Frederic Barrat <fbar...@linux.vnet.ibm.com> writes: > cxllib_handle_fault() is called by an external driver when it needs to > have the host process page faults for a buffer which may cover several > pages. Currently the function holds the mm->mmap_sem semaphore with > read access while iterating over the buffer, since it could spawn > several VMAs. When calling a lower-level function to handle the page > fault for a single page, the semaphore is accessed again in read > mode. That is wrong and can lead to deadlocks if a writer tries to > sneak in while a buffer of several pages is being processed. > > The fix is to release the semaphore once cxllib_handle_fault() got the > information it needs from the current vma. The address space/VMAs > could evolve while we iterate over the full buffer, but in the > unlikely case where we miss a page, the driver will raise a new page > fault when retrying. > > Fixes: 3ced8d730063 ("cxl: Export library to support IBM XSL") > Cc: sta...@vger.kernel.org # 4.13+ > Signed-off-by: Frederic Barrat <fbar...@linux.vnet.ibm.com>
Reviewed-by: Vaibhav Jain <vaib...@linux.vnet.ibm.com>