Unexpected issues with 2 NVME initiators using the same target
Sagi Grimberg
sagi at grimberg.me
Wed Jun 28 22:35:21 PDT 2017
>> How do you know when that happens?
>
> The RPC Call send path sets up the Send SGE array. If it includes
> page cache pages, it can set IB_SEND_SIGNALED.
>
> The SGE array and the ib_cqe for the send are in the same data
> structure, so the Send completion handler can find the SGE array
> and figure out what needs to be unmapped.
>
> The only problem is if a POSIX signal fires. In that case the
> data structure can be released before the Send completion fires,
> and we get touch-after-free in the completion handler.
>
> I'm thinking that it just isn't going to be practical to handle
> unmapping this way, and I should just revert back to using RDMA
> Read instead of adding page cache pages to the Send SGE.
Or wait for the send completion before completing the I/O?
More information about the Linux-nvme
mailing list