Commit f47e22c6 authored by Roland Dreier's avatar Roland Dreier

IB/fmr: ib_flush_fmr_pool() may wait too long

ib_flush_fmr_pool() stashes away the request generation number
properly, but then goes ahead and rereads it every time it tests
whether the flush generation number has caught up.  This means that
there is a theoretical possibility of livelock, if the request
generation number keeps getting bumped and the flush generation number
never catches up.  The fix is simple: use the request generation
number read at the beginning of the function.

Also, atomic_inc() followed by atomic_read() can be replaced with
atomic_int_return().  There's no real requirement for atomicity here
but we might as well shrink the code.

This bug was discovered using David Binderman's list of "set but never
used" warnings from icc.
Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
parent e1036502
...@@ -394,20 +394,12 @@ EXPORT_SYMBOL(ib_destroy_fmr_pool); ...@@ -394,20 +394,12 @@ EXPORT_SYMBOL(ib_destroy_fmr_pool);
*/ */
int ib_flush_fmr_pool(struct ib_fmr_pool *pool) int ib_flush_fmr_pool(struct ib_fmr_pool *pool)
{ {
int serial; int serial = atomic_inc_return(&pool->req_ser);
atomic_inc(&pool->req_ser);
/*
* It's OK if someone else bumps req_ser again here -- we'll
* just wait a little longer.
*/
serial = atomic_read(&pool->req_ser);
wake_up_process(pool->thread); wake_up_process(pool->thread);
if (wait_event_interruptible(pool->force_wait, if (wait_event_interruptible(pool->force_wait,
atomic_read(&pool->flush_ser) - atomic_read(&pool->flush_ser) - serial >= 0))
atomic_read(&pool->req_ser) >= 0))
return -EINTR; return -EINTR;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment