www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Wengang Wang <wen.gang.wang@oracle.com>
	Tue, 4 Aug 2015 05:39:51 +0000 (13:39 +0800)
committer	Mukesh Kacker <mukesh.kacker@oracle.com>
	Wed, 12 Aug 2015 22:44:43 +0000 (15:44 -0700)
commit	e1ba562f67fc2013847e64c8659f7f96b344b7db
tree	54a1575b76a5815035568cdf9377ad7cabdece24	tree
parent	3d6e0fed8edc2f5d5439bee22c2fa153096c77ea	commit \| diff

rds: rds_ib_device.refcount overflow

Fixes:
  3e0249f9c05c ("RDS/IB: add refcount tracking to struct rds_ib_device")

There is a missing dropping of refcount on rds_ib_device.refcount
in case rds_ib_alloc_fmr() failed(mr pool running out). This lead to
the refcount overflow.

A BUG_ON on line 117(see following) is triggered.
From vmcore:
s_ib_rdma_mr_pool_depleted is 2147485544
and rds_ibdev->refcount is -2147475448.

That is the evidence the mr pool is used up. So rds_ib_alloc_fmr() is
very likely to return ERR_PTR(-EAGAIN).

115 void rds_ib_dev_put(struct rds_ib_device *rds_ibdev)
116 {
117         BUG_ON(atomic_read(&rds_ibdev->refcount) <= 0);
118         if (atomic_dec_and_test(&rds_ibdev->refcount))
119                 queue_work(rds_wq, &rds_ibdev->free_work);
120 }

The fix is to drop refcount when rds_ib_alloc_fmr() failed.

upstream commit: 4fabb59449aa44a585b3603ffdadd4c5f4d0c033

Orabug: 21534438

Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
Reviewed-by: Haggai Eran <haggaie@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Acked-by: Wei Xu <wei.xu.xu@oracle.com>
Acked-by: Zheng Li <zheng.x.li@oracle.com>
Signed-off-by: Guangyu Sun <guangyu.sun@oracle.com>