Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / e3aa31c517cb6fd0a3d8b23e6a7e71a6aafc2393^! / . / drivers / infiniband / hw / mthca / mthca_mcg.c
commite3aa31c517cb6fd0a3d8b23e6a7e71a6aafc2393[log] [tgz]
authorMichael S. Tsirkin <mst@mellanox.co.il>Mon Jan 30 16:22:29 2006 -0800
committerRoland Dreier <rolandd@cisco.com>Mon Jan 30 16:22:29 2006 -0800
tree97c1ca504dc60a7b380be402b91af59a4a8f8e04
parent8e9e5f4f5eb1d44ddabfd1ddea4ca4e4244a9ffb [diff] [blame]
IB/mthca: Don't cancel commands on a signal

We have run into the following problem: if a task receives a signal
while in the process of e.g. destroying a resource (which could be
because the relevant file was closed) mthca could bail out from trying
to take a command interface semaphore without performing the
appropriate command to tell hardware that the resource is being
destroyed.

As a result we see messages like
 ib_mthca 0000:04:00.0: HW2SW_CQ failed (-4)

In this case, hardware could access the resource after the memory has
been freed, possibly causing memory corruption.

A simple solution is to replace down_interruptible() by down() in
command interface activation.

Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
[ It's also not safe to bail out on multicast table operations, since
  they may be invoked on the cleanup path too.  So use down() for
  mcg_table.sem too. ]
Signed-off-by: Roland Dreier <rolandd@cisco.com>

diff --git a/drivers/infiniband/hw/mthca/mthca_mcg.c b/drivers/infiniband/hw/mthca/mthca_mcg.c
index 77bc6c7..55ff5e5 100644
--- a/drivers/infiniband/hw/mthca/mthca_mcg.c
+++ b/drivers/infiniband/hw/mthca/mthca_mcg.c

@@ -154,10 +154,7 @@
 		return PTR_ERR(mailbox);
 	mgm = mailbox->buf;
 
-	if (down_interruptible(&dev->mcg_table.sem)) {
-		err = -EINTR;
-		goto err_sem;
-	}
+	down(&dev->mcg_table.sem);
 
 	err = find_mgm(dev, gid->raw, mailbox, &hash, &prev, &index);
 	if (err)
@@ -242,7 +239,7 @@
 		mthca_free(&dev->mcg_table.alloc, index);
 	}
 	up(&dev->mcg_table.sem);
- err_sem:
+
 	mthca_free_mailbox(dev, mailbox);
 	return err;
 }
@@ -263,10 +260,7 @@
 		return PTR_ERR(mailbox);
 	mgm = mailbox->buf;
 
-	if (down_interruptible(&dev->mcg_table.sem)) {
-		err = -EINTR;
-		goto err_sem;
-	}
+	down(&dev->mcg_table.sem);
 
 	err = find_mgm(dev, gid->raw, mailbox, &hash, &prev, &index);
 	if (err)
@@ -372,7 +366,7 @@
 
  out:
 	up(&dev->mcg_table.sem);
- err_sem:
+
 	mthca_free_mailbox(dev, mailbox);
 	return err;
 }