Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp8421414ybl; Thu, 16 Jan 2020 16:33:18 -0800 (PST) X-Google-Smtp-Source: APXvYqxOnkRMsoBgu90U0ai0xQOMn8Ua42tlgPXZVl36Y8X9LeKZxfoJ+nb3LhVvuFceUCtbpXeS X-Received: by 2002:aca:2112:: with SMTP id 18mr1407839oiz.155.1579221198578; Thu, 16 Jan 2020 16:33:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579221198; cv=none; d=google.com; s=arc-20160816; b=ePRAVtnBd2Pi79nElcPJxxjZH80OvpwaR+15BZ5tSph1nYxq7sVjzCTAJuC7wS/d2z oC/qhzNQy57HhUr8lTjr+arIjPtWtf54P7jkjY6YCi7OnaxpW99NBQrSiQOP1c13noSJ PF+OFQV4y9134GuFFJU9hzx7kVLApyxgYyhxn8dcNQ5KYrZw/EC4H+UMlljJAB6r8CQf vMZG+XJdlhIpuU1XG/hWF9NGIDOx0sAtNzOmb5nc3O01XB1Tz65mpS1hQAMaJnrZQ0qZ ARxscwX4myn/BzFLeW7MFLdox67UQCtdN+HxiVtnxJ1zjo/ZVKEjqQUfHHFbpcaKHZxv VpRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Y3nMIUY2etF6RomHegV0evFF/DB5EnmvOX495a3Oqec=; b=aF5rkAbFTZ+Rg4KWD/bMPpRf0TL8aEea78dxHA2L/JvBhoCwl7s4QAl9vIpJn1F/Mw NHuea0C6v2B9SN42d4RTAIW5SEJvCvc+9uWkgEgIsnRk7yd9n2cBwZ6w4Mi+50DU7lNv HvmAmxGDLYHy4yb9AHuOfgT9VDRtczlgfVACdTDX5HN7BxT7NcTWhiowIpOwanzLGN4Z MfhDjVz76QMl5m5wDCjc0PDIYSuS2z/w+aqo03rOQuHJtnfBmNiydMPYwE6OI6313Aan 6a9YpSuka3uRvuT8vmgYwsJIo7CFD8JNEBbszueQbrgRWAAwA8Q68Q+9aKUaBE30mhpI frbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=j6FeXBPj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p12si12724407otk.141.2020.01.16.16.33.05; Thu, 16 Jan 2020 16:33:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=j6FeXBPj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390954AbgAPXWy (ORCPT + 99 others); Thu, 16 Jan 2020 18:22:54 -0500 Received: from mail.kernel.org ([198.145.29.99]:50740 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390934AbgAPXWr (ORCPT ); Thu, 16 Jan 2020 18:22:47 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 135DF20684; Thu, 16 Jan 2020 23:22:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579216966; bh=3oRBICP9LGTX4WZJ2m1pX3TqhBaRwmsSoXD/shiVEPc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=j6FeXBPjb/rlBS7Q7QTHHYyJo6O3zXyA+LfHjm/8T7GlDo8RA7KQyM2BOoWUNYFDW kjSdtUdLuil7HA0LtucVe03y6mYOafLki55zOQoKbZ3vaHUacIANtDFrz53NELRqI/ K4/yl7piqKwd3wVxrlkRq4MdG6keSCMr2bc6FGe8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chuck Lever , Anna Schumaker Subject: [PATCH 5.4 093/203] xprtrdma: Fix create_qp crash on device unload Date: Fri, 17 Jan 2020 00:16:50 +0100 Message-Id: <20200116231753.806565095@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200116231745.218684830@linuxfoundation.org> References: <20200116231745.218684830@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chuck Lever commit b32b9ed493f938e191f790a0991d20b18b38c35b upstream. On device re-insertion, the RDMA device driver crashes trying to set up a new QP: Nov 27 16:32:06 manet kernel: BUG: kernel NULL pointer dereference, address: 00000000000001c0 Nov 27 16:32:06 manet kernel: #PF: supervisor write access in kernel mode