Re: [PATCH] infiniband: core: mad: Fix a sleep-in-atomic-context bug in ib_mad_recv_done()
From: Jason Gunthorpe
Date: Sun Sep 02 2018 - 16:32:40 EST
On Sat, Sep 01, 2018 at 08:06:59PM +0800, Jia-Ju Bai wrote:
> The driver may sleep with holding a spinlock.
>
> The function call paths (from bottom to top) in Linux-4.16 are:
>
> [FUNC] alloc_mad_private(GFP_KERNEL)
> drivers/infiniband/core/mad.c, 2264:
> alloc_mad_private in ib_mad_recv_done
> drivers/infiniband/core/cq.c, 45:
> [FUNC_PTR]ib_mad_recv_done in __ib_process_cq
> drivers/infiniband/core/cq.c, 77:
> __ib_process_cq in ib_process_cq_direct
> drivers/infiniband/ulp/srp/ib_srp.c, 2010:
> ib_process_cq_direct in __srp_get_tx_iu
> drivers/infiniband/ulp/srp/ib_srp.c, 2353:
> __srp_get_tx_iu in srp_queuecommand
> drivers/infiniband/ulp/srp/ib_srp.c, 2352:
> _raw_spin_lock_irqsave in srp_queuecommand
>
> [FUNC] alloc_mad_private(GFP_KERNEL)
> drivers/infiniband/core/mad.c, 2264:
> alloc_mad_private in ib_mad_recv_done
> drivers/infiniband/core/cq.c, 45:
> [FUNC_PTR]ib_mad_recv_done in __ib_process_cq
> drivers/infiniband/core/cq.c, 77:
> __ib_process_cq in ib_process_cq_direct
This trace doesn't seem right, the CQ used by SRP will never have
ib_mad_recv_done as a function pointer.
Jason