diff options
| author | Mark Hairgrove <mhairgrove@nvidia.com> | 2018-02-10 06:20:06 +0300 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2018-03-14 12:04:43 +0300 |
| commit | 720c84046c26444fe825f8614ddceb5c46539e67 (patch) | |
| tree | 07203313bbcdc9271fb1630bb4581a1579085f75 /tools/perf/scripts/python/stackcollapse.py | |
| parent | c2be663d5307fb9751a562ac664fa78cd7a00e2b (diff) | |
| download | linux-720c84046c26444fe825f8614ddceb5c46539e67.tar.xz | |
powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure
pnv_npu2_init_context wasn't checking the return code from
__mmu_notifier_register. If __mmu_notifier_register failed, the
npu_context was still assigned to the mm and the caller wasn't given any
indication that things went wrong. Later on pnv_npu2_destroy_context would
be called, which in turn called mmu_notifier_unregister and dropped
mm->mm_count without having incremented it in the first place. This led to
various forms of corruption like mm use-after-free and mm double-free.
__mmu_notifier_register can fail with EINTR if a signal is pending, so
this case can be frequent.
This patch calls opal_npu_destroy_context on the failure paths, and makes
sure not to assign mm->context.npu_context until past the failure points.
Signed-off-by: Mark Hairgrove <mhairgrove@nvidia.com>
Acked-By: Alistair Popple <alistair@popple.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Diffstat (limited to 'tools/perf/scripts/python/stackcollapse.py')
0 files changed, 0 insertions, 0 deletions