Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3238041ybi;
        Mon, 10 Jun 2019 06:59:03 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzKZATkBmrd6fKkD43xj2UccxWzbOqF4ayDhmTqsmpq3PE11njgRt3OV6gSELYA7sA1nZ5o
X-Received: by 2002:a17:902:b202:: with SMTP id t2mr68728660plr.69.1560175143716;
        Mon, 10 Jun 2019 06:59:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1560175143; cv=none;
        d=google.com; s=arc-20160816;
        b=k1cWX8oF3CXx96ednDz5G3PJ/9PTDY/n4UjGzI7WOVScdS2/I2zDglHqjuQbg0q3/W
         fm9A214BW+QutpJXZaaKlnMXOmHwKnK9Pnh+dPDn6ZQ4QYcZNH8sTHdAvIxWraOjDFd+
         3gAI4dIDPgHzIBwpIsqfjLBFdnxaOulEMz/YegM9glX3DAfuhEczp4/scHVyoprkzuld
         l9YOekWE9CCbw8VrUaelOhSpaJ+Evjlvi/1zfTJI9Z4af3I0s/XEZZDqEhWE1mqGoHp6
         E39W6nurhsmhdr6e1wFtv0Hx9Ca6mZy0pfn0soGt+4eZYwv/A875BfaWEU364GrfBtkw
         QlKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=XrAhha77OFPTFlF7KSQShELx6jUVmZeLDMg/Tr5gqzY=;
        b=gBZtkethZ3JkL4g2NJ0wGo8iGc4F/EnQVG8aBG68LrdcBW6B7QquIe/ovA30qPS/CS
         6IT/Pdxphv5b8R2yM/VAr8WAbXc+nhRH2HmIXDxKKIh8yW7QLimpmqpCKLnFHwKOgXUd
         wMOi0X/mn5p7cRZmmLxHfCv8vhfCDUGeNitrsCkFdffneJ175xEmMBSSPW2+CW5GioDz
         XFUrf2LSkfPjTTk90LWVwYx3PCRyhICuwud69Unbdad8vpjvwngbtOBGiDebJ/J61YcA
         ZpTF7aQTvX6cep7eVAOuwbuXhh9gAOCMO/IZV/rNs2Ye8QbcIwOJOB8kBL7ZoN/28Adm
         8pzQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y7si10484041pgj.252.2019.06.10.06.58.48;
        Mon, 10 Jun 2019 06:59:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2390517AbfFJN6Z (ORCPT <rfc822;linux.htchiang@gmail.com>
        + 99 others); Mon, 10 Jun 2019 09:58:25 -0400
Received: from mx2.suse.de ([195.135.220.15]:33234 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S2389373AbfFJN6Z (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Jun 2019 09:58:25 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 2EFEDABD2;
        Mon, 10 Jun 2019 13:58:24 +0000 (UTC)
Date:   Mon, 10 Jun 2019 15:58:23 +0200
From:   Michal Hocko <mhocko@kernel.org>
To:     Stable tree <stable@vger.kernel.org>
Cc:     Greg KH <gregkh@linuxfoundation.org>, linux-mm@kvack.org,
        LKML <linux-kernel@vger.kernel.org>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Jann Horn <jannh@google.com>, Oleg Nesterov <oleg@redhat.com>,
        Peter Xu <peterx@redhat.com>,
        Mike Rapoport <rppt@linux.ibm.com>,
        Jason Gunthorpe <jgg@mellanox.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Joel Fernandes <joel@joelfernandes.org>
Subject: Re: [PATCH stable 4.4 v2] coredump: fix race condition between
 mmget_not_zero()/get_task_mm() and core dumping
Message-ID: <20190610135823.GI30967@dhcp22.suse.cz>
References: <20190604094953.26688-1-mhocko@kernel.org>
 <20190610074635.2319-1-mhocko@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190610074635.2319-1-mhocko@kernel.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Just a heads up. Ajay Kaher has noticed that mlx4 driver is missing the
check in 4.14 [1] and 4.4 seems to have the same problem. I will wait
for more review before reposting v3. The incremental diff is:

diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c
index 67c4c73343d4..6968154a073e 100644
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -1042,6 +1042,8 @@ static void mlx4_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
 	 * mlx4_ib_vma_close().
 	 */
 	down_write(&owning_mm->mmap_sem);
+	if (!mmget_still_valid(owning_mm))
+		goto skip_mm;
 	for (i = 0; i < HW_BAR_COUNT; i++) {
 		vma = context->hw_bar_info[i].vma;
 		if (!vma)
@@ -1061,6 +1063,7 @@ static void mlx4_ib_disassociate_ucontext(struct ib_ucontext *ibcontext)
 		context->hw_bar_info[i].vma->vm_ops = NULL;
 	}
 
+skip_mm:
 	up_write(&owning_mm->mmap_sem);
 	mmput(owning_mm);
 	put_task_struct(owning_process);
-- 
Michal Hocko
SUSE Labs