[PATCH v2 hmm 01/11] mm/hmm: fix use after free with struct hmm in the mmu notifiers
Jason Gunthorpe
jgg at ziepe.ca
Fri Jun 7 13:42:28 UTC 2019
On Fri, Jun 07, 2019 at 09:34:32AM -0300, Jason Gunthorpe wrote:
> CH also pointed out a more elegant solution, which is to get the write
> side of the mmap_sem during hmm_mirror_unregister - no notifier
> callback can be running in this case. Then we delete the kref, srcu
> and so forth.
Oops, it turns out this is only the case for invalidate_start/end, not
release, so this doesn't help with the SRCU unless we also change
exit_mmap to call release with the mmap sem held.
So I think we have to stick with this for now.
Jason
More information about the amd-gfx
mailing list