Hello.

While searching for races in the Linux kernel I've come across
"drivers/infiniband/hw/mlx5/mlx5_ib.ko" module. Here are questions that I came up with while analyzing results. Lines are given using the info from Linux v4.12.

Consider the following case:

Thread 1:              Thread 2:
size_write
->remove_keys          limit_write
    ent->cur--;          if (ent->cur < ent->limit)
    (mr.c: line 234)     (mr.c: line 335)
                            err = add_keys(... ent->limit - ent->cur);

If size_write and limit_write are able to work concurrently with the same ent then there is a possibility of a race between the accesses to ent->cur. In worst case in limit_write new keys wouldn't be added. Is it feasible from your point of view? If so, is it a benign race or a serious one?

Thank you for your time.

-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avol...@ispras.ru

Reply via email to