Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp6506809rdb; Tue, 2 Jan 2024 04:31:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IH78GSGl/3GtiNOI78bjUQoa1uPn0wqWwTLoYLcz/AtR6Zb//HiXvL6KCLkbueMioPAo23r X-Received: by 2002:a17:906:aec6:b0:a28:48dd:b766 with SMTP id me6-20020a170906aec600b00a2848ddb766mr332004ejb.85.1704198688818; Tue, 02 Jan 2024 04:31:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704198688; cv=none; d=google.com; s=arc-20160816; b=vR+CVVlkRAxDmNRwvkhaOfBhvqwLTl1HHPdqsxUuo/B2jEmy22LyMYQ27PR2Q27Jhl PXJ3mjaHwIXjDhqEptCDS6TmBiOkRSODdx06eLxtFqII80/MEeYucNxR717bB8MsEzP9 FbYS7Dzu3T/Fohg9T8dbQf06ZmWCpLkc6GtZT05MarHraTNIB1I/gjHnU7+pGRw+XJd7 +Peizj17jIhcQ9X87WkLaKQ8tJdJPVl2CLZjny36HCNdPnhTrFvgp+jXlQs1FGYMm0Xw Brc60Eapwj6Pdufocf/aZlGr/DDX8TLC0AYD9/sy1rQlBCmyyKuBgGgApqHzzS6MuTCz Vr3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:date:message-id; bh=SaT95LCYVjc5nN4sz9NRKsy5sco72wVQlGnIaQXzR7A=; fh=SKW/RrXMLQVCeRvOQTKhb//D1sz49gRzWHVnAEN4QIQ=; b=oqpWcQFrYWHF1LX7KJ8jl5fzImHuU5cubAuESU/1lN9fetiIrX6LrMclczHKWDdvn9 Xb3EzJt9HFLQy4FbvN+KR2UaNLWsV/g2pYlSOuKXsdfowi9Hk7OfVV7S/iY4BmaL6dvh 5V6pLviBNYmuODRQzgVGwgcZj281VMUPJU0PSGZT20p1/9HaJs3ZAK3fDgMY8Uwe0kIm n5Vi1m2BZ+J2DGYbi/55S1L6LiyYWaikXewEKrznJPw4TnB0xJMG61YKbRXR4JjinqBA 5iHZKzkclvqHMHfEOY2Fa2eNZC2u6/QpS4XD4/F4LrVGpEATedYZM2fom2mYFl+9K+h3 mQdQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-14343-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-14343-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sangfor.com.cn Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id h15-20020a17090791cf00b00a2339255aeesi10443894ejz.53.2024.01.02.04.31.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Jan 2024 04:31:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-14343-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-14343-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-14343-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sangfor.com.cn Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 65C281F21125 for ; Tue, 2 Jan 2024 12:31:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 04DF8F4FC; Tue, 2 Jan 2024 12:31:08 +0000 (UTC) X-Original-To: linux-kernel@vger.kernel.org Received: from mail-m127167.xmail.ntesmail.com (mail-m127167.xmail.ntesmail.com [115.236.127.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89500F4EE; Tue, 2 Jan 2024 12:31:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sangfor.com.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sangfor.com.cn Received: from [172.23.69.7] (unknown [121.32.254.147]) by mail-m12750.qiye.163.com (Hmail) with ESMTPA id 18AAEF20682; Tue, 2 Jan 2024 20:30:50 +0800 (CST) Message-ID: <37318dfc-f296-4662-b3a9-cd42fbb7eba5@sangfor.com.cn> Date: Tue, 2 Jan 2024 20:30:49 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] RDMA/device: Fix a race between mad_client and cm_client init To: Leon Romanovsky Cc: jgg@ziepe.ca, wenglianfa@huawei.com, gustavoars@kernel.org, linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, Shifeng Li References: <20240102034335.34842-1-lishifeng@sangfor.com.cn> <20240102085814.GD6361@unreal> <61e69337-c32e-4df7-a31c-faf112f36466@sangfor.com.cn> <20240102115806.GH6361@unreal> From: Shifeng Li In-Reply-To: <20240102115806.GH6361@unreal> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly tZV1koWUFITzdXWS1ZQUlXWQ8JGhUIEh9ZQVkZGUsYVh1OHhlISE1JGEpMS1UTARMWGhIXJBQOD1 lXWRgSC1lBWUpJSlVISVVJTk9VSk9MWVdZFhoPEhUdFFlBWU9LSFVKTU9JTE5VSktLVUpCS0tZBg ++ X-HM-Tid: 0a8cca27b9fcb21dkuuu18aaef20682 X-HM-MType: 1 X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6NxQ6Ggw6SDw8K08aAUMqGRcy KT5PC1ZVSlVKTEtPSkJDTU5LQ0NPVTMWGhIXVRcSCBMSHR4VHDsIGhUcHRQJVRgUFlUYFUVZV1kS C1lBWUpJSlVISVVJTk9VSk9MWVdZCAFZQUNJTk03Bg++ On 2024/1/2 19:58, Leon Romanovsky wrote: > On Tue, Jan 02, 2024 at 07:33:41PM +0800, Shifeng Li wrote: >> On 2024/1/2 16:58, Leon Romanovsky wrote: >>> On Mon, Jan 01, 2024 at 07:43:35PM -0800, Shifeng Li wrote: >>>> The mad_client will be initialized in enable_device_and_get(), while the >>>> devices_rwsem will be downgraded to a read semaphore. There is a window >>>> that leads to the failed initialization for cm_client, since it can not >>>> get matched mad port from ib_mad_port_list, and the matched mad port will >>>> be added to the list after that. >>>> >>>> mad_client | cm_client >>>> ------------------|-------------------------------------------------------- >>>> ib_register_device| >>>> enable_device_and_get >>>> down_write(&devices_rwsem) >>>> xa_set_mark(&devices, DEVICE_REGISTERED) >>>> downgrade_write(&devices_rwsem) >>>> | >>>> |ib_cm_init >>>> |ib_register_client(&cm_client) >>>> |down_read(&devices_rwsem) >>>> |xa_for_each_marked (&devices, DEVICE_REGISTERED) >>>> |add_client_context >>>> |cm_add_one >>>> |ib_register_mad_agent >>>> |ib_get_mad_port >>>> |__ib_get_mad_port >>>> |list_for_each_entry(entry, &ib_mad_port_list, port_list) >>>> |return NULL >>>> |up_read(&devices_rwsem) >>>> | >>>> add_client_context| >>>> ib_mad_init_device| >>>> ib_mad_port_open | >>>> list_add_tail(&port_priv->port_list, &ib_mad_port_list) >>>> up_read(&devices_rwsem) >>>> | >>> >>> How is this stack possible? >>> >>> ib_register_device() is called by drivers and happens much later than ib_cm_init(). >>> >> >> I've caught the stack and err log as follows, ib_mad_init_device() called after > > > ib_mad_init_device != ib_register_device > > You mentioned ib_register_device() in your callstack, while you caught ib_mad_init_device(). > ib_register_device() is called by mlx5_ib driver, and then ib_register_device() calls ib_mad_init_device(). Thanks > Thanks > >> cm_add_one(). >> >> [ 98.281786] CPU: 18 PID: 30079 Comm: modprobe Kdump: loaded >> [ 98.281787] Call Trace: >> [ 98.281790] dump_stack+0x71/0xab >> [ 98.281805] ib_register_mad_agent+0x1c6/0x27f0 [ib_core] >> [ 98.281840] cm_add_one+0x4b0/0x9d0 [ib_cm] >> [ 98.281865] add_client_context+0x2b9/0x380 [ib_core] >> [ 98.281890] ib_register_client+0x22a/0x2a0 [ib_core] >> [ 98.281908] __init_backport+0x12f/0x1000 [ib_cm] >> [ 98.281912] do_one_initcall+0x87/0x2e2 >> [ 98.281926] do_init_module+0x1c3/0x5f7 >> [ 98.281928] load_module+0x4fe0/0x68d0 >> [ 98.281945] __do_sys_finit_module+0x14d/0x180 >> [ 98.281952] do_syscall_64+0xa0/0x370 >> [ 98.281957] entry_SYSCALL_64_after_hwframe+0x65/0xca >> [ 98.281958] RIP: 0033:0x7f51d3a4373d >> [ 98.281961] RSP: 002b:00007ffceb925938 EFLAGS: 00000202 ORIG_RAX: 0000000000000139 >> [ 98.281964] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f51d3a4373d >> [ 98.281965] RDX: 0000000000000000 RSI: 0000000001636b70 RDI: 0000000000000003 >> [ 98.281966] RBP: 00007ffceb925950 R08: 0000000000000000 R09: 0000000001636b70 >> [ 98.281967] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000402410 >> [ 98.281968] R13: 00007ffceb926e60 R14: 0000000000000000 R15: 0000000000000000 >> >> [ 98.281977] infiniband mlx5_1: ib_register_mad_agent: Invalid port 1 >> >> [ 98.349040] CPU: 38 PID: 29896 Comm: modprobe Kdump: loaded >> [ 98.349043] Call Trace: >> [ 98.349053] dump_stack+0x71/0xab >> [ 98.349076] ib_register_mad_agent+0x1c6/0x27f0 [ib_core] >> [ 98.349149] ib_agent_port_open+0xe2/0x2d0 [ib_core] >> [ 98.349164] ib_mad_init_device+0x818/0x1d70 [ib_core] >> [ 98.349197] add_client_context+0x2b9/0x380 [ib_core] >> [ 98.349221] enable_device_and_get+0x1ab/0x340 [ib_core] >> [ 98.349292] ib_register_device+0xcbf/0xfd0 [ib_core] >> [ 98.349355] __mlx5_ib_add+0x44/0xf0 [mlx5_ib] >> [ 98.349404] mlx5_add_device+0xc3/0x280 [mlx5_core] >> [ 98.349434] mlx5_register_interface+0x109/0x190 [mlx5_core] >> [ 98.349442] do_one_initcall+0x87/0x2e2 >> [ 98.349460] do_init_module+0x1c3/0x5f7 >> [ 98.349462] load_module+0x4fe0/0x68d0 >> [ 98.349481] __do_sys_init_module+0x1f9/0x220 >> [ 98.349486] do_syscall_64+0xa0/0x370 >> [ 98.349492] entry_SYSCALL_64_after_hwframe+0x65/0xca >> [ 98.349494] RIP: 0033:0x7fbc327faa7a >> [ 98.349500] RSP: 002b:00007fff890df7f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000af >> [ 98.349502] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbc327faa7a >> [ 98.349503] RDX: 00000000004250c0 RSI: 00000000001b0230 RDI: 00007fbc31919010 >> [ 98.349505] RBP: 00007fff890df860 R08: 00000000025045b0 R09: 0000000000000000 >> [ 98.349506] R10: 00000000001b0230 R11: 0000000000000202 R12: 0000000000402410 >> [ 98.349507] R13: 00007fff890e0cf0 R14: 0000000000000000 R15: 0000000000000000 >> >> Thanks >> >>> Thanks >>> >>>> >>>> Fix it by using the devices_rwsem write semaphore to protect the mad_client >>>> init flow in enable_device_and_get(). >>>> >>>> Fixes: d0899892edd0 ("RDMA/device: Provide APIs from the core code to help unregistration") >>>> Cc: Shifeng Li >>>> Signed-off-by: Shifeng Li >>>> --- >>>> drivers/infiniband/core/device.c | 8 +------- >>>> 1 file changed, 1 insertion(+), 7 deletions(-) >>>> >>>> diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c >>>> index 67bcea7a153c..85782786993d 100644 >>>> --- a/drivers/infiniband/core/device.c >>>> +++ b/drivers/infiniband/core/device.c >>>> @@ -1315,12 +1315,6 @@ static int enable_device_and_get(struct ib_device *device) >>>> down_write(&devices_rwsem); >>>> xa_set_mark(&devices, device->index, DEVICE_REGISTERED); >>>> - /* >>>> - * By using downgrade_write() we ensure that no other thread can clear >>>> - * DEVICE_REGISTERED while we are completing the client setup. >>>> - */ >>>> - downgrade_write(&devices_rwsem); >>>> - >>>> if (device->ops.enable_driver) { >>>> ret = device->ops.enable_driver(device); >>>> if (ret) >>>> @@ -1337,7 +1331,7 @@ static int enable_device_and_get(struct ib_device *device) >>>> if (!ret) >>>> ret = add_compat_devs(device); >>>> out: >>>> - up_read(&devices_rwsem); >>>> + up_write(&devices_rwsem); >>>> return ret; >>>> } >>>> -- >>>> 2.25.1 >>>> >>>> >>> >> >> >