From: Nicholas Piggin <npiggin@gmail.com>
Date: Mon, 23 Aug 2021 23:59:18 +0000 (+1000)
Subject: lazy-tlb-introduce-lazy-mm-refcount-helper-functions-fix
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=bfb4fd128488fb453844f6802259876ad9595d89;p=users%2Fjedix%2Flinux-maple.git

lazy-tlb-introduce-lazy-mm-refcount-helper-functions-fix

Fix a refcounting bug in kthread_use_mm (the mm reference is increased
unconditionally now, but the lazy tlb refcount is still only dropped only
if mm != active_mm).

Link: https://lkml.kernel.org/r/1623125298.bx63h3mopj.astroid@bobo.none
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
---

diff --git a/kernel/kthread.c b/kernel/kthread.c
index e82a17863b098..83ed75d531b4b 100644
--- a/kernel/kthread.c
+++ b/kernel/kthread.c
@@ -1350,6 +1350,11 @@ void kthread_use_mm(struct mm_struct *mm)
 	WARN_ON_ONCE(!(tsk->flags & PF_KTHREAD));
 	WARN_ON_ONCE(tsk->mm);
 
+	/*
+	 * It's possible that tsk->active_mm == mm here, but we must
+	 * still mmgrab(mm) and mmdrop_lazy_tlb(active_mm), because lazy
+	 * mm may not have its own refcount (see mmgrab/drop_lazy_tlb()).
+	 */
 	mmgrab(mm);
 
 	task_lock(tsk);
@@ -1374,12 +1379,9 @@ void kthread_use_mm(struct mm_struct *mm)
 	 * memory barrier after storing to tsk->mm, before accessing
 	 * user-space memory. A full memory barrier for membarrier
 	 * {PRIVATE,GLOBAL}_EXPEDITED is implicitly provided by
-	 * mmdrop(), or explicitly with smp_mb().
+	 * mmdrop_lazy_tlb().
 	 */
-	if (active_mm != mm)
-		mmdrop_lazy_tlb(active_mm);
-	else
-		smp_mb();
+	mmdrop_lazy_tlb(active_mm);
 
 	to_kthread(tsk)->oldfs = force_uaccess_begin();
 }