[ofa-general] Re: [PATCH for-2.6.21] mthca: QP reset race fixup
Michael S. Tsirkin
mst at dev.mellanox.co.il
Wed Mar 21 01:12:33 PDT 2007
> Quoting Michael S. Tsirkin <mst at dev.mellanox.co.il>:
> Subject: Re: [PATCH for-2.6.21] mthca: QP reset race fixup
>
> > Quoting Michael S. Tsirkin <mst at dev.mellanox.co.il>:
> > Subject: Re: [PATCH for-2.6.21] mthca: QP reset race fixup
> >
> > > Quoting Roland Dreier <rdreier at cisco.com>:
> > > Subject: Re: [PATCH for-2.6.21] mthca: QP reset race fixup
> > >
> > > > This fixes openfabrics bugzilla 394:
> > > > - Use common EQ for command interface and async events
> > > > - Clean CQ after moving QP to reset
> > >
> > > This is a little terse -- an ideal changelog entry would explain what
> > > the bug is, what is being changed to fix it, and why that fixes the issue.
> > > I'll try to fix it up...
> > >
> > > > This also fixes a potential crash in ipoib cm:
> > > > - sync with completion event ISR after QP is reset
> > > > to prevent ULP from getting and using QP pointer and/or WRID
> > > > after they are freed.
> > >
> > > > We can rip the lines that sync with MTHCA_EQ_COMP out if you think
> > > > the issue needs to be dealt with in some other way - and I agree
> > > > this is only good for ULPs that do all their polling
> > > > inside the ISR, but at least this covers all in-kernel code.
> > >
> > > I don't really like this change, although maybe it's the right thing
> > > to do. But can you explain what IPoIB CM is doing that would cause it
> > > to run into trouble? I'd like to see if there's a better solution.
> > > It just seems strange to me to add the assumption that destroying a QP
> > > makes sure that all running CQ callbacks are done.
> >
> > Look at ipoib_cm_stale_task:
> > + ib_destroy_cm_id(p->id);
> > + ib_destroy_qp(p->qp);
> >
> > and then
> > + if (!likely(wr_id & IPOIB_CM_RX_UPDATE_MASK)) {
> > + p = wc->qp->qp_context;
> >
> > This wc->qp->qp_context might use QP after free.
> >
> > >
> > > If we change to NAPI (so that CQs are polled asynchronously) does that
> > > readd the same bug?
> >
> > Hmm. Yes.
> > In hindsight, it was probably better to put qp_context directly in ib_wc
> > instead of the qp pointer.
> >
> > Then ipoib could set some flag in the structure pointed to by qp_context.
> >
> > My guess this would be too big a change for 2.6.21. What do you think?
>
> To clarify: syncing with the completion IRQ will be needed anyway in
> for non-NAPI mode.
>
> For NAPI we will be able to sync with NAPI after we set the flag
> in qp_context.
To sync with NAPI, we can take the poll_lock.
I imagine something like this before destroying QP
spin_lock(&dev->npinfo->poll_lock);
p->dead = 1;
spin_unlock(&dev->npinfo->poll_lock);
and after poll cq:
if (!likely(wr_id & IPOIB_CM_RX_UPDATE_MASK)) {
p = wc->qp_context;
if (!p->dead &&
time_after_eq(jiffies, p->jiffies + IPOIB_CM_RX_UPDATE_TIME)) {
}
}
--
MST
More information about the general
mailing list