| Message ID | 20220225195750.37802-10-rpearsonhpe@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Jason Gunthorpe |
| Headers | show |
| Series | Fix race conditions in rxe_pool | expand |
On Fri, Feb 25, 2022 at 01:57:49PM -0600, Bob Pearson wrote: > Use rcu_read_lock() for protecting read side operations in rxe_pool.c. > > Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com> > --- > drivers/infiniband/sw/rxe/rxe_pool.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/drivers/infiniband/sw/rxe/rxe_pool.c b/drivers/infiniband/sw/rxe/rxe_pool.c > index 1d1e10290991..713df1ce2bbc 100644 > --- a/drivers/infiniband/sw/rxe/rxe_pool.c > +++ b/drivers/infiniband/sw/rxe/rxe_pool.c > @@ -202,16 +202,15 @@ int __rxe_add_to_pool(struct rxe_pool *pool, struct rxe_pool_elem *elem) > void *rxe_pool_get_index(struct rxe_pool *pool, u32 index) > { > struct rxe_pool_elem *elem; > - unsigned long flags; > void *obj; > > - spin_lock_irqsave(&pool->xa.xa_lock, flags); > + rcu_read_lock(); > elem = xa_load(&pool->xa, index); > if (elem && elem->enabled && kref_get_unless_zero(&elem->ref_cnt)) > obj = elem->obj; > else > obj = NULL; > - spin_unlock_irqrestore(&pool->xa.xa_lock, flags); > + rcu_read_unlock(); Where is the kfree_rcu to go along with this? Jason
diff --git a/drivers/infiniband/sw/rxe/rxe_pool.c b/drivers/infiniband/sw/rxe/rxe_pool.c index 1d1e10290991..713df1ce2bbc 100644 --- a/drivers/infiniband/sw/rxe/rxe_pool.c +++ b/drivers/infiniband/sw/rxe/rxe_pool.c @@ -202,16 +202,15 @@ int __rxe_add_to_pool(struct rxe_pool *pool, struct rxe_pool_elem *elem) void *rxe_pool_get_index(struct rxe_pool *pool, u32 index) { struct rxe_pool_elem *elem; - unsigned long flags; void *obj; - spin_lock_irqsave(&pool->xa.xa_lock, flags); + rcu_read_lock(); elem = xa_load(&pool->xa, index); if (elem && elem->enabled && kref_get_unless_zero(&elem->ref_cnt)) obj = elem->obj; else obj = NULL; - spin_unlock_irqrestore(&pool->xa.xa_lock, flags); + rcu_read_unlock(); return obj; } @@ -259,13 +258,18 @@ int __rxe_drop_ref(struct rxe_pool_elem *elem) &pool->xa.xa_lock); } - int __rxe_drop_wait(struct rxe_pool_elem *elem) { struct rxe_pool *pool = elem->pool; static int timeout = RXE_POOL_TIMEOUT; int ret; + if (elem->enabled) { + pr_warn_once("%s#%d: should be disabled by now\n", + elem->pool->name + 4, elem->index); + elem->enabled = false; + } + __rxe_drop_ref(elem); if (timeout) { @@ -284,6 +288,7 @@ int __rxe_drop_wait(struct rxe_pool_elem *elem) if (pool->cleanup) pool->cleanup(elem); + /* if we reach here it is safe to free the object */ if (pool->flags & RXE_POOL_ALLOC) kfree(elem->obj);
Use rcu_read_lock() for protecting read side operations in rxe_pool.c. Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com> --- drivers/infiniband/sw/rxe/rxe_pool.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)