Possible race in mlx5_ib.ko

From: Anton Volkov
Date: Fri Aug 18 2017 - 11:17:21 EST

Next message: Chao Yu: "Re: [PATCH v2] f2fs: free_user_blocks should use reserved_segments instead"
Previous message: Yunlong Song: "Re: [PATCH v2] f2fs: introduce cur_reserved_blocks in sysfs"
Next in thread: Leon Romanovsky: "Re: Possible race in mlx5_ib.ko"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

While searching for races in the Linux kernel I've come across
"drivers/infiniband/hw/mlx5/mlx5_ib.ko" module. Here are questions that I came up with while analyzing results. Lines are given using the info from Linux v4.12.

Consider the following case:

Thread 1: Thread 2:
size_write
->remove_keys limit_write
ent->cur--; if (ent->cur < ent->limit)
(mr.c: line 234) (mr.c: line 335)
err = add_keys(... ent->limit - ent->cur);

If size_write and limit_write are able to work concurrently with the same ent then there is a possibility of a race between the accesses to ent->cur. In worst case in limit_write new keys wouldn't be added. Is it feasible from your point of view? If so, is it a benign race or a serious one?

Thank you for your time.

-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avolkov@xxxxxxxxx

Next message: Chao Yu: "Re: [PATCH v2] f2fs: free_user_blocks should use reserved_segments instead"
Previous message: Yunlong Song: "Re: [PATCH v2] f2fs: introduce cur_reserved_blocks in sysfs"
Next in thread: Leon Romanovsky: "Re: Possible race in mlx5_ib.ko"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]