IB/hfi1: Protect the interval RB tree when cleaning up
authorMitko Haralanov <mitko.haralanov@intel.com>
Tue, 12 Apr 2016 17:46:35 +0000 (10:46 -0700)
committerDoug Ledford <dledford@redhat.com>
Thu, 28 Apr 2016 20:32:26 +0000 (16:32 -0400)
The current implementation of the clean up function for
the interval RB trees has two flaws which may cause
problems in cases of concurrent executing of the function
and MMU notifier.

The flaws were due to the fact that deregistration of the
MMU callbacks was done after the tree was emptied and,
furthermore, the tree was not being locked.

This commit fixes both of these flaws by, first, switch the
order of operations, and, second, locking the tree while
traversing it to prevent any other operations.

Reviewed-by: Dean Luick <dean.luick@intel.com>
Signed-off-by: Mitko Haralanov <mitko.haralanov@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/staging/rdma/hfi1/mmu_rb.c

index b3f0682a36c95ffdd15f1b4d5d2f8cfb2e2afac3..72b6d70ae2b57c5436984a17689bf61199881202 100644 (file)
@@ -126,10 +126,15 @@ void hfi1_mmu_rb_unregister(struct rb_root *root)
        if (!handler)
                return;
 
+       /* Unregister first so we don't get any more notifications. */
+       if (current->mm)
+               mmu_notifier_unregister(&handler->mn, current->mm);
+
        spin_lock_irqsave(&mmu_rb_lock, flags);
        list_del(&handler->list);
        spin_unlock_irqrestore(&mmu_rb_lock, flags);
 
+       spin_lock_irqsave(&handler->lock, flags);
        if (!RB_EMPTY_ROOT(root)) {
                struct rb_node *node;
                struct mmu_rb_node *rbnode;
@@ -141,9 +146,8 @@ void hfi1_mmu_rb_unregister(struct rb_root *root)
                                handler->ops->remove(root, rbnode, NULL);
                }
        }
+       spin_unlock_irqrestore(&handler->lock, flags);
 
-       if (current->mm)
-               mmu_notifier_unregister(&handler->mn, current->mm);
        kfree(handler);
 }