ib_unmap_fmr() takes a list of FMRs to unmap. However, it does not
remove the FMRs from this list as it processes them. Other
ib_unmap_fmr() call sites are careful to remove FMRs from the list
after ib_unmap_fmr() returns.
Since commit
7c7a5390dc6c8 ("xprtrdma: Add ro_unmap_sync method for FMR")
fmr_op_unmap_sync passes more than one FMR to ib_unmap_fmr(), but
it didn't bother to remove the FMRs from that list once the call was
complete.
I've noticed some instability that could be related to list
tangling by the new fmr_op_unmap_sync() logic. In an abundance
of caution, add some defensive logic to clean up properly after
ib_unmap_fmr().
Fixes: 7c7a5390dc6c8 ("xprtrdma: Add ro_unmap_sync method for FMR")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Tested-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
__fmr_unmap(struct rpcrdma_mw *mw)
{
LIST_HEAD(l);
+ int rc;
list_add(&mw->fmr.fmr->list, &l);
- return ib_unmap_fmr(&l);
+ rc = ib_unmap_fmr(&l);
+ list_del_init(&mw->fmr.fmr->list);
+ return rc;
}
/* Deferred reset of a single FMR. Generate a fresh rkey by
seg = &req->rl_segments[i];
mw = seg->rl_mw;
- list_add(&mw->fmr.fmr->list, &unmap_list);
+ list_add_tail(&mw->fmr.fmr->list, &unmap_list);
i += seg->mr_nsegs;
}
*/
for (i = 0, nchunks = req->rl_nchunks; nchunks; nchunks--) {
seg = &req->rl_segments[i];
+ mw = seg->rl_mw;
+ list_del_init(&mw->fmr.fmr->list);
__fmr_dma_unmap(r_xprt, seg);
rpcrdma_put_mw(r_xprt, seg->rl_mw);
projects / openwrt / staging / blogic.git / commitdiff