoNQiOEePXKGS1svXHoiI+2xP3XaJj92sdvLUIy
         qB9hRkw1MZVUB0rAGA9gQyfyfHRLiwmP3nUTQhhS0YnrpBvJZbOA95tsW3oqmMMz67QL
         Fs2A==
X-Gm-Message-State: ABuFfojl9RncZdi/5MrgbM4dl/C+MbtgJm1Jf7/lh8YbuwfwOgwREPKD
	g0DhWTDdfKgst6Ts19apTWyvUdrogG/ePR8g6M2hsNyMfU1LDXElewBFjaMj9GiXDOqXZwdTtUB
	y/o58KSBAYDq2nlCSRhOGgws8vr7EodErwSWx0CrYyNO7CSwwzxytRmt+L6Z3iUM=
X-Received: by 2002:a63:b08:: with SMTP id
 8-v6mr28666782pgl.130.1539877270055;
        Thu, 18 Oct 2018 08:41:10 -0700 (PDT)
X-Google-Smtp-Source: 
 ACcGV639aYU422Kh/D7gRZvz93SxHfl456qdBGt9TMBjGn3qqtNZKr5pZaO0d90ZzzAMQgOHCeZu
X-Received: by 2002:a63:b08:: with SMTP id
 8-v6mr28666743pgl.130.1539877269356;
        Thu, 18 Oct 2018 08:41:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539877269; cv=none;
        d=google.com; s=arc-20160816;
        b=qf1toh/IRHB/CbJ5NpwcpPQrifA9bTa/1DDnnWRoQW7baBzyCdd9/EWPhYfChNKR9x
         b2DIHwZIW9ugsjIp2+y5hIlYA5Jh3ISsLhEueuBKlYjy6gxPwLgzHpGaxh5HSw7iBGUd
         bkd6QsdEZ+dpMPHpZPllbopXrO/+EdC6U3c3ua1KFkenzaPg7Gr7MrKUIbdkzQag8DT5
         lukxIgX5fkkMJoVeC/UfJybJkRRT6kK3yKVUjGe9/cky715eYe43PxSdGbVL9vuYvbBa
         uTNhsLe9Ky5pi+AyZnDDkwRswBiJeyGaCjUzvtKV+z1MuiT/WkeBuntb7stlRqOWZKvW
         sJ7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:dkim-signature;
        bh=iHkkl+cL3VDpvUaVFp4zartRJI9ljpRA2EZaEhLXPJs=;
        b=n2H1EFF7t/L9tN9N2JAqKnTLz05+wQdgj9Z6/EAFABzAMriWWW6lm+oUjeGWuNjU3X
         vKVYWFVVaTnWpKgJRqhAFjg5MWtGbXOusu4eboZCTDZd2Qyh+tDU+STZxpugbj5ke60k
         sMkmRiprji8RjHqX+s/8lVspCci2klvaTdYXEWX1Kkh7/JwM4KxLo7fM25upoGYtzeEM
         GzvurSTajPYol1And2zGOPnu81tEhu903kSfMEuQKl54G+t0Q7UJqgIdTGHf5FZ5VSYm
         VdP2YPxM9pLvS7MtC8ED7OH3CQvPxwbRbxGzjnzYM9cRIOOJxRjOEv6Myq6eHoxlx/fD
         5YPw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@infradead.org header.s=bombadil.20170209
 header.b=o5VwrL7n;
       spf=pass (google.com: best guess record for domain of
 batv+8bbc4aa54a9b92872f27+5534+infradead.org+hch@bombadil.srs.infradead.org
 designates 2607:7c80:54:e::133 as permitted sender)
 smtp.mailfrom=BATV+8bbc4aa54a9b92872f27+5534+infradead.org+hch@bombadil.srs.infradead.org
Received: from bombadil.infradead.org (bombadil.infradead.org.
 [2607:7c80:54:e::133])
        by mx.google.com with ESMTPS id
 29-v6si21598951pgl.104.2018.10.18.08.41.09
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 18 Oct 2018 08:41:09 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 batv+8bbc4aa54a9b92872f27+5534+infradead.org+hch@bombadil.srs.infradead.org
 designates 2607:7c80:54:e::133 as permitted sender)
 client-ip=2607:7c80:54:e::133;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@infradead.org header.s=bombadil.20170209
 header.b=o5VwrL7n;
       spf=pass (google.com: best guess record for domain of
 batv+8bbc4aa54a9b92872f27+5534+infradead.org+hch@bombadil.srs.infradead.org
 designates 2607:7c80:54:e::133 as permitted sender)
 smtp.mailfrom=BATV+8bbc4aa54a9b92872f27+5534+infradead.org+hch@bombadil.srs.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding:
	MIME-Version:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	 bh=iHkkl+cL3VDpvUaVFp4zartRJI9ljpRA2EZaEhLXPJs=; b=o5VwrL7ns+/bGCEQtBNsKxOc9
	bQrm0mGt+FKvA9BgJedwSl2gUSwqcYBC2/7tljhYBFJge20GAIN70uyjNuxVujjExo0yrEd9DYXNt
	hIVoMymTp/Wz3v8kI4m0ZrqPfGsDb3jYE6SUORD4IymrGC2+IAjryGgFSxQol8yxmECD7rcrYzXBv
	7tg4ttQF8Mn4fz0jlVqZC1SpbVMhGnsuxloBP9/ptmEC5N+WrxlgOEbJ7ppy9e4a/GMRSU9iJryZU
	WzFjJ91LMELsPMjMJRFFxKnmlm22/I1d02kgRYTu/XlAa+K2cuYKlfbUoxNKFG2uopzuxCdYEHl3c
	v9FIU8jcg==;
Received: from 089144199123.atnat0008.highway.a1.net ([89.144.199.123]
 helo=localhost)
	by bombadil.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux))
	id 1gDAQ3-0006oG-Fa; Thu, 18 Oct 2018 15:41:03 +0000
From: Christoph Hellwig <hch@lst.de>
To: akpm@linux-foundation.org
Cc: linux-mm@kvack.org
Subject: [PATCH] userfaultfd: disable irqs when taking the waitqueue lock
Date: Thu, 18 Oct 2018 17:41:01 +0200
Message-Id: <20181018154101.18750-1-hch@lst.de>
X-Mailer: git-send-email 2.19.1
MIME-Version: 1.0
X-SRS-Rewrite: SMTP reverse-path rewritten from <hch@infradead.org> by
 bombadil.infradead.org. See http://www.infradead.org/rpr.html
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

