bnxt_re: Fix race between the netdev register and unregister events
authorSomnath Kotur <somnath.kotur@broadcom.com>
Thu, 31 Aug 2017 03:57:32 +0000 (09:27 +0530)
committerDoug Ledford <dledford@redhat.com>
Fri, 22 Sep 2017 17:57:32 +0000 (13:57 -0400)
Upon receipt of the NETDEV_REGISTER event from the netdev notifier chain,
the IB stack registration is spawned off to a workqueue since that also
requires an rtnl lock.
There could be 2 kinds of races between the NETDEV_REGISTER and the
NETDEV_UNREGISTER event handling.
a)The NETDEV_UNREGISTER event is received in rapid succession after
the NETDEV_REGISTER event even before the work queue got a chance to run.
b)The NETDEV_UNREGISTER event is received while the workqueue that handles
registration with the IB stack is still in progress.

Handle both the races with a bit flag that is set just before the work item
is queued and cleared in the workqueue after the event is handled just
before the workqueue item is freed.

While adding the new flag, it was noted that the flags are all used in
*_bit() operations which expect a bit number and not a literal constant
with a bit set.  So change the numbers to be bit numbers.

Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/infiniband/hw/bnxt_re/bnxt_re.h
drivers/infiniband/hw/bnxt_re/main.c

index b3ad37fec578be497cc55e3dc48552e62d71c595..a25f9d2408802d9650cfacf7afd9bbc950eed507 100644 (file)
@@ -93,11 +93,13 @@ struct bnxt_re_dev {
        struct ib_device                ibdev;
        struct list_head                list;
        unsigned long                   flags;
-#define BNXT_RE_FLAG_NETDEV_REGISTERED 0
-#define BNXT_RE_FLAG_IBDEV_REGISTERED  1
-#define BNXT_RE_FLAG_GOT_MSIX          2
-#define BNXT_RE_FLAG_RCFW_CHANNEL_EN   8
-#define BNXT_RE_FLAG_QOS_WORK_REG      16
+#define BNXT_RE_FLAG_NETDEV_REGISTERED         0
+#define BNXT_RE_FLAG_IBDEV_REGISTERED          1
+#define BNXT_RE_FLAG_GOT_MSIX                  2
+#define BNXT_RE_FLAG_HAVE_L2_REF               3
+#define BNXT_RE_FLAG_RCFW_CHANNEL_EN           4
+#define BNXT_RE_FLAG_QOS_WORK_REG              5
+#define BNXT_RE_FLAG_TASK_IN_PROG              6
        struct net_device               *netdev;
        unsigned int                    version, major, minor;
        struct bnxt_en_dev              *en_dev;
index 00a3b743c15629da818ade8270b2584acefa0579..29c3d7e254af73d8ec082fbefdb2843a793bbe6e 100644 (file)
@@ -1259,6 +1259,8 @@ static void bnxt_re_task(struct work_struct *work)
        default:
                break;
        }
+       smp_mb__before_atomic();
+       clear_bit(BNXT_RE_FLAG_TASK_IN_PROG, &rdev->flags);
        kfree(re_work);
 }
 
@@ -1317,6 +1319,11 @@ static int bnxt_re_netdev_event(struct notifier_block *notifier,
                break;
 
        case NETDEV_UNREGISTER:
+               /* netdev notifier will call NETDEV_UNREGISTER again later since
+                * we are still holding the reference to the netdev
+                */
+               if (test_bit(BNXT_RE_FLAG_TASK_IN_PROG, &rdev->flags))
+                       goto exit;
                bnxt_re_ib_unreg(rdev, false);
                bnxt_re_remove_one(rdev);
                bnxt_re_dev_unreg(rdev);
@@ -1335,6 +1342,7 @@ static int bnxt_re_netdev_event(struct notifier_block *notifier,
                        re_work->vlan_dev = (real_dev == netdev ?
                                             NULL : netdev);
                        INIT_WORK(&re_work->work, bnxt_re_task);
+                       set_bit(BNXT_RE_FLAG_TASK_IN_PROG, &rdev->flags);
                        queue_work(bnxt_re_wq, &re_work->work);
                }
        }