IPoIB: Disable NAPI while CQ is being drained

If NAPI is enabled while IPoIB's CQ is being drained, it creates a
race on priv->ibwc between ipoib_poll() and ipoib_drain_cq(), leading
to memory corruption.

The solution is to enable/disable NAPI in ipoib_ib_dev_{open/stop}()
instead of in ipoib_{open/stop}(), and sync NAPI on the INITIALIZED
flag instead on the ADMIN_UP flag. This way NAPI will be disabled when
ipoib_drain_cq() is called.

This fixes <https://bugs.openfabrics.org/show_bug.cgi?id=1587>.

Signed-off-by: Yossi Etigin <yosefe@voltaire.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>

diff --git a/drivers/infiniband/ulp/ipoib/ipoib_ib.c b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
index da6082739839968ed3c64cc402a3bb438b28b8eb..e7e5adf84e840e3f13aa54dc1c1036f6d4a81846 100644 (file)
--- a/drivers/infiniband/ulp/ipoib/ipoib_ib.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
@@ -685,7 +685,8 @@ int ipoib_ib_dev_open(struct net_device *dev)
        queue_delayed_work(ipoib_workqueue, &priv->ah_reap_task,
                           round_jiffies_relative(HZ));
 
-       set_bit(IPOIB_FLAG_INITIALIZED, &priv->flags);
+       if (!test_and_set_bit(IPOIB_FLAG_INITIALIZED, &priv->flags))
+               napi_enable(&priv->napi);
 
        return 0;
 }
@@ -804,7 +805,8 @@ int ipoib_ib_dev_stop(struct net_device *dev, int flush)
        struct ipoib_tx_buf *tx_req;
        int i;
 
-       clear_bit(IPOIB_FLAG_INITIALIZED, &priv->flags);
+       if (test_and_clear_bit(IPOIB_FLAG_INITIALIZED, &priv->flags))
+               napi_disable(&priv->napi);
 
        ipoib_cm_dev_stop(dev);
 

diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
index 421a6640c9bd00918e5a3b2eb3d12fa403db51fd..ab2c192c76bc5e726b65f3ea8cb58ddb8e50f695 100644 (file)
--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
@@ -106,8 +106,7 @@ int ipoib_open(struct net_device *dev)
 
        ipoib_dbg(priv, "bringing up interface\n");
 
-       if (!test_and_set_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags))
-               napi_enable(&priv->napi);
+       set_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags);
 
        if (ipoib_pkey_dev_delay_open(dev))
                return 0;
@@ -143,7 +142,6 @@ err_stop:
        ipoib_ib_dev_stop(dev, 1);
 
 err_disable:
-       napi_disable(&priv->napi);
        clear_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags);
 
        return -EINVAL;
@@ -156,7 +154,6 @@ static int ipoib_stop(struct net_device *dev)
        ipoib_dbg(priv, "stopping interface\n");
 
        clear_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags);
-       napi_disable(&priv->napi);
 
        netif_stop_queue(dev);