userfaultfd contains howe-grown locking of the waitqueue lock,
and does not disable interrupts.  This relies on the fact that
no one else takes it from interrupt context and violates an
invariat of the normal waitqueue locking scheme.  With aio poll
it is easy to trigger other locks that disable interrupts (or
are called from interrupt context).

Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
 fs/userfaultfd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index bfa0ec69f924..356d2b8568c1 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1026,7 +1026,7 @@ static ssize_t userfaultfd_ctx_read(struct userfaultfd_ctx *ctx, int no_wait,
 	struct userfaultfd_ctx *fork_nctx = NULL;
 
 	/* always take the fd_wqh lock before the fault_pending_wqh lock */
-	spin_lock(&ctx->fd_wqh.lock);
+	spin_lock_irq(&ctx->fd_wqh.lock);
 	__add_wait_queue(&ctx->fd_wqh, &wait);
 	for (;;) {
 		set_current_state(TASK_INTERRUPTIBLE);
@@ -1112,13 +1112,13 @@ static ssize_t userfaultfd_ctx_read(struct userfaultfd_ctx *ctx, int no_wait,
 			ret = -EAGAIN;
 			break;
 		}
-		spin_unlock(&ctx->fd_wqh.lock);
+		spin_unlock_irq(&ctx->fd_wqh.lock);
 		schedule();
-		spin_lock(&ctx->fd_wqh.lock);
+		spin_lock_irq(&ctx->fd_wqh.lock);
 	}
 	__remove_wait_queue(&ctx->fd_wqh, &wait);
 	__set_current_state(TASK_RUNNING);
-	spin_unlock(&ctx->fd_wqh.lock);
+	spin_unlock_irq(&ctx->fd_wqh.lock);
 
 	if (!ret && msg->event == UFFD_EVENT_FORK) {
 		ret = resolve_userfault_fork(ctx, fork_nctx, msg);