• Steve Wise's avatar
    iw_cxgb4: free EQ queue memory on last deref · 0bd3cb8d
    Steve Wise authored
    commit c12a67fe upstream.
    
    Commit ad61a4c7 ("iw_cxgb4: don't block in destroy_qp awaiting
    the last deref") introduced a bug where the RDMA QP EQ queue memory
    (and QIDs) are possibly freed before the underlying connection has been
    fully shutdown.  The result being a possible DMA read issued by HW after
    the queue memory has been unmapped and freed.  This results in possible
    WR corruption in the worst case, system bus errors if an IOMMU is in use,
    and SGE "bad WR" errors reported in the very least.  The fix is to defer
    unmap/free of queue memory and QID resources until the QP struct has
    been fully dereferenced.  To do this, the c4iw_ucontext must also be kept
    around until the last QP that references it is fully freed.  In addition,
    since the last QP deref can happen in an IRQ disabled context, we need
    a new workqueue thread to do the final unmap/free of the EQ queue memory.
    
    Fixes: ad61a4c7 ("iw_cxgb4: don't block in destroy_qp awaiting the last deref")
    Signed-off-by: default avatarSteve Wise <swise@opengridcomputing.com>
    Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    0bd3cb8d
qp.c 54 KB