Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752241AbdHRPRS (ORCPT ); Fri, 18 Aug 2017 11:17:18 -0400 Received: from mail.ispras.ru ([83.149.199.45]:60484 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751679AbdHRPRQ (ORCPT ); Fri, 18 Aug 2017 11:17:16 -0400 From: Anton Volkov Subject: Possible race in mlx5_ib.ko To: matanb@mellanox.com, leonro@mellanox.com Cc: linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org, Alexey Khoroshilov Message-ID: <64936cc7-12b2-3a8f-b6dc-54f6f7cf7d6a@ispras.ru> Date: Fri, 18 Aug 2017 18:17:15 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 941 Lines: 28 Hello. While searching for races in the Linux kernel I've come across "drivers/infiniband/hw/mlx5/mlx5_ib.ko" module. Here are questions that I came up with while analyzing results. Lines are given using the info from Linux v4.12. Consider the following case: Thread 1: Thread 2: size_write ->remove_keys limit_write ent->cur--; if (ent->cur < ent->limit) (mr.c: line 234) (mr.c: line 335) err = add_keys(... ent->limit - ent->cur); If size_write and limit_write are able to work concurrently with the same ent then there is a possibility of a race between the accesses to ent->cur. In worst case in limit_write new keys wouldn't be added. Is it feasible from your point of view? If so, is it a benign race or a serious one? Thank you for your time. -- Anton Volkov Linux Verification Center, ISPRAS web: http://linuxtesting.org e-mail: avolkov@ispras.ru