diff mbox series

[rdma-next,3/4] RDMA/umem: Add missing initialization of owning_mm

Message ID 20190122071611.7825-4-leon@kernel.org (mailing list archive)
State Accepted
Delegated to: Jason Gunthorpe
Headers show
Series ODP fixes for -next | expand

Commit Message

Leon Romanovsky Jan. 22, 2019, 7:16 a.m. UTC 
From: Artemy Kovalyov <artemyko@mellanox.com>

When allocating a umem leaf for implicit ODP MR during page fault the
field owning_mm was not set.

Initialize and take a reference on this field to avoid kernel panic when
trying to access this field.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
 PGD 800000022dfed067 P4D 800000022dfed067 PUD 22dfcf067 PMD 0
 Oops: 0000 [#1] SMP PTI
 CPU: 0 PID: 634 Comm: kworker/u33:0 Not tainted 4.20.0-rc6+ #89
 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
 Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]
 RIP: 0010:ib_umem_odp_map_dma_pages+0xf3/0x710 [ib_core]
 Code: 45 c0 48 21 f3 48 89 75 b0 31 f6 4a 8d 04 33 48 89 45 a8 49 8b 44 24 60 48 8b 78 10 e8 66 16 a8 c5 49 8b 54 24 08 48 89 45 98 <8b> 42 58 85 c0 0f 84 8e 05 00 00 8d 48 01 48 8d 72 58 f0 0f b1 4a
 RSP: 0000:ffffb610813a7c20 EFLAGS: 00010202
 RAX: ffff95ace6e8ac80 RBX: 0000000000000000 RCX: 000000000000000c
 RDX: 0000000000000000 RSI: 0000000000000850 RDI: ffff95aceaadae80
 RBP: ffffb610813a7ce0 R08: 0000000000000000 R09: 0000000000080c77
 R10: ffff95acfffdbd00 R11: 0000000000000000 R12: ffff95aceaa20a00
 R13: 0000000000001000 R14: 0000000000001000 R15: 000000000000000c
 FS:  0000000000000000(0000) GS:ffff95acf7800000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000058 CR3: 000000022c834001 CR4: 00000000001606f0
 Call Trace:
  pagefault_single_data_segment+0x1df/0xc60 [mlx5_ib]
  mlx5_ib_eqe_pf_action+0x7bc/0xa70 [mlx5_ib]
  ? __switch_to+0xe1/0x470
  process_one_work+0x174/0x390
  worker_thread+0x4f/0x3e0
  kthread+0x102/0x140
  ? drain_workqueue+0x130/0x130
  ? kthread_stop+0x110/0x110
  ret_from_fork+0x1f/0x30

Fixes: f27a0d50a4bc ("RDMA/umem: Use umem->owning_mm inside ODP")
Signed-off-by: Artemy Kovalyov <artemyko@mellanox.com>
Signed-off-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
---
 drivers/infiniband/core/umem_odp.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Jason Gunthorpe Jan. 23, 2019, 9:46 p.m. UTC | #1 
On Tue, Jan 22, 2019 at 09:16:10AM +0200, Leon Romanovsky wrote:
> From: Artemy Kovalyov <artemyko@mellanox.com>
> 
> When allocating a umem leaf for implicit ODP MR during page fault the
> field owning_mm was not set.
> 
> Initialize and take a reference on this field to avoid kernel panic when
> trying to access this field.
> 
>  BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
>  PGD 800000022dfed067 P4D 800000022dfed067 PUD 22dfcf067 PMD 0
>  Oops: 0000 [#1] SMP PTI
>  CPU: 0 PID: 634 Comm: kworker/u33:0 Not tainted 4.20.0-rc6+ #89
>  Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
>  Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]
>  RIP: 0010:ib_umem_odp_map_dma_pages+0xf3/0x710 [ib_core]
>  Code: 45 c0 48 21 f3 48 89 75 b0 31 f6 4a 8d 04 33 48 89 45 a8 49 8b 44 24 60 48 8b 78 10 e8 66 16 a8 c5 49 8b 54 24 08 48 89 45 98 <8b> 42 58 85 c0 0f 84 8e 05 00 00 8d 48 01 48 8d 72 58 f0 0f b1 4a
>  RSP: 0000:ffffb610813a7c20 EFLAGS: 00010202
>  RAX: ffff95ace6e8ac80 RBX: 0000000000000000 RCX: 000000000000000c
>  RDX: 0000000000000000 RSI: 0000000000000850 RDI: ffff95aceaadae80
>  RBP: ffffb610813a7ce0 R08: 0000000000000000 R09: 0000000000080c77
>  R10: ffff95acfffdbd00 R11: 0000000000000000 R12: ffff95aceaa20a00
>  R13: 0000000000001000 R14: 0000000000001000 R15: 000000000000000c
>  FS:  0000000000000000(0000) GS:ffff95acf7800000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 0000000000000058 CR3: 000000022c834001 CR4: 00000000001606f0
>  Call Trace:
>   pagefault_single_data_segment+0x1df/0xc60 [mlx5_ib]
>   mlx5_ib_eqe_pf_action+0x7bc/0xa70 [mlx5_ib]
>   ? __switch_to+0xe1/0x470
>   process_one_work+0x174/0x390
>   worker_thread+0x4f/0x3e0
>   kthread+0x102/0x140
>   ? drain_workqueue+0x130/0x130
>   ? kthread_stop+0x110/0x110
>   ret_from_fork+0x1f/0x30
> 
> Fixes: f27a0d50a4bc ("RDMA/umem: Use umem->owning_mm inside ODP")
> Signed-off-by: Artemy Kovalyov <artemyko@mellanox.com>
> Signed-off-by: Moni Shoua <monis@mellanox.com>
> Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
> ---
>  drivers/infiniband/core/umem_odp.c | 3 +++
>  1 file changed, 3 insertions(+)

Applied to for-rc

Thanks,
Jason
diff mbox series

Patch

diff --git a/drivers/infiniband/core/umem_odp.c b/drivers/infiniband/core/umem_odp.c
index 0d12caa3f1bc..0d154c5d12cc 100644
--- a/drivers/infiniband/core/umem_odp.c
+++ b/drivers/infiniband/core/umem_odp.c
@@ -353,6 +353,8 @@  struct ib_umem_odp *ib_alloc_odp_umem(struct ib_umem_odp *root,
 	umem->writable   = root->umem.writable;
 	umem->is_odp = 1;
 	odp_data->per_mm = per_mm;
+	umem->owning_mm  = per_mm->mm;
+	mmgrab(umem->owning_mm);
 
 	mutex_init(&odp_data->umem_mutex);
 	init_completion(&odp_data->notifier_completion);
@@ -385,6 +387,7 @@  struct ib_umem_odp *ib_alloc_odp_umem(struct ib_umem_odp *root,
 out_page_list:
 	vfree(odp_data->page_list);
 out_odp_data:
+	mmdrop(umem->owning_mm);
 	kfree(odp_data);
 	return ERR_PTR(ret);
 }