IB/ucm: Fix deadlock in cleanup
authorMichael S. Tsirkin <mst@mellanox.co.il>
Wed, 29 Nov 2006 23:33:10 +0000 (15:33 -0800)
committerRoland Dreier <rolandd@cisco.com>
Wed, 29 Nov 2006 23:33:10 +0000 (15:33 -0800)
ib_ucm_cleanup_events() holds file_mutex while calling ib_destroy_cm_id().
This can deadlock since ib_destroy_cm_id() flushes event handlers, and
ib_ucm_event_handler() needs file_mutex, too.  Therefore, drop the
file_mutex during the call to ib_destroy_cm_id().

Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
drivers/infiniband/core/ucm.c

index 1f4f2d2cfa2e9b04edb2b6231d63dbf4bfeef040..f15220a0ee75dda635079975df75dfe406996d05 100644 (file)
@@ -161,12 +161,14 @@ static void ib_ucm_cleanup_events(struct ib_ucm_context *ctx)
                                    struct ib_ucm_event, ctx_list);
                list_del(&uevent->file_list);
                list_del(&uevent->ctx_list);
+               mutex_unlock(&ctx->file->file_mutex);
 
                /* clear incoming connections. */
                if (ib_ucm_new_cm_id(uevent->resp.event))
                        ib_destroy_cm_id(uevent->cm_id);
 
                kfree(uevent);
+               mutex_lock(&ctx->file->file_mutex);
        }
        mutex_unlock(&ctx->file->file_mutex);
 }