[PATCH net-next 3/6] cnic: Fix panic in cnic_iscsi_nl_msg_recv() when device is down.

Previous thread: [PATCH net-next 4/6] cnic: Simplify route checking during iSCSI connection. by Michael Chan on Wednesday, February 24, 2010 - 5:42 pm. (6 messages)

Next thread: [RFC PATCH] accounting for socket backlog by Zhu Yi on Wednesday, February 24, 2010 - 8:13 pm. (11 messages)

[view original message]

From: Michael Chan

Subject: [PATCH net-next 1/6] cnic: Finetune iSCSI connection set up.

Date: Wednesday, February 24, 2010 - 5:42 pm

From: Eddie Wai &lt;waie@broadcom.com&gt;

Initialize IP ID and handle some additional connection errors.

Signed-off-by: Eddie Wai &lt;waie@broadcom.com&gt;
Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: Benjamin Li &lt;benli@broadcom.com&gt;
---
 drivers/net/cnic.c |   17 ++++++++++++++++-
 drivers/net/cnic.h |    2 +-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/drivers/net/cnic.c b/drivers/net/cnic.c
index 6aecef9..0fe8371 100644
--- a/drivers/net/cnic.c
+++ b/drivers/net/cnic.c
@@ -2507,7 +2507,7 @@ static int cnic_cm_offload_pg(struct cnic_sock *csk)
 	l4kwqe-&gt;sa5 = dev-&gt;mac_addr[5];
 
 	l4kwqe-&gt;etype = ETH_P_IP;
-	l4kwqe-&gt;ipid_count = DEF_IPID_COUNT;
+	l4kwqe-&gt;ipid_start = DEF_IPID_START;
 	l4kwqe-&gt;host_opaque = csk-&gt;l5_cid;
 
 	if (csk-&gt;vlan_id) {
@@ -3046,6 +3046,14 @@ static void cnic_cm_process_offld_pg(struct cnic_dev *dev, struct l4_kcq *kcqe)
 		clear_bit(SK_F_OFFLD_SCHED, &amp;csk-&gt;flags);
 		goto done;
 	}
+	/* Possible PG kcqe status:  SUCCESS, OFFLOADED_PG, or CTX_ALLOC_FAIL */
+	if (kcqe-&gt;status == L4_KCQE_COMPLETION_STATUS_CTX_ALLOC_FAIL) {
+		clear_bit(SK_F_OFFLD_SCHED, &amp;csk-&gt;flags);
+		cnic_cm_upcall(cp, csk,
+			       L4_KCQE_OPCODE_VALUE_CONNECT_COMPLETE);
+		goto done;
+	}
+
 	csk-&gt;pg_cid = kcqe-&gt;pg_cid;
 	set_bit(SK_F_PG_OFFLD_COMPLETE, &amp;csk-&gt;flags);
 	cnic_cm_conn_req(csk);
@@ -3083,6 +3091,13 @@ static void cnic_cm_process_kcqe(struct cnic_dev *dev, struct kcqe *kcqe)
 	}
 
 	switch (opcode) {
+	case L5CM_RAMROD_CMD_ID_TCP_CONNECT:
+		if (l4kcqe-&gt;status != 0) {
+			clear_bit(SK_F_OFFLD_SCHED, &amp;csk-&gt;flags);
+			cnic_cm_upcall(cp, csk,
+				       L4_KCQE_OPCODE_VALUE_CONNECT_COMPLETE);
+		}
+		break;
 	case L4_KCQE_OPCODE_VALUE_CONNECT_COMPLETE:
 		if (l4kcqe-&gt;status == 0)
 			set_bit(SK_F_OFFLD_COMPLETE, &amp;csk-&gt;flags);
diff --git a/drivers/net/cnic.h b/drivers/net/cnic.h
index 241d09a..1921597 100644
--- a/drivers/net/cnic.h
+++ b/drivers/net/cnic.h
@@ -101,7 +101,7 @@ struct cnic_redirect_entry {
 #define ...[ message continues ]

[view original message]

From: Michael Chan

Subject: [PATCH net-next 3/6] cnic: Fix panic in cnic_iscsi_nl_msg_recv() when device is down.

Date: Wednesday, February 24, 2010 - 5:42 pm

Some data structures are freed when the device is down and it will
crash if an ISCSI netlink message is received.  Add RCU protection
to prevent this.  In the shutdown path, ulp_ops[CNIC_ULP_L4] is
assigned NULL and rcu_synchronized before freeing the data
structures.

Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
---
 drivers/net/cnic.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/drivers/net/cnic.c b/drivers/net/cnic.c
index 40865aa..4558444 100644
--- a/drivers/net/cnic.c
+++ b/drivers/net/cnic.c
@@ -327,6 +327,12 @@ static int cnic_iscsi_nl_msg_recv(struct cnic_dev *dev, u32 msg_type,
 		if (l5_cid &gt;= MAX_CM_SK_TBL_SZ)
 			break;
 
+		rcu_read_lock();
+		if (!rcu_dereference(cp-&gt;ulp_ops[CNIC_ULP_L4])) {
+			rc = -ENODEV;
+			rcu_read_unlock();
+			break;
+		}
 		csk = &amp;cp-&gt;csk_tbl[l5_cid];
 		csk_hold(csk);
 		if (cnic_in_use(csk)) {
@@ -341,6 +347,7 @@ static int cnic_iscsi_nl_msg_recv(struct cnic_dev *dev, u32 msg_type,
 				cnic_cm_set_pg(csk);
 		}
 		csk_put(csk);
+		rcu_read_unlock();
 		rc = 0;
 	}
 	}
-- 
1.6.4.GIT


--

[ message continues ]

[view original message]

From: Simon Horman

Subject: Re: [PATCH net-next 3/6] cnic: Fix panic in cnic_iscsi_nl_msg_recv() when device is down.

