Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5648321img; Wed, 27 Mar 2019 12:24:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqw7N+TLirWFTMH6J+XSxq/TvCk/zhfoLNhpZJLBsCQ3tckAlkIvoPYZIyJ3MsUUnCwNRbxi X-Received: by 2002:a17:902:1aa:: with SMTP id b39mr9072959plb.317.1553714660872; Wed, 27 Mar 2019 12:24:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553714660; cv=none; d=google.com; s=arc-20160816; b=gNHfpjsXUR0oRl9jpRuDprH+BK9l0WeqcAX0hveo8Cbnp8x84wJr8nZxeWjO+BoeLR t8nUAfbmNZ35ZRJlZXofmfdGdMubGonVupPAL2MSuJRAoNp4mD2Gr1vPkQOTP63d1MIc Hi3+hFtu8ZHw1dIejPnzW5lGiJXUzSNHR7Gioswp4CJgG34n8J4I5snRILnhPX2us3PL YTcHdzeBaL53Ywbyu3/1IHOlC8G0WitQ7UnCZEbf8qMG7WdfsMbNElh8axKBcxhUaP+u RO4x6ntKTFWP6HpVPdfwfBLnp277CEjhyrddaF7wJ4CP1TuluR7z6/+BkXEfBNQExUrI 70FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=iiH8z9UD3bFLgaDJzzrW0gFqXVbNgLLfrjJxJrB6q9M=; b=bKSFfVmKMUyVzns+djXlQ/X2BeMOfa5s8xacMP53X5kD+29ZO8UhwdEmCChOoTiboU Vr3AEEEPkhI/efI9cC3mpjqMQE7pAb4TWuchL336vUugmJOc9TVfgPX4VKM6wfFU3we2 NB8d2+QbB7wC7qGfnf0VmmPt0VbRRgmlNne9Dwdl1OBk71Ij8mswUni+WAf0bUii8/cV p3gbUQKIYr6vrlXWK33lOyoJcYBWPRq2rOtCdpveHWcD5TVeV/QRYd9+HMtxSj6vzRsF iRBthCgQZ6SlwYl6K/iNShvx2zlymyQ9raujMoFtMD0nzKtiqFan/Jd51iEwsvTX4cGX OsLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=reQfrQyp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w15si5928672pgj.427.2019.03.27.12.24.05; Wed, 27 Mar 2019 12:24:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=reQfrQyp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387841AbfC0SGA (ORCPT + 99 others); Wed, 27 Mar 2019 14:06:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:47296 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387809AbfC0SF4 (ORCPT ); Wed, 27 Mar 2019 14:05:56 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A5EBB21734; Wed, 27 Mar 2019 18:05:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553709955; bh=pejRGIFl0fvX682w+mOfpHyAqMv3Hn7iUSvhvv3Sefo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=reQfrQypKL1KEuPpYhV9U7BPSmudpdH7rbqCjbmTp325F+awWvhasLzI/vlwaQGu2 oYgbhlISx6b5CfQLSHS8uXVFWokCViUoTw6HqBjATow6TDheVuqSnjvkOIyto9ezST +TIIFIQtySneI+VD2G5D8/C9GqQq6Pwmw5HeMgM8= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Oleksandr Andrushchenko , Juergen Gross , Sasha Levin Subject: [PATCH AUTOSEL 5.0 130/262] xen/gntdev: Do not destroy context while dma-bufs are in use Date: Wed, 27 Mar 2019 13:59:45 -0400 Message-Id: <20190327180158.10245-130-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190327180158.10245-1-sashal@kernel.org> References: <20190327180158.10245-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Oleksandr Andrushchenko [ Upstream commit fa13e665e02874c0a5f4d06d6967ae34a6cb3d6a ] If there are exported DMA buffers which are still in use and grant device is closed by either normal user-space close or by a signal this leads to the grant device context to be destroyed, thus making it not possible to correctly destroy those exported buffers when they are returned back to gntdev and makes the module crash: [ 