Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751396AbdFAILS (ORCPT <rfc822;w@1wt.eu>);
        Thu, 1 Jun 2017 04:11:18 -0400
Received: from mail-co1nam03on0066.outbound.protection.outlook.com ([104.47.40.66]:32112
        "EHLO NAM03-CO1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751054AbdFAILQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 1 Jun 2017 04:11:16 -0400
From: "Amrani, Ram" <Ram.Amrani@cavium.com>
To: Jia-Ju Bai <baijiaju1990@163.com>,
        "monis@mellanox.com" <monis@mellanox.com>,
        "sean.hefty@intel.com" <sean.hefty@intel.com>,
        "dledford@redhat.com" <dledford@redhat.com>,
        "hal.rosenstock@gmail.com" <hal.rosenstock@gmail.com>,
        "leon@kernel.org" <leon@kernel.org>
CC: "linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH V2] rxe: Fix a sleep-in-atomic bug in post_one_send
Thread-Topic: [PATCH V2] rxe: Fix a sleep-in-atomic bug in post_one_send
Thread-Index: AQHS2qrXKsehwmu4okacQzxsMYR4cqIPpyMQ
Date: Thu, 1 Jun 2017 08:11:12 +0000
Message-ID: <BN3PR07MB25781AF1049545F0555D3E83F8F60@BN3PR07MB2578.namprd07.prod.outlook.com>
References: <1496303141-14925-1-git-send-email-baijiaju1990@163.com>
In-Reply-To: <1496303141-14925-1-git-send-email-baijiaju1990@163.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: 163.com; dkim=none (message not signed)
 header.d=none;163.com; dmarc=none action=none header.from=cavium.com;
x-originating-ip: [31.168.140.228]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;BN3PR07MB2579;7:SAJMmtXyggp3AElYO07v3vsUKb2JOgLWanJ9rE5v8MSyAzc3Uv6Cbv1lZSTLg7sxTPI8qH7gpaKr7dDEk1hkd64dgwf2iLjeIqGRQQWfkvTfyBbw7wy/yShABgyKv3Gt5gkSlXuuu2qECJsDsKipjuWnj1pY8AUCS7YpFi/XQiAnx20oJC20/eMsmW7c/LpGy+A8jj/UK1GrW73e9cqb6P1iadshyr5PDJ0JZrcXtPFtm4MPfbNvDQFN8bhXHTUWjM4TTe6IquJ/87HnFAgmkGsI8S0zlXasYZnVyJpUmqLnmRTQWBMt0aQQEgeAbBNyz9vDwGCdn/SRyRI7EMkEOw==
x-ms-traffictypediagnostic: BN3PR07MB2579:
x-ms-office365-filtering-correlation-id: 5a8ec75a-7d97-4044-f042-08d4a8c5c482
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(2017030254075)(201703131423075)(201703031133081);SRVR:BN3PR07MB2579;
x-microsoft-antispam-prvs: <BN3PR07MB25799DC8C4E9A2D0E9D3E6B1F8F60@BN3PR07MB2579.namprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700087)(100105000095)(100000701087)(100105300095)(100000702087)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(100000703087)(100105400095)(93006095)(93001095)(10201501046)(6041248)(20161123558100)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(20161123560025)(6072148)(100000704087)(100105200095)(100000705087)(100105500095);SRVR:BN3PR07MB2579;BCL:0;PCL:0;RULEID:(100000800087)(100110000095)(100000801087)(100110300095)(100000802087)(100110100095)(100000803087)(100110400095)(100000804087)(100110200095)(100000805087)(100110500095);SRVR:BN3PR07MB2579;
x-forefront-prvs: 0325F6C77B
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(39840400002)(39400400002)(39410400002)(39450400003)(39850400002)(77096006)(76176999)(39060400002)(8936002)(5660300001)(230783001)(50986999)(54906002)(189998001)(54356999)(6506006)(66066001)(2900100001)(99286003)(229853002)(9686003)(55016002)(33656002)(2950100002)(6436002)(8676002)(86362001)(3846002)(6116002)(7696004)(74316002)(81166006)(122556002)(6246003)(38730400002)(2201001)(2501003)(25786009)(7736002)(305945005)(3660700001)(3280700002)(4326008)(478600001)(2906002)(102836003)(14454004)(72206003)(53936002)(31853002);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3PR07MB2579;H:BN3PR07MB2578.namprd07.prod.outlook.com;FPR:;SPF:None;MLV:ovrnspm;PTR:InfoNoRecords;LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-OriginatorOrg: cavium.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jun 2017 08:11:12.3459
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 711e4ccf-2e9b-4bcf-a551-4094005b6194
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR07MB2579
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id v518BNph002380
Content-Length: 1259
Lines: 35

> The driver may sleep under a spin lock, and the function call path is:
> post_one_send (acquire the lock by spin_lock_irqsave)
>   init_send_wqe
>     copy_from_user --> may sleep
> 
> To fix it, the lock is released before copy_from_user, and the lock is
> acquired again after this function. The parameter "flags" is used to
> restore and save the irq status.
> Thank Leon for good advice.
> 

...

>  	init_send_wr(qp, &wqe->wr, ibwr);
> @@ -742,7 +742,12 @@ static int init_send_wqe(struct rxe_qp *qp, struct ib_send_wr *ibwr,
>  		for (i = 0; i < num_sge; i++, sge++) {
>  			if (qp->is_user && copy_from_user(p, (__user void *)
>  					    (uintptr_t)sge->addr, sge->length))
> -				return -EFAULT;
> +				spin_unlock_irqrestore(&qp->sq.sq_lock, *flags);
> +				err = copy_from_user(p, (__user void *)
> +					    (uintptr_t)sge->addr, sge->length);
> +				spin_lock_irqsave(&qp->sq.sq_lock, *flags);
> +				if (qp->is_user && err)
> +					return -EFAULT;
> 
>  			else if (!qp->is_user)
>  				memcpy(p, (void *)(uintptr_t)sge->addr,

This isn't my area of expertise. Still something seems weird.
You are still calling 'copy_from_user' unprotected in the 'if'.
Also, did you mean to use curly brackets on the indented part after the first if?!

Ram