Commit ac6638ed authored by Jan Kara's avatar Jan Kara Committed by Greg Kroah-Hartman

IB/ipath: Convert ipath_user_sdma_pin_pages() to use get_user_pages_fast()

commit 4adcf7fb upstream.

ipath_user_sdma_queue_pkts() gets called with mmap_sem held for
writing.  Except for get_user_pages() deep down in
ipath_user_sdma_pin_pages() we don't seem to need mmap_sem at all.

Even more interestingly the function ipath_user_sdma_queue_pkts() (and
also ipath_user_sdma_coalesce() called somewhat later) call
copy_from_user() which can hit a page fault and we deadlock on trying
to get mmap_sem when handling that fault.  So just make
ipath_user_sdma_pin_pages() use get_user_pages_fast() and leave
mmap_sem locking for mm.

This deadlock has actually been observed in the wild when the node
is under memory pressure.
Signed-off-by: default avatarJan Kara <jack@suse.cz>
Signed-off-by: default avatarMike Marciniszyn <mike.marciniszyn@intel.com>
[ Merged in fix for call to get_user_pages_fast from Tetsuo Handa
  <penguin-kernel@I-love.SAKURA.ne.jp>.  - Roland ]
Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 27c0008c
...@@ -280,9 +280,7 @@ static int ipath_user_sdma_pin_pages(const struct ipath_devdata *dd, ...@@ -280,9 +280,7 @@ static int ipath_user_sdma_pin_pages(const struct ipath_devdata *dd,
int j; int j;
int ret; int ret;
ret = get_user_pages(current, current->mm, addr, ret = get_user_pages_fast(addr, npages, 0, pages);
npages, 0, 1, pages, NULL);
if (ret != npages) { if (ret != npages) {
int i; int i;
...@@ -811,10 +809,7 @@ int ipath_user_sdma_writev(struct ipath_devdata *dd, ...@@ -811,10 +809,7 @@ int ipath_user_sdma_writev(struct ipath_devdata *dd,
while (dim) { while (dim) {
const int mxp = 8; const int mxp = 8;
down_write(&current->mm->mmap_sem);
ret = ipath_user_sdma_queue_pkts(dd, pq, &list, iov, dim, mxp); ret = ipath_user_sdma_queue_pkts(dd, pq, &list, iov, dim, mxp);
up_write(&current->mm->mmap_sem);
if (ret <= 0) if (ret <= 0)
goto done_unlock; goto done_unlock;
else { else {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment