[PATCH 5.9 406/757] RDMA/ucma: Fix locking for ctx->events_reported
From: Greg Kroah-Hartman
Date: Tue Oct 27 2020 - 11:58:42 EST
From: Jason Gunthorpe <jgg@xxxxxxxxxx>
[ Upstream commit 98837c6c3d7285f6eca86480b6f7fac6880e27a8 ]
This value is locked under the file->mut, ensure it is held whenever
touching it.
The case in ucma_migrate_id() is a race, while in ucma_free_uctx() it is
already not possible for the write side to run, the movement is just for
clarity.
Fixes: 88314e4dda1e ("RDMA/cma: add support for rdma_migrate_id()")
Link: https://lore.kernel.org/r/20200818120526.702120-10-leon@xxxxxxxxxx
Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/infiniband/core/ucma.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index 1d184ea05eba1..75ccc31cf0b15 100644
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -586,6 +586,7 @@ static int ucma_free_ctx(struct ucma_context *ctx)
list_move_tail(&uevent->list, &list);
}
list_del(&ctx->list);
+ events_reported = ctx->events_reported;
mutex_unlock(&ctx->file->mut);
list_for_each_entry_safe(uevent, tmp, &list, list) {
@@ -595,7 +596,6 @@ static int ucma_free_ctx(struct ucma_context *ctx)
kfree(uevent);
}
- events_reported = ctx->events_reported;
mutex_destroy(&ctx->mutex);
kfree(ctx);
return events_reported;
@@ -1678,7 +1678,9 @@ static ssize_t ucma_migrate_id(struct ucma_file *new_file,
cur_file = ctx->file;
if (cur_file == new_file) {
+ mutex_lock(&cur_file->mut);
resp.events_reported = ctx->events_reported;
+ mutex_unlock(&cur_file->mut);
goto response;
}
--
2.25.1