git.baikalelectronics.ru Git - kernel.git/commit

author	Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
	Sun, 3 Jul 2016 12:28:18 +0000 (15:28 +0300)
committer	Doug Ledford <dledford@redhat.com>
	Thu, 4 Aug 2016 01:03:36 +0000 (21:03 -0400)
commit	b74334ebb556ac37890583109788d4502e297c49
tree	b846d3f079fc4953fecf69ce98d4ab29e0061db8	tree \| snapshot
parent	ac1fc02bfc16339dcfba695e2e26c0b002fa236e	commit \| diff

IB/uverbs: Fix race between uverbs_close and remove_one

Fixes an oops that might happen if uverbs_close races with
remove_one.

Both contexts may run ib_uverbs_cleanup_ucontext, it depends
on the flow.

Currently, there is no protection for a case that remove_one
didn't make the cleanup it runs to its end, the underlying
ib_device was freed then uverbs_close will call
ib_uverbs_cleanup_ucontext and OOPs.

Above might happen if uverbs_close deleted the file from the list
then remove_one didn't find it and runs to its end.

Fixes to protect against that case by a new cleanup lock so that
ib_uverbs_cleanup_ucontext will be called always before that
remove_one is ended.

Fixes: b67fa8570f95 ("IB/uverbs: Fix race between ib_uverbs_open and remove_one")
Reported-by: Devesh Sharma <devesh.sharma@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>

drivers/infiniband/core/uverbs.h		diff \| blob \| history
drivers/infiniband/core/uverbs_main.c		diff \| blob \| history