> We have just been investigating kernel panics related to
> cq->ibcq.event_handler() completion calls.
>
> Reason is that ib_destroy_qp() fails with -EBUSY. Further investigation
> revealed qp->usecnt is not initialized. This counter was introduced
> in linux-3.2 by commit 0e0ec7e0638ef48e0c661873dfcc8caccab984c6
> and is only initialized for IB_QPT_XRC_TGT, but also checked in
> ib_destroy_qp()
> for any qp type.
>
> Signed-off-by: Bernd Schubert <bernd.schub...@itwm.fraunhofer.de>
> Signed-off-by: Sven Breuner <sven.breu...@itwm.fraunhofer.de>
Reviewed-by: Sean Hefty <sean.he...@intel.com>
> ---
Good catch. I did all my testing with mlx4, which just happens to use kzalloc
when allocating the QP.
> drivers/infiniband/core/verbs.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c
> index 602b1bd..575b780 100644
> --- a/drivers/infiniband/core/verbs.c
> +++ b/drivers/infiniband/core/verbs.c
> @@ -421,6 +421,7 @@ struct ib_qp *ib_create_qp(struct ib_pd *pd,
> qp->uobject = NULL;
> qp->qp_type = qp_init_attr->qp_type;
>
> + atomic_set(&qp->usecnt, 0);
> if (qp_init_attr->qp_type == IB_QPT_XRC_TGT) {
> qp->event_handler = __ib_shared_qp_event_handler;
> qp->qp_context = qp;
> @@ -430,7 +431,6 @@ struct ib_qp *ib_create_qp(struct ib_pd *pd,
> qp->xrcd = qp_init_attr->xrcd;
> atomic_inc(&qp_init_attr->xrcd->usecnt);
> INIT_LIST_HEAD(&qp->open_list);
> - atomic_set(&qp->usecnt, 0);
>
> real_qp = qp;
> qp = __ib_open_qp(real_qp, qp_init_attr->event_handler,
N�����r��y����b�X��ǧv�^�){.n�+����{��ٚ�{ay��ʇڙ�,j���f���h���z���w����
���j:+v���w�j�m���������zZ+�����ݢj"��!�i
