Commit 4d5422a3 authored by Artemy Kovalyov's avatar Artemy Kovalyov Committed by Jason Gunthorpe

IB/mlx5: Skip non-ODP MR when handling a page fault

It is possible that we call pagefault_single_data_segment() with a MKey
that belongs to a memory region which is not on demand (i.e. pinned
pages). This can happen if, for instance, a WQE that points to multiple
MRs where some of them are ODP MRs and some are not.  In this case we
don't need to handle this MR in the ODP context besides reporting success.

Otherwise the code will call pagefault_mr() which will do to_ib_umem_odp()
on a non-ODP MR and thus access out of bounds.

Fixes: 7bdf65d4 ("IB/mlx5: Handle page faults")
Signed-off-by: default avatarArtemy Kovalyov <>
Signed-off-by: default avatarMoni Shoua <>
Signed-off-by: default avatarLeon Romanovsky <>
Signed-off-by: default avatarJason Gunthorpe <>
parent ca088320
......@@ -674,6 +674,14 @@ static int pagefault_single_data_segment(struct mlx5_ib_dev *dev,
goto srcu_unlock;
if (!mr->umem->is_odp) {
mlx5_ib_dbg(dev, "skipping non ODP MR (lkey=0x%06x) in page fault handler.\n",
if (bytes_mapped)
*bytes_mapped += bcnt;
goto srcu_unlock;
ret = pagefault_mr(dev, mr, io_virt, bcnt, bytes_mapped);
if (ret < 0)
goto srcu_unlock;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment