From: Jason Gunthorpe <jgg@mellanox.com>
Date: Tue, 10 Jul 2018 20:55:16 -0600
Subject: IB/uverbs: Revise the placement of get/puts on uobject
Patch-mainline: v4.19-rc1
Git-commit: 5671f79b42da197466bf0908bce6f7ab4e35488f
References: bsc#1103992 FATE#326009
This wasn't wrong, but the placement of two krefs didn't make any
sense. Follow some simple rules.
- A kref is held inside uobjects_list
- A kref is held inside the IDR
- A kref is held inside file->private
- A stack based kref is passed bettwen alloc_begin and
alloc_abort/alloc_commit
Any place we destroy one of the above pointers, we stick a put,
or 'move' the kref into another pointer.
The key functions have sensible semantics:
- alloc_uobj fully initializes the common members in uobj, including
the list
- Get rid of the uverbs_idr_remove_uobj helper since IDR remove
does require put, but it depends on the situation. Later
patches will re-consolidate this differently.
- alloc_abort always consumes the passed kref, done in the type
- alloc_commit always consumes the passed kref, done in the type
- rdma_remove_commit_uobject always pairs with a lookup_get
After it is all done the only control flow change is to:
- move a get from alloc_commit_fd_uobject to rdma_alloc_commit_uobject
- add a put to remove_commit_idr_uobject
- Consistenly use rdma_lookup_put in rdma_remove_commit_uobject at
the right place
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
drivers/infiniband/core/rdma_core.c | 83 +++++++++++++++++++++---------------
1 file changed, 50 insertions(+), 33 deletions(-)
--- a/drivers/infiniband/core/rdma_core.c
+++ b/drivers/infiniband/core/rdma_core.c
@@ -163,6 +163,7 @@ static struct ib_uobject *alloc_uobj(str
*/
uobj->ufile = ufile;
uobj->context = ufile->ucontext;
+ INIT_LIST_HEAD(&uobj->list);
uobj->type = type;
/*
* Allocated objects start out as write locked to deny any other
@@ -198,17 +199,6 @@ static int idr_add_uobj(struct ib_uobjec
return ret < 0 ? ret : 0;
}
-/*
- * It only removes it from the uobjects list, uverbs_uobject_put() is still
- * required.
- */
-static void uverbs_idr_remove_uobj(struct ib_uobject *uobj)
-{
- spin_lock(&uobj->ufile->idr_lock);
- idr_remove(&uobj->ufile->idr, uobj->id);
- spin_unlock(&uobj->ufile->idr_lock);
-}
-
/* Returns the ib_uobject or an error. The caller should check for IS_ERR. */
static struct ib_uobject *
lookup_get_idr_uobject(const struct uverbs_obj_type *type,
@@ -329,7 +319,9 @@ static struct ib_uobject *alloc_begin_id
return uobj;
idr_remove:
- uverbs_idr_remove_uobj(uobj);
+ spin_lock(&ufile->idr_lock);
+ idr_remove(&ufile->idr, uobj->id);
+ spin_unlock(&ufile->idr_lock);
uobj_put:
uverbs_uobject_put(uobj);
return ERR_PTR(ret);
@@ -354,6 +346,13 @@ static struct ib_uobject *alloc_begin_fd
return uobj;
}
+ /*
+ * The kref for uobj is moved into filp->private data and put in
+ * uverbs_close_fd(). Once anon_inode_getfile() succeeds
+ * uverbs_close_fd() must be guaranteed to be called from the provided
+ * fops release callback. We piggyback our kref of uobj on the stack
+ * with the lifetime of the struct file.
