linux/drivers/infiniband/hw/hfi1
Mike Marciniszyn be8638344c IB/hfi1: Close window for pq and request coliding
Cleaning up a pq can result in the following warning and panic:

  WARNING: CPU: 52 PID: 77418 at lib/list_debug.c:53 __list_del_entry+0x63/0xd0
  list_del corruption, ffff88cb2c6ac068->next is LIST_POISON1 (dead000000000100)
  Modules linked in: mmfs26(OE) mmfslinux(OE) tracedev(OE) 8021q garp mrp ib_isert iscsi_target_mod target_core_mod crc_t10dif crct10dif_generic opa_vnic rpcrdma ib_iser libiscsi scsi_transport_iscsi ib_ipoib(OE) bridge stp llc iTCO_wdt iTCO_vendor_support intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crct10dif_pclmul crct10dif_common crc32_pclmul ghash_clmulni_intel ast aesni_intel ttm lrw gf128mul glue_helper ablk_helper drm_kms_helper cryptd syscopyarea sysfillrect sysimgblt fb_sys_fops drm pcspkr joydev lpc_ich mei_me drm_panel_orientation_quirks i2c_i801 mei wmi ipmi_si ipmi_devintf ipmi_msghandler nfit libnvdimm acpi_power_meter acpi_pad hfi1(OE) rdmavt(OE) rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm ib_core binfmt_misc numatools(OE) xpmem(OE) ip_tables
   nfsv3 nfs_acl nfs lockd grace sunrpc fscache igb ahci i2c_algo_bit libahci dca ptp libata pps_core crc32c_intel [last unloaded: i2c_algo_bit]
  CPU: 52 PID: 77418 Comm: pvbatch Kdump: loaded Tainted: G           OE  ------------   3.10.0-957.38.3.el7.x86_64 #1
  Hardware name: HPE.COM HPE SGI 8600-XA730i Gen10/X11DPT-SB-SG007, BIOS SBED1229 01/22/2019
  Call Trace:
   [<ffffffff90365ac0>] dump_stack+0x19/0x1b
   [<ffffffff8fc98b78>] __warn+0xd8/0x100
   [<ffffffff8fc98bff>] warn_slowpath_fmt+0x5f/0x80
   [<ffffffff8ff970c3>] __list_del_entry+0x63/0xd0
   [<ffffffff8ff9713d>] list_del+0xd/0x30
   [<ffffffff8fddda70>] kmem_cache_destroy+0x50/0x110
   [<ffffffffc0328130>] hfi1_user_sdma_free_queues+0xf0/0x200 [hfi1]
   [<ffffffffc02e2350>] hfi1_file_close+0x70/0x1e0 [hfi1]
   [<ffffffff8fe4519c>] __fput+0xec/0x260
   [<ffffffff8fe453fe>] ____fput+0xe/0x10
   [<ffffffff8fcbfd1b>] task_work_run+0xbb/0xe0
   [<ffffffff8fc2bc65>] do_notify_resume+0xa5/0xc0
   [<ffffffff90379134>] int_signal+0x12/0x17
  BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
  IP: [<ffffffff8fe1f93e>] kmem_cache_close+0x7e/0x300
  PGD 2cdab19067 PUD 2f7bfdb067 PMD 0
  Oops: 0000 [#1] SMP
  Modules linked in: mmfs26(OE) mmfslinux(OE) tracedev(OE) 8021q garp mrp ib_isert iscsi_target_mod target_core_mod crc_t10dif crct10dif_generic opa_vnic rpcrdma ib_iser libiscsi scsi_transport_iscsi ib_ipoib(OE) bridge stp llc iTCO_wdt iTCO_vendor_support intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crct10dif_pclmul crct10dif_common crc32_pclmul ghash_clmulni_intel ast aesni_intel ttm lrw gf128mul glue_helper ablk_helper drm_kms_helper cryptd syscopyarea sysfillrect sysimgblt fb_sys_fops drm pcspkr joydev lpc_ich mei_me drm_panel_orientation_quirks i2c_i801 mei wmi ipmi_si ipmi_devintf ipmi_msghandler nfit libnvdimm acpi_power_meter acpi_pad hfi1(OE) rdmavt(OE) rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm ib_core binfmt_misc numatools(OE) xpmem(OE) ip_tables
