Re: [PATCH] RDMA/rxe: Use kzalloc() to alloc map_set

[Guoqing Jiang]

On 5/25/22 9:31 AM, lizhijian@xxxxxxxxxxx wrote:
> On 24/05/2022 18:56, Haris Iqbal wrote:
> > On Tue, May 24, 2022 at 6:00 AM lizhijian@xxxxxxxxxxx
> > <lizhijian@xxxxxxxxxxx> wrote:
> > > Hi Jason & Bob
> > > CC Guoqing
> > >
> > > @Guoqing, It may correlate with your previous bug report: https://lore.kernel.org/all/20220210073655.42281-1-guoqing.jiang@xxxxxxxxx/T/
> > >
> > >
> > > It's observed that a same MR in rnbd server will trigger below code
> > > path:
> > >     -> rxe_mr_init_fast()
> > >     |-> alloc map_set() # map_set is uninitialized
> > >     |...-> rxe_map_mr_sg() # build the map_set
> > >         |-> rxe_mr_set_page()
> > >     |...-> rxe_reg_fast_mr() # mr->state change to VALID from FREE that means
> > >                              # we can access host memory(such rxe_mr_copy)
> > >     |...-> rxe_invalidate_mr() # mr->state change to FREE from VALID
> > >     |...-> rxe_reg_fast_mr() # mr->state change to VALID from FREE,
> > >                              # but map_set was not built again
> > >     |...-> rxe_mr_copy() # kernel crash due to access wild addresses
> > >                          # that lookup from the map_set

Yes, it could be similar issue thought I didn't get kernel crash, but it 
was FMR relevant.

https://lore.kernel.org/all/20220210073655.42281-1-guoqing.jiang@xxxxxxxxx/T/#m5dc6898375cedf17fea13ccebf595aac0454c841

> Yes, this workaround should work but expensive.
> It seems Bob has started a new thread to discuss the FMRs in https://www.spinics.net/lists/linux-rdma/msg110836.html

Will give it a try, thanks for the link.

Thanks,
Guoqing