[PATCH 5/5] RDMA/siw: Don't call wake_up unconditionally in siw_stop_tx_thread

Guoqing Jiang <guoqing.jiang@xxxxxxxxx> · Thu, 27 Jul 2023 22:03:49 +0800

In case siw module can't be inserted successfully, and if the kthread
(siw_run_sq) is not run which means wait_queue_head (tx_task->waiting)
is not initialized. Then siw_stop_tx_thread is called from siw_init_module,
so below trace appeared.

kernel: BUG: spinlock bad magic on CPU#0, modprobe/2073
kernel:  lock: 0xffff88babbd380e8, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
kernel: CPU: 0 PID: 2073 Comm: modprobe Tainted: G           OE      6.5.0-rc3+ #16
kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014
kernel: Call Trace:
kernel:  <TASK>
kernel:  dump_stack_lvl+0x77/0xd0
kernel:  dump_stack+0x10/0x20
kernel:  spin_bug+0xa5/0xd0
kernel:  do_raw_spin_lock+0x90/0xd0
kernel:  _raw_spin_lock_irqsave+0x56/0x80
kernel:  ? __wake_up_common_lock+0x63/0xd0
kernel:  __wake_up_common_lock+0x63/0xd0
kernel:  __wake_up+0x13/0x30
kernel:  siw_stop_tx_thread+0x49/0x70 [siw]
kernel:  siw_init_module+0x15b/0xff0 [siw]
kernel:  ? __pfx_siw_init_module+0x10/0x10 [siw]
kernel:  do_one_initcall+0x60/0x390
...
kernel:  </TASK>
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000

To prevent the issue, add 'running' to tx_task_t, which is set to after
siw_run_sq is triggered. Then only wake up waitqueue after it is true.

Signed-off-by: Guoqing Jiang <guoqing.jiang@xxxxxxxxx>
---
 drivers/infiniband/sw/siw/siw_qp_tx.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/sw/siw/siw_qp_tx.c b/drivers/infiniband/sw/siw/siw_qp_tx.c
index 7c7a51d36d0c..70acc4cd553f 100644
--- a/drivers/infiniband/sw/siw/siw_qp_tx.c
+++ b/drivers/infiniband/sw/siw/siw_qp_tx.c
@@ -1204,14 +1204,18 @@ static void siw_sq_resume(struct siw_qp *qp)
 struct tx_task_t {
 	struct llist_head active;
 	wait_queue_head_t waiting;
+	bool running;
 };
 
 static DEFINE_PER_CPU(struct tx_task_t, siw_tx_task_g);
 
 void siw_stop_tx_thread(int nr_cpu)
 {
+	struct tx_task_t *tx_task = &per_cpu(siw_tx_task_g, nr_cpu);
+
 	kthread_stop(siw_tx_thread[nr_cpu]);
-	wake_up(&per_cpu(siw_tx_task_g, nr_cpu).waiting);
+	if (tx_task->running)
+		wake_up(&per_cpu(siw_tx_task_g, nr_cpu).waiting);
 }
 
 int siw_run_sq(void *data)
@@ -1223,6 +1227,7 @@ int siw_run_sq(void *data)
 
 	init_llist_head(&tx_task->active);
 	init_waitqueue_head(&tx_task->waiting);
+	tx_task->running = true;
 
 	while (1) {
 		struct llist_node *fifo_list = NULL;
-- 
2.34.1







