Commit fda5d0cf authored by Bob Pearson's avatar Bob Pearson Committed by Jason Gunthorpe
Browse files

RDMA/rxe: Fix resize_finish() in rxe_queue.c 

Currently in resize_finish() in rxe_queue.c there is a loop which copies
the entries in the original queue into a newly allocated queue.  The
termination logic for this loop is incorrect. The call to
queue_next_index() updates cons but has no effect on whether the queue is
empty. So if the queue starts out empty nothing is copied but if it is not
then the loop will run forever. This patch changes the loop to compare the
value of cons to the original producer index.

Fixes: ae6e843f ("RDMA/rxe: Add memory barriers to kernel queues")
Link: https://lore.kernel.org/r/20220825221446.6512-1-rpearsonhpe@gmail.com


Signed-off-by: default avatarBob Pearson <rpearsonhpe@gmail.com>
Reviewed-by: default avatarLi Zhijian <lizhijian@fujitsu.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
parent 58651bbb

drivers/infiniband/sw/rxe/rxe_queue.c

+7 −5
Original line number Diff line number Diff line
@@ -112,23 +112,25 @@ static int resize_finish(struct rxe_queue *q, struct rxe_queue *new_q, 
			 unsigned int num_elem)

{

	enum queue_type type = q->type;

	u32 new_prod;

	u32 prod;

	u32 cons;



	if (!queue_empty(q, q->type) && (num_elem < queue_count(q, type)))

		return -EINVAL;



	prod = queue_get_producer(new_q, type);

	new_prod = queue_get_producer(new_q, type);

	prod = queue_get_producer(q, type);

	cons = queue_get_consumer(q, type);



	while (!queue_empty(q, type)) {

		memcpy(queue_addr_from_index(new_q, prod),

	while ((prod - cons) & q->index_mask) {

		memcpy(queue_addr_from_index(new_q, new_prod),

		       queue_addr_from_index(q, cons), new_q->elem_size);

		prod = queue_next_index(new_q, prod);

		new_prod = queue_next_index(new_q, new_prod);

		cons = queue_next_index(q, cons);

	}



	new_q->buf->producer_index = prod;

	new_q->buf->producer_index = new_prod;

	q->buf->consumer_index = cons;



	/* update private index copies */