[PATCH 4.7 101/141] xprtrdma: Remove FMRs from the unmap list after unmapping

From: Greg Kroah-Hartman
Date: Thu Oct 06 2016 - 04:44:11 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.7 102/141] ASoC: Intel: Skylake: Fix error return code in skl_probe()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.7 100/141] cxl: fix potential NULL dereference in free_adapter()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.7 100/141] cxl: fix potential NULL dereference in free_adapter()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.7 102/141] ASoC: Intel: Skylake: Fix error return code in skl_probe()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.7-stable review patch. If anyone has any objections, please let me know.

------------------

From: Chuck Lever <chuck.lever@xxxxxxxxxx>

commit 38f1932e60ba249660bbae585f61ef2dee3313a4 upstream.

ib_unmap_fmr() takes a list of FMRs to unmap. However, it does not
remove the FMRs from this list as it processes them. Other
ib_unmap_fmr() call sites are careful to remove FMRs from the list
after ib_unmap_fmr() returns.

Since commit 7c7a5390dc6c8 ("xprtrdma: Add ro_unmap_sync method for FMR")
fmr_op_unmap_sync passes more than one FMR to ib_unmap_fmr(), but
it didn't bother to remove the FMRs from that list once the call was
complete.

I've noticed some instability that could be related to list
tangling by the new fmr_op_unmap_sync() logic. In an abundance
of caution, add some defensive logic to clean up properly after
ib_unmap_fmr().

Fixes: 7c7a5390dc6c8 ("xprtrdma: Add ro_unmap_sync method for FMR")
Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
Tested-by: Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Anna Schumaker <Anna.Schumaker@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
net/sunrpc/xprtrdma/fmr_ops.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

--- a/net/sunrpc/xprtrdma/fmr_ops.c
+++ b/net/sunrpc/xprtrdma/fmr_ops.c
@@ -63,9 +63,12 @@ static int
__fmr_unmap(struct rpcrdma_mw *mw)
{
LIST_HEAD(l);
+ int rc;

list_add(&mw->fmr.fmr->list, &l);
- return ib_unmap_fmr(&l);
+ rc = ib_unmap_fmr(&l);
+ list_del_init(&mw->fmr.fmr->list);
+ return rc;
}

/* Deferred reset of a single FMR. Generate a fresh rkey by
@@ -267,7 +270,7 @@ fmr_op_unmap_sync(struct rpcrdma_xprt *r
seg = &req->rl_segments[i];
mw = seg->rl_mw;

- list_add(&mw->fmr.fmr->list, &unmap_list);
+ list_add_tail(&mw->fmr.fmr->list, &unmap_list);

i += seg->mr_nsegs;
}
@@ -280,7 +283,9 @@ fmr_op_unmap_sync(struct rpcrdma_xprt *r
*/
for (i = 0, nchunks = req->rl_nchunks; nchunks; nchunks--) {
seg = &req->rl_segments[i];
+ mw = seg->rl_mw;

+ list_del_init(&mw->fmr.fmr->list);
__fmr_dma_unmap(r_xprt, seg);
rpcrdma_put_mw(r_xprt, seg->rl_mw);

Next message: Greg Kroah-Hartman: "[PATCH 4.7 102/141] ASoC: Intel: Skylake: Fix error return code in skl_probe()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.7 100/141] cxl: fix potential NULL dereference in free_adapter()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.7 100/141] cxl: fix potential NULL dereference in free_adapter()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.7 102/141] ASoC: Intel: Skylake: Fix error return code in skl_probe()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]