git.baikalelectronics.ru Git - kernel.git/commit

author	Tomer Tayar <ttayar@habana.ai>
	Sun, 22 May 2022 06:43:54 +0000 (09:43 +0300)
committer	Oded Gabbay <ogabbay@kernel.org>
	Tue, 12 Jul 2022 06:09:22 +0000 (09:09 +0300)
commit	124eecd3f544846466095c62d22c4f8f36265cee
tree	45c37cc3528c877c967dd2effc914b651dbcd9b2	tree \| snapshot
parent	668e16b8d4d29119fb4cff8b6eb613d253b9ce0a	commit \| diff

habanalabs: fix race between hl_get_compute_ctx() and hl_ctx_put()

hl_get_compute_ctx() is used to get the pointer to the compute context
from the hpriv object.
The function is called in code paths that are not necessarily initiated
by user, so it is possible that a context release process will happen in
parallel.
This can lead to a race condition in which hl_get_compute_ctx()
retrieves the context pointer, and just before it increments the context
refcount, the context object is released and a freed memory is accessed.

To avoid this race, add a mutex to protect the context pointer in hpriv.
With this lock, hl_get_compute_ctx() will be able to detect if the
context has been released or is about to be released.

struct hl_ctx_mgr has a mutex for contexts IDR with a similar "ctx_lock"
name, so rename it to just "lock" to avoid a confusion with the new
lock.

Signed-off-by: Tomer Tayar <ttayar@habana.ai>
Reviewed-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Oded Gabbay <ogabbay@kernel.org>

drivers/misc/habanalabs/common/context.c		diff \| blob \| history
drivers/misc/habanalabs/common/device.c		diff \| blob \| history
drivers/misc/habanalabs/common/habanalabs.h		diff \| blob \| history
drivers/misc/habanalabs/common/habanalabs_drv.c		diff \| blob \| history