RDMA/ucma: Protect mc during concurrent multicast leaves

author Leon Romanovsky <leonro@nvidia.com>

Tue, 18 Jan 2022 07:35:01 +0000 (09:35 +0200)

committer Jason Gunthorpe <jgg@nvidia.com>

Fri, 28 Jan 2022 15:36:55 +0000 (11:36 -0400)
author Leon Romanovsky <leonro@nvidia.com>
Tue, 18 Jan 2022 07:35:01 +0000 (09:35 +0200)
committer Jason Gunthorpe <jgg@nvidia.com>
Fri, 28 Jan 2022 15:36:55 +0000 (11:36 -0400)
diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c

index 2b72c4f..9d6ac9d 100644 (file)
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -95,6 +95,7 @@ struct ucma_context {
         u64                     uid;
  
         struct list_head        list;
+       struct list_head        mc_list;
         struct work_struct      close_work;
  };
  
@@ -105,6 +106,7 @@ struct ucma_multicast {
  
         u64                     uid;
         u8                      join_state;
+       struct list_head        list;
         struct sockaddr_storage addr;
  };
  
@@ -198,6 +200,7 @@ static struct ucma_context *ucma_alloc_ctx(struct ucma_file *file)
  
         INIT_WORK(&ctx->close_work, ucma_close_id);
         init_completion(&ctx->comp);
+       INIT_LIST_HEAD(&ctx->mc_list);
         /* So list_del() will work if we don't do ucma_finish_ctx() */
         INIT_LIST_HEAD(&ctx->list);
         ctx->file = file;
@@ -484,19 +487,19 @@ err1:
  
  static void ucma_cleanup_multicast(struct ucma_context *ctx)
  {
-       struct ucma_multicast *mc;
-       unsigned long index;
+       struct ucma_multicast *mc, *tmp;
  
-       xa_for_each(&multicast_table, index, mc) {
-               if (mc->ctx != ctx)
-                       continue;
+       xa_lock(&multicast_table);
+       list_for_each_entry_safe(mc, tmp, &ctx->mc_list, list) {
+               list_del(&mc->list);
                 /*
                  * At this point mc->ctx->ref is 0 so the mc cannot leave the
                  * lock on the reader and this is enough serialization
                  */
-               xa_erase(&multicast_table, index);
+               __xa_erase(&multicast_table, mc->id);
                 kfree(mc);
         }
+       xa_unlock(&multicast_table);
  }
  
  static void ucma_cleanup_mc_events(struct ucma_multicast *mc)
@@ -1469,12 +1472,16 @@ static ssize_t ucma_process_join(struct ucma_file *file,
         mc->uid = cmd->uid;
         memcpy(&mc->addr, addr, cmd->addr_size);
  
-       if (xa_alloc(&multicast_table, &mc->id, NULL, xa_limit_32b,
+       xa_lock(&multicast_table);
+       if (__xa_alloc(&multicast_table, &mc->id, NULL, xa_limit_32b,
                      GFP_KERNEL)) {
                 ret = -ENOMEM;
                 goto err_free_mc;
         }
  
+       list_add_tail(&mc->list, &ctx->mc_list);
+       xa_unlock(&multicast_table);
+
         mutex_lock(&ctx->mutex);
         ret = rdma_join_multicast(ctx->cm_id, (struct sockaddr *)&mc->addr,
                                   join_state, mc);
@@ -1500,8 +1507,11 @@ err_leave_multicast:
         mutex_unlock(&ctx->mutex);
         ucma_cleanup_mc_events(mc);
  err_xa_erase:
-       xa_erase(&multicast_table, mc->id);
+       xa_lock(&multicast_table);
+       list_del(&mc->list);
+       __xa_erase(&multicast_table, mc->id);
  err_free_mc:
+       xa_unlock(&multicast_table);
         kfree(mc);
  err_put_ctx:
         ucma_put_ctx(ctx);
@@ -1569,15 +1579,17 @@ static ssize_t ucma_leave_multicast(struct ucma_file *file,
                 mc = ERR_PTR(-EINVAL);
         else if (!refcount_inc_not_zero(&mc->ctx->ref))
                 mc = ERR_PTR(-ENXIO);
-       else
-               __xa_erase(&multicast_table, mc->id);
-       xa_unlock(&multicast_table);
  
         if (IS_ERR(mc)) {
+               xa_unlock(&multicast_table);
                 ret = PTR_ERR(mc);
                 goto out;
         }
  
+       list_del(&mc->list);
+       __xa_erase(&multicast_table, mc->id);
+       xa_unlock(&multicast_table);
+
         mutex_lock(&mc->ctx->mutex);
         rdma_leave_multicast(mc->ctx->cm_id, (struct sockaddr *) &mc->addr);
         mutex_unlock(&mc->ctx->mutex);
author	Leon Romanovsky <leonro@nvidia.com>
	Tue, 18 Jan 2022 07:35:01 +0000 (09:35 +0200)
committer	Jason Gunthorpe <jgg@nvidia.com>
	Fri, 28 Jan 2022 15:36:55 +0000 (11:36 -0400)