[PATCH] IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition

From: Niels Dossche
Date: Mon Feb 28 2022 - 11:54:34 EST

Next message: Nathan Chancellor: "Re: [PATCH] [v2] Kbuild: move to -std=gnu11"
Previous message: Mathieu Poirier: "Re: [PATCH] coresight: Drop unused 'none' enum value for each component"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The documentation of the function rvt_error_qp says both r_lock and
s_lock need to be held when calling that function.
It also asserts using lockdep that both of those locks are held.
However, the commit I referenced in Fixes accidentally makes the call
to rvt_error_qp in rvt_ruc_loopback no longer covered by r_lock.
This results in the lockdep assertion failing and also possibly in a
race condition.

Fixes: d757c60eca9b ("IB/rdmavt: Fix concurrency panics in QP post_send and modify to error")
Signed-off-by: Niels Dossche <dossche.niels@xxxxxxxxx>
---
drivers/infiniband/sw/rdmavt/qp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c
index ae50b56e8913..8ef112f883a7 100644
--- a/drivers/infiniband/sw/rdmavt/qp.c
+++ b/drivers/infiniband/sw/rdmavt/qp.c
@@ -3190,7 +3190,11 @@ void rvt_ruc_loopback(struct rvt_qp *sqp)
spin_lock_irqsave(&sqp->s_lock, flags);
rvt_send_complete(sqp, wqe, send_status);
if (sqp->ibqp.qp_type == IB_QPT_RC) {
- int lastwqe = rvt_error_qp(sqp, IB_WC_WR_FLUSH_ERR);
+ int lastwqe;
+
+ spin_lock(&sqp->r_lock);
+ lastwqe = rvt_error_qp(sqp, IB_WC_WR_FLUSH_ERR);
+ spin_unlock(&sqp->r_lock);

sqp->s_flags &= ~RVT_S_BUSY;
spin_unlock_irqrestore(&sqp->s_lock, flags);
--
2.35.1

Next message: Nathan Chancellor: "Re: [PATCH] [v2] Kbuild: move to -std=gnu11"
Previous message: Mathieu Poirier: "Re: [PATCH] coresight: Drop unused 'none' enum value for each component"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]