[Devel] [PATCH VZ9 2/2] RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work

Sun, 15 Jun 2025 23:04:12 -0700 

From: Jack Morgenstein <ja...@nvidia.com>

The cited commit fixed a crash when cma_netevent_callback was called for
a cma_id while work on that id from a previous call had not yet started.
The work item was re-initialized in the second call, which corrupted the
work item currently in the work queue.

However, it left a problem when queue_work fails (because the item is
still pending in the work queue from a previous call). In this case,
cma_id_put (which is called in the work handler) is therefore not
called. This results in a userspace process hang (zombie process).

Fix this by calling cma_id_put() if queue_work fails.

Fixes: 45f5dcdd0497 ("RDMA/cma: Fix workqueue crash in 
cma_netevent_work_handler")
Link: 
https://patch.msgid.link/r/4f3640b501e48d0166f312a64fdadf72b059bd04.1747827103.git.l...@kernel.org
Signed-off-by: Jack Morgenstein <ja...@nvidia.com>
Signed-off-by: Feng Liu <fe...@nvidia.com>
Reviewed-by: Vlad Dumitrescu <vdumitre...@nvidia.com>
Signed-off-by: Leon Romanovsky <leo...@nvidia.com>
Reviewed-by: Sharath Srinivasan <sharath.sriniva...@oracle.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.pura...@broadcom.com>
Signed-off-by: Jason Gunthorpe <j...@nvidia.com>

https://virtuozzo.atlassian.net/browse/ASUP-1636
(cherry picked from commit 92a251c3df8ea1991cd9fe00f1ab0cfce18d7711)
Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
---
 drivers/infiniband/core/cma.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 906c03f6eabb..0a2c459ad72c 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -5191,7 +5191,8 @@ static int cma_netevent_callback(struct notifier_block 
*self,
                           neigh->ha, ETH_ALEN))
                        continue;
                cma_id_get(current_id);
-               queue_work(cma_wq, &current_id->id.net_work);
+               if (!queue_work(cma_wq, &current_id->id.net_work))
+                       cma_id_put(current_id);
        }
 out:
        spin_unlock_irqrestore(&id_table_lock, flags);
-- 
2.49.0

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to