lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ce1823f032
android_kernel_xiaomi_sm8350/drivers/infiniband/core
History
Michael S. Tsirkin 37289efe3e IB/mad: fix oops in cancel_mads 
We have seen the following OOPs in cancel_mads, when restarting opensm
multiple times:

    Call Trace:
      [<c010549b>] show_stack+0x9b/0xb0
      [<c01055ec>] show_registers+0x11c/0x190
      [<c01057cd>] die+0xed/0x160
      [<c031b966>] do_page_fault+0x3f6/0x5d0
      [<c010511f>] error_code+0x4f/0x60
      [<f8ac4e38>] cancel_mads+0x128/0x150 [ib_mad]
      [<f8ac2811>] unregister_mad_agent+0x11/0x130 [ib_mad]
      [<f8ac2a12>] ib_unregister_mad_agent+0x12/0x20 [ib_mad]
      [<f8b10f23>] ib_umad_close+0xf3/0x130 [ib_umad]
      [<c0162937>] __fput+0x187/0x1c0
      [<c01627a9>] fput+0x19/0x20
      [<c0160f7a>] filp_close+0x3a/0x60
      [<c0121ca8>] put_files_struct+0x68/0xa0
      [<c0103cf7>] do_signal+0x47/0x100
      [<c0103ded>] do_notify_resume+0x3d/0x40
      [<c0103f9e>] work_notifysig+0x13/0x25

We traced this back to local_completions unlocking mad_agent_priv->lock
while still keeping a pointer into local_list. A later call to
list_del(&local->completion_list) would then corrupt the list.

To fix this, remove the entry from local_list after looking it up but
before releasing mad_agent_priv->lock, to prevent cancel_mads from
finding and freeing it.

Signed-off-by: Jack Morgenstein <jackm@mellanox.co.il>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-04-02 14:39:19 -07:00
..
agent.c IB/mad: Simplify SMI by eliminating smi_check_local_dr_smp() 2006-03-20 10:08:11 -08:00
agent.h
cache.c
cm_msgs.h
cm.c IB/cm: Check cm_id state before handling a REP 2006-03-20 10:08:23 -08:00
core_priv.h
device.c IB: convert from semaphores to mutexes 2006-01-13 14:51:39 -08:00
fmr_pool.c IB: Enable FMR pool user to set page size 2006-03-20 10:08:10 -08:00
mad_priv.h IB/mad: include GID/class when matching receives 2006-03-30 07:19:48 -08:00
mad_rmpp.c IB/mad: RMPP support for additional classes 2006-03-30 07:19:51 -08:00
mad_rmpp.h
mad.c IB/mad: fix oops in cancel_mads 2006-04-02 14:39:19 -07:00
Makefile
packer.c
sa_query.c IB/sa_query: Flush scheduled work before unloading module 2006-01-17 09:53:51 -08:00
smi.c
smi.h IB/mad: Simplify SMI by eliminating smi_check_local_dr_smp() 2006-03-20 10:08:11 -08:00
sysfs.c IB: Coverity fixes to sysfs.c 2006-03-20 10:08:25 -08:00
ucm.c [PATCH] IB: fix up major/minor sysfs interface for IB core 2006-02-06 12:17:17 -08:00
ud_header.c
user_mad.c IB/mad: RMPP support for additional classes 2006-03-30 07:19:51 -08:00
uverbs_cmd.c IB/uverbs: Use correct alt_pkey_index in modify QP 2006-03-20 10:08:24 -08:00
uverbs_main.c IB/uverbs: Support for query SRQ from userspace 2006-03-20 10:08:14 -08:00
uverbs_mem.c
uverbs.h IB/uverbs: Support for query SRQ from userspace 2006-03-20 10:08:14 -08:00
verbs.c IB: Fix modify QP checking of "current QP state" attribute 2006-03-20 10:08:20 -08:00