svn commit: r337071 - stable/11/sys/ofed/drivers/infiniband/core

Hans Petter Selasky hselasky at FreeBSD.org
Thu Aug 2 08:07:12 UTC 2018


Author: hselasky
Date: Thu Aug  2 08:07:10 2018
New Revision: 337071
URL: https://svnweb.freebsd.org/changeset/base/337071

Log:
  MFC r336365:
  Add lock to multicast handlers in ibcore.
  
  When two handlers used the same object in the old schema, we blocked
  the process in the kernel. The new schema just returns -EBUSY. This
  could lead to different behaviour in applications between the old
  schema and the new schema. In most cases, using such handlers
  concurrently could lead to crashing the process. For example, if
  thread A destroys a QP and thread B modifies it, we could have the
  destruction happens before the modification. In this case, we are
  accessing freed memory which could lead to crashing the process.
  This is true for most cases. However, attaching and detaching
  a multicast address from QP concurrently is safe. Therefore, we
  preserve the original behaviour by adding a lock there.
  
  Linux commit:
  f48b726920d96dcd1860df06143bdea7d6d7dcc3
  
  Sponsored by:		Mellanox Technologies

Modified:
  stable/11/sys/ofed/drivers/infiniband/core/ib_uverbs_cmd.c
  stable/11/sys/ofed/drivers/infiniband/core/uverbs.h
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/ofed/drivers/infiniband/core/ib_uverbs_cmd.c
==============================================================================
--- stable/11/sys/ofed/drivers/infiniband/core/ib_uverbs_cmd.c	Thu Aug  2 08:06:17 2018	(r337070)
+++ stable/11/sys/ofed/drivers/infiniband/core/ib_uverbs_cmd.c	Thu Aug  2 08:07:10 2018	(r337071)
@@ -1794,6 +1794,7 @@ static int create_qp(struct ib_uverbs_file *file,
 
 	init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext,
 		  &qp_lock_class);
+	mutex_init(&obj->mcast_lock);
 	down_write(&obj->uevent.uobject.mutex);
 	if (cmd_sz >= offsetof(typeof(*cmd), rwq_ind_tbl_handle) +
 		      sizeof(cmd->rwq_ind_tbl_handle) &&
@@ -3030,6 +3031,7 @@ ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *
 
 	obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
 
+	mutex_lock(&obj->mcast_lock);
 	list_for_each_entry(mcast, &obj->mcast_list, list)
 		if (cmd.mlid == mcast->lid &&
 		    !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
@@ -3053,6 +3055,7 @@ ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *
 		kfree(mcast);
 
 out_put:
+	mutex_unlock(&obj->mcast_lock);
 	put_qp_write(qp);
 
 	return ret ? ret : in_len;
@@ -3076,12 +3079,13 @@ ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *
 	if (!qp)
 		return -EINVAL;
 
+	obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
+	mutex_lock(&obj->mcast_lock);
+
 	ret = ib_detach_mcast(qp, (union ib_gid *) cmd.gid, cmd.mlid);
 	if (ret)
 		goto out_put;
 
-	obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
-
 	list_for_each_entry(mcast, &obj->mcast_list, list)
 		if (cmd.mlid == mcast->lid &&
 		    !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
@@ -3091,6 +3095,7 @@ ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *
 		}
 
 out_put:
+	mutex_unlock(&obj->mcast_lock);
 	put_qp_write(qp);
 
 	return ret ? ret : in_len;

Modified: stable/11/sys/ofed/drivers/infiniband/core/uverbs.h
==============================================================================
--- stable/11/sys/ofed/drivers/infiniband/core/uverbs.h	Thu Aug  2 08:06:17 2018	(r337070)
+++ stable/11/sys/ofed/drivers/infiniband/core/uverbs.h	Thu Aug  2 08:07:10 2018	(r337071)
@@ -164,6 +164,8 @@ struct ib_usrq_object {
 
 struct ib_uqp_object {
 	struct ib_uevent_object	uevent;
+	/* lock for mcast list */
+	struct mutex		mcast_lock;
 	struct list_head 	mcast_list;
 	struct ib_uxrcd_object *uxrcd;
 };


More information about the svn-src-stable-11 mailing list