   nfsv3 nfs_acl nfs lockd grace sunrpc fscache igb ahci i2c_algo_bit libahci dca ptp libata pps_core crc32c_intel [last unloaded: i2c_algo_bit]
  CPU: 52 PID: 77418 Comm: pvbatch Kdump: loaded Tainted: G        W  OE  ------------   3.10.0-957.38.3.el7.x86_64 #1
  Hardware name: HPE.COM HPE SGI 8600-XA730i Gen10/X11DPT-SB-SG007, BIOS SBED1229 01/22/2019
  task: ffff88cc26db9040 ti: ffff88b5393a8000 task.ti: ffff88b5393a8000
  RIP: 0010:[<ffffffff8fe1f93e>]  [<ffffffff8fe1f93e>] kmem_cache_close+0x7e/0x300
  RSP: 0018:ffff88b5393abd60  EFLAGS: 00010287
  RAX: 0000000000000000 RBX: ffff88cb2c6ac000 RCX: 0000000000000003
  RDX: 0000000000000400 RSI: 0000000000000400 RDI: ffffffff9095b800
  RBP: ffff88b5393abdb0 R08: ffffffff9095b808 R09: ffffffff8ff77c19
  R10: ffff88b73ce1f160 R11: ffffddecddde9800 R12: ffff88cb2c6ac000
  R13: 000000000000000c R14: ffff88cf3fdca780 R15: 0000000000000000
  FS:  00002aaaaab52500(0000) GS:ffff88b73ce00000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000010 CR3: 0000002d27664000 CR4: 00000000007607e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  PKRU: 55555554
  Call Trace:
   [<ffffffff8fe20d44>] __kmem_cache_shutdown+0x14/0x80
   [<ffffffff8fddda78>] kmem_cache_destroy+0x58/0x110
   [<ffffffffc0328130>] hfi1_user_sdma_free_queues+0xf0/0x200 [hfi1]
   [<ffffffffc02e2350>] hfi1_file_close+0x70/0x1e0 [hfi1]
   [<ffffffff8fe4519c>] __fput+0xec/0x260
   [<ffffffff8fe453fe>] ____fput+0xe/0x10
   [<ffffffff8fcbfd1b>] task_work_run+0xbb/0xe0
   [<ffffffff8fc2bc65>] do_notify_resume+0xa5/0xc0
   [<ffffffff90379134>] int_signal+0x12/0x17
  Code: 00 00 ba 00 04 00 00 0f 4f c2 3d 00 04 00 00 89 45 bc 0f 84 e7 01 00 00 48 63 45 bc 49 8d 04 c4 48 89 45 b0 48 8b 80 c8 00 00 00 <48> 8b 78 10 48 89 45 c0 48 83 c0 10 48 89 45 d0 48 8b 17 48 39
  RIP  [<ffffffff8fe1f93e>] kmem_cache_close+0x7e/0x300
   RSP <ffff88b5393abd60>
  CR2: 0000000000000010

The panic is the result of slab entries being freed during the destruction
of the pq slab.

The code attempts to quiesce the pq, but looking for n_req == 0 doesn't
account for new requests.

Fix the issue by using SRCU to get a pq pointer and adjust the pq free
logic to NULL the fd pq pointer prior to the quiesce.

Fixes: e87473bc1b ("IB/hfi1: Only set fd pointer when base context is completely initialized")
Link: https://lore.kernel.org/r/20200210131033.87408.81174.stgit@awfm-01.aw.intel.com
Reviewed-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2020-02-11 11:41:31 -04:00
..
