From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Dennis Dalessandro <dennis.dalessandro@intel.com>,
Mike Marciniszyn <mike.marciniszyn@intel.com>,
Doug Ledford <dledford@redhat.com>
Subject: [PATCH 4.8 17/57] IB/hfi1: Fix defered ack race with qp destroy
Date: Fri, 21 Oct 2016 11:17:40 +0200 [thread overview]
Message-ID: <20161021091436.205889317@linuxfoundation.org> (raw)
In-Reply-To: <20161021091435.435647262@linuxfoundation.org>
4.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Marciniszyn <mike.marciniszyn@intel.com>
commit 72f53af2651957b0b9d6dead72a393eaf9a2c3be upstream.
There is a a bug in defered ack stuff that causes a race with the
destroy of a QP.
A packet causes a defered ack to be pended by putting the QP
into an rcd queue.
A return from the driver interrupt processing will process that rcd
queue of QPs and attempt to do a direct send of the ack. At this
point no locks are held and the above QP could now be put in the reset
state in the qp destroy logic. A refcount protects the QP while it
is in the rcd queue so it isn't going anywhere yet.
If the direct send fails to allocate a pio buffer,
hfi1_schedule_send() is called to trigger sending an ack from the
send engine. There is no state test in that code path.
The refcount is then dropped from the driver.c caller
potentially allowing the qp destroy to continue from its
refcount wait in parallel with the workqueue scheduling of the qp.
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hfi1/rc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/hfi1/rc.c
+++ b/drivers/infiniband/hw/hfi1/rc.c
@@ -932,8 +932,10 @@ void hfi1_send_rc_ack(struct hfi1_ctxtda
return;
queue_ack:
- this_cpu_inc(*ibp->rvp.rc_qacks);
spin_lock_irqsave(&qp->s_lock, flags);
+ if (!(ib_rvt_state_ops[qp->state] & RVT_PROCESS_RECV_OK))
+ goto unlock;
+ this_cpu_inc(*ibp->rvp.rc_qacks);
qp->s_flags |= RVT_S_ACK_PENDING | RVT_S_RESP_PENDING;
qp->s_nak_state = qp->r_nak_state;
qp->s_ack_psn = qp->r_ack_psn;
@@ -942,6 +944,7 @@ queue_ack:
/* Schedule the send tasklet. */
hfi1_schedule_send(qp);
+unlock:
spin_unlock_irqrestore(&qp->s_lock, flags);
}
next prev parent reply other threads:[~2016-10-21 9:35 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20161021092156uscas1p2448161ce8162a8e99cfe189d1b435176@uscas1p2.samsung.com>
2016-10-21 9:17 ` [PATCH 4.8 00/57] 4.8.4-stable review Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 03/57] serial: 8250_dw: Check the data->pclk when get apb_pclk Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 04/57] serial: 8250_port: fix runtime PM use in __do_stop_tx_rs485() Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 05/57] ARCv2: intc: Use kflag if STATUS32.IE must be reset Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 06/57] ARCv2: fix local_save_flags Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 07/57] debugfs: introduce a public file_operations accessor Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 08/57] b43: fix debugfs crash Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 09/57] b43legacy: " Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 10/57] carl9170: fix debugfs crashes Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 14/57] btrfs: assign error values to the correct bio structs Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 15/57] mei: amthif: fix deadlock in initialization during a reset Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 16/57] drivers: base: dma-mapping: page align the size when unmap_kernel_range Greg Kroah-Hartman
2016-10-21 9:17 ` Greg Kroah-Hartman [this message]
2016-10-21 9:17 ` [PATCH 4.8 18/57] clk: mvebu: fix setting unwanted flags in CP110 gate clock Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 19/57] clk: mvebu: dynamically allocate resources in Armada CP110 system controller Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 20/57] fuse: listxattr: verify xattr list Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 22/57] fuse: fix killing s[ug]id in setattr Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 23/57] mm: filemap: fix mapping->nrpages double accounting in fuse Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 24/57] i40e: avoid NULL pointer dereference and recursive errors on early PCI error Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 25/57] xfs: change mailing list address Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 26/57] mm: filemap: dont plant shadow entries without radix tree node Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 27/57] brcmfmac: fix pmksa->bssid usage Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 30/57] ASoC: nau8825: fix bug in FLL parameter Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 31/57] ASoC: Intel: Atom: add a missing star in a memcpy call Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 32/57] reiserfs: Unlock superblock before calling reiserfs_quota_on_mount() Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 33/57] async_pq_val: fix DMA memory leak Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 34/57] autofs: Fix automounts by using current_real_cred()->uid Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 35/57] scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() Greg Kroah-Hartman
2016-10-21 9:17 ` [PATCH 4.8 36/57] scsi: arcmsr: Simplify user_len checking Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 37/57] scsi: ibmvfc: Fix I/O hang when port is not mapped Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 38/57] ipc/sem.c: fix complex_count vs. simple op race Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 39/57] mm/hugetlb: fix memory offline with hugepage size > memory block size Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 40/57] vfs,mm: fix a dead loop in truncate_inode_pages_range() Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 41/57] jbd2: fix lockdep annotation in add_transaction_credits() Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 42/57] ext4: enforce online defrag restriction for encrypted files Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 43/57] ext4: reinforce check of i_dtime when clearing high fields of uid and gid Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 45/57] ext4: fix memory leak in ext4_insert_range() Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 46/57] ext4: fix memory leak when symlink decryption fails Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 47/57] ext4: allow DAX writeback for hole punch Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 48/57] ext4: release bh in make_indexed_dir Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 49/57] ext4: unmap metadata when zeroing blocks Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 50/57] crypto: ghash-generic - move common definitions to a new header file Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 51/57] crypto: vmx - Fix memory corruption caused by p8_ghash Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 52/57] dlm: free workqueues after the connections Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 53/57] vfs: move permission checking into notify_change() for utimes(NULL) Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 54/57] cachefiles: Fix attempt to read i_blocks after deleting file [ver #2] Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 55/57] drm: virtio: reinstate drm_virtio_set_busid() Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 56/57] acpi, nfit: check for the correct event code in notifications Greg Kroah-Hartman
2016-10-21 9:18 ` [PATCH 4.8 57/57] cfq: fix starvation of asynchronous writes Greg Kroah-Hartman
2016-10-21 9:18 ` Greg Kroah-Hartman
2016-10-21 15:46 ` [PATCH 4.8 00/57] 4.8.4-stable review Shuah Khan
2016-10-22 9:56 ` Greg Kroah-Hartman
2016-10-21 19:17 ` Guenter Roeck
2016-10-22 9:56 ` Greg Kroah-Hartman
2016-10-21 21:02 ` Rafael J. Wysocki
2016-10-22 9:58 ` Greg Kroah-Hartman
2016-10-23 0:04 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161021091436.205889317@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dennis.dalessandro@intel.com \
--cc=dledford@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mike.marciniszyn@intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.