lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250910102729.GP341237@unreal>
Date: Wed, 10 Sep 2025 13:27:29 +0300
From: Leon Romanovsky <leon@...nel.org>
To: Philipp Reisner <philipp.reisner@...bit.com>
Cc: Jason Gunthorpe <jgg@...pe.ca>, Zhu Yanjun <yanjun.zhu@...ux.dev>,
	linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] rdma_rxe: call comp_handler without holding
 cq->cq_lock

On Tue, Sep 09, 2025 at 06:00:36PM +0200, Philipp Reisner wrote:
> On Tue, Sep 9, 2025 at 5:31 PM Jason Gunthorpe <jgg@...pe.ca> wrote:
> >
> > On Tue, Sep 09, 2025 at 04:48:19PM +0200, Philipp Reisner wrote:
> > > On Mon, Sep 8, 2025 at 4:25 PM Leon Romanovsky <leon@...nel.org> wrote:
> > > >
> > > > On Fri, Aug 22, 2025 at 10:19:41AM +0200, Philipp Reisner wrote:
> > > > > Allow the comp_handler callback implementation to call ib_poll_cq().
> > > > > A call to ib_poll_cq() calls rxe_poll_cq() with the rdma_rxe driver.
> > > > > And rxe_poll_cq() locks cq->cq_lock. That leads to a spinlock deadlock.
> > > >
> > > > Can you please be more specific about the deadlock?
> > > > Please write call stack to describe it.
> > > >
> > > Instead of a call stack, I write it from top to bottom:
> > >
> > > The line numbers in the .c files are valid for Linux-6.16:
> > >
> > > 1  rxe_cq_post()                      [rxe_cq.c:85]
> > > 2   spin_lock_irqsave()               [rxe_cq.c:93]
> > > 3   cq->ibcq.comp_handler()           [rxe_cq.c:116]
> > > 4    some_comp_handler()
> > > 5     ib_poll_cq()
> > > 6      cq->device->ops.poll_cq()      [ib_verbs.h:4037]
> > > 7       rxe_poll_cq()                 [rxe_verbs.c:1165]
> > > 8        spin_lock_irqsave()          [rxe_verbs.c:1172]
> > >
> > > In line 8 of this call graph, it deadlocks because the spinlock
> > > was already acquired in line 2 of the call graph.
> >
> > Is this even legal in verbs? I'm not sure you can do pull cq from a
> > interrupt driven comp handler.. Is something already doing this intree?
> >
> 
> The file drivers/infiniband/sw/rdmavt/cq.c has this comment:
> /*
> * The completion handler will most likely rearm the notification
> * and poll for all pending entries.  If a new completion entry
> * is added while we are in this routine, queue_work()
> * won't call us again until we return so we check triggered to
> * see if we need to call the handler again.
> */
> 
> Also, Intel and Mellanox cards and drivers allow calling ib_poll_cq()
> from the completion handler.

And do these drivers drop CQ lock like you are proposing here?

> 
> The problem exists only with the RXE driver.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