staging/lustre/o2iblnd: connection refcount fix for kiblnd_post_rx
authorLiang Zhen <liang.zhen@intel.com>
Mon, 14 Sep 2015 22:41:24 +0000 (18:41 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 15 Sep 2015 13:26:53 +0000 (06:26 -0700)
kiblnd_post_rx() can't refer to rx::rx_conn anymore after
ib_post_recv() because this rx can be polled out by another thread
which may drop this rx and destroy rx::rx_conn.

This patch fixes this issue by taking an extra refcount on connection
before calling ib_post_recv().

Signed-off-by: Liang Zhen <liang.zhen@intel.com>
Reviewed-on: http://review.whamcloud.com/12852
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5678
Reviewed-by: Isaac Huang <he.huang@intel.com>
Reviewed-by: Amir Shehata <amir.shehata@intel.com>
Signed-off-by: Oleg Drokin <oleg.drokin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c

index 345ed4d27cc6af8d86e30842775f4d91009341e3..c0f568254c19ca808bba4925f9736bfc46444b94 100644 (file)
@@ -178,24 +178,28 @@ kiblnd_post_rx(kib_rx_t *rx, int credit)
 
        rx->rx_nob = -1;                        /* flag posted */
 
+       /* NB: need an extra reference after ib_post_recv because we don't
+        * own this rx (and rx::rx_conn) anymore, LU-5678.
+        */
+       kiblnd_conn_addref(conn);
        rc = ib_post_recv(conn->ibc_cmid->qp, &rx->rx_wrq, &bad_wrq);
-       if (rc != 0) {
+       if (unlikely(rc != 0)) {
                CERROR("Can't post rx for %s: %d, bad_wrq: %p\n",
                       libcfs_nid2str(conn->ibc_peer->ibp_nid), rc, bad_wrq);
                rx->rx_nob = 0;
        }
 
        if (conn->ibc_state < IBLND_CONN_ESTABLISHED) /* Initial post */
-               return rc;
+               goto out;
 
-       if (rc != 0) {
+       if (unlikely(rc != 0)) {
                kiblnd_close_conn(conn, rc);
                kiblnd_drop_rx(rx);          /* No more posts for this rx */
-               return rc;
+               goto out;
        }
 
        if (credit == IBLND_POSTRX_NO_CREDIT)
-               return 0;
+               goto out;
 
        spin_lock(&conn->ibc_lock);
        if (credit == IBLND_POSTRX_PEER_CREDIT)
@@ -205,7 +209,9 @@ kiblnd_post_rx(kib_rx_t *rx, int credit)
        spin_unlock(&conn->ibc_lock);
 
        kiblnd_check_sends(conn);
-       return 0;
+out:
+       kiblnd_conn_decref(conn);
+       return rc;
 }
 
 static kib_tx_t *