On 25/07/2019 20:50, Jason Gunthorpe wrote:
On Thu, Jul 25, 2019 at 04:36:20PM +0200, Maksym Planeta wrote:
Is this one better?
Replace tasklets with workqueues in rxe driver. The reason for this
replacement is that tasklets are supposed to run atomically, although the
actual code may block.
Modify the SKB destructor for outgoing SKB's to schedule QP tasks only if
the QP is not destroyed itself.
Add a variable "pending_skb_down" to ensure that reference counting for a QP
is decremented only when QP access related to this skb is over.
Separate part of pool element cleanup code to allow this code to be called
in the very end of cleanup, even if some of cleanup is scheduled for
asynchronous execution. Example, when it was happening is destructor for a
QP.
Disallow calling of task functions "directly". This allows to simplify logic
inside rxe_task.c
Schedule rxe_qp_do_cleanup onto high-priority system workqueue, because this
function can be scheduled from normal system workqueue.
Before destroying a QP, wait until all references to this QP are gone.
Previously the problem was that outgoing SKBs could be freed after the QP
these SKBs refer to is destroyed.
Add blocking rxe_run_task to replace __rxe_do_task that was calling task
function directly.
Mostly but it would also be good to describe the use after free and
races more specifically
These situations are described in the cover letter (PATCH 00/10). Do you need a more detailed description than that?
Jason