From: "Michael J. Ruhl" <michael.j.ruhl@intel.com>
Date: Mon, 24 Jul 2017 07:45:43 -0700
Subject: IB/hfi1: Assign context does not clean up file descriptor correctly
on error
Patch-mainline: v4.14-rc1
Git-commit: 42492011ab23f44c63dad0c7096492313dc207e3
References: bsc#1060463 FATE#323043
In the error path for context allocation, the file descriptor pointer
should not point to a context when an error occurs.
Clean up the appropriate references on error.
Fixes: Commit 62239fc6e5545b2e59f83dfbc5db231a81f37a45 ("IB/hfi1: Clean up on context initialization failure")
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
drivers/infiniband/hw/hfi1/file_ops.c | 37 +++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
--- a/drivers/infiniband/hw/hfi1/file_ops.c
+++ b/drivers/infiniband/hw/hfi1/file_ops.c
@@ -94,6 +94,7 @@ static int find_sub_ctxt(struct hfi1_fil
const struct hfi1_user_info *uinfo);
static int allocate_ctxt(struct hfi1_filedata *fd, struct hfi1_devdata *dd,
struct hfi1_user_info *uinfo);
+static void deallocate_ctxt(struct hfi1_ctxtdata *uctxt);
static unsigned int poll_urgent(struct file *fp, struct poll_table_struct *pt);
static unsigned int poll_next(struct file *fp, struct poll_table_struct *pt);
static int user_event_ack(struct hfi1_ctxtdata *uctxt, u16 subctxt,
@@ -813,15 +814,9 @@ static int hfi1_file_close(struct inode
uctxt->rcvnowait = 0;
uctxt->pionowait = 0;
uctxt->event_flags = 0;
-
- hfi1_stats.sps_ctxts--;
- if (++dd->freectxts == dd->num_user_contexts)
- aspm_enable_all(dd);
-
- /* _rcd_put() should be done after releasing mutex */
- dd->rcd[uctxt->ctxt] = NULL;
mutex_unlock(&hfi1_mutex);
- hfi1_rcd_put(uctxt); /* dd reference */
+
+ deallocate_ctxt(uctxt);
done:
mmdrop(fdata->mm);
kobject_put(&dd->kobj);
@@ -898,10 +893,9 @@ static int assign_ctxt(struct hfi1_filed
if (!ret)
ret = init_user_ctxt(fd);
- if (ret) {
+ if (ret)
clear_bit(fd->subctxt, fd->uctxt->in_use_ctxts);
- hfi1_rcd_put(fd->uctxt);
- }
+
} else if (!ret) {
ret = setup_base_ctxt(fd);
if (fd->uctxt->subctxt_cnt) {
@@ -917,6 +911,14 @@ static int assign_ctxt(struct hfi1_filed
&fd->uctxt->event_flags);
wake_up(&fd->uctxt->wait);
}
+ if (ret)
+ deallocate_ctxt(fd->uctxt);
+ }
+
+ /* If an error occurred, clear the reference */
+ if (ret && fd->uctxt) {
+ hfi1_rcd_put(fd->uctxt);
+ fd->uctxt = NULL;
}
return ret;
@@ -1087,6 +1089,19 @@ ctxdata_free:
return ret;
}
+static void deallocate_ctxt(struct hfi1_ctxtdata *uctxt)
+{
+ mutex_lock(&hfi1_mutex);
+ hfi1_stats.sps_ctxts--;
+ if (++uctxt->dd->freectxts == uctxt->dd->num_user_contexts)
+ aspm_enable_all(uctxt->dd);
+
+ /* _rcd_put() should be done after releasing mutex */
+ uctxt->dd->rcd[uctxt->ctxt] = NULL;
+ mutex_unlock(&hfi1_mutex);
+ hfi1_rcd_put(uctxt); /* dd reference */
+}
+
static int init_subctxts(struct hfi1_ctxtdata *uctxt,
const struct hfi1_user_info *uinfo)
{