Skip to content

R
raspberrypi-kernel

openeuler / raspberrypi-kernel

通知 14
Star 1
Fork 0
R
raspberrypi-kernel
提交 c467ca4d 编写于 作者: H Hao Fang 提交者: Xie XiuQi
浏览文件
操作

uacce: remove VA unmap in release q flow 

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

As VA unmap at user space, kernel va unmap in release q flow
can lead dead_lock.

[  506.703275] ======================================================
[  506.709426] WARNING: possible circular locking dependency detected
[  506.715580] 5.2.0-rc4-ge984cac-dirty #3 Tainted: G         C O
[  506.721817] ------------------------------------------------------
[  506.727968] wd_zip_test/1341 is trying to acquire lock:
[  506.733169] (____ptrval____) (&mm->mmap_sem){++++}, at: __vm_munmap+0x54/0xd0
[  506.740278]
[  506.740278] but task is already holding lock:
[  506.746082] (____ptrval____) (uacce_qs_lock){+.+.}, at: uacce_fops_release+0x2c/0x220 [uacce]
[  506.754571]
[  506.754571] which lock already depends on the new lock.
[  506.754571]
[  506.762709]
[  506.762709] the existing dependency chain (in reverse order) is:
[  506.770155]
[  506.770155] -> #1 (uacce_qs_lock){+.+.}:
[  506.775533]        down_write+0x50/0xc8
[  506.779352]        uacce_fops_mmap+0x3c/0x668 [uacce]
[  506.784380]        mmap_region+0x3c0/0x580
[  506.788456]        do_mmap+0x34c/0x4e0
[  506.792190]        vm_mmap_pgoff+0xe4/0x110
[  506.796353]        ksys_mmap_pgoff+0xa8/0x240
[  506.800690]        __arm64_sys_mmap+0x28/0x38
[  506.805028]        el0_svc_common.constprop.0+0x74/0x170
[  506.810314]        el0_svc_handler+0x28/0x78
[  506.814563]        el0_svc+0x8/0xc
[  506.817948]
[  506.817948] -> #0 (&mm->mmap_sem){++++}:
[  506.823325]        lock_acquire+0xe4/0x270
[  506.827402]        down_write_killable+0x50/0xe8
[  506.831997]        __vm_munmap+0x54/0xd0
[  506.835901]        vm_munmap+0x10/0x18
[  506.839633]        uacce_fops_release+0xc8/0x220 [uacce]
[  506.844921]        __fput+0xac/0x1f0
[  506.848478]        ____fput+0xc/0x18
[  506.852037]        task_work_run+0x98/0xc8
[  506.856114]        do_notify_resume+0x314/0x388
[  506.860623]        work_pending+0x8/0x14
[  506.864526]
[  506.864526] other info that might help us debug this:
[  506.864526]
[  506.872492]  Possible unsafe locking scenario:
[  506.872492]
[  506.878382]        CPU0                    CPU1
[  506.882890]        ----                    ----
[  506.887399]   lock(uacce_qs_lock);
[  506.890784]                                lock(&mm->mmap_sem);
[  506.896675]                                lock(uacce_qs_lock);
[  506.902565]   lock(&mm->mmap_sem);
[  506.905951]
[  506.905951]  *** DEADLOCK ***
[  506.905951]
[  506.911841] 1 lock held by wd_zip_test/1341:
[  506.916092]  #0: (____ptrval____) (uacce_qs_lock){+.+.}, at: uacce_fops_release+0x2c/0x220 [uacce]
[  506.925009]
[  506.925009] stack backtrace:
[  506.929348] CPU: 6 PID: 1341 Comm: wd_zip_test Tainted: G         C O      5.2.0-rc4-ge984cac-dirty #3
[  506.938609] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019
[  506.947438] Call trace:
[  506.949875]  dump_backtrace+0x0/0x148
[  506.953521]  show_stack+0x14/0x20
[  506.956821]  dump_stack+0xc8/0x114
[  506.960207]  print_circular_bug+0x1c8/0x2d8
[  506.964370]  __lock_acquire+0x1f38/0x23a8
[  506.968360]  lock_acquire+0xe4/0x270
[  506.971918]  down_write_killable+0x50/0xe8
[  506.975994]  __vm_munmap+0x54/0xd0
[  506.979380]  vm_munmap+0x10/0x18
[  506.982593]  uacce_fops_release+0xc8/0x220 [uacce]
[  506.987360]  __fput+0xac/0x1f0
[  506.990399]  ____fput+0xc/0x18
[  506.993439]  task_work_run+0x98/0xc8
[  506.996997]  do_notify_resume+0x314/0x388
[  507.000987]  work_pending+0x8/0x14

Feature or Bugfix:Bugfix
Signed-off-by: NHao Fang <fanghao11@huawei.com>
Reviewed-by: Nwangzhou <wangzhou1@hisilicon.com>
Signed-off-by: Nlingmingqiang <lingmingqiang@huawei.com>
Reviewed-by: Nlingmingqiang <lingmingqiang@huawei.com>
Reviewed-by: NYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
上级 570a8695
显示空白变更内容
内联 并排
Showing with 0 addition and 3 deletion
drivers/uacce/uacce.c
浏览文件 @ c467ca4d
...@@ -439,9 +439,6 @@ static void uacce_destroy_region(struct uacce_queue *q, ...@@ -439,9 +439,6 @@ static void uacce_destroy_region(struct uacce_queue *q,
dev_dbg(uacce->pdev, "free dma qfr %s (kaddr=%pK, dma=%llx)\n", dev_dbg(uacce->pdev, "free dma qfr %s (kaddr=%pK, dma=%llx)\n",
uacce_qfrt_str(qfr), qfr->kaddr, uacce_qfrt_str(qfr), qfr->kaddr,
qfr->dma); qfr->dma);
if (current->mm)
vm_munmap((unsigned long)qfr->iova,
qfr->nr_pages << PAGE_SHIFT);
dma_free_coherent(uacce->pdev, qfr->nr_pages << PAGE_SHIFT, dma_free_coherent(uacce->pdev, qfr->nr_pages << PAGE_SHIFT,
qfr->kaddr, qfr->dma); qfr->kaddr, qfr->dma);
} else if (qfr->pages) { } else if (qfr->pages) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册