lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 20 Nov 2015 15:45:29 +0000
From:	David Woodhouse <dwmw2@...radead.org>
To:	Jerome Glisse <j.glisse@...il.com>,
	"joro@...tes.org" <joro@...tes.org>, "Tang, CQ" <cq.tang@...el.com>
Cc:	"peterz@...radead.org" <peterz@...radead.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	"hpa@...or.com" <hpa@...or.com>,
	"aarcange@...hat.com" <aarcange@...hat.com>,
	"jakumar@...dia.com" <jakumar@...dia.com>,
	"ldunning@...dia.com" <ldunning@...dia.com>,
	"mgorman@...e.de" <mgorman@...e.de>,
	"jweiner@...hat.com" <jweiner@...hat.com>,
	"sgutti@...dia.com" <sgutti@...dia.com>,
	"riel@...hat.com" <riel@...hat.com>,
	"Bridgman, John" <John.Bridgman@....com>,
	"jhubbard@...dia.com" <jhubbard@...dia.com>,
	"mhairgrove@...dia.com" <mhairgrove@...dia.com>,
	"cabuschardt@...dia.com" <cabuschardt@...dia.com>,
	"dpoole@...dia.com" <dpoole@...dia.com>,
	"Cornwall, Jay" <Jay.Cornwall@....com>,
	"Lewycky, Andrew" <Andrew.Lewycky@....com>,
	"SCheung@...dia.com" <SCheung@...dia.com>,
	"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
	"arvindg@...dia.com" <arvindg@...dia.com>,
	"Deucher, Alexander" <Alexander.Deucher@....com>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 1/6] mmput: use notifier chain to call subsystem exit
 handler.

On Sun, 2015-10-11 at 20:03 +0100, David Woodhouse wrote:
> As we try to put together a generic API for device access to processes'
> address space, I definitely think we want to stick with the model that
> we take a reference on the mm, and we *keep* it until the device driver
> unbinds from the mm (because its file descriptor is closed, or
> whatever).

I've found another problem with this.

In use some cases, we mmap() the device file descriptor which is
responsible for the PASID binding. And in that case we end up with a
recursive refcount.

When the process exits, its file descriptors are closed... but the
underlying struct file remains open because it's still referenced from
the mmap'd VMA.

That VMA remains alive because it's still part of the MM.

And the MM remains alive because the PASID binding still holds a
refcount for it because device's struct file didn't get closed yet...
because it's still mmap'd... because the MM is still alive...

So I suspect that even for the relatively simple case where the
lifetime of the PASID can be bound to a file descriptor (unlike with
amdkfd), we probably still want to explicitly manage its lifetime as an
'off-cpu task' and explicitly kill it when the process dies.

I'm still not keen on doing that implicitly through the mm_release. I
think that way lies a lot of subtle bugs.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@...el.com                              Intel Corporation


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5691 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