[ofa-general] Re: [PATCH for-2.6.21] mthca: QP reset race fixup

Michael S. Tsirkin mst at dev.mellanox.co.il
Tue Mar 20 22:26:43 PDT 2007 

> Quoting Michael S. Tsirkin <mst at dev.mellanox.co.il>:
> Subject: Re: [PATCH for-2.6.21] mthca: QP reset race fixup
> 
> > Quoting Roland Dreier <rdreier at cisco.com>:
> > Subject: Re: [PATCH for-2.6.21] mthca: QP reset race fixup
> > 
> >  > This fixes openfabrics bugzilla 394:
> >  > - Use common EQ for command interface and async events
> >  > - Clean CQ after moving QP to reset
> > 
> > This is a little terse -- an ideal changelog entry would explain what
> > the bug is, what is being changed to fix it, and why that fixes the issue.
> > I'll try to fix it up...
> > 
> >  > This also fixes a potential crash in ipoib cm:
> >  > - sync with completion event ISR after QP is reset
> >  >   to prevent ULP from getting and using QP pointer and/or WRID
> >  >   after they are freed.
> > 
> >  > We can rip the lines that sync with MTHCA_EQ_COMP out if you think
> >  > the issue needs to be dealt with in some other way - and I agree
> >  > this is only good for ULPs that do all their polling
> >  > inside the ISR, but at least this covers all in-kernel code.
> > 
> > I don't really like this change, although maybe it's the right thing
> > to do.  But can you explain what IPoIB CM is doing that would cause it
> > to run into trouble?  I'd like to see if there's a better solution.
> > It just seems strange to me to add the assumption that destroying a QP
> > makes sure that all running CQ callbacks are done.
> 
> Look at ipoib_cm_stale_task:
> +               ib_destroy_cm_id(p->id);
> +               ib_destroy_qp(p->qp);
> 
> and then
> +       if (!likely(wr_id & IPOIB_CM_RX_UPDATE_MASK)) {
> +               p = wc->qp->qp_context;
> 
> This wc->qp->qp_context might use QP after free.
> 
> > 
> > If we change to NAPI (so that CQs are polled asynchronously) does that
> > readd the same bug?
> 
> Hmm. Yes.
> In hindsight, it was probably better to put qp_context directly in ib_wc
> instead of the qp pointer.
> 
> Then ipoib could set some flag in the structure pointed to by qp_context.
> 
> My guess this would be too big a change for 2.6.21. What do you think?

To clarify: syncing with the completion IRQ will be needed anyway in
for non-NAPI mode.

For NAPI we will be able to sync with NAPI after we set the flag
	in qp_context.

-- 
MST

More information about the general mailing list