diff options
author | Roland Dreier <rolandd@cisco.com> | 2007-06-21 14:05:58 -0400 |
---|---|---|
committer | Roland Dreier <rolandd@cisco.com> | 2007-06-21 14:05:58 -0400 |
commit | 24bce5080306bd5255cbda3d6b09a29d5515b470 (patch) | |
tree | d0061299531d0cda6bd83196f8f4c32c5f93af15 | |
parent | d025d7858f7415f558e89d870ad1a205954b64cd (diff) |
IB/umem: Fix possible hang on process exit
If ib_umem_release() is called after ib_uverbs_close() sets context->closing,
then a process can get stuck in a D state, because the code boils down to
if (down_write_trylock(&mm->mmap_sem))
down_write(&mm->mmap_sem);
which is obviously a stupid instant deadlock. Fix the code so that we
only try to take the lock once.
This bug was introduced in commit f7c6a7b5 ("IB/uverbs: Export
ib_umem_get()/ib_umem_release() to modules") which fortunately never
made it into a release, and was reported by Pete Wyckoff <pw@osc.edu>.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
-rw-r--r-- | drivers/infiniband/core/umem.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index b4aec5103c99..d40652a80151 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c | |||
@@ -225,13 +225,15 @@ void ib_umem_release(struct ib_umem *umem) | |||
225 | * up here and not be able to take the mmap_sem. In that case | 225 | * up here and not be able to take the mmap_sem. In that case |
226 | * we defer the vm_locked accounting to the system workqueue. | 226 | * we defer the vm_locked accounting to the system workqueue. |
227 | */ | 227 | */ |
228 | if (context->closing && !down_write_trylock(&mm->mmap_sem)) { | 228 | if (context->closing) { |
229 | INIT_WORK(&umem->work, ib_umem_account); | 229 | if (!down_write_trylock(&mm->mmap_sem)) { |
230 | umem->mm = mm; | 230 | INIT_WORK(&umem->work, ib_umem_account); |
231 | umem->diff = diff; | 231 | umem->mm = mm; |
232 | 232 | umem->diff = diff; | |
233 | schedule_work(&umem->work); | 233 | |
234 | return; | 234 | schedule_work(&umem->work); |
235 | return; | ||
236 | } | ||
235 | } else | 237 | } else |
236 | down_write(&mm->mmap_sem); | 238 | down_write(&mm->mmap_sem); |
237 | 239 | ||