From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Feras Daoud <ferasda@mellanox.com>,
Or Gerlitz <ogerlitz@mellanox.com>,
Erez Shitrit <erezsh@mellanox.com>,
Leon Romanovsky <leon@kernel.org>,
Doug Ledford <dledford@redhat.com>, Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 3.12 52/60] IB/ipoib: Fix deadlock between rmmod and set_mode
Date: Tue, 14 Mar 2017 14:15:43 +0100 [thread overview]
Message-ID: <725938ba8ddaf8d89115ddba388e04663e333d7a.1489497268.git.jslaby@suse.cz> (raw)
In-Reply-To: <d93cf67053e241539a1ef7c30ee8583022bc0e89.1489497268.git.jslaby@suse.cz>
In-Reply-To: <cover.1489497268.git.jslaby@suse.cz>
From: Feras Daoud <ferasda@mellanox.com>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit 0a0007f28304cb9fc87809c86abb80ec71317f20 upstream.
When calling set_mode from sys/fs, the call flow locks the sys/fs lock
first and then tries to lock rtnl_lock (when calling ipoib_set_mod).
On the other hand, the rmmod call flow takes the rtnl_lock first
(when calling unregister_netdev) and then tries to take the sys/fs
lock. Deadlock a->b, b->a.
The problem starts when ipoib_set_mod frees it's rtnl_lck and tries
to get it after that.
set_mod:
[<ffffffff8104f2bd>] ? check_preempt_curr+0x6d/0x90
[<ffffffff814fee8e>] __mutex_lock_slowpath+0x13e/0x180
[<ffffffff81448655>] ? __rtnl_unlock+0x15/0x20
[<ffffffff814fed2b>] mutex_lock+0x2b/0x50
[<ffffffff81448675>] rtnl_lock+0x15/0x20
[<ffffffffa02ad807>] ipoib_set_mode+0x97/0x160 [ib_ipoib]
[<ffffffffa02b5f5b>] set_mode+0x3b/0x80 [ib_ipoib]
[<ffffffff8134b840>] dev_attr_store+0x20/0x30
[<ffffffff811f0fe5>] sysfs_write_file+0xe5/0x170
[<ffffffff8117b068>] vfs_write+0xb8/0x1a0
[<ffffffff8117ba81>] sys_write+0x51/0x90
[<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
rmmod:
[<ffffffff81279ffc>] ? put_dec+0x10c/0x110
[<ffffffff8127a2ee>] ? number+0x2ee/0x320
[<ffffffff814fe6a5>] schedule_timeout+0x215/0x2e0
[<ffffffff8127cc04>] ? vsnprintf+0x484/0x5f0
[<ffffffff8127b550>] ? string+0x40/0x100
[<ffffffff814fe323>] wait_for_common+0x123/0x180
[<ffffffff81060250>] ? default_wake_function+0x0/0x20
[<ffffffff8119661e>] ? ifind_fast+0x5e/0xb0
[<ffffffff814fe43d>] wait_for_completion+0x1d/0x20
[<ffffffff811f2e68>] sysfs_addrm_finish+0x228/0x270
[<ffffffff811f2fb3>] sysfs_remove_dir+0xa3/0xf0
[<ffffffff81273f66>] kobject_del+0x16/0x40
[<ffffffff8134cd14>] device_del+0x184/0x1e0
[<ffffffff8144e59b>] netdev_unregister_kobject+0xab/0xc0
[<ffffffff8143c05e>] rollback_registered+0xae/0x130
[<ffffffff8143c102>] unregister_netdevice+0x22/0x70
[<ffffffff8143c16e>] unregister_netdev+0x1e/0x30
[<ffffffffa02a91b0>] ipoib_remove_one+0xe0/0x120 [ib_ipoib]
[<ffffffffa01ed95f>] ib_unregister_device+0x4f/0x100 [ib_core]
[<ffffffffa021f5e1>] mlx4_ib_remove+0x41/0x180 [mlx4_ib]
[<ffffffffa01ab771>] mlx4_remove_device+0x71/0x90 [mlx4_core]
Fixes: 862096a8bbf8 ("IB/ipoib: Add more rtnl_link_ops callbacks")
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Feras Daoud <ferasda@mellanox.com>
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 12 +++++++-----
drivers/infiniband/ulp/ipoib/ipoib_main.c | 6 ++----
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_cm.c b/drivers/infiniband/ulp/ipoib/ipoib_cm.c
index 9474cb021c41..9bb33b76df7f 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c
@@ -1479,12 +1479,14 @@ static ssize_t set_mode(struct device *d, struct device_attribute *attr,
ret = ipoib_set_mode(dev, buf);
- rtnl_unlock();
-
- if (!ret)
- return count;
+ /* The assumption is that the function ipoib_set_mode returned
+ * with the rtnl held by it, if not the value -EBUSY returned,
+ * then no need to rtnl_unlock
+ */
+ if (ret != -EBUSY)
+ rtnl_unlock();
- return ret;
+ return (!ret || ret == -EBUSY) ? count : ret;
}
static DEVICE_ATTR(mode, S_IWUSR | S_IRUGO, show_mode, set_mode);
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
index 469f98156b28..2f04586eb05d 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
@@ -234,8 +234,7 @@ int ipoib_set_mode(struct net_device *dev, const char *buf)
priv->tx_wr.send_flags &= ~IB_SEND_IP_CSUM;
ipoib_flush_paths(dev);
- rtnl_lock();
- return 0;
+ return (!rtnl_trylock()) ? -EBUSY : 0;
}
if (!strcmp(buf, "datagram\n")) {
@@ -244,8 +243,7 @@ int ipoib_set_mode(struct net_device *dev, const char *buf)
dev_set_mtu(dev, min(priv->mcast_mtu, dev->mtu));
rtnl_unlock();
ipoib_flush_paths(dev);
- rtnl_lock();
- return 0;
+ return (!rtnl_trylock()) ? -EBUSY : 0;
}
return -EINVAL;
--
2.12.0
next prev parent reply other threads:[~2017-03-14 13:17 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-14 13:15 [PATCH 3.12 00/60] 3.12.72-stable review Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 01/60] md linear: fix a race between linear_add() and linear_congested() Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 02/60] sctp: deny peeloff operation on asocs with threads sleeping on it Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 03/60] net/sched: em_meta: Fix 'meta vlan' to correctly recognize zero VID frames Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 04/60] perf trace: Use the syscall raw_syscalls:sys_enter timestamp Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 05/60] MIPS: Fix special case in 64 bit IP checksumming Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 06/60] MIPS: OCTEON: Fix copy_from_user fault handling for large buffers Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 07/60] MIPS: Clear ISA bit correctly in get_frame_info() Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 08/60] MIPS: Prevent unaligned accesses during stack unwinding Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 09/60] MIPS: Fix get_frame_info() handling of microMIPS function size Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 