[PATCH] ibcore: allow passing NULL-pointers to ib_umem_release()

Reply: Hans Petter Selasky : "Re: [PATCH] ibcore: allow passing NULL-pointers to ib_umem_release()"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <dandan_at_lysator.liu.se>
Date: Fri, 29 Apr 2022 15:33:45 UTC

Hi!

The attached patch fixes the following kernel panic in ibcore when  
unloading the mlx4ib kernel module:

> Fatal trap 12: page fault while in kernel mode
> cpuid = 31; apic id = 2f
> fault virtual address   = 0x70
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x20:0xffffffff82f9fe8e
> stack pointer           = 0x28:0xfffffe0159d3db70
> frame pointer           = 0x28:0xfffffe0159d3dba0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                       = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0  
> current process         = 1866 (kldunload)
> trap number             = 12
> panic: page fault
> cpuid = 31
> time = 1650661418
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame  
> 0xfffffe0159d3d930
> vpanic() at vpanic+0x17f/frame 0xfffffe0159d3d980
> panic() at panic+0x43/frame 0xfffffe0159d3d9e0
> trap_fatal() at trap_fatal+0x385/frame 0xfffffe0159d3da40
> trap_pfault() at trap_pfault+0xab/frame 0xfffffe0159d3daa0
> calltrap() at calltrap+0x8/frame 0xfffffe0159d3daa0
> --- trap 0xc, rip = 0xffffffff82f9fe8e, rsp = 0xfffffe0159d3db70,  
> rbp = 0xfffffe0159d3dba0 --- ib_umem_release() at  
> ib_umem_release+0xe/frame 0xfffffe0159d3dba0
> mlx4_ib_destroy_qp() at mlx4_ib_destroy_qp+0x654/frame 0xfffffe0159d3dc00
> ib_destroy_qp_user() at ib_destroy_qp_user+0xce/frame 0xfffffe0159d3dc50
> ipoib_transport_dev_cleanup() at  
> ipoib_transport_dev_cleanup+0x1c/frame 0xfffffe0159d3dc70
> ipoib_dev_cleanup() at ipoib_dev_cleanup+0xd6/frame 0xfffffe0159d3dcb0
> ipoib_remove_one() at ipoib_remove_one+0xec/frame 0xfffffe0159d3dcf0
> ib_unregister_client() at ib_unregister_client+0x1b7/frame 0xfffffe0159d3dd30
> ipoib_cleanup_module() at ipoib_cleanup_module+0x50/frame 0xfffffe0159d3dd40
> linker_file_sysuninit() at linker_file_sysuninit+0x147/frame  
> 0xfffffe0159d3dd70
> linker_file_unload() at linker_file_unload+0x269/frame 0xfffffe0159d3ddb0
> kern_kldunload() at kern_kldunload+0x18d/frame 0xfffffe0159d3de00
> amd64_syscall() at amd64_syscall+0x12e/frame 0xfffffe0159d3df30
> fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0159d3df30
> --- syscall (444, FreeBSD ELF64, sys_kldunloadf), rip =  
> 0x3d2ea023e63a, rsp = 0x3d2e9f30cac8, rbp = 0x3d2e9f30d320 --- KDB:  
> enter: panic
> [ thread pid 1866 tid 100919 ]
> Stopped at      kdb_enter+0x32: movq    $0,0x127cea3(%rip)

Linux added the same functionality in commit  
836a0fbb3e76f704ad65ddfb57f00725245e509b.

The patch is based on FreeBSD commit 0abcc1d2d33aef2333dab28e1ec1858cf45b314a.

// Daniel Dandanell, Lysator ACS