[openib-general] [PATCH] process locked in D state.
Gleb Natapov
gleb at minantech.com
Mon Jun 27 23:43:10 PDT 2005
On Mon, Jun 27, 2005 at 09:24:45AM -0700, Roland Dreier wrote:
> Gleb> This is what happens: ibv_close_device() close cmd_fd and
> Gleb> then calls free_context(). free_context() calls munmap to
> Gleb> unmap doorbell registers. In kernel sys_munmap gets
> Gleb> mm->mmap_sem semaphore and calls do_munmap. do_munmap is
> Gleb> the last user of the file so it calls release method of the
> Gleb> file (ib_uverbs_close() in our case). ib_uverbs_close()
> Gleb> calls ib_dealloc_ucontext(). ib_dealloc_ucontext() notices
> Gleb> that there is unregistered memory on the file and calls
> Gleb> ib_umem_release(). And there we are trying to acquire
> Gleb> mm->mmap_sem on more time.
>
> Thanks for the good debugging work.
>
> Gleb> In attached patch I use down_write_trylock() instead of
> Gleb> down_write() in ib_umem_release(). If semaphore is already
> Gleb> locked we will not update locked_vm statistics. This way
> Gleb> malicious user can only cause harm to itself.
>
> I don't like this solution -- as you point out, down_write_trylock()
> may fail if there is even momentary contention on the mmap_sem. So
> for example a different malicious user could poll on /proc/<pid>/maps
> and cause our locked_vm to continue to grow.
>
You are right. For a moment I forgot that /proc/<pid>/maps readable by
the world.
> How about if we use schedule_work() to defer the modification of
> locked_vm?
It seems this is the only sane way to do it.
--
Gleb.
More information about the general
mailing list