Nov 27 16:32:06 manet kernel: #PF: error_code(0x0002) - not-present page Nov 27 16:32:06 manet kernel: PGD 0 P4D 0 Nov 27 16:32:06 manet kernel: Oops: 0002 [#1] SMP Nov 27 16:32:06 manet kernel: CPU: 1 PID: 345 Comm: kworker/u28:0 Tainted: G W 5.4.0 #852 Nov 27 16:32:06 manet kernel: Hardware name: Supermicro SYS-6028R-T/X10DRi, BIOS 1.1a 10/16/2015 Nov 27 16:32:06 manet kernel: Workqueue: xprtiod xprt_rdma_connect_worker [rpcrdma] Nov 27 16:32:06 manet kernel: RIP: 0010:atomic_try_cmpxchg+0x2/0x12 Nov 27 16:32:06 manet kernel: Code: ff ff 48 8b 04 24 5a c3 c6 07 00 0f 1f 40 00 c3 31 c0 48 81 ff 08 09 68 81 72 0c 31 c0 48 81 ff 83 0c 68 81 0f 92 c0 c3 8b 06 0f b1 17 0f 94 c2 84 d2 75 02 89 06 88 d0 c3 53 ba 01 00 00 00 Nov 27 16:32:06 manet kernel: RSP: 0018:ffffc900035abbf0 EFLAGS: 00010046 Nov 27 16:32:06 manet kernel: RAX: 0000000000000000 RBX: 00000000000001c0 RCX: 0000000000000000 Nov 27 16:32:06 manet kernel: RDX: 0000000000000001 RSI: ffffc900035abbfc RDI: 00000000000001c0 Nov 27 16:32:06 manet kernel: RBP: ffffc900035abde0 R08: 000000000000000e R09: ffffffffffffc000 Nov 27 16:32:06 manet kernel: R10: 0000000000000000 R11: 000000000002e800 R12: ffff88886169d9f8 Nov 27 16:32:06 manet kernel: R13: ffff88886169d9f4 R14: 0000000000000246 R15: 0000000000000000 Nov 27 16:32:06 manet kernel: FS: 0000000000000000(0000) GS:ffff88846fa40000(0000) knlGS:0000000000000000 Nov 27 16:32:06 manet kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Nov 27 16:32:06 manet kernel: CR2: 00000000000001c0 CR3: 0000000002009006 CR4: 00000000001606e0 Nov 27 16:32:06 manet kernel: Call Trace: Nov 27 16:32:06 manet kernel: do_raw_spin_lock+0x2f/0x5a Nov 27 16:32:06 manet kernel: create_qp_common.isra.47+0x856/0xadf [mlx4_ib] Nov 27 16:32:06 manet kernel: ? slab_post_alloc_hook.isra.60+0xa/0x1a Nov 27 16:32:06 manet kernel: ? __kmalloc+0x125/0x139 Nov 27 16:32:06 manet kernel: mlx4_ib_create_qp+0x57f/0x972 [mlx4_ib] The fix is to copy the qp_init_attr struct that was just created by rpcrdma_ep_create() instead of using the one from the previous connection instance. Fixes: 98ef77d1aaa7 ("xprtrdma: Send Queue size grows after a reconnect") Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker Signed-off-by: Greg Kroah-Hartman --- net/sunrpc/xprtrdma/verbs.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/sunrpc/xprtrdma/verbs.c +++ b/net/sunrpc/xprtrdma/verbs.c @@ -607,6 +607,7 @@ static int rpcrdma_ep_recreate_xprt(stru struct ib_qp_init_attr *qp_init_attr) { struct rpcrdma_ia *ia = &r_xprt->rx_ia; + struct rpcrdma_ep *ep = &r_xprt->rx_ep; int rc, err; trace_xprtrdma_reinsert(r_xprt); @@ -621,6 +622,7 @@ static int rpcrdma_ep_recreate_xprt(stru pr_err("rpcrdma: rpcrdma_ep_create returned %d\n", err); goto out2; } + memcpy(qp_init_attr, &ep->rep_attr, sizeof(*qp_init_attr)); rc = -ENETUNREACH; err = rdma_create_qp(ia->ri_id, ia->ri_pd, qp_init_attr);