> The driver may sleep under a spin lock, and the function call path is:
> post_one_send (acquire the lock by spin_lock_irqsave)
> init_send_wqe
> copy_from_user --> may sleep
>
> To fix it, the lock is released before copy_from_user, and the lock is
> acquired again after this function. The parameter "flags" is used to
> restore and save the irq status.
> Thank Leon for good advice.
>
...
> init_send_wr(qp, &wqe->wr, ibwr);
> @@ -742,7 +742,12 @@ static int init_send_wqe(struct rxe_qp *qp, struct ib_send_wr *ibwr,
> for (i = 0; i < num_sge; i++, sge++) {
> if (qp->is_user && copy_from_user(p, (__user void *)
> (uintptr_t)sge->addr, sge->length))
> - return -EFAULT;
> + spin_unlock_irqrestore(&qp->sq.sq_lock, *flags);
> + err = copy_from_user(p, (__user void *)
> + (uintptr_t)sge->addr, sge->length);
> + spin_lock_irqsave(&qp->sq.sq_lock, *flags);
> + if (qp->is_user && err)
> + return -EFAULT;
>
> else if (!qp->is_user)
> memcpy(p, (void *)(uintptr_t)sge->addr,
This isn't my area of expertise. Still something seems weird.
You are still calling 'copy_from_user' unprotected in the 'if'.
Also, did you mean to use curly brackets on the indented part after the first if?!
Ram
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
