* [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm
@ 2025-11-17 21:07 Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Fix data race in irdma_free_pble Tatyana Nikolova
` (7 more replies)
0 siblings, 8 replies; 10+ messages in thread
From: Tatyana Nikolova @ 2025-11-17 21:07 UTC (permalink / raw)
To: jgg, leon; +Cc: linux-rdma, tatyana.e.nikolova, krzysztof.czurylo
From: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
- Adds a lock around irdma_sc_ccq_arm body to prevent inter-thread
data race.
- Fixes data race in irdma_sc_ccq_arm() reported by KCSAN:
BUG: KCSAN: data-race in irdma_sc_ccq_arm [irdma] / irdma_sc_ccq_arm [irdma]
read to 0xffff9d51b4034220 of 8 bytes by task 255 on cpu 11:
irdma_sc_ccq_arm+0x36/0xd0 [irdma]
irdma_cqp_ce_handler+0x300/0x310 [irdma]
cqp_compl_worker+0x2a/0x40 [irdma]
process_one_work+0x402/0x7e0
worker_thread+0xb3/0x6d0
kthread+0x178/0x1a0
ret_from_fork+0x2c/0x50
write to 0xffff9d51b4034220 of 8 bytes by task 89 on cpu 3:
irdma_sc_ccq_arm+0x7e/0xd0 [irdma]
irdma_cqp_ce_handler+0x300/0x310 [irdma]
irdma_wait_event+0xd4/0x3e0 [irdma]
irdma_handle_cqp_op+0xa5/0x220 [irdma]
irdma_hw_flush_wqes+0xb1/0x300 [irdma]
irdma_flush_wqes+0x22e/0x3a0 [irdma]
irdma_cm_disconn_true+0x4c7/0x5d0 [irdma]
irdma_disconnect_worker+0x35/0x50 [irdma]
process_one_work+0x402/0x7e0
worker_thread+0xb3/0x6d0
kthread+0x178/0x1a0
ret_from_fork+0x2c/0x50
value changed: 0x0000000000024000 -> 0x0000000000034000
Signed-off-by: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
---
drivers/infiniband/hw/irdma/ctrl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/infiniband/hw/irdma/ctrl.c b/drivers/infiniband/hw/irdma/ctrl.c
index 57bf6815e71e..c17b1c14dfe2 100644
--- a/drivers/infiniband/hw/irdma/ctrl.c
+++ b/drivers/infiniband/hw/irdma/ctrl.c
@@ -3868,11 +3868,13 @@ int irdma_sc_cqp_destroy(struct irdma_sc_cqp *cqp)
*/
void irdma_sc_ccq_arm(struct irdma_sc_cq *ccq)
{
+ unsigned long flags;
u64 temp_val;
u16 sw_cq_sel;
u8 arm_next_se;
u8 arm_seq_num;
+ spin_lock_irqsave(&ccq->dev->cqp_lock, flags);
get_64bit_val(ccq->cq_uk.shadow_area, 32, &temp_val);
sw_cq_sel = (u16)FIELD_GET(IRDMA_CQ_DBSA_SW_CQ_SELECT, temp_val);
arm_next_se = (u8)FIELD_GET(IRDMA_CQ_DBSA_ARM_NEXT_SE, temp_val);
@@ -3883,6 +3885,7 @@ void irdma_sc_ccq_arm(struct irdma_sc_cq *ccq)
FIELD_PREP(IRDMA_CQ_DBSA_ARM_NEXT_SE, arm_next_se) |
FIELD_PREP(IRDMA_CQ_DBSA_ARM_NEXT, 1);
set_64bit_val(ccq->cq_uk.shadow_area, 32, temp_val);
+ spin_unlock_irqrestore(&ccq->dev->cqp_lock, flags);
dma_wmb(); /* make sure shadow area is updated before arming */
--
2.31.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] RDMA/irdma: Fix data race in irdma_free_pble
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
@ 2025-11-17 21:07 ` Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Add a missing kfree of struct irdma_pci_f for GEN2 Tatyana Nikolova
` (6 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Tatyana Nikolova @ 2025-11-17 21:07 UTC (permalink / raw)
To: jgg, leon; +Cc: linux-rdma, tatyana.e.nikolova, krzysztof.czurylo
From: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
- Protects pble_rsrc counters with mutex to prevent data race.
- Fixes the following data race in irdma_free_pble reported by KCSAN:
BUG: KCSAN: data-race in irdma_free_pble [irdma] / irdma_free_pble [irdma]
write to 0xffff91430baa0078 of 8 bytes by task 16956 on cpu 5:
irdma_free_pble+0x3b/0xb0 [irdma]
irdma_dereg_mr+0x108/0x110 [irdma]
ib_dereg_mr_user+0x74/0x160 [ib_core]
uverbs_free_mr+0x26/0x30 [ib_uverbs]
destroy_hw_idr_uobject+0x4a/0x90 [ib_uverbs]
uverbs_destroy_uobject+0x7b/0x330 [ib_uverbs]
uobj_destroy+0x61/0xb0 [ib_uverbs]
ib_uverbs_run_method+0x1f2/0x380 [ib_uverbs]
ib_uverbs_cmd_verbs+0x365/0x440 [ib_uverbs]
ib_uverbs_ioctl+0x111/0x190 [ib_uverbs]
__x64_sys_ioctl+0xc9/0x100
do_syscall_64+0x44/0xa0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
read to 0xffff91430baa0078 of 8 bytes by task 16953 on cpu 2:
irdma_free_pble+0x23/0xb0 [irdma]
irdma_dereg_mr+0x108/0x110 [irdma]
ib_dereg_mr_user+0x74/0x160 [ib_core]
uverbs_free_mr+0x26/0x30 [ib_uverbs]
destroy_hw_idr_uobject+0x4a/0x90 [ib_uverbs]
uverbs_destroy_uobject+0x7b/0x330 [ib_uverbs]
uobj_destroy+0x61/0xb0 [ib_uverbs]
ib_uverbs_run_method+0x1f2/0x380 [ib_uverbs]
ib_uverbs_cmd_verbs+0x365/0x440 [ib_uverbs]
ib_uverbs_ioctl+0x111/0x190 [ib_uverbs]
__x64_sys_ioctl+0xc9/0x100
do_syscall_64+0x44/0xa0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
value changed: 0x0000000000005a62 -> 0x0000000000005a68
Signed-off-by: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
---
drivers/infiniband/hw/irdma/pble.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/irdma/pble.c b/drivers/infiniband/hw/irdma/pble.c
index 3091f9345f12..4a20ec891059 100644
--- a/drivers/infiniband/hw/irdma/pble.c
+++ b/drivers/infiniband/hw/irdma/pble.c
@@ -506,12 +506,14 @@ int irdma_get_pble(struct irdma_hmc_pble_rsrc *pble_rsrc,
void irdma_free_pble(struct irdma_hmc_pble_rsrc *pble_rsrc,
struct irdma_pble_alloc *palloc)
{
- pble_rsrc->freedpbles += palloc->total_cnt;
-
if (palloc->level == PBLE_LEVEL_2)
free_lvl2(pble_rsrc, palloc);
else
irdma_prm_return_pbles(&pble_rsrc->pinfo,
&palloc->level1.chunkinfo);
+
+ mutex_lock(&pble_rsrc->pble_mutex_lock);
+ pble_rsrc->freedpbles += palloc->total_cnt;
pble_rsrc->stats_alloc_freed++;
+ mutex_unlock(&pble_rsrc->pble_mutex_lock);
}
--
2.31.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] RDMA/irdma: Add a missing kfree of struct irdma_pci_f for GEN2
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Fix data race in irdma_free_pble Tatyana Nikolova
@ 2025-11-17 21:07 ` Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Fix SIGBUS in AEQ destroy Tatyana Nikolova
` (5 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Tatyana Nikolova @ 2025-11-17 21:07 UTC (permalink / raw)
To: jgg, leon; +Cc: linux-rdma, tatyana.e.nikolova, krzysztof.czurylo
During a refactor of the irdma GEN2 code, the kfree of the irdma_pci_f struct
in icrdma_remove(), which was originally introduced upstream as part of
commit 80f2ab46c2ee ("irdma: free iwdev->rf after removing MSI-X")
was accidentally removed.
Fixes: 0c2b80cac96e ("RDMA/irdma: Refactor GEN2 auxiliary driver")
Signed-off-by: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
---
drivers/infiniband/hw/irdma/icrdma_if.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/hw/irdma/icrdma_if.c b/drivers/infiniband/hw/irdma/icrdma_if.c
index 27b191f61caf..5d3fd118e4f8 100644
--- a/drivers/infiniband/hw/irdma/icrdma_if.c
+++ b/drivers/infiniband/hw/irdma/icrdma_if.c
@@ -320,6 +320,8 @@ static void icrdma_remove(struct auxiliary_device *aux_dev)
irdma_ib_unregister_device(iwdev);
icrdma_deinit_interrupts(iwdev->rf, cdev_info);
+ kfree(iwdev->rf);
+
pr_debug("INIT: Gen[%d] func[%d] device remove success\n",
rdma_ver, PCI_FUNC(cdev_info->pdev->devfn));
}
--
2.31.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] RDMA/irdma: Fix SIGBUS in AEQ destroy
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Fix data race in irdma_free_pble Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Add a missing kfree of struct irdma_pci_f for GEN2 Tatyana Nikolova
@ 2025-11-17 21:07 ` Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Add missing mutex destroy Tatyana Nikolova
` (4 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Tatyana Nikolova @ 2025-11-17 21:07 UTC (permalink / raw)
To: jgg, leon; +Cc: linux-rdma, tatyana.e.nikolova, krzysztof.czurylo
From: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
Removes write to IRDMA_PFINT_AEQCTL register prior to destroying AEQ,
as this register does not exist in GEN3+ hardware and this kind of IRQ
configuration is no longer required.
