Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp6487328rdb; Tue, 2 Jan 2024 03:53:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IF4Xu5h+7bT3WEIDdEZlgW3VfGsYfUdGSLVcOf6krSXLiLHErIjNMng1plUdpf7irpkIK8T X-Received: by 2002:a05:620a:384f:b0:781:1adf:f030 with SMTP id po15-20020a05620a384f00b007811adff030mr18472943qkn.91.1704196393197; Tue, 02 Jan 2024 03:53:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704196393; cv=none; d=google.com; s=arc-20160816; b=bC8rdvglLYGii5gARviLC3V3SvnHElEEgfPOtGzxAmVJxKUT+4XPruG4Kki4taFD8d DP7yKdu8dw5pHmOPBGCKn2GSG1S5mzLfmEhrWfZ0Te2rHFZ7/ljxFgx6Lq1LP0JGZGa4 w4/JkhSAP9FpuTj2pkyGO6XGPX2oH7T6E3PBDd0CzPHnXIXqTPpMQhw19TThpDT5+gh0 cT494hXWkeny04IAaEzBP/roq8CJt69qEPha+0spXnmk+unUS07wdWeaVDDM5Vv1lOjf YWGi1iRC8msZmCTG/ZfPFyANostinMGknKptru0JvwgraghjbJDzbb/lYUrlyjoFmLjX Y+Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:date:message-id; bh=m0iA4dInBg902ESQrX64/8LYx8Uwby73NUYKGb4HTWA=; fh=SKW/RrXMLQVCeRvOQTKhb//D1sz49gRzWHVnAEN4QIQ=; b=A2WwUzBKjvaTqUT4oAfkxbC18IBr/+4UQcepqvPPabGC8ldhtDvWpGQNMRvPZNQtR7 Tbl0s2s85KX4FMmIKODSDqKH6mbhc8XKYODAI9nWuPupggTcuqEB3jluPIiiwqX7Ttuz neVqG9fM9BHxvLTgOpTOMLK+rFAKYwI+P0qefHHPuKVO39cH5iHIrRVpfTBlU/08C+mf 6DE46Y4zOQOJdnL+bcKDVxDaoLLjkPPKS9aaQZwhJJHiHfhqpS3x4QAgy/3JdPh7cTnF pLpj3lhrRA6ZeR+42ztVejby4XkirqgT8It8t9fSBVLqnnDsHeDIlbO45hacJUjH737A XbOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-14314-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-14314-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sangfor.com.cn Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id u26-20020a05620a121a00b0078157671703si13390264qkj.222.2024.01.02.03.53.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Jan 2024 03:53:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-14314-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-14314-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-14314-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sangfor.com.cn Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id DF7B91C21E85 for ; Tue, 2 Jan 2024 11:53:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 90ED0EAE8; Tue, 2 Jan 2024 11:53:05 +0000 (UTC) X-Original-To: linux-kernel@vger.kernel.org Received: from mail-m118102.qiye.163.com (mail-m118102.qiye.163.com [115.236.118.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 010B6EAD7; Tue, 2 Jan 2024 11:53:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sangfor.com.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sangfor.com.cn Received: from [172.23.69.7] (unknown [121.32.254.147]) by mail-m12750.qiye.163.com (Hmail) with ESMTPA id DE9D7F201DA; Tue, 2 Jan 2024 19:33:41 +0800 (CST) Message-ID: <61e69337-c32e-4df7-a31c-faf112f36466@sangfor.com.cn> Date: Tue, 2 Jan 2024 19:33:41 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] RDMA/device: Fix a race between mad_client and cm_client init To: Leon Romanovsky Cc: jgg@ziepe.ca, wenglianfa@huawei.com, gustavoars@kernel.org, linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, Shifeng Li References: <20240102034335.34842-1-lishifeng@sangfor.com.cn> <20240102085814.GD6361@unreal> From: Shifeng Li In-Reply-To: <20240102085814.GD6361@unreal> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly tZV1koWUFITzdXWS1ZQUlXWQ8JGhUIEh9ZQVlCT0weVkweHRhDThlDT0IfGlUTARMWGhIXJBQOD1 lXWRgSC1lBWUpJSlVISVVJTk9VSk9MWVdZFhoPEhUdFFlBWU9LSFVKTU9JTE5VSktLVUpCS0tZBg ++ X-HM-Tid: 0a8cc9f36a96b21dkuuude9d7f201da X-HM-MType: 1 X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Nxg6CCo4UTw*P08jOBIfUUkt LSIaChVVSlVKTEtPSkJOSUlJTU1PVTMWGhIXVRcSCBMSHR4VHDsIGhUcHRQJVRgUFlUYFUVZV1kS C1lBWUpJSlVISVVJTk9VSk9MWVdZCAFZQUxISE83Bg++ On 2024/1/2 16:58, Leon Romanovsky wrote: > On Mon, Jan 01, 2024 at 07:43:35PM -0800, Shifeng Li wrote: >> The mad_client will be initialized in enable_device_and_get(), while the >> devices_rwsem will be downgraded to a read semaphore. There is a window >> that leads to the failed initialization for cm_client, since it can not >> get matched mad port from ib_mad_port_list, and the matched mad port will >> be added to the list after that. >> >> mad_client | cm_client >> ------------------|-------------------------------------------------------- >> ib_register_device| >> enable_device_and_get >> down_write(&devices_rwsem) >> xa_set_mark(&devices, DEVICE_REGISTERED) >> downgrade_write(&devices_rwsem) >> | >> |ib_cm_init >> |ib_register_client(&cm_client) >> |down_read(&devices_rwsem) >> |xa_for_each_marked (&devices, DEVICE_REGISTERED) >> |add_client_context >> |cm_add_one >> |ib_register_mad_agent >> |ib_get_mad_port >> |__ib_get_mad_port >> |list_for_each_entry(entry, &ib_mad_port_list, port_list) >> |return NULL >> |up_read(&devices_rwsem) >> | >> add_client_context| >> ib_mad_init_device| >> ib_mad_port_open | >> list_add_tail(&port_priv->port_list, &ib_mad_port_list) >> up_read(&devices_rwsem) >> | > > How is this stack possible? > > ib_register_device() is called by drivers and happens much later than ib_cm_init(). > I've caught the stack and err log as follows, ib_mad_init_device() called after cm_add_one(). [ 98.281786] CPU: 18 PID: 30079 Comm: modprobe Kdump: loaded [ 98.281787] Call Trace: [ 98.281790] dump_stack+0x71/0xab [ 98.281805] ib_register_mad_agent+0x1c6/0x27f0 [ib_core] [ 98.281840] cm_add_one+0x4b0/0x9d0 [ib_cm] [ 98.281865] add_client_context+0x2b9/0x380 [ib_core] [ 98.281890] ib_register_client+0x22a/0x2a0 [ib_core] [ 98.281908] __init_backport+0x12f/0x1000 [ib_cm] [ 98.281912] do_one_initcall+0x87/0x2e2 [ 98.281926] do_init_module+0x1c3/0x5f7 [ 98.281928] load_module+0x4fe0/0x68d0 [ 98.281945] __do_sys_finit_module+0x14d/0x180 [ 98.281952] do_syscall_64+0xa0/0x370 [ 98.281957] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 98.281958] RIP: 0033:0x7f51d3a4373d [ 98.281961] RSP: 002b:00007ffceb925938 EFLAGS: 00000202 ORIG_RAX: 0000000000000139 [ 98.281964] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f51d3a4373d [ 98.281965] RDX: 0000000000000000 RSI: 0000000001636b70 RDI: 0000000000000003 [ 98.281966] RBP: 00007ffceb925950 R08: 0000000000000000 R09: 0000000001636b70 [ 98.281967] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000402410 [ 98.281968] R13: 00007ffceb926e60 R14: 0000000000000000 R15: 0000000000000000 [ 98.281977] infiniband mlx5_1: ib_register_mad_agent: Invalid port 1 [ 98.349040] CPU: 38 PID: 29896 Comm: modprobe Kdump: loaded [ 98.349043] Call Trace: [ 98.349053] dump_stack+0x71/0xab [ 98.349076] ib_register_mad_agent+0x1c6/0x27f0 [ib_core] [ 98.349149] ib_agent_port_open+0xe2/0x2d0 [ib_core] [ 98.349164] ib_mad_init_device+0x818/0x1d70 [ib_core] [ 98.349197] add_client_context+0x2b9/0x380 [ib_core] [ 98.349221] enable_device_and_get+0x1ab/0x340 [ib_core] [ 98.349292] ib_register_device+0xcbf/0xfd0 [ib_core] [ 98.349355] __mlx5_ib_add+0x44/0xf0 [mlx5_ib] [ 98.349404] mlx5_add_device+0xc3/0x280 [mlx5_core] [ 98.349434] mlx5_register_interface+0x109/0x190 [mlx5_core] [ 98.349442] do_one_initcall+0x87/0x2e2 [ 98.349460] do_init_module+0x1c3/0x5f7 [ 98.349462] load_module+0x4fe0/0x68d0 [ 98.349481] __do_sys_init_module+0x1f9/0x220 [ 98.349486] do_syscall_64+0xa0/0x370 [ 98.349492] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 98.349494] RIP: 0033:0x7fbc327faa7a [ 98.349500] RSP: 002b:00007fff890df7f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000af [ 98.349502] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbc327faa7a [ 98.349503] RDX: 00000000004250c0 RSI: 00000000001b0230 RDI: 00007fbc31919010 [ 98.349505] RBP: 00007fff890df860 R08: 00000000025045b0 R09: 0000000000000000 [ 98.349506] R10: 00000000001b0230 R11: 0000000000000202 R12: 0000000000402410 [ 98.349507] R13: 00007fff890e0cf0 R14: 0000000000000000 R15: 0000000000000000 Thanks > Thanks > >> >> Fix it by using the devices_rwsem write semaphore to protect the mad_client >> init flow in enable_device_and_get(). >> >> Fixes: d0899892edd0 ("RDMA/device: Provide APIs from the core code to help unregistration") >> Cc: Shifeng Li >> Signed-off-by: Shifeng Li >> --- >> drivers/infiniband/core/device.c | 8 +------- >> 1 file changed, 1 insertion(+), 7 deletions(-) >> >> diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c >> index 67bcea7a153c..85782786993d 100644 >> --- a/drivers/infiniband/core/device.c >> +++ b/drivers/infiniband/core/device.c >> @@ -1315,12 +1315,6 @@ static int enable_device_and_get(struct ib_device *device) >> down_write(&devices_rwsem); >> xa_set_mark(&devices, device->index, DEVICE_REGISTERED); >> >> - /* >> - * By using downgrade_write() we ensure that no other thread can clear >> - * DEVICE_REGISTERED while we are completing the client setup. >> - */ >> - downgrade_write(&devices_rwsem); >> - >> if (device->ops.enable_driver) { >> ret = device->ops.enable_driver(device); >> if (ret) >> @@ -1337,7 +1331,7 @@ static int enable_device_and_get(struct ib_device *device) >> if (!ret) >> ret = add_compat_devs(device); >> out: >> - up_read(&devices_rwsem); >> + up_write(&devices_rwsem); >> return ret; >> } >> >> -- >> 2.25.1 >> >> >