This is a note to let you know that I've just added the patch titled
IB/srp: Fix infinite loop when FMR sg[0].offset != 0
to the 4.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ib-srp-fix-infinite-loop-when-fmr-sg.offset-0.patch
and it can be found in the queue-4.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 681cc3608355737c1effebc8145f95c8c3344bc3 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bart.vanassche@xxxxxxxxxxx>
Date: Mon, 26 Sep 2016 12:58:49 -0700
Subject: IB/srp: Fix infinite loop when FMR sg[0].offset != 0
From: Bart Van Assche <bart.vanassche@xxxxxxxxxxx>
commit 681cc3608355737c1effebc8145f95c8c3344bc3 upstream.
Avoid that mapping an sg-list in which the first element has a
non-zero offset triggers an infinite loop when using FMR. This
patch makes the FMR mapping code similar to that of ib_sg_to_pages().
Note: older Mellanox HCAs do not support non-zero offsets for FMR.
See also commit 8c4037b501ac ("IB/srp: always avoid non-zero offsets
into an FMR").
Reported-by: Alex Estrin <alex.estrin@xxxxxxxxx>
Signed-off-by: Bart Van Assche <bart.vanassche@xxxxxxxxxxx>
Signed-off-by: Doug Ledford <dledford@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/infiniband/ulp/srp/ib_srp.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -1400,7 +1400,9 @@ static int srp_map_sg_entry(struct srp_m
while (dma_len) {
unsigned offset = dma_addr & ~dev->mr_page_mask;
- if (state->npages == dev->max_pages_per_mr || offset != 0) {
+
+ if (state->npages == dev->max_pages_per_mr ||
+ (state->npages > 0 && offset != 0)) {
ret = srp_map_finish_fmr(state, ch);
if (ret)
return ret;
@@ -1417,12 +1419,12 @@ static int srp_map_sg_entry(struct srp_m
}
/*
- * If the last entry of the MR wasn't a full page, then we need to
+ * If the end of the MR is not on a page boundary then we need to
* close it out and start a new one -- we can only merge at page
* boundaries.
*/
ret = 0;
- if (len != dev->mr_page_size)
+ if ((dma_addr & ~dev->mr_page_mask) != 0)
ret = srp_map_finish_fmr(state, ch);
return ret;
}
Patches currently in stable-queue which might be from bart.vanassche@xxxxxxxxxxx are
queue-4.8/ib-srp-fix-infinite-loop-when-fmr-sg.offset-0.patch
queue-4.8/dm-rq-take-request_queue-lock-while-clearing-queue_flag_stopped.patch
queue-4.8/ib-core-correctly-handle-rdma_rw_init_mrs-failure.patch
queue-4.8/dm-mark-request_queue-dead-before-destroying-the-dm-device.patch
queue-4.8/dm-mpath-check-if-path-s-request_queue-is-dying-in-activate_path.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html