From c467ca4ded0b0879594f91feeef9150a7f2c2728 Mon Sep 17 00:00:00 2001 From: Hao Fang Date: Fri, 9 Aug 2019 21:15:02 +0800 Subject: [PATCH] uacce: remove VA unmap in release q flow driver inclusion category: bugfix bugzilla: NA CVE: NA As VA unmap at user space, kernel va unmap in release q flow can lead dead_lock. [ 506.703275] ====================================================== [ 506.709426] WARNING: possible circular locking dependency detected [ 506.715580] 5.2.0-rc4-ge984cac-dirty #3 Tainted: G C O [ 506.721817] ------------------------------------------------------ [ 506.727968] wd_zip_test/1341 is trying to acquire lock: [ 506.733169] (____ptrval____) (&mm->mmap_sem){++++}, at: __vm_munmap+0x54/0xd0 [ 506.740278] [ 506.740278] but task is already holding lock: [ 506.746082] (____ptrval____) (uacce_qs_lock){+.+.}, at: uacce_fops_release+0x2c/0x220 [uacce] [ 506.754571] [ 506.754571] which lock already depends on the new lock. [ 506.754571] [ 506.762709] [ 506.762709] the existing dependency chain (in reverse order) is: [ 506.770155] [ 506.770155] -> #1 (uacce_qs_lock){+.+.}: [ 506.775533] down_write+0x50/0xc8 [ 506.779352] uacce_fops_mmap+0x3c/0x668 [uacce] [ 506.784380] mmap_region+0x3c0/0x580 [ 506.788456] do_mmap+0x34c/0x4e0 [ 506.792190] vm_mmap_pgoff+0xe4/0x110 [ 506.796353] ksys_mmap_pgoff+0xa8/0x240 [ 506.800690] __arm64_sys_mmap+0x28/0x38 [ 506.805028] el0_svc_common.constprop.0+0x74/0x170 [ 506.810314] el0_svc_handler+0x28/0x78 [ 506.814563] el0_svc+0x8/0xc [ 506.817948] [ 506.817948] -> #0 (&mm->mmap_sem){++++}: [ 506.823325] lock_acquire+0xe4/0x270 [ 506.827402] down_write_killable+0x50/0xe8 [ 506.831997] __vm_munmap+0x54/0xd0 [ 506.835901] vm_munmap+0x10/0x18 [ 506.839633] uacce_fops_release+0xc8/0x220 [uacce] [ 506.844921] __fput+0xac/0x1f0 [ 506.848478] ____fput+0xc/0x18 [ 506.852037] task_work_run+0x98/0xc8 [ 506.856114] do_notify_resume+0x314/0x388 [ 506.860623] work_pending+0x8/0x14 [ 506.864526] [ 506.864526] other info that might help us debug this: [ 506.864526] [ 506.872492] Possible unsafe locking scenario: [ 506.872492] [ 506.878382] CPU0 CPU1 [ 506.882890] ---- ---- [ 506.887399] lock(uacce_qs_lock); [ 506.890784] lock(&mm->mmap_sem); [ 506.896675] lock(uacce_qs_lock); [ 506.902565] lock(&mm->mmap_sem); [ 506.905951] [ 506.905951] *** DEADLOCK *** [ 506.905951] [ 506.911841] 1 lock held by wd_zip_test/1341: [ 506.916092] #0: (____ptrval____) (uacce_qs_lock){+.+.}, at: uacce_fops_release+0x2c/0x220 [uacce] [ 506.925009] [ 506.925009] stack backtrace: [ 506.929348] CPU: 6 PID: 1341 Comm: wd_zip_test Tainted: G C O 5.2.0-rc4-ge984cac-dirty #3 [ 506.938609] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [ 506.947438] Call trace: [ 506.949875] dump_backtrace+0x0/0x148 [ 506.953521] show_stack+0x14/0x20 [ 506.956821] dump_stack+0xc8/0x114 [ 506.960207] print_circular_bug+0x1c8/0x2d8 [ 506.964370] __lock_acquire+0x1f38/0x23a8 [ 506.968360] lock_acquire+0xe4/0x270 [ 506.971918] down_write_killable+0x50/0xe8 [ 506.975994] __vm_munmap+0x54/0xd0 [ 506.979380] vm_munmap+0x10/0x18 [ 506.982593] uacce_fops_release+0xc8/0x220 [uacce] [ 506.987360] __fput+0xac/0x1f0 [ 506.990399] ____fput+0xc/0x18 [ 506.993439] task_work_run+0x98/0xc8 [ 506.996997] do_notify_resume+0x314/0x388 [ 507.000987] work_pending+0x8/0x14 Feature or Bugfix:Bugfix Signed-off-by: Hao Fang Reviewed-by: wangzhou Signed-off-by: lingmingqiang Reviewed-by: lingmingqiang Reviewed-by: Yang Yingliang Signed-off-by: Yang Yingliang --- drivers/uacce/uacce.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/uacce/uacce.c b/drivers/uacce/uacce.c index 11514ddb24f1..4d97cccb1c43 100644 --- a/drivers/uacce/uacce.c +++ b/drivers/uacce/uacce.c @@ -439,9 +439,6 @@ static void uacce_destroy_region(struct uacce_queue *q, dev_dbg(uacce->pdev, "free dma qfr %s (kaddr=%pK, dma=%llx)\n", uacce_qfrt_str(qfr), qfr->kaddr, qfr->dma); - if (current->mm) - vm_munmap((unsigned long)qfr->iova, - qfr->nr_pages << PAGE_SHIFT); dma_free_coherent(uacce->pdev, qfr->nr_pages << PAGE_SHIFT, qfr->kaddr, qfr->dma); } else if (qfr->pages) { -- GitLab