aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/infiniband/core
diff options
context:
space:
mode:
authorRoland Dreier <rolandd@cisco.com>2007-06-21 14:05:58 -0400
committerRoland Dreier <rolandd@cisco.com>2007-06-21 14:05:58 -0400
commit24bce5080306bd5255cbda3d6b09a29d5515b470 (patch)
treed0061299531d0cda6bd83196f8f4c32c5f93af15 /drivers/infiniband/core
parentd025d7858f7415f558e89d870ad1a205954b64cd (diff)
IB/umem: Fix possible hang on process exit
If ib_umem_release() is called after ib_uverbs_close() sets context->closing, then a process can get stuck in a D state, because the code boils down to if (down_write_trylock(&mm->mmap_sem)) down_write(&mm->mmap_sem); which is obviously a stupid instant deadlock. Fix the code so that we only try to take the lock once. This bug was introduced in commit f7c6a7b5 ("IB/uverbs: Export ib_umem_get()/ib_umem_release() to modules") which fortunately never made it into a release, and was reported by Pete Wyckoff <pw@osc.edu>. Signed-off-by: Roland Dreier <rolandd@cisco.com>
Diffstat (limited to 'drivers/infiniband/core')
-rw-r--r--drivers/infiniband/core/umem.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
index b4aec5103c99..d40652a80151 100644
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -225,13 +225,15 @@ void ib_umem_release(struct ib_umem *umem)
225 * up here and not be able to take the mmap_sem. In that case 225 * up here and not be able to take the mmap_sem. In that case
226 * we defer the vm_locked accounting to the system workqueue. 226 * we defer the vm_locked accounting to the system workqueue.
227 */ 227 */
228 if (context->closing && !down_write_trylock(&mm->mmap_sem)) { 228 if (context->closing) {
229 INIT_WORK(&umem->work, ib_umem_account); 229 if (!down_write_trylock(&mm->mmap_sem)) {
230 umem->mm = mm; 230 INIT_WORK(&umem->work, ib_umem_account);
231 umem->diff = diff; 231 umem->mm = mm;
232 232 umem->diff = diff;
233 schedule_work(&umem->work); 233
234 return; 234 schedule_work(&umem->work);
235 return;
236 }
235 } else 237 } else
236 down_write(&mm->mmap_sem); 238 down_write(&mm->mmap_sem);
237 239