Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp670058ybh; Tue, 10 Mar 2020 06:12:26 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvPU1qsK6GRbWqx8xgAuQPf9YxbRD/iOOn3HiOw+2JiPAVaqmkcU0WU9YTWUMMjspjcPGlR X-Received: by 2002:a05:6808:b1c:: with SMTP id s28mr1090699oij.2.1583845946143; Tue, 10 Mar 2020 06:12:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583845946; cv=none; d=google.com; s=arc-20160816; b=n2Zs0N2cHxP2R1DvnVU9DgnlUuT/PWn80ufv3btIcLL98980oQaS7bUDMnB4TEq2b/ QVUiV/hJNfxD2FlFAM/ycmEtJ5SYX+3SdHCilHctrcy53HHA3PlfeJFusWF+p072P57V XWZIceudFMZGe5G9dEaQDB++73Bg6JIvB1My8e1cF/F1A86rlS36nSnLeR0PJz0XXxY4 /L+vx6asqOqs91qtwhTOnce/uC6UvCbPn9tw7y4pQ5BwpprCYTTmJvozTuu6cExVPs2E bpJ8fZdPQUv4rbAPTNz5cI8xTW3QicU8EPIsV/rst1I6xsmWeChb2dTGNQm6RscEWlLm ifSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=TEUNjTReaIAMlDmGuFnZFwHtkP6hCiZHEXkOuTVFNHM=; b=YfgqpPr2ar12DCVjaD99XBpLDbHTuYTKF2x4JCfGPDzKZigluNg9JZuBii+JUWTWx+ ujakBGId7uaeD9B6SVmSo3CnhUiwMuaemVJZoVCS/cVCqcjNbHmo5l9tKLAytEVC/mcv zlEfW+WQo1yOQFeWGXRC1B29cICJ/28KL6S3X8LPbUBP52ubseK+f/OXVEFDWsllMoCf KspgelF2h/NLyga4W3Dj1ujlMRQ690dexKYwb6I1X04J5ts4lWjFtwtjrBUFmDji5lss uh3FioMTdDLjZR7vVl4sAx85ZrrewNZmNM6vQd+5yjAFHuZ5tAkr+gkmWVN2jNUu41Bl Ypig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=l9S42fnf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r194si2005318oie.66.2020.03.10.06.12.11; Tue, 10 Mar 2020 06:12:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=l9S42fnf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731147AbgCJNKq (ORCPT + 99 others); Tue, 10 Mar 2020 09:10:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:60130 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730239AbgCJNKl (ORCPT ); Tue, 10 Mar 2020 09:10:41 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4855C20409; Tue, 10 Mar 2020 13:10:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1583845840; bh=oZeb9NTGpgVgTSMAk/JhXrYrF5rtTno1zSR90qkOBXU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l9S42fnfoJ3kZ6jSwlH3MAAKFKvpG6uuW+1w3tpK2FFCBK6Ns0gD28PdHuN3NnKEU v1qr/GcIcN6dc00HuC3BvMKgo+x6UVG85ocBVLJnS/GoxMDIXrbk8722V47too4ciW LCYTbHRQUZK6E6JLrLrg8N4MIbTy7FQGghxuL5C8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mike Marciniszyn , Dennis Dalessandro , Jason Gunthorpe Subject: [PATCH 4.14 119/126] IB/hfi1, qib: Ensure RCU is locked when accessing list Date: Tue, 10 Mar 2020 13:42:20 +0100 Message-Id: <20200310124211.068302665@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200310124203.704193207@linuxfoundation.org> References: <20200310124203.704193207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dennis Dalessandro commit 817a68a6584aa08e323c64283fec5ded7be84759 upstream. The packet handling function, specifically the iteration of the qp list for mad packet processing misses locking RCU before running through the list. Not only is this incorrect, but the list_for_each_entry_rcu() call can not be called with a conditional check for lock dependency. Remedy this by invoking the rcu lock and unlock around the critical section. This brings MAD packet processing in line with what is done for non-MAD packets. Fixes: 7724105686e7 ("IB/hfi1: add driver files") Link: https://lore.kernel.org/r/20200225195445.140896.41873.stgit@awfm-01.aw.intel.com Reviewed-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe Signed-off-by: Greg Kroah-Hartman --- drivers/infiniband/hw/hfi1/verbs.c | 4 +++- drivers/infiniband/hw/qib/qib_verbs.c | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) --- a/drivers/infiniband/hw/hfi1/verbs.c +++ b/drivers/infiniband/hw/hfi1/verbs.c @@ -593,10 +593,11 @@ static inline void hfi1_handle_packet(st opa_get_lid(packet->dlid, 9B)); if (!mcast) goto drop; + rcu_read_lock(); list_for_each_entry_rcu(p, &mcast->qp_list, list) { packet->qp = p->qp; if (hfi1_do_pkey_check(packet)) - goto drop; + goto unlock_drop; spin_lock_irqsave(&packet->qp->r_lock, flags); packet_handler = qp_ok(packet); if (likely(packet_handler)) @@ -605,6 +606,7 @@ static inline void hfi1_handle_packet(st ibp->rvp.n_pkt_drops++; spin_unlock_irqrestore(&packet->qp->r_lock, flags); } + rcu_read_unlock(); /* * Notify rvt_multicast_detach() if it is waiting for us * to finish. --- a/drivers/infiniband/hw/qib/qib_verbs.c +++ b/drivers/infiniband/hw/qib/qib_verbs.c @@ -360,8 +360,10 @@ void qib_ib_rcv(struct qib_ctxtdata *rcd if (mcast == NULL) goto drop; this_cpu_inc(ibp->pmastats->n_multicast_rcv); + rcu_read_lock(); list_for_each_entry_rcu(p, &mcast->qp_list, list) qib_qp_rcv(rcd, hdr, 1, data, tlen, p->qp); + rcu_read_unlock(); /* * Notify rvt_multicast_detach() if it is waiting for us * to finish.