git.baikalelectronics.ru Git - kernel.git/commit

author	Tomer Tayar <ttayar@habana.ai>
	Sun, 22 May 2022 06:43:54 +0000 (09:43 +0300)
committer	Oded Gabbay <ogabbay@kernel.org>
	Tue, 12 Jul 2022 06:09:22 +0000 (09:09 +0300)
commit	b3dd47e4d5ae97c6550f7300f6b6f25b018320ac
tree	45c37cc3528c877c967dd2effc914b651dbcd9b2	tree \| snapshot
parent	278b4b49a760736825b2ce53f6925c0d159b7e35	commit \| diff

habanalabs: fix race between hl_get_compute_ctx() and hl_ctx_put()

hl_get_compute_ctx() is used to get the pointer to the compute context
from the hpriv object.
The function is called in code paths that are not necessarily initiated
by user, so it is possible that a context release process will happen in
parallel.
This can lead to a race condition in which hl_get_compute_ctx()
retrieves the context pointer, and just before it increments the context
refcount, the context object is released and a freed memory is accessed.

To avoid this race, add a mutex to protect the context pointer in hpriv.
With this lock, hl_get_compute_ctx() will be able to detect if the
context has been released or is about to be released.

struct hl_ctx_mgr has a mutex for contexts IDR with a similar "ctx_lock"
name, so rename it to just "lock" to avoid a confusion with the new
lock.

Signed-off-by: Tomer Tayar <ttayar@habana.ai>
Reviewed-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Oded Gabbay <ogabbay@kernel.org>

drivers/misc/habanalabs/common/context.c		diff \| blob \| history
drivers/misc/habanalabs/common/device.c		diff \| blob \| history
drivers/misc/habanalabs/common/habanalabs.h		diff \| blob \| history
drivers/misc/habanalabs/common/habanalabs_drv.c		diff \| blob \| history