Re: [PATCH RFC v2 10/15] vfio/nvgrace-egm: Clear Memory before handing out to VM

Next message: Rafael J. Wysocki: "Re: [PATCH v3] ACPI: OSL: Poweroff when encountering a fatal ACPI error"
Previous message: Zhi Wang: "Re: [PATCH v2 0/4] gpu: nova-core: gsp: add locking to Cmdq"
In reply to: Shameer Kolothum Thodi: "RE: [PATCH RFC v2 10/15] vfio/nvgrace-egm: Clear Memory before handing out to VM"
Next in thread: Shameer Kolothum Thodi: "RE: [PATCH RFC v2 10/15] vfio/nvgrace-egm: Clear Memory before handing out to VM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Thu Feb 26 2026 - 14:06:11 EST

On Thu, Feb 26, 2026 at 06:15:33PM +0000, Shameer Kolothum Thodi wrote:
> The mmap mapping stays alive and accessible in userspace even after
> the close(). Since the release function decrements open_count on close(),
> a second process could then call open() and wipe the mapping while it's
> still live.

fops release is not called until the mmap is closed too, the VMA holds
a struct file pointer as well. close does not call release, close
calls fput and fput calls release when the struct file refcount is 0.

Jason