Possible race in mlx5_ib.ko
From: Anton Volkov
Date: Fri Aug 18 2017 - 11:17:21 EST
Hello.
While searching for races in the Linux kernel I've come across
"drivers/infiniband/hw/mlx5/mlx5_ib.ko" module. Here are questions that
I came up with while analyzing results. Lines are given using the info
from Linux v4.12.
Consider the following case:
Thread 1: Thread 2:
size_write
->remove_keys limit_write
ent->cur--; if (ent->cur < ent->limit)
(mr.c: line 234) (mr.c: line 335)
err = add_keys(... ent->limit - ent->cur);
If size_write and limit_write are able to work concurrently with the
same ent then there is a possibility of a race between the accesses to
ent->cur. In worst case in limit_write new keys wouldn't be added. Is it
feasible from your point of view? If so, is it a benign race or a
serious one?
Thank you for your time.
-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avolkov@xxxxxxxxx