Re: [BUG] IB/rdmavt: Potential deadlocks in function rvt_ruc_loopback()

From: Dennis Dalessandro
Date: Thu May 08 2025 - 10:04:58 EST

Next message: Steven Rostedt: "Re: [PATCH v4 01/24] ring-buffer: Introduce ring-buffer remotes"
Previous message: alexjlzheng: "[PATCH v3] securityfs: fix missing of d_delete() in securityfs_remove()"
In reply to: Qiu-ji Chen: "[BUG] IB/rdmavt: Potential deadlocks in function rvt_ruc_loopback()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/8/25 4:31 AM, Qiu-ji Chen wrote:
> Hello maintainers,
>
> I would like to report a potential lock ordering issue in
> drivers/infiniband/sw/rdmavt/qp.c in the IB/rdmavt driver. This may
> lead to deadlocks under certain conditions.
>
> The function rvt_ruc_loopback() acquires locks in a conflicting order:
>
> 1. First takes &sqp->s_lock
> 2. Then takes &sqp->r_lock
>
> This contradicts the established pattern in functions like
> rvt_rc_timeout() and rvt_modify_qp(), which typically:
>
> 1. Acquire &sqp->r_lock first
> 2. Then take &sqp->s_lock
>
> This reversed locking order creates potential deadlock scenarios when
> these code paths execute concurrently.
>
> The issue was introduced in version 4.20 and persists through current releases.
>
> This issue was identified through static analysis. While I've verified
> the locking patterns through code review, I'm not sufficiently
> familiar with the driver's internals to propose a safe fix.
>
> Thank you for your attention to this matter.
>
> Best regards,
> Qiu-Ji Chen

Hi Qui-Ji,

Thanks for the heads up. We are looking into it. Will get a fix out soon.

-Denny

Next message: Steven Rostedt: "Re: [PATCH v4 01/24] ring-buffer: Introduce ring-buffer remotes"
Previous message: alexjlzheng: "[PATCH v3] securityfs: fix missing of d_delete() in securityfs_remove()"
In reply to: Qiu-ji Chen: "[BUG] IB/rdmavt: Potential deadlocks in function rvt_ruc_loopback()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]