Signed-off-by: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
---
drivers/infiniband/hw/irdma/ctrl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/irdma/ctrl.c b/drivers/infiniband/hw/irdma/ctrl.c
index efe7882b0230..3a8f1a88f2a7 100644
--- a/drivers/infiniband/hw/irdma/ctrl.c
+++ b/drivers/infiniband/hw/irdma/ctrl.c
@@ -4624,7 +4624,8 @@ static int irdma_sc_aeq_destroy(struct irdma_sc_aeq *aeq, u64 scratch,
u64 hdr;
dev = aeq->dev;
- if (dev->privileged)
+
+ if (dev->hw_attrs.uk_attrs.hw_rev <= IRDMA_GEN_2)
writel(0, dev->hw_regs[IRDMA_PFINT_AEQCTL]);
cqp = dev->cqp;
--
2.31.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] RDMA/irdma: Add missing mutex destroy
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
` (2 preceding siblings ...)
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Fix SIGBUS in AEQ destroy Tatyana Nikolova
@ 2025-11-17 21:07 ` Tatyana Nikolova
2025-11-17 21:07 ` [PATCH 1/2] RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY Tatyana Nikolova
` (3 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Tatyana Nikolova @ 2025-11-17 21:07 UTC (permalink / raw)
To: jgg, leon; +Cc: linux-rdma, tatyana.e.nikolova, krzysztof.czurylo, Anil Samal
From: Anil Samal <anil.samal@intel.com>
Add missing destroy of ah_tbl_lock and vchnl_mutex.
Signed-off-by: Anil Samal <anil.samal@intel.com>
Signed-off-by: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
---
drivers/infiniband/hw/irdma/icrdma_if.c | 4 +++-
drivers/infiniband/hw/irdma/ig3rdma_if.c | 4 ++++
drivers/infiniband/hw/irdma/verbs.c | 4 +++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/irdma/icrdma_if.c b/drivers/infiniband/hw/irdma/icrdma_if.c
index 5d3fd118e4f8..b49fd9cf2476 100644
--- a/drivers/infiniband/hw/irdma/icrdma_if.c
+++ b/drivers/infiniband/hw/irdma/icrdma_if.c
@@ -302,7 +302,8 @@ static int icrdma_probe(struct auxiliary_device *aux_dev, const struct auxiliary
err_ctrl_init:
icrdma_deinit_interrupts(rf, cdev_info);
err_init_interrupts:
- kfree(iwdev->rf);
+ mutex_destroy(&rf->ah_tbl_lock);
+ kfree(rf);
ib_dealloc_device(&iwdev->ibdev);
return err;
@@ -319,6 +320,7 @@ static void icrdma_remove(struct auxiliary_device *aux_dev)
ice_rdma_update_vsi_filter(cdev_info, iwdev->vsi_num, false);
irdma_ib_unregister_device(iwdev);
icrdma_deinit_interrupts(iwdev->rf, cdev_info);
+ mutex_destroy(&iwdev->rf->ah_tbl_lock);
kfree(iwdev->rf);
diff --git a/drivers/infiniband/hw/irdma/ig3rdma_if.c b/drivers/infiniband/hw/irdma/ig3rdma_if.c
index 1bb42eb298ba..e1d6670d9396 100644
--- a/drivers/infiniband/hw/irdma/ig3rdma_if.c
+++ b/drivers/infiniband/hw/irdma/ig3rdma_if.c
@@ -55,6 +55,7 @@ static int ig3rdma_vchnl_init(struct irdma_pci_f *rf,
ret = irdma_sc_vchnl_init(&rf->sc_dev, &virt_info);
if (ret) {
destroy_workqueue(rf->vchnl_wq);
+ mutex_destroy(&rf->sc_dev.vchnl_mutex);
return ret;
}
@@ -124,7 +125,9 @@ static void ig3rdma_decfg_rf(struct irdma_pci_f *rf)
{
struct irdma_hw *hw = &rf->hw;
+ mutex_destroy(&rf->ah_tbl_lock);
destroy_workqueue(rf->vchnl_wq);
+ mutex_destroy(&rf->sc_dev.vchnl_mutex);
kfree(hw->io_regs);
iounmap(hw->rdma_reg.addr);
}
@@ -149,6 +152,7 @@ static int ig3rdma_cfg_rf(struct irdma_pci_f *rf,
err = ig3rdma_cfg_regions(&rf->hw, cdev_info);
if (err) {
destroy_workqueue(rf->vchnl_wq);
+ mutex_destroy(&rf->sc_dev.vchnl_mutex);
return err;
}
diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
index 05a1be5ed426..a5b14ff09605 100644
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -5509,7 +5509,9 @@ void irdma_ib_dealloc_device(struct ib_device *ibdev)
irdma_rt_deinit_hw(iwdev);
if (!iwdev->is_vport) {
irdma_ctrl_deinit_hw(iwdev->rf);
- if (iwdev->rf->vchnl_wq)
+ if (iwdev->rf->vchnl_wq) {
destroy_workqueue(iwdev->rf->vchnl_wq);
+ mutex_destroy(&iwdev->rf->sc_dev.vchnl_mutex);
+ }
}
}
--
2.31.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 1/2] RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
` (3 preceding siblings ...)