+ */
filp = anon_inode_getfile(fd_type->name,
fd_type->fops,
uobj,
@@ -367,7 +366,7 @@ static struct ib_uobject *alloc_begin_fd
uobj->id = new_fd;
uobj->object = filp;
uobj->ufile = ufile;
- INIT_LIST_HEAD(&uobj->list);
+ /* Matching put will be done in uverbs_close_fd() */
kref_get(&ufile->ref);
return uobj;
@@ -397,7 +396,13 @@ static int __must_check remove_commit_id
ib_rdmacg_uncharge(&uobj->cg_obj, uobj->context->device,
RDMACG_RESOURCE_HCA_OBJECT);
- uverbs_idr_remove_uobj(uobj);
+
+ spin_lock(&uobj->ufile->idr_lock);
+ idr_remove(&uobj->ufile->idr, uobj->id);
+ spin_unlock(&uobj->ufile->idr_lock);
+
+ /* Matches the kref in alloc_commit_idr_uobject */
+ uverbs_uobject_put(uobj);
return ret;
}
@@ -451,24 +456,25 @@ static int __must_check _rdma_remove_com
return 0;
ret = uobj->type->type_class->remove_commit(uobj, why);
- if (ib_is_destroy_retryable(ret, why, uobj)) {
- /* We couldn't remove the object, so just unlock the uobject */
- atomic_set(&uobj->usecnt, 0);
- uobj->type->type_class->lookup_put(uobj, true);
- } else {
- uobj->object = NULL;
-
- mutex_lock(&ufile->uobjects_lock);
- list_del(&uobj->list);
- mutex_unlock(&ufile->uobjects_lock);
- /* put the ref we took when we created the object */
- uverbs_uobject_put(uobj);
- }
+ if (ib_is_destroy_retryable(ret, why, uobj))
+ return ret;
+
+ uobj->object = NULL;
+
+ mutex_lock(&ufile->uobjects_lock);
+ list_del(&uobj->list);
+ mutex_unlock(&ufile->uobjects_lock);
+ /* Pairs with the get in rdma_alloc_commit_uobject() */
+ uverbs_uobject_put(uobj);
return ret;
}
-/* This is called only for user requested DESTROY reasons */
+/* This is called only for user requested DESTROY reasons
+ * rdma_lookup_get_uobject(exclusive=true) must have been called to get uobj,
+ * and after this returns the corresponding put has been done, and the kref
+ * for uobj has been consumed.
+ */
int __must_check rdma_remove_commit_uobject(struct ib_uobject *uobj)
{
int ret;
@@ -519,9 +525,6 @@ static void alloc_commit_fd_uobject(stru
/* This shouldn't be used anymore. Use the file object instead */
uobj->id = 0;
- /* Get another reference as we export this to the fops */
- uverbs_uobject_get(uobj);
-
/*
* NOTE: Once we install the file we loose ownership of our kref on
* uobj. It will be put by uverbs_close_fd()
@@ -554,6 +557,8 @@ int rdma_alloc_commit_uobject(struct ib_
assert_uverbs_usecnt(uobj, true);
atomic_set(&uobj->usecnt, 0);
+ /* kref is held so long as the uobj is on the uobj list. */
+ uverbs_uobject_get(uobj);
mutex_lock(&ufile->uobjects_lock);
list_add(&uobj->list, &ufile->uobjects);
mutex_unlock(&ufile->uobjects_lock);
@@ -567,12 +572,22 @@ int rdma_alloc_commit_uobject(struct ib_
static void alloc_abort_idr_uobject(struct ib_uobject *uobj)
{
- uverbs_idr_remove_uobj(uobj);
ib_rdmacg_uncharge(&uobj->cg_obj, uobj->context->device,
RDMACG_RESOURCE_HCA_OBJECT);
+
+ spin_lock(&uobj->ufile->idr_lock);
+ /* The value of the handle in the IDR is NULL at this point. */
+ idr_remove(&uobj->ufile->idr, uobj->id);
+ spin_unlock(&uobj->ufile->idr_lock);
+
+ /* Pairs with the kref from alloc_begin_idr_uobject */
uverbs_uobject_put(uobj);
}
+/*
+ * This consumes the kref for uobj. It is up to the caller to unwind the HW
+ * object and anything else connected to uobj before calling this.
+ */
void rdma_alloc_abort_uobject(struct ib_uobject *uobj)
{
uobj->type->type_class->alloc_abort(uobj);
@@ -605,6 +620,7 @@ void rdma_lookup_put_uobject(struct ib_u
else
atomic_set(&uobj->usecnt, 0);
+ /* Pairs with the kref obtained by type->lookup_get */
uverbs_uobject_put(uobj);
}
@@ -658,6 +674,7 @@ void uverbs_close_fd(struct file *f)
struct kref *uverbs_file_ref = &uobj->ufile->ref;
_uverbs_close_fd(uobj);
+ /* Pairs with filp->private_data in alloc_begin_fd_uobject */
uverbs_uobject_put(uobj);
kref_put(uverbs_file_ref, ib_uverbs_release_file);
}
@@ -700,7 +717,7 @@ static int __uverbs_cleanup_ufile(struct
obj->id, err);
list_del(&obj->list);
- /* put the ref we took when we created the object */
+ /* Pairs with the get in rdma_alloc_commit_uobject() */
uverbs_uobject_put(obj);
ret = 0;
}