From: Leon Romanovsky <leon@kernel.org>
To: Doug Ledford <dledford@redhat.com>, Jason Gunthorpe <jgg@mellanox.com>
Cc: Leon Romanovsky <leonro@mellanox.com>,
RDMA mailing list <linux-rdma@vger.kernel.org>,
Eli Cohen <eli@mellanox.co.il>, Ido Kalir <idok@mellanox.com>,
Maor Gottlieb <maorg@mellanox.com>,
Mark Zhang <markz@mellanox.com>,
Parav Pandit <parav@mellanox.com>,
Raed Salem <raeds@mellanox.com>
Subject: [PATCH rdma-rc 1/3] RDMA/counter: Prevent auto-binding a QP which are not tracked with res
Date: Thu, 12 Dec 2019 11:12:12 +0200 [thread overview]
Message-ID: <20191212091214.315005-2-leon@kernel.org> (raw)
In-Reply-To: <20191212091214.315005-1-leon@kernel.org>
From: Mark Zhang <markz@mellanox.com>
Some QPs (e.g. XRC QP) are not tracked in kernel, in this case they have
an invalid res and should not be bound to any dynamically-allocated
counter in auto mode.
This fixes below call trace:
BUG: kernel NULL pointer dereference, address: 0000000000000390
PGD 80000001a7233067 P4D 80000001a7233067 PUD 1a7215067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 2 PID: 24822 Comm: ibv_xsrq_pingpo Not tainted 5.4.0-rc5+ #21
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-2.fc27 04/01/2014
RIP: 0010:rdma_counter_bind_qp_auto+0x142/0x270 [ib_core]
Code: e1 48 85 c0 48 89 c2 0f 84 bc 00 00 00 49 8b 06 48 39 42 48 75 d6 40 3a aa 90 00 00 00 75 cd 49 8b 86 00 01 00 00 48 8b 4a 28 <8b> 80 90 03 00 00 39 81 90 03 00 00 75 b4 85 c0 74 b0 48 8b 04 24
RSP: 0018:ffffc900003f39c0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff88820020ec00 RSI: 0000000000000004 RDI: ffffffffffffffc0
RBP: 0000000000000001 R08: ffff888224149ff0 R09: ffffc900003f3968
R10: ffffffffffffffff R11: ffff8882249c5848 R12: ffffffffffffffff
R13: ffff88821d5aca50 R14: ffff8881f7690800 R15: ffff8881ff890000
FS: 00007fe53a3e1740(0000) GS:ffff888237b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000390 CR3: 00000001a7292006 CR4: 00000000003606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
_ib_modify_qp+0x3a4/0x3f0 [ib_core]
? lookup_get_idr_uobject.part.8+0x23/0x40 [ib_uverbs]
modify_qp+0x322/0x3e0 [ib_uverbs]
ib_uverbs_modify_qp+0x43/0x70 [ib_uverbs]
ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xb1/0xf0 [ib_uverbs]
ib_uverbs_run_method+0x6be/0x760 [ib_uverbs]
? uverbs_disassociate_api+0xd0/0xd0 [ib_uverbs]
ib_uverbs_cmd_verbs+0x18d/0x3a0 [ib_uverbs]
? get_acl+0x1a/0x120
? __alloc_pages_nodemask+0x15d/0x2c0
ib_uverbs_ioctl+0xa7/0x110 [ib_uverbs]
do_vfs_ioctl+0xa5/0x610
ksys_ioctl+0x60/0x90
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x48/0x110
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 99fa331dc862 ("RDMA/counter: Add "auto" configuration mode support")
Signed-off-by: Mark Zhang <markz@mellanox.com>
Reviewed-by: Maor Gottlieb <maorg@mellanox.com>
Reviewed-by: Ido Kalir <idok@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
---
drivers/infiniband/core/counters.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/infiniband/core/counters.c b/drivers/infiniband/core/counters.c
index 8434ec082c3a..2257d7f7810f 100644
--- a/drivers/infiniband/core/counters.c
+++ b/drivers/infiniband/core/counters.c
@@ -286,6 +286,9 @@ int rdma_counter_bind_qp_auto(struct ib_qp *qp, u8 port)
struct rdma_counter *counter;
int ret;
+ if (!qp->res.valid)
+ return 0;
+
if (!rdma_is_port_valid(dev, port))
return -EINVAL;
--
2.20.1
next prev parent reply other threads:[~2019-12-12 9:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-12 9:12 [PATCH rdma-rc 0/3] Fixes for 5.5 Leon Romanovsky
2019-12-12 9:12 ` Leon Romanovsky [this message]
2019-12-12 9:12 ` [PATCH rdma-rc 2/3] IB/mlx4: Follow mirror sequence of device add during device removal Leon Romanovsky
2019-12-12 9:12 ` [PATCH rdma-rc 3/3] IB/mlx5: Fix steering rule of drop and count Leon Romanovsky
2019-12-12 20:40 ` [PATCH rdma-rc 0/3] Fixes for 5.5 Doug Ledford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191212091214.315005-2-leon@kernel.org \
--to=leon@kernel.org \
--cc=dledford@redhat.com \
--cc=eli@mellanox.co.il \
--cc=idok@mellanox.com \
--cc=jgg@mellanox.com \
--cc=leonro@mellanox.com \
--cc=linux-rdma@vger.kernel.org \
--cc=maorg@mellanox.com \
--cc=markz@mellanox.com \
--cc=parav@mellanox.com \
--cc=raeds@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.