[SRU,Bionic,1/1] s390/kvm: fix deadlock when killed by oom

Message ID CA+jPhpfu9wB3UTPSepNRVODAwmQ1=W2UrO+xE5GeBRW4cfKp8g@mail.gmail.com
State New
Headers show
Series
  • Fixes for LP1800849 [v2]
Related show

Commit Message

Frank Heimes Nov. 2, 2018, 7:13 p.m.
From: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>

BugLink: http://bugs.launchpad.net/bugs/1800849

When the oom killer kills a userspace process in the page fault handler
while in guest context, the fault handler fails to release the mm_sem
if the FAULT_FLAG_RETRY_NOWAIT option is set. This leads to a deadlock
when tearing down the mm when the process terminates. This bug can only
happen when pfault is enabled, so only KVM clients are affected.

The problem arises in the rare cases in which handle_mm_fault does not
release the mm_sem. This patch fixes the issue by manually releasing
the mm_sem when needed.

Fixes: 24eb3a824c4f3 ("KVM: s390: Add FAULT_FLAG_RETRY_NOWAIT for guest
fault")
Cc: <stable@vger.kernel.org> # 3.15+
Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit 306d6c49ac9ded11114cb53b0925da52f2c2ada1)
Signed-off-by: Frank Heimes <frank.heimes@canonical.com>

---

        if (unlikely(fault & VM_FAULT_ERROR))

Comments

Stefan Bader Nov. 6, 2018, 12:54 p.m. | #1
On 02.11.18 20:13, Frank Heimes wrote:
> From: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com
> <mailto:imbrenda@linux.vnet.ibm.com>>
> 
> BugLink: http://bugs.launchpad.net/bugs/1800849
> 
> When the oom killer kills a userspace process in the page fault handler
> while in guest context, the fault handler fails to release the mm_sem
> if the FAULT_FLAG_RETRY_NOWAIT option is set. This leads to a deadlock
> when tearing down the mm when the process terminates. This bug can only
> happen when pfault is enabled, so only KVM clients are affected.
>     
> The problem arises in the rare cases in which handle_mm_fault does not
> release the mm_sem. This patch fixes the issue by manually releasing
> the mm_sem when needed.
>     
> Fixes: 24eb3a824c4f3 ("KVM: s390: Add FAULT_FLAG_RETRY_NOWAIT for guest fault")
> Cc: <stable@vger.kernel.org <mailto:stable@vger.kernel.org>> # 3.15+
> Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com
> <mailto:imbrenda@linux.vnet.ibm.com>>
> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com
> <mailto:schwidefsky@de.ibm.com>>
> (cherry picked from commit 306d6c49ac9ded11114cb53b0925da52f2c2ada1)
> Signed-off-by: Frank Heimes <frank.heimes@canonical.com
> <mailto:frank.heimes@canonical.com>>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
> 
> ---

Possibly needs real cherry pick if this multi-part html thing cannot be
seperated away.
> 
> diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
> index e074480..4cc3f06 100644
> --- a/arch/s390/mm/fault.c
> +++ b/arch/s390/mm/fault.c
> @@ -502,6 +502,8 @@ static inline int do_exception(struct pt_regs *regs, int access)
>         /* No reason to continue if interrupted by SIGKILL. */
>         if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) {
>                 fault = VM_FAULT_SIGNAL;
> +               if (flags & FAULT_FLAG_RETRY_NOWAIT)
> +                       goto out_up;
>                 goto out;
>         }
>         if (unlikely(fault & VM_FAULT_ERROR))
> 
>

Patch

diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
index e074480..4cc3f06 100644
--- a/arch/s390/mm/fault.c
+++ b/arch/s390/mm/fault.c
@@ -502,6 +502,8 @@  static inline int do_exception(struct pt_regs *regs,
int access)
        /* No reason to continue if interrupted by SIGKILL. */
        if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) {
                fault = VM_FAULT_SIGNAL;
+               if (flags & FAULT_FLAG_RETRY_NOWAIT)
+                       goto out_up;
                goto out;
        }