[PATCH 5.10 519/563] net/smc: Fix hung_task when removing SMC-R devices

From: Greg Kroah-Hartman
Date: Mon Jan 24 2022 - 22:02:15 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.10 513/563] parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 515/563] f2fs: fix to reserve space for IO align feature"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 515/563] f2fs: fix to reserve space for IO align feature"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 513/563] parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Wen Gu <guwen@xxxxxxxxxxxxxxxxx>

commit 56d99e81ecbc997a5f984684d0eeb583992b2072 upstream.

A hung_task is observed when removing SMC-R devices. Suppose that
a link group has two active links(lnk_A, lnk_B) associated with two
different SMC-R devices(dev_A, dev_B). When dev_A is removed, the
link group will be removed from smc_lgr_list and added into
lgr_linkdown_list. lnk_A will be cleared and smcibdev(A)->lnk_cnt
will reach to zero. However, when dev_B is removed then, the link
group can't be found in smc_lgr_list and lnk_B won't be cleared,
making smcibdev->lnk_cnt never reaches zero, which causes a hung_task.

This patch fixes this issue by restoring the implementation of
smc_smcr_terminate_all() to what it was before commit 349d43127dac
("net/smc: fix kernel panic caused by race of smc_sock"). The original
implementation also satisfies the intention that make sure QP destroy
earlier than CQ destroy because we will always wait for smcibdev->lnk_cnt
reaches zero, which guarantees QP has been destroyed.

Fixes: 349d43127dac ("net/smc: fix kernel panic caused by race of smc_sock")
Signed-off-by: Wen Gu <guwen@xxxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/smc/smc_core.c | 17 +----------------
1 file changed, 1 insertion(+), 16 deletions(-)

--- a/net/smc/smc_core.c
+++ b/net/smc/smc_core.c
@@ -1002,16 +1002,11 @@ void smc_smcd_terminate_all(struct smcd_
/* Called when an SMCR device is removed or the smc module is unloaded.
* If smcibdev is given, all SMCR link groups using this device are terminated.
* If smcibdev is NULL, all SMCR link groups are terminated.
- *
- * We must wait here for QPs been destroyed before we destroy the CQs,
- * or we won't received any CQEs and cdc_pend_tx_wr cannot reach 0 thus
- * smc_sock cannot be released.
*/
void smc_smcr_terminate_all(struct smc_ib_device *smcibdev)
{
struct smc_link_group *lgr, *lg;
LIST_HEAD(lgr_free_list);
- LIST_HEAD(lgr_linkdown_list);
int i;

spin_lock_bh(&smc_lgr_list.lock);
@@ -1023,7 +1018,7 @@ void smc_smcr_terminate_all(struct smc_i
list_for_each_entry_safe(lgr, lg, &smc_lgr_list.list, list) {
for (i = 0; i < SMC_LINKS_PER_LGR_MAX; i++) {
if (lgr->lnk[i].smcibdev == smcibdev)
- list_move_tail(&lgr->list, &lgr_linkdown_list);
+ smcr_link_down_cond_sched(&lgr->lnk[i]);
}
}
}
@@ -1035,16 +1030,6 @@ void smc_smcr_terminate_all(struct smc_i
__smc_lgr_terminate(lgr, false);
}

- list_for_each_entry_safe(lgr, lg, &lgr_linkdown_list, list) {
- for (i = 0; i < SMC_LINKS_PER_LGR_MAX; i++) {
- if (lgr->lnk[i].smcibdev == smcibdev) {
- mutex_lock(&lgr->llc_conf_mutex);
- smcr_link_down_cond(&lgr->lnk[i]);
- mutex_unlock(&lgr->llc_conf_mutex);
- }
- }
- }
-
if (smcibdev) {
if (atomic_read(&smcibdev->lnk_cnt))
wait_event(smcibdev->lnks_deleted,

Next message: Greg Kroah-Hartman: "[PATCH 5.10 513/563] parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 515/563] f2fs: fix to reserve space for IO align feature"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 515/563] f2fs: fix to reserve space for IO align feature"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 513/563] parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]