diff mbox

[v2,1/1] IB/sa: Put netlink request into the request list before sending

Message ID 1446207825-17664-1-git-send-email-kaike.wan@intel.com (mailing list archive)
State Accepted
Headers show

Commit Message

Wan, Kaike Oct. 30, 2015, 12:23 p.m. UTC
From: Kaike Wan <kaike.wan@intel.com>

It was found by Saurabh Sengar that the netlink code tried to allocate
memory with GFP_KERNEL while holding a spinlock. While it is possible
to fix the issue by replacing GFP_KERNEL with GFP_ATOMIC, it is better
to get rid of the spinlock while sending the packet. However, in order
to protect against a race condition that a quick response may be received
before the request is put on the request list, we need to put the request
on the list first.

Signed-off-by: Kaike Wan <kaike.wan@intel.com>
---
This patch is based on Doug's k.o/for-4.4 branch

Changes since v1:
-- Pass gfp_mask to ib_nl_send_msg for internal memory allocation, as suggested
   by Ira Weiny;
-- Queue the netlink timeout work before the request is sent to avoid potential
   race condition where the query is freed by the response handler.

 drivers/infiniband/core/sa_query.c |   32 +++++++++++++++++---------------
 1 files changed, 17 insertions(+), 15 deletions(-)

Comments

Jason Gunthorpe Oct. 30, 2015, 4:26 p.m. UTC | #1
On Fri, Oct 30, 2015 at 08:23:45AM -0400, kaike.wan@intel.com wrote:
> From: Kaike Wan <kaike.wan@intel.com>
> 
> It was found by Saurabh Sengar that the netlink code tried to allocate
> memory with GFP_KERNEL while holding a spinlock. While it is possible
> to fix the issue by replacing GFP_KERNEL with GFP_ATOMIC, it is better
> to get rid of the spinlock while sending the packet. However, in order
> to protect against a race condition that a quick response may be received
> before the request is put on the request list, we need to put the request
> on the list first.
> 
> Signed-off-by: Kaike Wan <kaike.wan@intel.com>

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Ira Weiny Oct. 30, 2015, 11:58 p.m. UTC | #2
On Fri, Oct 30, 2015 at 08:23:45AM -0400, kaike.wan@intel.com wrote:
> From: Kaike Wan <kaike.wan@intel.com>
> 
> It was found by Saurabh Sengar that the netlink code tried to allocate
> memory with GFP_KERNEL while holding a spinlock. While it is possible
> to fix the issue by replacing GFP_KERNEL with GFP_ATOMIC, it is better
> to get rid of the spinlock while sending the packet. However, in order
> to protect against a race condition that a quick response may be received
> before the request is put on the request list, we need to put the request
> on the list first.
> 
> Signed-off-by: Kaike Wan <kaike.wan@intel.com>

Reviewed-by: Ira Weiny <ira.weiny@intel.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Wan, Kaike Nov. 13, 2015, 1:57 p.m. UTC | #3
> From: linux-rdma-owner@vger.kernel.org [mailto:linux-rdma-
> owner@vger.kernel.org] On Behalf Of kaike.wan@intel.com
> Sent: Friday, October 30, 2015 8:24 AM
> To: linux-rdma@vger.kernel.org
> Cc: Wan, Kaike
> Subject: [PATCH v2 1/1] IB/sa: Put netlink request into the request list before
> sending
> 
> From: Kaike Wan <kaike.wan@intel.com>
> 
> It was found by Saurabh Sengar that the netlink code tried to allocate
> memory with GFP_KERNEL while holding a spinlock. While it is possible to fix
> the issue by replacing GFP_KERNEL with GFP_ATOMIC, it is better to get rid
> of the spinlock while sending the packet. However, in order to protect
> against a race condition that a quick response may be received before the
> request is put on the request list, we need to put the request on the list first.
> 
> Signed-off-by: Kaike Wan <kaike.wan@intel.com>
> ---