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Add missing mutex destroy Tatyana Nikolova
@ 2025-11-17 21:07 ` Tatyana Nikolova
2025-11-17 21:07 ` [PATCH 2/2] RDMA/irdma: Do not set IBK_LOCAL_DMA_LKEY for GEN3+ Tatyana Nikolova
` (2 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Tatyana Nikolova @ 2025-11-17 21:07 UTC (permalink / raw)
To: jgg, leon; +Cc: linux-rdma, tatyana.e.nikolova, krzysztof.czurylo, Jacob Moroni
From: Jacob Moroni <jmoroni@google.com>
The HW disables bounds checking for MRs with a length of zero, so
the driver will only allow a zero length MR if the "all_memory"
flag is set, and this flag is only set if IB_PD_UNSAFE_GLOBAL_RKEY
is set for the PD.
This means that the "get_dma_mr" method will currently fail unless
the IB_PD_UNSAFE_GLOBAL_RKEY flag is set. This has not been an issue
because the "get_dma_mr" method is only ever invoked if the device
does not support the local DMA key or if IB_PD_UNSAFE_GLOBAL_RKEY
is set, and so far, all IRDMA HW supports the local DMA lkey.
However, some new HW does not support the local DMA lkey, so the
"get_dma_mr" method needs to work without IB_PD_UNSAFE_GLOBAL_RKEY
being set.
To support HW that does not allow the local DMA lkey, the logic has
been changed to pass an explicit flag to indicate when a dma_mr is
being created so that the zero length will be allowed.
Also, the "all_memory" flag has been forced to false for normal MR
allocation since these MRs are never supposed to provide global
unsafe rkey semantics anyway; only the MR created with "get_dma_mr"
should support this.
Signed-off-by: Jacob Moroni <jmoroni@google.com>
Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
---
drivers/infiniband/hw/irdma/cm.c | 2 +-
drivers/infiniband/hw/irdma/main.h | 2 +-
drivers/infiniband/hw/irdma/verbs.c | 15 ++++++++-------
drivers/infiniband/hw/irdma/verbs.h | 3 ++-
4 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/infiniband/hw/irdma/cm.c b/drivers/infiniband/hw/irdma/cm.c
index c6a0a661d6e7..f4f4f92ba63a 100644
--- a/drivers/infiniband/hw/irdma/cm.c
+++ b/drivers/infiniband/hw/irdma/cm.c
@@ -3710,7 +3710,7 @@ int irdma_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
iwpd = iwqp->iwpd;
tagged_offset = (uintptr_t)iwqp->ietf_mem.va;
ibmr = irdma_reg_phys_mr(&iwpd->ibpd, iwqp->ietf_mem.pa, buf_len,
- IB_ACCESS_LOCAL_WRITE, &tagged_offset);
+ IB_ACCESS_LOCAL_WRITE, &tagged_offset, false);
if (IS_ERR(ibmr)) {
ret = -ENOMEM;
goto error;
diff --git a/drivers/infiniband/hw/irdma/main.h b/drivers/infiniband/hw/irdma/main.h
index 355046c0261b..c14fa0ce1679 100644
--- a/drivers/infiniband/hw/irdma/main.h
+++ b/drivers/infiniband/hw/irdma/main.h
@@ -556,7 +556,7 @@ void irdma_copy_ip_htonl(__be32 *dst, u32 *src);
u16 irdma_get_vlan_ipv4(u32 *addr);
void irdma_get_vlan_mac_ipv6(u32 *addr, u16 *vlan_id, u8 *mac);
struct ib_mr *irdma_reg_phys_mr(struct ib_pd *ib_pd, u64 addr, u64 size,
- int acc, u64 *iova_start);
+ int acc, u64 *iova_start, bool dma_mr);
int irdma_upload_qp_context(struct irdma_qp *iwqp, bool freeze, bool raw);
void irdma_cqp_ce_handler(struct irdma_pci_f *rf, struct irdma_sc_cq *cq);
int irdma_ah_cqp_op(struct irdma_pci_f *rf, struct irdma_sc_ah *sc_ah, u8 cmd,
diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
index a5b14ff09605..ec792fda2b6b 100644
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -3117,7 +3117,6 @@ static int irdma_hw_alloc_stag(struct irdma_device *iwdev,
info->stag_idx = iwmr->stag >> IRDMA_CQPSQ_STAG_IDX_S;
info->pd_id = iwpd->sc_pd.pd_id;
info->total_len = iwmr->len;
- info->all_memory = pd->flags & IB_PD_UNSAFE_GLOBAL_RKEY;
info->remote_access = true;
cqp_info->cqp_cmd = IRDMA_OP_ALLOC_STAG;
cqp_info->post_sq = 1;
@@ -3128,7 +3127,7 @@ static int irdma_hw_alloc_stag(struct irdma_device *iwdev,
if (status)
return status;
- iwmr->is_hwreg = 1;
+ iwmr->is_hwreg = true;
return 0;
}
@@ -3271,7 +3270,7 @@ static int irdma_hwreg_mr(struct irdma_device *iwdev, struct irdma_mr *iwmr,
if (iwdev->rf->sc_dev.hw_attrs.uk_attrs.feature_flags & IRDMA_FEATURE_ATOMIC_OPS)
stag_info->remote_atomics_en = (access & IB_ACCESS_REMOTE_ATOMIC) ? 1 : 0;
stag_info->pd_id = iwpd->sc_pd.pd_id;
- stag_info->all_memory = pd->flags & IB_PD_UNSAFE_GLOBAL_RKEY;
+ stag_info->all_memory = iwmr->dma_mr;
if (stag_info->access_rights & IRDMA_ACCESS_FLAGS_ZERO_BASED)
stag_info->addr_type = IRDMA_ADDR_TYPE_ZERO_BASED;
else
@@ -3298,7 +3297,7 @@ static int irdma_hwreg_mr(struct irdma_device *iwdev, struct irdma_mr *iwmr,
irdma_put_cqp_request(&iwdev->rf->cqp, cqp_request);
if (!ret)
- iwmr->is_hwreg = 1;
+ iwmr->is_hwreg = true;
return ret;
}
@@ -3672,7 +3671,7 @@ static int irdma_hwdereg_mr(struct ib_mr *ib_mr)
if (status)
return status;
- iwmr->is_hwreg = 0;
+ iwmr->is_hwreg = false;
return 0;
}
@@ -3795,9 +3794,10 @@ static struct ib_mr *irdma_rereg_user_mr(struct ib_mr *ib_mr, int flags,
* @size: size of memory to register
* @access: Access rights
* @iova_start: start of virtual address for physical buffers
+ * @dma_mr: Flag indicating whether this region is a PD DMA MR
*/
struct ib_mr *irdma_reg_phys_mr(struct ib_pd *pd, u64 addr, u64 size, int access,
- u64 *iova_start)
+ u64 *iova_start, bool dma_mr)
{
struct irdma_device *iwdev = to_iwdev(pd->device);
struct irdma_pbl *iwpbl;
@@ -3814,6 +3814,7 @@ struct ib_mr *irdma_reg_phys_mr(struct ib_pd *pd, u64 addr, u64 size, int access
iwpbl = &iwmr->iwpbl;
iwpbl->iwmr = iwmr;
iwmr->type = IRDMA_MEMREG_TYPE_MEM;
+ iwmr->dma_mr = dma_mr;
iwpbl->user_base = *iova_start;
stag = irdma_create_stag(iwdev);
if (!stag) {
@@ -3852,7 +3853,7 @@ static struct ib_mr *irdma_get_dma_mr(struct ib_pd *pd, int acc)
{
u64 kva = 0;
- return irdma_reg_phys_mr(pd, 0, 0, acc, &kva);
+ return irdma_reg_phys_mr(pd, 0, 0, acc, &kva, true);
}
/**
diff --git a/drivers/infiniband/hw/irdma/verbs.h b/drivers/infiniband/hw/irdma/verbs.h
index ac8b38701835..aabbb3442098 100644
--- a/drivers/infiniband/hw/irdma/verbs.h
+++ b/drivers/infiniband/hw/irdma/verbs.h
@@ -111,7 +111,8 @@ struct irdma_mr {
};
struct ib_umem *region;
int access;
- u8 is_hwreg;
+ bool is_hwreg:1;
+ bool dma_mr:1;
u16 type;
u32 page_cnt;
u64 page_size;
--
2.31.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/2] RDMA/irdma: Do not set IBK_LOCAL_DMA_LKEY for GEN3+
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
` (4 preceding siblings ...)
