IB/qib: Fix race between qib_error_qp() and receive packet processing When transitioning a QP to the error state, in progress RWQEs need to be marked complete. This also involves releasing the reference count to the memory regions referenced in the SGEs. The locking in the receive packet processing wasn't sufficient to prevent qib_error_qp() from modifying the r_sge state at the same time, thus leading to kernel panics. Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>

commit: a5210c12b7c4e34e904f4820a4abd048a2d75db5 [log] [tgz]
author: Ralph Campbell <ralph.campbell@qlogic.com> Mon Aug 02 22:39:30 2010 +0000
committer: Roland Dreier <rolandd@cisco.com> Tue Aug 03 13:59:47 2010 -0700
tree: 9ab443a2bbddf4296bf4b7cf0914edfed51d86c3
parent: 3e3aed0b88f680fed5c604caf7b10d77b2ec45c4 [diff] [blame]
diff --git a/drivers/infiniband/hw/qib/qib_sdma.c b/drivers/infiniband/hw/qib/qib_sdma.c
index b845688..cad4449 100644
--- a/drivers/infiniband/hw/qib/qib_sdma.c
+++ b/drivers/infiniband/hw/qib/qib_sdma.c

@@ -656,6 +656,7 @@
 	}
 	qp = tx->qp;
 	qib_put_txreq(tx);
+	spin_lock(&qp->r_lock);
 	spin_lock(&qp->s_lock);
 	if (qp->ibqp.qp_type == IB_QPT_RC) {
 		/* XXX what about error sending RDMA read responses? */
@@ -664,6 +665,7 @@
 	} else if (qp->s_wqe)
 		qib_send_complete(qp, qp->s_wqe, IB_WC_GENERAL_ERR);
 	spin_unlock(&qp->s_lock);
+	spin_unlock(&qp->r_lock);
 	/* return zero to process the next send work request */
 	goto unlock;
commit	a5210c12b7c4e34e904f4820a4abd048a2d75db5	[log] [tgz]
author	Ralph Campbell <ralph.campbell@qlogic.com>	Mon Aug 02 22:39:30 2010 +0000
committer	Roland Dreier <rolandd@cisco.com>	Tue Aug 03 13:59:47 2010 -0700
tree	9ab443a2bbddf4296bf4b7cf0914edfed51d86c3
parent	3e3aed0b88f680fed5c604caf7b10d77b2ec45c4 [diff] [blame]