On Sun, Nov 25, 2018 at 05:13:08PM -0500, Chuck Lever wrote: > FRWR memory registration is done with a series of calls and WRs. > 1. ULP invokes ib_dma_map_sg() > 2. ULP invokes ib_map_mr_sg() > 3. ULP posts an IB_WR_REG_MR on the Send queue > > Step 2 generates an iova. It is permissible for ULPs to change > this iova (with certain restrictions) between steps 2 and 3. > > rxe_map_mr_sg captures the MR's iova but later when rxe processes > the REG_MR WR, it ignores the MR's iova field. If a ULP alters the > MR's iova after step 2 but before step 3, rxe never captures that > change. > > When the remote sends an RDMA Read targeting that MR, rxe looks up > the R_key, but the altered iova does not match the iova stored in > the MR, causing the RDMA Read request to fail. > > Reported-by: Anna Schumaker <schumaker.anna@xxxxxxxxx> > Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx> > Reviewed-by: Sagi Grimberg <sagi@xxxxxxxxxxx> Applied to for-next Thanks, Jason