339.617540] [] dmabuf_exp_ops_release+0x40/0xa8 [ 339.617560] [] dma_buf_release+0x60/0x190 [ 339.617577] [] __fput+0x88/0x1d0 [ 339.617589] [] ____fput+0xc/0x18 [ 339.617607] [] task_work_run+0x9c/0xc0 [ 339.617622] [] do_notify_resume+0xfc/0x108 Fix this by referencing gntdev on each DMA buffer export and unreferencing on buffer release. Signed-off-by: Oleksandr Andrushchenko Reviewed-by: Boris Ostrovsky@oracle.com> Signed-off-by: Juergen Gross Signed-off-by: Sasha Levin --- drivers/xen/gntdev-dmabuf.c | 12 +++++++++++- drivers/xen/gntdev-dmabuf.h | 2 +- drivers/xen/gntdev.c | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/xen/gntdev-dmabuf.c b/drivers/xen/gntdev-dmabuf.c index cba6b586bfbd..d97fcfc5e558 100644 --- a/drivers/xen/gntdev-dmabuf.c +++ b/drivers/xen/gntdev-dmabuf.c @@ -80,6 +80,12 @@ struct gntdev_dmabuf_priv { struct list_head imp_list; /* This is the lock which protects dma_buf_xxx lists. */ struct mutex lock; + /* + * We reference this file while exporting dma-bufs, so + * the grant device context is not destroyed while there are + * external users alive. + */ + struct file *filp; }; /* DMA buffer export support. */ @@ -311,6 +317,7 @@ static void dmabuf_exp_release(struct kref *kref) dmabuf_exp_wait_obj_signal(gntdev_dmabuf->priv, gntdev_dmabuf); list_del(&gntdev_dmabuf->next); + fput(gntdev_dmabuf->priv->filp); kfree(gntdev_dmabuf); } @@ -423,6 +430,7 @@ static int dmabuf_exp_from_pages(struct gntdev_dmabuf_export_args *args) mutex_lock(&args->dmabuf_priv->lock); list_add(&gntdev_dmabuf->next, &args->dmabuf_priv->exp_list); mutex_unlock(&args->dmabuf_priv->lock); + get_file(gntdev_dmabuf->priv->filp); return 0; fail: @@ -834,7 +842,7 @@ long gntdev_ioctl_dmabuf_imp_release(struct gntdev_priv *priv, return dmabuf_imp_release(priv->dmabuf_priv, op.fd); } -struct gntdev_dmabuf_priv *gntdev_dmabuf_init(void) +struct gntdev_dmabuf_priv *gntdev_dmabuf_init(struct file *filp) { struct gntdev_dmabuf_priv *priv; @@ -847,6 +855,8 @@ struct gntdev_dmabuf_priv *gntdev_dmabuf_init(void) INIT_LIST_HEAD(&priv->exp_wait_list); INIT_LIST_HEAD(&priv->imp_list); + priv->filp = filp; + return priv; } diff --git a/drivers/xen/gntdev-dmabuf.h b/drivers/xen/gntdev-dmabuf.h index 7220a53d0fc5..3d9b9cf9d5a1 100644 --- a/drivers/xen/gntdev-dmabuf.h +++ b/drivers/xen/gntdev-dmabuf.h @@ -14,7 +14,7 @@ struct gntdev_dmabuf_priv; struct gntdev_priv; -struct gntdev_dmabuf_priv *gntdev_dmabuf_init(void); +struct gntdev_dmabuf_priv *gntdev_dmabuf_init(struct file *filp); void gntdev_dmabuf_fini(struct gntdev_dmabuf_priv *priv); diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c index 5efc5eee9544..7cf9c51318aa 100644 --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -600,7 +600,7 @@ static int gntdev_open(struct inode *inode, struct file *flip) mutex_init(&priv->lock); #ifdef CONFIG_XEN_GNTDEV_DMABUF - priv->dmabuf_priv = gntdev_dmabuf_init(); + priv->dmabuf_priv = gntdev_dmabuf_init(flip); if (IS_ERR(priv->dmabuf_priv)) { ret = PTR_ERR(priv->dmabuf_priv); kfree(priv); -- 2.19.1