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile IB/hfi1: Reduce excessive aspm inlines 2019-06-28 22:34:26 -03:00
affinity.c RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create 2020-02-11 11:35:45 -04:00
affinity.h IB/{hfi1, rdmavt, qib}: Implement CQ completion vector support 2018-05-09 15:53:30 -04:00
aspm.c IB/hfi1: Reduce excessive aspm inlines 2019-06-28 22:34:26 -03:00
aspm.h IB/hfi1: Reduce excessive aspm inlines 2019-06-28 22:34:26 -03:00
chip.c IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats 2020-01-10 10:57:17 -04:00
chip.h IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats 2020-01-10 10:57:17 -04:00
chip_registers.h IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats 2020-01-10 10:57:17 -04:00
common.h IB/hfi1: Add accessor API routines to access context members 2020-01-03 16:44:49 -04:00
debugfs.c IB/hfi1: List all receive contexts from debugfs 2020-01-03 16:44:50 -04:00
debugfs.h infiniband: hfi1: drop crazy DEBUGFS_SEQ_FILE_CREATE() macro 2019-01-24 09:22:29 -07:00
device.c
device.h
driver.c IB/hfi1: Add software counter for ctxt0 seq drop 2020-01-10 10:57:17 -04:00
efivar.c
efivar.h
eprom.c IB/hfi1: Check eeprom config partition validity 2017-09-27 11:10:36 -04:00
eprom.h
exp_rcv.c IB/hfi1: Remove WARN_ON when freeing expected receive groups 2019-04-03 15:27:30 -03:00
exp_rcv.h IB/hfi1: Cleanup of exp_rcv 2018-05-24 09:39:25 -06:00
fault.c infiniband: hfi1: fix memory leaks 2019-08-20 13:44:45 -04:00
fault.h IB/hfi1: Rework fault injection machinery 2018-05-09 15:53:30 -04:00
file_ops.c IB/hfi1: Close window for pq and request coliding 2020-02-11 11:41:31 -04:00
firmware.c IB/hfi1: Fix infinite loop in 8051 command error path 2018-01-05 13:34:55 -05:00
hfi.h IB/hfi1: Close window for pq and request coliding 2020-02-11 11:41:31 -04:00
init.c IB/hfi1: IB/hfi1: Add an API to handle special case drop 2020-01-10 10:57:16 -04:00
intr.c IB/hfi1: Allow MgmtAllowed on B2B setups 2017-11-13 15:53:56 -05:00
iowait.c IB/hfi1: Don't cancel unused work item 2020-01-03 16:41:51 -04:00
iowait.h IB/hfi1: Prioritize the sending of ACK packets 2019-02-05 18:07:44 -05:00
mad.c RDMA: Change MAD processing function to remove extra casting and parameter 2019-11-12 20:20:15 -04:00
mad.h IB/hfi1: Convert PortXmitWait/PortVLXmitWait counters to flit times 2018-02-01 15:43:30 -07:00
mmu_rb.c mm/mmu_notifier: use structure for invalidate_range_start/end callback 2018-12-28 12:11:50 -08:00
mmu_rb.h IB/hfi1: Don't remove RB entry when not needed. 2017-06-27 16:56:33 -04:00
msix.c IB/hfi1: Fix logical condition in msix_request_irq 2020-01-25 15:33:53 -04:00
msix.h IB/hfi1: Decouple IRQ name from type 2020-01-10 10:57:17 -04:00
opa_compat.h IB/hfi1: Document phys port state bits not used in IB 2017-08-22 14:22:37 -04:00
opfn.c IB/hfi1: Add TID RDMA retry timer 2019-02-05 18:07:43 -05:00
opfn.h IB/hfi1: Make opfn.h self sufficient 2019-04-24 11:31:49 -03:00
pcie.c remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
pio.c Linux 5.2-rc6 2019-06-28 21:18:23 -03:00
pio.h IB/hfi1: Reduce lock contention on iowait_lock for sdma and pio 2018-12-06 20:15:36 -07:00
pio_copy.c
platform.c IB/hfi1: remove redundant assignment to variable ret 2019-11-25 10:31:47 -04:00
platform.h
