Commit 817a68a6 authored by Dennis Dalessandro's avatar Dennis Dalessandro Committed by Jason Gunthorpe

IB/hfi1, qib: Ensure RCU is locked when accessing list

The packet handling function, specifically the iteration of the qp list
for mad packet processing misses locking RCU before running through the
list. Not only is this incorrect, but the list_for_each_entry_rcu() call
can not be called with a conditional check for lock dependency. Remedy
this by invoking the rcu lock and unlock around the critical section.

This brings MAD packet processing in line with what is done for non-MAD
packets.

Fixes: 77241056 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20200225195445.140896.41873.stgit@awfm-01.aw.intel.comReviewed-by: default avatarMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
parent 801b67f3
...@@ -515,10 +515,11 @@ static inline void hfi1_handle_packet(struct hfi1_packet *packet, ...@@ -515,10 +515,11 @@ static inline void hfi1_handle_packet(struct hfi1_packet *packet,
opa_get_lid(packet->dlid, 9B)); opa_get_lid(packet->dlid, 9B));
if (!mcast) if (!mcast)
goto drop; goto drop;
rcu_read_lock();
list_for_each_entry_rcu(p, &mcast->qp_list, list) { list_for_each_entry_rcu(p, &mcast->qp_list, list) {
packet->qp = p->qp; packet->qp = p->qp;
if (hfi1_do_pkey_check(packet)) if (hfi1_do_pkey_check(packet))
goto drop; goto unlock_drop;
spin_lock_irqsave(&packet->qp->r_lock, flags); spin_lock_irqsave(&packet->qp->r_lock, flags);
packet_handler = qp_ok(packet); packet_handler = qp_ok(packet);
if (likely(packet_handler)) if (likely(packet_handler))
...@@ -527,6 +528,7 @@ static inline void hfi1_handle_packet(struct hfi1_packet *packet, ...@@ -527,6 +528,7 @@ static inline void hfi1_handle_packet(struct hfi1_packet *packet,
ibp->rvp.n_pkt_drops++; ibp->rvp.n_pkt_drops++;
spin_unlock_irqrestore(&packet->qp->r_lock, flags); spin_unlock_irqrestore(&packet->qp->r_lock, flags);
} }
rcu_read_unlock();
/* /*
* Notify rvt_multicast_detach() if it is waiting for us * Notify rvt_multicast_detach() if it is waiting for us
* to finish. * to finish.
......
...@@ -329,8 +329,10 @@ void qib_ib_rcv(struct qib_ctxtdata *rcd, void *rhdr, void *data, u32 tlen) ...@@ -329,8 +329,10 @@ void qib_ib_rcv(struct qib_ctxtdata *rcd, void *rhdr, void *data, u32 tlen)
if (mcast == NULL) if (mcast == NULL)
goto drop; goto drop;
this_cpu_inc(ibp->pmastats->n_multicast_rcv); this_cpu_inc(ibp->pmastats->n_multicast_rcv);
rcu_read_lock();
list_for_each_entry_rcu(p, &mcast->qp_list, list) list_for_each_entry_rcu(p, &mcast->qp_list, list)
qib_qp_rcv(rcd, hdr, 1, data, tlen, p->qp); qib_qp_rcv(rcd, hdr, 1, data, tlen, p->qp);
rcu_read_unlock();
/* /*
* Notify rvt_multicast_detach() if it is waiting for us * Notify rvt_multicast_detach() if it is waiting for us
* to finish. * to finish.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment