xprtrdma: Yet another double DMA-unmap

While chasing yet another set of DMAR fault reports, I noticed that
the frwr recycler conflates whether or not an MR has been DMA
unmapped with frwr->fr_state. Actually the two have only an indirect
relationship. It's in fact impossible to guess reliably whether the
MR has been DMA unmapped based on its fr_state field, especially as
the surrounding code and its assumptions have changed over time.

A better approach is to track the DMA mapping status explicitly so
that the recycler is less brittle to unexpected situations, and
attempts to DMA-unmap a second time are prevented.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: stable@vger.kernel.org # v4.20
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>

diff --git a/net/sunrpc/xprtrdma/frwr_ops.c b/net/sunrpc/xprtrdma/frwr_ops.c
index fc6378c..20ced24 100644 (file)
--- a/net/sunrpc/xprtrdma/frwr_ops.c
+++ b/net/sunrpc/xprtrdma/frwr_ops.c
@@ -117,15 +117,15 @@ static void
 frwr_mr_recycle_worker(struct work_struct *work)
 {
        struct rpcrdma_mr *mr = container_of(work, struct rpcrdma_mr, mr_recycle);
-       enum rpcrdma_frwr_state state = mr->frwr.fr_state;
        struct rpcrdma_xprt *r_xprt = mr->mr_xprt;
 
        trace_xprtrdma_mr_recycle(mr);
 
-       if (state != FRWR_FLUSHED_LI) {
+       if (mr->mr_dir != DMA_NONE) {
                trace_xprtrdma_mr_unmap(mr);
                ib_dma_unmap_sg(r_xprt->rx_ia.ri_device,
                                mr->mr_sg, mr->mr_nents, mr->mr_dir);
+               mr->mr_dir = DMA_NONE;
        }
 
        spin_lock(&r_xprt->rx_buf.rb_mrlock);
@@ -150,6 +150,8 @@ frwr_op_init_mr(struct rpcrdma_ia *ia, struct rpcrdma_mr *mr)
        if (!mr->mr_sg)
                goto out_list_err;
 
+       frwr->fr_state = FRWR_IS_INVALID;
+       mr->mr_dir = DMA_NONE;
        INIT_LIST_HEAD(&mr->mr_list);
        INIT_WORK(&mr->mr_recycle, frwr_mr_recycle_worker);
        sg_init_table(mr->mr_sg, depth);

diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c
index 3ddba94..b9bc7f9 100644 (file)
--- a/net/sunrpc/xprtrdma/verbs.c
+++ b/net/sunrpc/xprtrdma/verbs.c
@@ -1329,9 +1329,12 @@ rpcrdma_mr_unmap_and_put(struct rpcrdma_mr *mr)
 {
        struct rpcrdma_xprt *r_xprt = mr->mr_xprt;
 
-       trace_xprtrdma_mr_unmap(mr);
-       ib_dma_unmap_sg(r_xprt->rx_ia.ri_device,
-                       mr->mr_sg, mr->mr_nents, mr->mr_dir);
+       if (mr->mr_dir != DMA_NONE) {
+               trace_xprtrdma_mr_unmap(mr);
+               ib_dma_unmap_sg(r_xprt->rx_ia.ri_device,
+                               mr->mr_sg, mr->mr_nents, mr->mr_dir);
+               mr->mr_dir = DMA_NONE;
+       }
        __rpcrdma_mr_put(&r_xprt->rx_buf, mr);
 }