Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp333185pxu; Fri, 23 Oct 2020 01:47:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw3DpyFym8aX55TosdFSYV4HDrC6dnOn8+8nsy5n6hsruyC0ncrz4oBQt6aVT41aJkjLQRQ X-Received: by 2002:a17:906:a1d4:: with SMTP id bx20mr940444ejb.262.1603442864846; Fri, 23 Oct 2020 01:47:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603442864; cv=none; d=google.com; s=arc-20160816; b=lWxfboQTUOWLicCl3S9yxys/THx5FPyUBltjEAhYdZ/E1rKjejUI4sBLUJhGwJ+ntO krsvAxSrb8oRcmtiPe3O7ERI8mweVC9yj4f4F3uI3jqAjqbqcJqm61sWVRFcABDlH+Z3 RTj2yrRUGE8afYnHDUQQ7T04bPB/yqgeP4vc9KkpqhH6uVEJRgsvgc/lulLU0GAM29M1 ZP7AduhVLLQqE1iYJ1HVPxO2kxyxf3lVvV5wzzTnnjMM2yMDCHE22vh7gR6/Zd2cBbaw /sc+xOR5r3+EaqbqFcjRa9CqJiolDCKacSa2UnNXBTQ1JJliWIe8GyRUuIbGq1Rz1UVl NaLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=9KKfBQa0mjtOC/uJvXYrMmPFpzOp5HHKI3k4O54d4EM=; b=juIdfZG2FCR7J8LU+uDdhO3k6dS2ilRwkI2orbWbzEefW1xV5kZBloFRxBrPG0kSR8 pno6H7nPPtFfh2qv/xLP3NdzPsLJ3DBAE+drCdfaE6da/VqXEmb4MmbcpBVAyiTd+0wl S+V5mp+b8i6SWjqrxHYyLn72f38VR9jdyRAUo7Xp6f5+9cn2sml6Kt83B0+wE4m/37yS 72kA8n/Gr/DvY485v7ElxpSNS80zWVpoq0GLBwZ0UdYH/OK0wTeknaiV/Ftb7z0py3K7 uo3OyVCnQ7v4M8k7fjLbhXfSmcWotvuhhhl7ExJbcNgct24xRnRYiu9/MqPpNMSoMVXu fYhg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gz9si417965ejb.203.2020.10.23.01.47.22; Fri, 23 Oct 2020 01:47:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S460724AbgJWIp2 (ORCPT + 99 others); Fri, 23 Oct 2020 04:45:28 -0400 Received: from szxga01-in.huawei.com ([45.249.212.187]:3651 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S460686AbgJWIp2 (ORCPT ); Fri, 23 Oct 2020 04:45:28 -0400 Received: from DGGEMM402-HUB.china.huawei.com (unknown [172.30.72.55]) by Forcepoint Email with ESMTP id 496BE74777AFF58E673F; Fri, 23 Oct 2020 16:45:25 +0800 (CST) Received: from dggema772-chm.china.huawei.com (10.1.198.214) by DGGEMM402-HUB.china.huawei.com (10.3.20.210) with Microsoft SMTP Server (TLS) id 14.3.487.0; Fri, 23 Oct 2020 16:45:24 +0800 Received: from [10.169.42.93] (10.169.42.93) by dggema772-chm.china.huawei.com (10.1.198.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Fri, 23 Oct 2020 16:45:24 +0800 Subject: Re: [PATCH v2] nvme-rdma: handle nvme completion data length To: zhenwei pi , , , , CC: , References: <20201023065910.1358586-1-pizhenwei@bytedance.com> From: Chao Leng Message-ID: <33381bb5-6daa-5f47-9e3c-a57eeb490950@huawei.com> Date: Fri, 23 Oct 2020 16:45:23 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: <20201023065910.1358586-1-pizhenwei@bytedance.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.169.42.93] X-ClientProxiedBy: dggeme707-chm.china.huawei.com (10.1.199.103) To dggema772-chm.china.huawei.com (10.1.198.214) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Looks good. Reviewed-by: Chao Leng On 2020/10/23 14:59, zhenwei pi wrote: > Hit a kernel warning: > refcount_t: underflow; use-after-free. > WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 > > RIP: 0010:refcount_warn_saturate+0xd9/0xe0 > Call Trace: > > nvme_rdma_recv_done+0xf3/0x280 [nvme_rdma] > __ib_process_cq+0x76/0x150 [ib_core] > ... > > The reason is that a zero bytes message received from target, and the > host side continues to process without length checking, then the > previous CQE is processed twice. > > Handle data length, ignore zero bytes message, and try to recovery for > corrupted CQE case. > > Thanks to Chao Leng for suggestions. > > Signed-off-by: zhenwei pi > --- > drivers/nvme/host/rdma.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c > index 9e378d0a0c01..2ecadd309f4a 100644 > --- a/drivers/nvme/host/rdma.c > +++ b/drivers/nvme/host/rdma.c > @@ -1767,6 +1767,21 @@ static void nvme_rdma_recv_done(struct ib_cq *cq, struct ib_wc *wc) > return; > } > > + /* received data length checking */ > + if (unlikely(wc->byte_len < len)) { > + /* zero bytes message could be ignored */ > + if (!wc->byte_len) { > + nvme_rdma_post_recv(queue, qe); > + return; > + } > + > + /* corrupted completion, try to recovry */ > + dev_err(queue->ctrl->ctrl.device, > + "Unexpected nvme completion length(%d)\n", wc->byte_len); > + nvme_rdma_error_recovery(queue->ctrl); > + return; > + } > + > ib_dma_sync_single_for_cpu(ibdev, qe->dma, len, DMA_FROM_DEVICE); > /* > * AEN requests are special as they don't time out and can >