2025-11-17 21:07 ` [PATCH 1/2] RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY Tatyana Nikolova
@ 2025-11-17 21:07 ` Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Remove doorbell elision logic Tatyana Nikolova
2025-11-23 8:41 ` [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Leon Romanovsky
7 siblings, 0 replies; 10+ messages in thread
From: Tatyana Nikolova @ 2025-11-17 21:07 UTC (permalink / raw)
To: jgg, leon; +Cc: linux-rdma, tatyana.e.nikolova, krzysztof.czurylo, Jacob Moroni
From: Jacob Moroni <jmoroni@google.com>
The GEN3 hardware does not appear to support IBK_LOCAL_DMA_LKEY. Attempts
to use it will result in an AE.
Signed-off-by: Jacob Moroni <jmoroni@google.com>
Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
---
drivers/infiniband/hw/irdma/verbs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
index ec792fda2b6b..4c15699e94b0 100644
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -27,7 +27,8 @@ static int irdma_query_device(struct ib_device *ibdev,
irdma_fw_minor_ver(&rf->sc_dev);
props->device_cap_flags = IB_DEVICE_MEM_WINDOW |
IB_DEVICE_MEM_MGT_EXTENSIONS;
- props->kernel_cap_flags = IBK_LOCAL_DMA_LKEY;
+ if (hw_attrs->uk_attrs.hw_rev < IRDMA_GEN_3)
+ props->kernel_cap_flags = IBK_LOCAL_DMA_LKEY;
props->vendor_id = pcidev->vendor;
props->vendor_part_id = pcidev->device;
--
2.31.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] RDMA/irdma: Remove doorbell elision logic
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
` (5 preceding siblings ...)
2025-11-17 21:07 ` [PATCH 2/2] RDMA/irdma: Do not set IBK_LOCAL_DMA_LKEY for GEN3+ Tatyana Nikolova
@ 2025-11-17 21:07 ` Tatyana Nikolova
2025-11-23 8:41 ` [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Leon Romanovsky
7 siblings, 0 replies; 10+ messages in thread
From: Tatyana Nikolova @ 2025-11-17 21:07 UTC (permalink / raw)
To: jgg, leon; +Cc: linux-rdma, tatyana.e.nikolova, krzysztof.czurylo, Jacob Moroni
From: Jacob Moroni <jmoroni@google.com>
In some cases, this logic can result in doorbell writes being
skipped when they should not have been (at least on GEN3 HW),
so remove it. This also means that the mb() can be safely
downgraded to dma_wmb().
Fixes: 551c46edc769 ("RDMA/irdma: Add user/kernel shared libraries")
Signed-off-by: Jacob Moroni <jmoroni@google.com>
Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
---
drivers/infiniband/hw/irdma/puda.c | 1 -
drivers/infiniband/hw/irdma/uk.c | 31 ++----------------------------
drivers/infiniband/hw/irdma/user.h | 1 -
3 files changed, 2 insertions(+), 31 deletions(-)
diff --git a/drivers/infiniband/hw/irdma/puda.c b/drivers/infiniband/hw/irdma/puda.c
index 3c29e2289322..cee47ddbd1b5 100644
--- a/drivers/infiniband/hw/irdma/puda.c
+++ b/drivers/infiniband/hw/irdma/puda.c
@@ -685,7 +685,6 @@ static int irdma_puda_qp_create(struct irdma_puda_rsrc *rsrc)
ukqp->rq_size = rsrc->rq_size;
IRDMA_RING_INIT(ukqp->sq_ring, ukqp->sq_size);
- IRDMA_RING_INIT(ukqp->initial_ring, ukqp->sq_size);
IRDMA_RING_INIT(ukqp->rq_ring, ukqp->rq_size);
ukqp->wqe_alloc_db = qp->pd->dev->wqe_alloc_db;
diff --git a/drivers/infiniband/hw/irdma/uk.c b/drivers/infiniband/hw/irdma/uk.c
index 8a463b3d4c83..f0846b800913 100644
--- a/drivers/infiniband/hw/irdma/uk.c
+++ b/drivers/infiniband/hw/irdma/uk.c
@@ -114,33 +114,8 @@ void irdma_clr_wqes(struct irdma_qp_uk *qp, u32 qp_wqe_idx)
*/
void irdma_uk_qp_post_wr(struct irdma_qp_uk *qp)
{
- u64 temp;
- u32 hw_sq_tail;
- u32 sw_sq_head;
-
- /* valid bit is written and loads completed before reading shadow */
- mb();
-
- /* read the doorbell shadow area */
- get_64bit_val(qp->shadow_area, 0, &temp);
-
