I am experiencing an issue with isert's receive handler:
static void isert_recv_done(struct ib_cq *cq, struct ib_wc *wc)
{
struct isert_conn *isert_conn = wc->qp->qp_context;
...
}
The first line dereferences the QP. But I'm hitting a case where the QP was already
deleted so this is bad. The scenario is triggered via 'ifconfig <Ethernet device> down',
whilst the initiator and target are connected.
The handler is invoked via a work queue. Hence it is asynchronous.
It is valid to continue polling the CQ after the QP has been deleted, but it isn't valid
to dereference the QP due to this asynchronous nature. This is funny because the
QP was destroyed by isert itself. The problem is, that even if isert raises a flag
saying "I issued a destroy sequence so ignore this CQE" it will still need another
way to get to iser_conn that isn't via the qp.
I see that NFSoRDMA works differently and thus probably don't suffer from this issue.
Do you find this analysis correct?
Thanks,
Ram
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