Reported-by: Saurabh Sengar <saurabh.truth@gmail.com>

Kaike
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Doug Ledford Dec. 10, 2015, 8:36 p.m. UTC | #4
On 11/13/2015 08:57 AM, Wan, Kaike wrote:
>> From: linux-rdma-owner@vger.kernel.org [mailto:linux-rdma-
>> owner@vger.kernel.org] On Behalf Of kaike.wan@intel.com
>> Sent: Friday, October 30, 2015 8:24 AM
>> To: linux-rdma@vger.kernel.org
>> Cc: Wan, Kaike
>> Subject: [PATCH v2 1/1] IB/sa: Put netlink request into the request list before
>> sending
>>
>> From: Kaike Wan <kaike.wan@intel.com>
>>
>> It was found by Saurabh Sengar that the netlink code tried to allocate
>> memory with GFP_KERNEL while holding a spinlock. While it is possible to fix
>> the issue by replacing GFP_KERNEL with GFP_ATOMIC, it is better to get rid
>> of the spinlock while sending the packet. However, in order to protect
>> against a race condition that a quick response may be received before the
>> request is put on the request list, we need to put the request on the list first.
>>
>> Signed-off-by: Kaike Wan <kaike.wan@intel.com>
>> ---
> 
> Reported-by: Saurabh Sengar <saurabh.truth@gmail.com>
> 

This was pulled in for 4.4-rc.  Thanks.
diff mbox

Patch

diff --git a/drivers/infiniband/core/sa_query.c b/drivers/infiniband/core/sa_query.c
index dcdaa79..1495c00 100644
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -512,7 +512,7 @@  static int ib_nl_get_path_rec_attrs_len(ib_sa_comp_mask comp_mask)
 	return len;
 }
 
-static int ib_nl_send_msg(struct ib_sa_query *query)
+static int ib_nl_send_msg(struct ib_sa_query *query, gfp_t gfp_mask)
 {
 	struct sk_buff *skb = NULL;
 	struct nlmsghdr *nlh;
@@ -526,7 +526,7 @@  static int ib_nl_send_msg(struct ib_sa_query *query)
 	if (len <= 0)
 		return -EMSGSIZE;
 
-	skb = nlmsg_new(len, GFP_KERNEL);
+	skb = nlmsg_new(len, gfp_mask);
 	if (!skb)
 		return -ENOMEM;
 
@@ -544,7 +544,7 @@  static int ib_nl_send_msg(struct ib_sa_query *query)
 	/* Repair the nlmsg header length */
 	nlmsg_end(skb, nlh);
 
-	ret = ibnl_multicast(skb, nlh, RDMA_NL_GROUP_LS, GFP_KERNEL);
+	ret = ibnl_multicast(skb, nlh, RDMA_NL_GROUP_LS, gfp_mask);
 	if (!ret)
 		ret = len;
 	else
@@ -553,7 +553,7 @@  static int ib_nl_send_msg(struct ib_sa_query *query)
 	return ret;
 }
 
-static int ib_nl_make_request(struct ib_sa_query *query)
+static int ib_nl_make_request(struct ib_sa_query *query, gfp_t gfp_mask)
 {
 	unsigned long flags;
 	unsigned long delay;
@@ -562,25 +562,27 @@  static int ib_nl_make_request(struct ib_sa_query *query)
 	INIT_LIST_HEAD(&query->list);
 	query->seq = (u32)atomic_inc_return(&ib_nl_sa_request_seq);
 
+	/* Put the request on the list first.*/
 	spin_lock_irqsave(&ib_nl_request_lock, flags);
-	ret = ib_nl_send_msg(query);
-	if (ret <= 0) {
-		ret = -EIO;
-		goto request_out;
-	} else {
-		ret = 0;
-	}
-
 	delay = msecs_to_jiffies(sa_local_svc_timeout_ms);
 	query->timeout = delay + jiffies;
 	list_add_tail(&query->list, &ib_nl_request_list);
 	/* Start the timeout if this is the only request */
 	if (ib_nl_request_list.next == &query->list)
 		queue_delayed_work(ib_nl_wq, &ib_nl_timed_work, delay);
-
-request_out:
 	spin_unlock_irqrestore(&ib_nl_request_lock, flags);
 
+	ret = ib_nl_send_msg(query, gfp_mask);
+	if (ret <= 0) {
+		ret = -EIO;
+		/* Remove the request */
+		spin_lock_irqsave(&ib_nl_request_lock, flags);
+		list_del(&query->list);
+		spin_unlock_irqrestore(&ib_nl_request_lock, flags);
+	} else {
+		ret = 0;
+	}
+
 	return ret;
 }
 
@@ -1108,7 +1110,7 @@  static int send_mad(struct ib_sa_query *query, int timeout_ms, gfp_t gfp_mask)
 
 	if (query->flags & IB_SA_ENABLE_LOCAL_SERVICE) {
 		if (!ibnl_chk_listeners(RDMA_NL_GROUP_LS)) {
-			if (!ib_nl_make_request(query))
+			if (!ib_nl_make_request(query, gfp_mask))
 				return id;
 		}
 		ib_sa_disable_local_svc(query);