From: Roland Dreier Date: Tue, 12 Dec 2006 19:50:19 +0000 (-0800) Subject: IB/fmr: ib_flush_fmr_pool() may wait too long X-Git-Tag: v2.6.20-rc1~143^2~16 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f47e22c6e4225f40e0dd662398e2cb204f6ec8ed;p=linux-2.6 IB/fmr: ib_flush_fmr_pool() may wait too long ib_flush_fmr_pool() stashes away the request generation number properly, but then goes ahead and rereads it every time it tests whether the flush generation number has caught up. This means that there is a theoretical possibility of livelock, if the request generation number keeps getting bumped and the flush generation number never catches up. The fix is simple: use the request generation number read at the beginning of the function. Also, atomic_inc() followed by atomic_read() can be replaced with atomic_int_return(). There's no real requirement for atomicity here but we might as well shrink the code. This bug was discovered using David Binderman's list of "set but never used" warnings from icc. Signed-off-by: Roland Dreier --- diff --git a/drivers/infiniband/core/fmr_pool.c b/drivers/infiniband/core/fmr_pool.c index 86a3b2d401..8926a2bd4a 100644 --- a/drivers/infiniband/core/fmr_pool.c +++ b/drivers/infiniband/core/fmr_pool.c @@ -394,20 +394,12 @@ EXPORT_SYMBOL(ib_destroy_fmr_pool); */ int ib_flush_fmr_pool(struct ib_fmr_pool *pool) { - int serial; - - atomic_inc(&pool->req_ser); - /* - * It's OK if someone else bumps req_ser again here -- we'll - * just wait a little longer. - */ - serial = atomic_read(&pool->req_ser); + int serial = atomic_inc_return(&pool->req_ser); wake_up_process(pool->thread); if (wait_event_interruptible(pool->force_wait, - atomic_read(&pool->flush_ser) - - atomic_read(&pool->req_ser) >= 0)) + atomic_read(&pool->flush_ser) - serial >= 0)) return -EINTR; return 0;