[PATCH rdma-rc] RDMA/mlx5: Fix dereg mr flow for kernel MRs

Leon Romanovsky <leon@xxxxxxxxxx> · Tue, 21 Dec 2021 11:46:41 +0200

From: Maor Gottlieb <maorg@xxxxxxxxxx>

The cited commit moved umem into the union, hence
umem could be accessed only for user MRs. Add udata check
before access umem in the dereg flow.

Fixes: f0ae4afe3d35 ("RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow")
Tested-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
Signed-off-by: Maor Gottlieb <maorg@xxxxxxxxxx>
Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
---
 drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +-
 drivers/infiniband/hw/mlx5/mr.c      | 4 ++--
 drivers/infiniband/hw/mlx5/odp.c     | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/infiniband/hw/mlx5/mlx5_ib.h b/drivers/infiniband/hw/mlx5/mlx5_ib.h
index 4a7a56ed740b..29d439cebd22 100644
--- a/drivers/infiniband/hw/mlx5/mlx5_ib.h
+++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h
@@ -1296,7 +1296,7 @@ int mlx5_ib_update_mr_pas(struct mlx5_ib_mr *mr, unsigned int flags);
 struct mlx5_ib_mr *mlx5_ib_alloc_implicit_mr(struct mlx5_ib_pd *pd,
 					     int access_flags);
 void mlx5_ib_free_implicit_mr(struct mlx5_ib_mr *mr);
-void mlx5_ib_free_odp_mr(struct mlx5_ib_mr *mr);
+void mlx5_ib_free_odp_mr(struct mlx5_ib_mr *mr, struct ib_udata *udata);
 struct ib_mr *mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start,
 				    u64 length, u64 virt_addr, int access_flags,
 				    struct ib_pd *pd, struct ib_udata *udata);
diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c
index 63e2129f1142..dc833071949f 100644
--- a/drivers/infiniband/hw/mlx5/mr.c
+++ b/drivers/infiniband/hw/mlx5/mr.c
@@ -1977,7 +1977,7 @@ int mlx5_ib_dereg_mr(struct ib_mr *ibmr, struct ib_udata *udata)
 			return rc;
 	}
 
-	if (mr->umem) {
+	if (udata && mr->umem) {
 		bool is_odp = is_odp_mr(mr);
 
 		if (!is_odp)
@@ -1985,7 +1985,7 @@ int mlx5_ib_dereg_mr(struct ib_mr *ibmr, struct ib_udata *udata)
 				   &dev->mdev->priv.reg_pages);
 		ib_umem_release(mr->umem);
 		if (is_odp)
-			mlx5_ib_free_odp_mr(mr);
+			mlx5_ib_free_odp_mr(mr, udata);
 	}
 
 	if (mr->cache_ent) {
diff --git a/drivers/infiniband/hw/mlx5/odp.c b/drivers/infiniband/hw/mlx5/odp.c
index 91eb615b89ee..3928576b6696 100644
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -530,7 +530,7 @@ struct mlx5_ib_mr *mlx5_ib_alloc_implicit_mr(struct mlx5_ib_pd *pd,
 	return ERR_PTR(err);
 }
 
-void mlx5_ib_free_odp_mr(struct mlx5_ib_mr *mr)
+void mlx5_ib_free_odp_mr(struct mlx5_ib_mr *mr, struct ib_udata *udata)
 {
 	struct mlx5_ib_mr *mtt;
 	unsigned long idx;
@@ -541,7 +541,7 @@ void mlx5_ib_free_odp_mr(struct mlx5_ib_mr *mr)
 	 */
 	xa_for_each(&mr->implicit_children, idx, mtt) {
 		xa_erase(&mr->implicit_children, idx);
-		mlx5_ib_dereg_mr(&mtt->ibmr, NULL);
+		mlx5_ib_dereg_mr(&mtt->ibmr, udata);
 	}
 }
 
-- 
2.33.1







