mirror of https://gitee.com/openkylin/linux.git
720c84046c
pnv_npu2_init_context wasn't checking the return code from __mmu_notifier_register. If __mmu_notifier_register failed, the npu_context was still assigned to the mm and the caller wasn't given any indication that things went wrong. Later on pnv_npu2_destroy_context would be called, which in turn called mmu_notifier_unregister and dropped mm->mm_count without having incremented it in the first place. This led to various forms of corruption like mm use-after-free and mm double-free. __mmu_notifier_register can fail with EINTR if a signal is pending, so this case can be frequent. This patch calls opal_npu_destroy_context on the failure paths, and makes sure not to assign mm->context.npu_context until past the failure points. Signed-off-by: Mark Hairgrove <mhairgrove@nvidia.com> Acked-By: Alistair Popple <alistair@popple.id.au> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> |
||
---|---|---|
.. | ||
4xx | ||
8xx | ||
40x | ||
44x | ||
52xx | ||
82xx | ||
83xx | ||
85xx | ||
86xx | ||
512x | ||
amigaone | ||
cell | ||
chrp | ||
embedded6xx | ||
maple | ||
pasemi | ||
powermac | ||
powernv | ||
ps3 | ||
pseries | ||
Kconfig | ||
Kconfig.cputype | ||
Makefile | ||
fsl_uli1575.c |