Date: Thursday, February 25, 2010 - 5:51 pm

Is rcu_assign_pointer() unnecessary in cnic_cm_open()?
It doesn't seem to be followed by rcu_synchronized() and the pointer
doesn't seem to be accessible anywhere else at that time.
--

[ message continues ]

[view original message]

From: David Miller

Subject: Re: [PATCH net-next 3/6] cnic: Fix panic in cnic_iscsi_nl_msg_recv() when device is down.

Date: Friday, February 26, 2010 - 3:11 am

From: &quot;Michael Chan&quot; &lt;mchan@broadcom.com&gt;

Applied.
--

[ message continues ]

[view original message]

From: Michael Chan

Subject: [PATCH net-next 2/6] cnic: Finetune iSCSI connection reset.

Date: Wednesday, February 24, 2010 - 5:42 pm

From: Eddie Wai &lt;waie@broadcom.com&gt;

For bnx2 devices, always send notification to bnx2i to let it initiate
the cleanup when RST is received.

For bnx2x devices, add unsolicited RST_COMP handling to start the cleanup.

Signed-off-by: Eddie Wai &lt;waie@broadcom.com&gt;
Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: Benjamin Li &lt;benli@broadcom.com&gt;
---
 drivers/net/cnic.c |   21 ++++++++++++++++-----
 1 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/net/cnic.c b/drivers/net/cnic.c
index 0fe8371..40865aa 100644
--- a/drivers/net/cnic.c
+++ b/drivers/net/cnic.c
@@ -3108,7 +3108,10 @@ static void cnic_cm_process_kcqe(struct cnic_dev *dev, struct kcqe *kcqe)
 		break;
 
 	case L4_KCQE_OPCODE_VALUE_RESET_RECEIVED:
-		if (test_and_clear_bit(SK_F_OFFLD_COMPLETE, &amp;csk-&gt;flags))
+		if (test_bit(CNIC_F_BNX2_CLASS, &amp;dev-&gt;flags)) {
+			cnic_cm_upcall(cp, csk, opcode);
+			break;
+		} else if (test_and_clear_bit(SK_F_OFFLD_COMPLETE, &amp;csk-&gt;flags))
 			csk-&gt;state = opcode;
 		/* fall through */
 	case L4_KCQE_OPCODE_VALUE_CLOSE_COMP:
@@ -3172,6 +3175,16 @@ static int cnic_ready_to_close(struct cnic_sock *csk, u32 opcode)
 		if (!test_and_set_bit(SK_F_CLOSING, &amp;csk-&gt;flags))
 			return 1;
 	}
+	/* 57710+ only  workaround to handle unsolicited RESET_COMP
+	 * which will be treated like a RESET RCVD notification
+	 * which triggers the clean up procedure
+	 */
+	else if (opcode == L4_KCQE_OPCODE_VALUE_RESET_COMP) {
+		if (!test_and_set_bit(SK_F_CLOSING, &amp;csk-&gt;flags)) {
+			csk-&gt;state = L4_KCQE_OPCODE_VALUE_RESET_RECEIVED;
+			return 1;
+		}
+	}
 	return 0;
 }
 
@@ -3181,10 +3194,8 @@ static void cnic_close_bnx2_conn(struct cnic_sock *csk, u32 opcode)
 	struct cnic_local *cp = dev-&gt;cnic_priv;
 
 	clear_bit(SK_F_CONNECT_START, &amp;csk-&gt;flags);
-	if (cnic_ready_to_close(csk, opcode)) {
-		cnic_close_conn(csk);
-		cnic_cm_upcall(cp, csk, opcode);
-	}
+	cnic_close_conn(csk);
+	cnic_cm_upcall(cp, csk, opcode);
 }
 
 static void ...[ message continues ]

[view original message]

From: David Miller

Subject: Re: [PATCH net-next 2/6] cnic: Finetune iSCSI connection reset.

Date: Friday, February 26, 2010 - 3:11 am

From: &quot;Michael Chan&quot; &lt;mchan@broadcom.com&gt;

Applied.
--

[ message continues ]

[view original message]

From: David Miller

Subject: Re: [PATCH net-next 1/6] cnic: Finetune iSCSI connection set up.

Date: Friday, February 26, 2010 - 3:11 am

From: &quot;Michael Chan&quot; &lt;mchan@broadcom.com&gt;

Applied.
--

[ message continues ]


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead "CONFIG_" variables
Mark Brown	[PATCH 2/2] Subject: natsemi: Allow users to disable workaround for DspCfg reset
Tony Breeds	[LGUEST] Look in object dir for .config
git:
Brian Downing	Re: Git in a Nutshell guide
John Benes	Re: master has some toys
Matthias Lederhofer	[PATCH 4/7] introduce GIT_WORK_TREE to specify the work tree
Alexander Sulfrian	[RFC/PATCH] RE: git calls SSH_ASKPASS even if DISPLAY is not set
Junio C Hamano	Re: Rss produced by git is not valid xml?
git-commits-head:
Linux Kernel Mailing List	iSeries: fix section mismatch in iseries_veth
Linux Kernel Mailing List</