Description of problem:
hfi1 driver enables a char device that users open through normal file system methods. When the file is opened a pointer to the current->mm is saved in the private data for the file handle.

This is then used for IOCTL and write_iter() commands from the user for pinning and unpinning of memory on behalf of the user. The saved value is remembered in an attempt to handle the case where the context (current) value that calls the close on the file, such as being killed by a signal or OOM killer, is different than the original user.

This causes a potential problem where if a child process with access to the parents file handle calls an IOCTL or write or close, the value of the mm will be that of the parent, not the child process.

Version-Release number of selected component (if applicable):
All version of RHEL which include upstream commits:
     e0cf75deab81 ("IB/hfi1: Fix mm_struct use after free")
     3faa3d9a308e ("IB/hfi1: Make use of mm consistent")

How reproducible:
Easy

Steps to Reproduce:
1. Open file
2. Fork
3. Child proc does IOCTL

Actual results:
Wrong mm is used

Expected results:
Child mm would be used