- hw_sq_tail = (u32)FIELD_GET(IRDMA_QP_DBSA_HW_SQ_TAIL, temp);
- sw_sq_head = IRDMA_RING_CURRENT_HEAD(qp->sq_ring);
- if (sw_sq_head != qp->initial_ring.head) {
- if (sw_sq_head != hw_sq_tail) {
- if (sw_sq_head > qp->initial_ring.head) {
- if (hw_sq_tail >= qp->initial_ring.head &&
- hw_sq_tail < sw_sq_head)
- writel(qp->qp_id, qp->wqe_alloc_db);
- } else {
- if (hw_sq_tail >= qp->initial_ring.head ||
- hw_sq_tail < sw_sq_head)
- writel(qp->qp_id, qp->wqe_alloc_db);
- }
- }
- }
-
- qp->initial_ring.head = qp->sq_ring.head;
+ dma_wmb();
+ writel(qp->qp_id, qp->wqe_alloc_db);
}
/**
@@ -1606,7 +1581,6 @@ static void irdma_setup_connection_wqes(struct irdma_qp_uk *qp,
qp->conn_wqes = move_cnt;
IRDMA_RING_MOVE_HEAD_BY_COUNT_NOCHECK(qp->sq_ring, move_cnt);
IRDMA_RING_MOVE_TAIL_BY_COUNT(qp->sq_ring, move_cnt);
- IRDMA_RING_MOVE_HEAD_BY_COUNT_NOCHECK(qp->initial_ring, move_cnt);
}
/**
@@ -1751,7 +1725,6 @@ int irdma_uk_qp_init(struct irdma_qp_uk *qp, struct irdma_qp_uk_init_info *info)
qp->max_sq_frag_cnt = info->max_sq_frag_cnt;
sq_ring_size = qp->sq_size << info->sq_shift;
IRDMA_RING_INIT(qp->sq_ring, sq_ring_size);
- IRDMA_RING_INIT(qp->initial_ring, sq_ring_size);
if (info->first_sq_wq) {
irdma_setup_connection_wqes(qp, info);
qp->swqe_polarity = 1;
diff --git a/drivers/infiniband/hw/irdma/user.h b/drivers/infiniband/hw/irdma/user.h
index 3a27cce3c3db..9eb7fd0b1cbf 100644
--- a/drivers/infiniband/hw/irdma/user.h
+++ b/drivers/infiniband/hw/irdma/user.h
@@ -457,7 +457,6 @@ struct irdma_srq_uk {
struct irdma_uk_attrs *uk_attrs;
__le64 *shadow_area;
struct irdma_ring srq_ring;
- struct irdma_ring initial_ring;
u32 srq_id;
u32 srq_size;
u32 max_srq_frag_cnt;
--
2.31.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
` (6 preceding siblings ...)
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Remove doorbell elision logic Tatyana Nikolova
@ 2025-11-23 8:41 ` Leon Romanovsky
2025-11-25 0:01 ` Nikolova, Tatyana E
7 siblings, 1 reply; 10+ messages in thread
From: Leon Romanovsky @ 2025-11-23 8:41 UTC (permalink / raw)
To: Tatyana Nikolova; +Cc: jgg, linux-rdma, krzysztof.czurylo
On Mon, Nov 17, 2025 at 03:07:49PM -0600, Tatyana Nikolova wrote:
> From: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
>
> - Adds a lock around irdma_sc_ccq_arm body to prevent inter-thread
> data race.
>
> - Fixes data race in irdma_sc_ccq_arm() reported by KCSAN:
>
> BUG: KCSAN: data-race in irdma_sc_ccq_arm [irdma] / irdma_sc_ccq_arm [irdma]
>
> read to 0xffff9d51b4034220 of 8 bytes by task 255 on cpu 11:
> irdma_sc_ccq_arm+0x36/0xd0 [irdma]
> irdma_cqp_ce_handler+0x300/0x310 [irdma]
> cqp_compl_worker+0x2a/0x40 [irdma]
> process_one_work+0x402/0x7e0
> worker_thread+0xb3/0x6d0
> kthread+0x178/0x1a0
> ret_from_fork+0x2c/0x50
>
> write to 0xffff9d51b4034220 of 8 bytes by task 89 on cpu 3:
> irdma_sc_ccq_arm+0x7e/0xd0 [irdma]
> irdma_cqp_ce_handler+0x300/0x310 [irdma]
> irdma_wait_event+0xd4/0x3e0 [irdma]
> irdma_handle_cqp_op+0xa5/0x220 [irdma]
> irdma_hw_flush_wqes+0xb1/0x300 [irdma]
> irdma_flush_wqes+0x22e/0x3a0 [irdma]
> irdma_cm_disconn_true+0x4c7/0x5d0 [irdma]
> irdma_disconnect_worker+0x35/0x50 [irdma]
> process_one_work+0x402/0x7e0
> worker_thread+0xb3/0x6d0
> kthread+0x178/0x1a0
> ret_from_fork+0x2c/0x50
>
> value changed: 0x0000000000024000 -> 0x0000000000034000
>
> Signed-off-by: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
> Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
> ---
> drivers/infiniband/hw/irdma/ctrl.c | 3 +++
> 1 file changed, 3 insertions(+)
Please add Fixes line to all these patches and send them as a series and
not as standalone patches with reply-to to some random patch as it is now.