qp.c IB/{rdmavt, hfi1, qib}: Add helpers to hide SWQE WR details 2019-06-28 22:34:26 -03:00
qp.h IB/hfi1: Add the dual leg code 2019-02-05 18:07:44 -05:00
qsfp.c IB/{hfi1, rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure 2018-05-03 15:24:48 -04:00
qsfp.h
rc.c IB/hfi1: use true,false for bool variable 2020-01-03 19:13:59 -04:00
rc.h IB/hfi1: Delay the release of destination mr for TID RDMA WRITE DATA 2019-04-03 15:27:30 -03:00
ruc.c IB/{rdmavt, hfi1): Miscellaneous comment fixes 2019-04-24 11:31:48 -03:00
sdma.c treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
sdma.h IB/hfi1: Reduce lock contention on iowait_lock for sdma and pio 2018-12-06 20:15:36 -07:00
sdma_txreq.h IB/hfi1: Prioritize the sending of ACK packets 2019-02-05 18:07:44 -05:00
sysfs.c RDMA: Introduce and use rdma_device_to_ibdev() 2019-01-14 13:12:03 -07:00
tid_rdma.c IB/hfi1: Adjust flow PSN with the correct resync_psn 2020-01-03 16:48:01 -04:00
tid_rdma.h IB/hfi1: Calculate flow weight based on QP MTU for TID RDMA 2019-11-06 13:15:36 -04:00
trace.c IB/hfi1: Add static trace for TID RDMA WRITE protocol 2019-02-05 18:07:44 -05:00
trace.h IB/hfi1: Add static trace for OPFN 2019-01-31 11:37:40 -05:00
trace_ctxts.h IB/hfi1: Add accessor API routines to access context members 2020-01-03 16:44:49 -04:00
trace_dbg.h IB/hfi1: Fix two format strings 2019-03-28 11:03:49 -03:00
trace_ibhdrs.h IB/hfi1: Add missing INVALIDATE opcodes for trace 2019-06-28 22:34:26 -03:00
trace_iowait.h IB/hfi1: Add static trace for iowait 2018-09-30 19:21:12 -06:00
trace_misc.h IB/hfi1: Add traces for TID operations 2017-06-27 16:58:13 -04:00
trace_mmu.h IB/hif1: Remove static tracing from SDMA hot path 2017-08-28 19:12:27 -04:00
trace_rc.h IB/hfi1: Add static trace for TID RDMA READ protocol 2019-02-05 17:53:56 -05:00
trace_rx.h IB/hfi1: Add fast and slow handlers for receive context 2020-01-10 10:57:16 -04:00
trace_tid.h ftrace: Rework event_create_dir() 2019-11-27 07:44:25 +01:00
trace_tx.h ftrace: Rework event_create_dir() 2019-11-27 07:44:25 +01:00
uc.c IB/{hfi1, qib, rdmavt}: Put qp in error state when cq is full 2019-06-28 22:34:26 -03:00
ud.c IB/{rdmavt, hfi1, qib}: Add helpers to hide SWQE WR details 2019-06-28 22:34:26 -03:00
user_exp_rcv.c IB/hfi1: Close window for pq and request coliding 2020-02-11 11:41:31 -04:00
user_exp_rcv.h RDMA/hfi1: Use mmu_interval_notifier_insert for user_exp_rcv 2019-11-23 19:56:44 -04:00
user_pages.c mm, tree-wide: rename put_user_page*() to unpin_user_page*() 2020-01-31 10:30:38 -08:00
user_sdma.c IB/hfi1: Close window for pq and request coliding 2020-02-11 11:41:31 -04:00
user_sdma.h IB/hfi1: Remove unused define 2019-07-22 16:10:48 -03:00
verbs.c IB/hfi1: Use a common pad buffer for 9B and 16B packets 2019-10-17 16:32:25 -04:00
verbs.h treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
verbs_txreq.c IB/hfi1: Silence txreq allocation warnings 2019-06-17 21:15:40 -04:00
verbs_txreq.h IB/hfi1: Silence txreq allocation warnings 2019-06-17 21:15:40 -04:00
vnic.h IB/hfi1: Add support to receive 16B bypass packets 2017-08-22 14:22:37 -04:00
vnic_main.c IB/hfi1: Add accessor API routines to access context members 2020-01-03 16:44:49 -04:00
vnic_sdma.c net: Use skb_frag_off accessors 2019-07-30 14:21:32 -07:00