projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5407f53) | patch
IB/rxe: Wait for tasklets to finish before tearing down QP
authorAndrew Boyer <andrew.boyer@dell.com>
Mon, 5 Dec 2016 13:43:20 +0000 (08:43 -0500)
committerDoug Ledford <dledford@redhat.com>
Mon, 12 Dec 2016 21:31:45 +0000 (16:31 -0500)
commit07bf9627d5f1c0334fc543a5435a31a3b5907944
tree92998cf99b917960295d2c9e1aa9be7cc9bb6b50tree | snapshot (tar.gz zip)
parent5407f530122aa63cf304eb0874c938b3bdb8d3fbcommit | diff
IB/rxe: Wait for tasklets to finish before tearing down QP

The system may crash when a malformed request is received and
the error is detected by the responder.

NodeA: $ ibv_rc_pingpong -g 0 -d rxe0 -i 1 -n 1 -s 50000
NodeB: $ ibv_rc_pingpong -g 0 -d rxe0 -i 1 -n 1 -s 1024 <NodeA_ip>

The responder generates a receive error on node B since the incoming
SEND is oversized. If the client tears down the QP before the responder
or the completer finish running, a page fault may occur.

The fix makes the destroy operation spin until the tasks complete, which
appears to be original intent of the design.

Signed-off-by: Andrew Boyer <andrew.boyer@dell.com>
Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/infiniband/sw/rxe/rxe_task.c diff | blob | blame | history
drivers/infiniband/sw/rxe/rxe_task.h diff | blob | blame | history