[PATCH 4.19 108/110] IB/hfi1: Failed to drain send queue when QP is put into error state

From: Greg Kroah-Hartman
Date: Thu Apr 18 2019 - 14:02:46 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.19 086/110] crypto: sha512/arm - fix crash bug in Thumb2 build"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 106/110] bpf: fix use after free in bpf_evict_inode"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 106/110] bpf: fix use after free in bpf_evict_inode"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 086/110] crypto: sha512/arm - fix crash bug in Thumb2 build"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kaike Wan <kaike.wan@xxxxxxxxx>

commit 662d66466637862ef955f7f6e78a286d8cf0ebef upstream.

When a QP is put into error state, all pending requests in the send work
queue should be drained. The following sequence of events could lead to a
failure, causing a request to hang:

(1) The QP builds a packet and tries to send through SDMA engine.
However, PIO engine is still busy. Consequently, this packet is put on
the QP's tx list and the QP is put on the PIO waiting list. The field
qp->s_flags is set with HFI1_S_WAIT_PIO_DRAIN;

(2) The QP is put into error state by the user application and
notify_error_qp() is called, which removes the QP from the PIO waiting
list and the packet from the QP's tx list. In addition, qp->s_flags is
cleared of RVT_S_ANY_WAIT_IO bits, which does not include
HFI1_S_WAIT_PIO_DRAIN bit;

(3) The hfi1_schdule_send() function is called to drain the QP's send
queue. Subsequently, hfi1_do_send() is called. Since the flag bit
HFI1_S_WAIT_PIO_DRAIN is set in qp->s_flags, hfi1_send_ok() fails. As
a result, hfi1_do_send() bails out without draining any request from
the send queue;

(4) The PIO engine completes the sending and tries to wake up any QP on
its waiting list. But the QP has been removed from the PIO waiting
list and therefore is kept in sleep forever.

The fix is to clear qp->s_flags of HFI1_S_ANY_WAIT_IO bits in step (2).
HFI1_S_ANY_WAIT_IO includes RVT_S_ANY_WAIT_IO and HFI1_S_WAIT_PIO_DRAIN.

Fixes: 2e2ba09e48b7 ("IB/rdmavt, IB/hfi1: Create device dependent s_flags")
Cc: <stable@xxxxxxxxxxxxxxx> # 4.19.x+
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@xxxxxxxxx>
Reviewed-by: Alex Estrin <alex.estrin@xxxxxxxxx>
Signed-off-by: Kaike Wan <kaike.wan@xxxxxxxxx>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@xxxxxxxxx>
Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/infiniband/hw/hfi1/qp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/infiniband/hw/hfi1/qp.c
+++ b/drivers/infiniband/hw/hfi1/qp.c
@@ -784,7 +784,7 @@ void notify_error_qp(struct rvt_qp *qp)
write_seqlock(lock);
if (!list_empty(&priv->s_iowait.list) &&
!(qp->s_flags & RVT_S_BUSY)) {
- qp->s_flags &= ~RVT_S_ANY_WAIT_IO;
+ qp->s_flags &= ~HFI1_S_ANY_WAIT_IO;
list_del_init(&priv->s_iowait.list);
priv->s_iowait.lock = NULL;
rvt_put_qp(qp);

Next message: Greg Kroah-Hartman: "[PATCH 4.19 086/110] crypto: sha512/arm - fix crash bug in Thumb2 build"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 106/110] bpf: fix use after free in bpf_evict_inode"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 106/110] bpf: fix use after free in bpf_evict_inode"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 086/110] crypto: sha512/arm - fix crash bug in Thumb2 build"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]