projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: edd3155)
IB/ipoib: Fix sysfs Pkey create<->remove possible deadlock
authorShalom Lagziel <shaloml@mellanox.com>
Sun, 24 Sep 2017 18:46:32 +0000 (21:46 +0300)
committerDoug Ledford <dledford@redhat.com>
Mon, 25 Sep 2017 15:47:23 +0000 (11:47 -0400)
A possible ABBA lock can happen with RTNL and vlan_rwsem.
For example:

Flow A: Device Flush
__ipoib_ib_dev_flush
down_read(vlan_rwsem)  // Lock A
ipoib_flush_ah
flush_workqueue(priv->wq)  // Wait for completion
A work on shared WQ (Mcast carrier)
ipoib_mcast_carrier_on_task
while (!rtnl_trylock())         // Wait for lock B

Flow B: Sysfs PKEY delete
ipoib_vlan_delete
lock(RTNL)  // Lock B
down_write(vlan_rwsem)  // Wait for lock A

This can happen with PKEY creates as well. The solution is to release
the RTNL lock in sysfs functions in case it is not possible to lock
VLAN RW semaphore and reset the SYS call.

Fixes: 69956d83267e ("IB/ipoib: Sync between remove_one to sysfs calls that use rtnl_lock")
Signed-off-by: Shalom Lagziel <shaloml@mellanox.com>
Signed-off-by: Alex Vesker <valex@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/infiniband/ulp/ipoib/ipoib_vlan.c patch | blob | blame | history

diff --git a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
index 9927cd6b7082b1dc24cbfa38431e6156646bf15f..e01c58edca15cf303bf5ff5436046eefefdac672 100644 (file)
--- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
@@ -141,14 +141,17 @@ int ipoib_vlan_add(struct net_device *pdev, unsigned short pkey)
                return restart_syscall();
        }
 
-       priv = ipoib_intf_alloc(ppriv->ca, ppriv->port, intf_name);
-       if (!priv) {
+       if (!down_write_trylock(&ppriv->vlan_rwsem)) {
                rtnl_unlock();
                mutex_unlock(&ppriv->sysfs_mutex);
-               return -ENOMEM;
+               return restart_syscall();
        }
 
-       down_write(&ppriv->vlan_rwsem);
+       priv = ipoib_intf_alloc(ppriv->ca, ppriv->port, intf_name);
+       if (!priv) {
+               result = -ENOMEM;
+               goto out;
+       }
 
        /*
         * First ensure this isn't a duplicate. We check the parent device and
@@ -175,7 +178,7 @@ out:
        rtnl_unlock();
        mutex_unlock(&ppriv->sysfs_mutex);
 
-       if (result) {
+       if (result && priv) {
                free_netdev(priv->dev);
                kfree(priv);
        }
@@ -204,7 +207,12 @@ int ipoib_vlan_delete(struct net_device *pdev, unsigned short pkey)
                return restart_syscall();
        }
 
-       down_write(&ppriv->vlan_rwsem);
+       if (!down_write_trylock(&ppriv->vlan_rwsem)) {
+               rtnl_unlock();
+               mutex_unlock(&ppriv->sysfs_mutex);
+               return restart_syscall();
+       }
+
        list_for_each_entry_safe(priv, tpriv, &ppriv->child_intfs, list) {
                if (priv->pkey == pkey &&
                    priv->child_type == IPOIB_LEGACY_CHILD) {