Thanks
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm
2025-11-23 8:41 ` [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Leon Romanovsky
@ 2025-11-25 0:01 ` Nikolova, Tatyana E
0 siblings, 0 replies; 10+ messages in thread
From: Nikolova, Tatyana E @ 2025-11-25 0:01 UTC (permalink / raw)
To: Leon Romanovsky
Cc: jgg@nvidia.com, linux-rdma@vger.kernel.org, Czurylo, Krzysztof
> -----Original Message-----
> From: Leon Romanovsky <leon@kernel.org>
> Sent: Sunday, November 23, 2025 2:42 AM
> To: Nikolova, Tatyana E <tatyana.e.nikolova@intel.com>
> Cc: jgg@nvidia.com; linux-rdma@vger.kernel.org; Czurylo, Krzysztof
> <krzysztof.czurylo@intel.com>
> Subject: Re: [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm
>
> On Mon, Nov 17, 2025 at 03:07:49PM -0600, Tatyana Nikolova wrote:
> > From: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
> >
> > - Adds a lock around irdma_sc_ccq_arm body to prevent inter-thread
> > data race.
> >
> > - Fixes data race in irdma_sc_ccq_arm() reported by KCSAN:
> >
> > BUG: KCSAN: data-race in irdma_sc_ccq_arm [irdma] / irdma_sc_ccq_arm
> > [irdma]
> >
> > read to 0xffff9d51b4034220 of 8 bytes by task 255 on cpu 11:
> > irdma_sc_ccq_arm+0x36/0xd0 [irdma]
> > irdma_cqp_ce_handler+0x300/0x310 [irdma]
> > cqp_compl_worker+0x2a/0x40 [irdma]
> > process_one_work+0x402/0x7e0
> > worker_thread+0xb3/0x6d0
> > kthread+0x178/0x1a0
> > ret_from_fork+0x2c/0x50
> >
> > write to 0xffff9d51b4034220 of 8 bytes by task 89 on cpu 3:
> > irdma_sc_ccq_arm+0x7e/0xd0 [irdma]
> > irdma_cqp_ce_handler+0x300/0x310 [irdma]
> > irdma_wait_event+0xd4/0x3e0 [irdma]
> > irdma_handle_cqp_op+0xa5/0x220 [irdma]
> > irdma_hw_flush_wqes+0xb1/0x300 [irdma]
> > irdma_flush_wqes+0x22e/0x3a0 [irdma]
> > irdma_cm_disconn_true+0x4c7/0x5d0 [irdma]
> > irdma_disconnect_worker+0x35/0x50 [irdma]
> > process_one_work+0x402/0x7e0
> > worker_thread+0xb3/0x6d0
> > kthread+0x178/0x1a0
> > ret_from_fork+0x2c/0x50
> >
> > value changed: 0x0000000000024000 -> 0x0000000000034000
> >
> > Signed-off-by: Krzysztof Czurylo <krzysztof.czurylo@intel.com>
> > Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
> > ---
> > drivers/infiniband/hw/irdma/ctrl.c | 3 +++
> > 1 file changed, 3 insertions(+)
>
> Please add Fixes line to all these patches and send them as a series and not
> as standalone patches with reply-to to some random patch as it is now.
Will do. Thanks
>
> Thanks
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-11-25 0:02 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-17 21:07 [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Fix data race in irdma_free_pble Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Add a missing kfree of struct irdma_pci_f for GEN2 Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Fix SIGBUS in AEQ destroy Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Add missing mutex destroy Tatyana Nikolova
2025-11-17 21:07 ` [PATCH 1/2] RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY Tatyana Nikolova
2025-11-17 21:07 ` [PATCH 2/2] RDMA/irdma: Do not set IBK_LOCAL_DMA_LKEY for GEN3+ Tatyana Nikolova
2025-11-17 21:07 ` [PATCH] RDMA/irdma: Remove doorbell elision logic Tatyana Nikolova
2025-11-23 8:41 ` [PATCH] RDMA/irdma: Fix data race in irdma_sc_ccq_arm Leon Romanovsky
2025-11-25 0:01 ` Nikolova, Tatyana E
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox