[Devel] [PATCH RHEL9 COMMIT] ms/RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work

Konstantin Khorenko khorenko at virtuozzo.com
Wed Jun 25 13:50:17 MSK 2025


The commit is pushed to "branch-rh9-5.14.0-427.55.1.vz9.82.x-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh9-5.14.0-427.55.1.el9
------>
commit 7e5d983183c86bef716399ed67be2df25c61f170
Author: Jack Morgenstein <jackm at nvidia.com>
Date:   Mon Jun 16 13:54:54 2025 +0800

    ms/RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
    
    The cited commit fixed a crash when cma_netevent_callback was called for
    a cma_id while work on that id from a previous call had not yet started.
    The work item was re-initialized in the second call, which corrupted the
    work item currently in the work queue.
    
    However, it left a problem when queue_work fails (because the item is
    still pending in the work queue from a previous call). In this case,
    cma_id_put (which is called in the work handler) is therefore not
    called. This results in a userspace process hang (zombie process).
    
    Fix this by calling cma_id_put() if queue_work fails.
    
    Fixes: 45f5dcdd0497 ("RDMA/cma: Fix workqueue crash in cma_netevent_work_handler")
    Link: https://patch.msgid.link/r/4f3640b501e48d0166f312a64fdadf72b059bd04.1747827103.git.leon@kernel.org
    Signed-off-by: Jack Morgenstein <jackm at nvidia.com>
    Signed-off-by: Feng Liu <feliu at nvidia.com>
    Reviewed-by: Vlad Dumitrescu <vdumitrescu at nvidia.com>
    Signed-off-by: Leon Romanovsky <leonro at nvidia.com>
    Reviewed-by: Sharath Srinivasan <sharath.srinivasan at oracle.com>
    Reviewed-by: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
    Signed-off-by: Jason Gunthorpe <jgg at nvidia.com>
    
    https://virtuozzo.atlassian.net/browse/ASUP-1636
    https://virtuozzo.atlassian.net/browse/VSTOR-108908
    
    (cherry picked from commit 92a251c3df8ea1991cd9fe00f1ab0cfce18d7711)
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    Feature: fix ms/drivers
---
 drivers/infiniband/core/cma.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 906c03f6eabb2..0a2c459ad72cf 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -5191,7 +5191,8 @@ static int cma_netevent_callback(struct notifier_block *self,
 			   neigh->ha, ETH_ALEN))
 			continue;
 		cma_id_get(current_id);
-		queue_work(cma_wq, &current_id->id.net_work);
+		if (!queue_work(cma_wq, &current_id->id.net_work))
+			cma_id_put(current_id);
 	}
 out:
 	spin_unlock_irqrestore(&id_table_lock, flags);


More information about the Devel mailing list