On Tue, Jun 16, 2020 at 09:37:09PM +0800, Weihang Li wrote:
> From: Yangyang Li <liyangyang20@xxxxxxxxxx>
>
> ibmr.device is assigned after MR is successfully registered, but both
> write_mtpt() and frmr_write_mtpt() accesses it during the mr registration
> process, which may cause the following error when trying to register MR
> in userspace and pbl_hop_num is set to 0.
>
> [ 3307.615548] pc : hns_roce_mtr_find+0xa0/0x200 [hns_roce]
> [ 3307.615554] lr : set_mtpt_pbl+0x54/0x118 [hns_roce_hw_v2]
> [ 3307.707924] sp : ffff00023e73ba20
> [ 3307.711225] x29: ffff00023e73ba20 x28: ffff00023e73bad8
> [ 3307.716523] x27: 0000000000000000 x26: 0000000000000000
> [ 3307.721821] x25: 0000000000000002 x24: 0000000000000000
> [ 3307.727119] x23: ffff00023e73bad0 x22: 0000000000000000
> [ 3307.732417] x21: ffff0000094d9000 x20: 0000000000000000
> [ 3307.737715] x19: ffff8020a6bdb2c0 x18: 0000000000000000
> [ 3307.743012] x17: 0000000000000000 x16: 0000000000000000
> [ 3307.748310] x15: 0000000000000000 x14: 0000000000000000
> [ 3307.753607] x13: 0140000000000000 x12: 0040000000000041
> [ 3307.758905] x11: ffff000240000000 x10: 0000000000001000
> [ 3307.764203] x9 : 0000000000000000 x8 : ffff802fb7558480
> [ 3307.769501] x7 : ffff802fb7558480 x6 : 000000000003483d
> [ 3307.774799] x5 : ffff00023e73bad0 x4 : 0000000000000002
> [ 3307.780097] x3 : ffff00023e73bad8 x2 : 0000000000000000
> [ 3307.785394] x1 : 0000000000000000 x0 : ffff0000094d9708
> [ 3307.790692] Call trace:
> [ 3307.793130] hns_roce_mtr_find+0xa0/0x200 [hns_roce]
> [ 3307.798081] set_mtpt_pbl+0x54/0x118 [hns_roce_hw_v2]
> [ 3307.803119] hns_roce_v2_write_mtpt+0x14c/0x168 [hns_roce_hw_v2]
> [ 3307.809114] hns_roce_mr_enable+0x6c/0x148 [hns_roce]
> [ 3307.814154] hns_roce_reg_user_mr+0xd8/0x130 [hns_roce]
> [ 3307.819369] ib_uverbs_reg_mr+0x14c/0x2e0 [ib_uverbs]
> [ 3307.824408] ib_uverbs_write+0x27c/0x3e8 [ib_uverbs]
> [ 3307.829361] __vfs_write+0x60/0x190
> [ 3307.832835] vfs_write+0xac/0x1c0
> [ 3307.836136] ksys_write+0x6c/0xd8
> [ 3307.839437] __arm64_sys_write+0x24/0x30
> [ 3307.843347] el0_svc_common+0x78/0x130
> [ 3307.847082] el0_svc_handler+0x38/0x78
> [ 3307.850817] el0_svc+0x8/0xc
>
> Solve above issue by adding a pointer of structure hns_roce_dev as a
> parameter of write_mtpt() and frmr_write_mtpt(), so that both of these
> functions can access it before finishing MR's registration.
>
> Fixes: 9b2cf76c9f05 ("RDMA/hns: Optimize PBL buffer allocation process")
> Signed-off-by: Yangyang Li <liyangyang20@xxxxxxxxxx>
> Signed-off-by: Weihang Li <liweihang@xxxxxxxxxx>
> ---
> drivers/infiniband/hw/hns/hns_roce_device.h | 7 ++++---
> drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 4 ++--
> drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 15 ++++++++-------
> drivers/infiniband/hw/hns/hns_roce_mr.c | 5 +++--
> 4 files changed, 17 insertions(+), 14 deletions(-)
Applied to for-rc, thanks
Jason