10/60] MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 11/60] MIPS: Calculate microMIPS ra properly when unwinding the stack Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 12/60] MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 13/60] uvcvideo: Fix a wrong macro Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 14/60] ALSA: hda - fix Lewisburg audio issue Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 15/60] ALSA: timer: Reject user params with too small ticks Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 16/60] ALSA: seq: Fix link corruption by event error handling Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 17/60] staging: rtl: fix possible NULL pointer dereference Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 18/60] mm: vmpressure: fix sending wrong events on underflow Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 19/60] ipc/shm: Fix shmat mmap nil-page protection Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 20/60] scsi: storvsc: use tagged SRB requests if supported by the device Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 21/60] scsi: storvsc: properly handle SRB_ERROR when sense message is present Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 22/60] scsi: storvsc: properly set residual data length on errors Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 23/60] scsi: aacraid: Reorder Adapter status check Jiri Slaby
2017-03-14 13:15 ` Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 24/60] sd: get disk reference in sd_check_events() Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 25/60] jbd2: don't leak modified metadata buffers on an aborted journal Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 26/60] ext4: trim allocation requests to group size Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 27/60] ext4: preserve the needs_recovery flag when the journal is aborted Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 28/60] ext4: return EROFS if device is r/o and journal replay is needed Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 29/60] samples/seccomp: fix 64-bit comparison macros Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 30/60] ath5k: drop bogus warning on drv_set_key with unsupported cipher Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 31/60] ath9k: use correct OTP register offsets for the AR9340 and AR9550 Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 32/60] fuse: add missing FR_FORCE Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 33/60] can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 34/60] hv: allocate synic pages for all present CPUs Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 35/60] RDMA/core: Fix incorrect structure packing for booleans Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 36/60] rdma_cm: fail iwarp accepts w/o connection params Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 37/60] NFSv4: Fix memory and state leak in _nfs4_open_and_get_state Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 38/60] NFSv4: fix getacl head length estimation Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 39/60] NFSv4: fix getacl ERANGE for some ACL buffer sizes Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 40/60] bcma: use (get|put)_device when probing/removing device driver Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 41/60] powerpc/xmon: Fix data-breakpoint Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 42/60] MIPS: IP22: Reformat inline assembler code to modern standards Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 43/60] MIPS: IP22: Fix build error due to binutils 2.25 uselessnes Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 44/60] scsi: lpfc: Correct WQ creation for pagesize Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 45/60] TTY: n_hdlc, fix lockdep false positive Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 46/60] tty: n_hdlc: get rid of racy n_hdlc.tbuf Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 47/60] serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 48/60] KVM: VMX: use correct vmcs_read/write for guest segment selector/base Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 49/60] Bluetooth: Add another AR3012 04ca:3018 device Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 50/60] s390/qdio: clear DSCI prior to scanning multiple input queues Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 51/60] s390: TASK_SIZE for kernel threads Jiri Slaby
2017-03-14 13:15 ` Jiri Slaby [this message]
2017-03-14 13:15 ` [PATCH 3.12 53/60] ktest: Fix child exit code processing Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 54/60] nlm: Ensure callback code also checks that the files match Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 55/60] xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 56/60] mac80211: flush delayed work when entering suspend Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 57/60] drm/ast: Fix test for VGA enabled Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 58/60] drm/ttm: Make sure BOs being swapped out are cacheable Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 59/60] fat: fix using uninitialized fields of fat_inode/fsinfo_inode Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 60/60] drivers: hv: Turn off write permission on the hypercall page Jiri Slaby
2017-03-14 13:24 ` [PATCH 3.12 00/60] 3.12.72-stable review Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=725938ba8ddaf8d89115ddba388e04663e333d7a.1489497268.git.jslaby@suse.cz \
--to=jslaby@suse.cz \
--cc=dledford@redhat.com \
--cc=erezsh@mellanox.com \
--cc=ferasda@mellanox.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.