- 28 Jan, 2018 4 commits
-
-
Jack Morgenstein authored
The ib_write_umad() is protected by taking the umad file mutex. However, it accesses file->port->ib_dev -- which is protected only by the port's mutex (field file_mutex). The ib_umad_remove_one() calls ib_umad_kill_port() which sets port->ib_dev to NULL under the port mutex (NOT the file mutex). It then sets the mad agent to "dead" under the umad file mutex. This is a race condition -- because there is a window where port->ib_dev is NULL, while the agent is not "dead". As a result, we saw stack traces like: [16490.678059] BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 [16490.678246] IP: ib_umad_write+0x29c/0xa3a [ib_umad] [16490.678333] PGD 0 P4D 0 [16490.678404] Oops: 0000 [#1] SMP PTI [16490.678466] Modules linked in: rdma_ucm(OE) ib_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_uverbs(OE) ib_umad(OE) mlx4_en(OE) ptp pps_core mlx4_ib(OE-) ib_core(OE) mlx4_core(OE) mlx_compat (OE) memtrack(OE) devlink mst_pciconf(OE) mst_pci(OE) netconsole nfsv3 nfs_acl nfs lockd grace fscache cfg80211 rfkill esp6_offload esp6 esp4_offload esp4 sunrpc kvm_intel kvm ppdev parport_pc irqbypass parport joydev i2c_piix4 virtio_balloon cirrus drm_kms_helper ttm drm e1000 serio_raw virtio_pci virtio_ring virtio ata_generic pata_acpi qemu_fw_cfg [last unloaded: mlxfw] [16490.679202] CPU: 4 PID: 3115 Comm: sminfo Tainted: G OE 4.14.13-300.fc27.x86_64 #1 [16490.679339] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014 [16490.679477] task: ffff9cf753890000 task.stack: ffffaf70c26b0000 [16490.679571] RIP: 0010:ib_umad_write+0x29c/0xa3a [ib_umad] [16490.679664] RSP: 0018:ffffaf70c26b3d90 EFLAGS: 00010202 [16490.679747] RAX: 0000000000000010 RBX: ffff9cf75610fd80 RCX: 0000000000000000 [16490.679856] RDX: 0000000000000001 RSI: 00007ffdf2bfd714 RDI: ffff9cf6bb2a9c00 In the above trace, ib_umad_write is trying to dereference the NULL file->port->ib_dev pointer. Fix this by using the agent's device pointer (the device field in struct ib_mad_agent) -- which IS protected by the umad file mutex. Cc: <stable@vger.kernel.org> # v4.11 Fixes: 44c58487 ("IB/core: Define 'ib' and 'roce' rdma_ah_attr types") Signed-off-by:
Jack Morgenstein <jackm@dev.mellanox.co.il> Signed-off-by:
Leon Romanovsky <leon@kernel.org> Signed-off-by:
Jason Gunthorpe <jgg@mellanox.com>
-
Markus Elfring authored
The script "checkpatch.pl" pointed information out like the following. WARNING: quoted string split across lines Thus fix the affected source code places. Signed-off-by:
Markus Elfring <elfring@users.sourceforge.net> Reviewed-by:
Max Gurtovoy <maxg@mellanox.com> Signed-off-by:
-
Markus Elfring authored
The variable "tx_desc" will be set to an appropriate pointer a bit later. Thus omit the explicit initialisation at the beginning. Signed-off-by:
-
Markus Elfring authored
Omit an extra message for a memory allocation failure in this function. This issue was detected by using the Coccinelle software. Signed-off-by:
-
- 26 Jan, 2018 1 commit
-
-
Davidlohr Bueso authored
get_user_pages() must be called with mmap_sem held, currently it is not. In fact it is called under the user db_table->mutex. To fix this we can convert gup to use the fast alternative, and safely avoid taking mmap_sem, if possible. Furthermore this is safe wrt to the mutex as other callers that take the lock (unmap and alloc_db) are not called under mmap_sem (hence possible deadlock). Signed-off-by:
Davidlohr Bueso <dbueso@suse.de> Signed-off-by:
Doug Ledford <dledford@redhat.com>
-
- 25 Jan, 2018 5 commits
-
-
Kalderon, Michal authored
There are races where can still get flush on CQEs before the QP enters error state. This is not an error and should be treated as debug information. Signed-off-by:
Michal Kalderon <Michal.Kalderon@cavium.com> Signed-off-by:
Ariel Elior <Ariel.Elior@cavium.com> Signed-off-by:
-
Jason Gunthorpe authored
Returning EOPNOTSUPP is problematic because it can also be returned by the method function, and we use it in quite a few places in drivers these days. Instead, dedicate EPROTONOSUPPORT to indicate that the ioctl framework is enabled but the requested object and method are not supported by the kernel. No other case will return this code, and it lets userspace know to fall back to write(). grep says we do not use it today in drivers/infiniband subsystem. Signed-off-by:
Matan Barak <matanb@mellanox.com> Signed-off-by:
-
Doug Ledford authored
When Jason Gunthorpe and I became co-maintainers of the rdma tree, we moved the official git repo location to a name neutral location. However, that update did not make it here as well. Fix that mistake. Signed-off-by: -
Amrani, Ram authored
Remove myself from maintaining the qedr module as my period of working with Cavium/Q-Logic has come to an end. I've had a pleasure working with the community, cheers! Signed-off-by:
-
Leon Romanovsky authored
Combination of CONFIG_DEBUG_OBJECTS_RCU_HEAD=y and CONFIG_INFINIBAND_SRPT=m produces the following build error. ERROR: "init_rcu_head" [drivers/infiniband/ulp/srpt/ib_srpt.ko] undefined! make[1]: *** [scripts/Makefile.modpost:92: __modpost] Error 1 make: *** [Makefile:1216: modules] Error 2 The reason to it that init_rcu_head() is not exported and not supposed to be used in modules. It is needed for dynamic initialization of statically allocated rcu_head structures. Fixes: 795bc112 ("IB/srpt: Make it safe to use RCU for srpt_device.rch_list") Fixes: a1125314 ("IB/srpt: Rework multi-channel support") Signed-off-by:
Bart Van Assche <bart.vanassche@wdc.com> Signed-off-by:
Leon Romanovsky <leonro@mellanox.com> Signed-off-by:
-
- 23 Jan, 2018 3 commits
-
-
Bart Van Assche authored
Although I'm not sure this parameter is useful for regular SRP users, setting this parameter to 1 has shown to be invaluable for testing the block layer core, SCSI core and device mapper queue running mechanisms. Signed-off-by:
-
Bart Van Assche authored
Since the SRP_LOGIN_REQ defined in the SRP standard is larger than what fits in the RDMA/CM login request private data, introduce a new login request format for the RDMA/CM. Note: since srp_daemon and ibsrpdm rely on the subnet manager and since there is no equivalent of the IB subnet manager in non-IB networks, login has to be performed manually for non-IB networks. Signed-off-by:
-
Bart Van Assche authored
Make it possible to call these two functions from a kernel module. Note: despite their name, these two functions can be used meaningfully independent of kobjects. A later patch will add calls to these functions from the SRP driver because this patch series modifies the SRP driver such that it can hold a reference to a namespace that can last longer than the lifetime of the process through which the namespace reference was obtained. Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
-
- 22 Jan, 2018 4 commits
-
-
Parav Pandit authored
rdma_dev_addr contains the net namespace pointer, while referring bound_dev_if of the rdma_dev_addr, refer to the net namespace of rdma_cm_id stored in rdma_dev_addr. Signed-off-by:
Parav Pandit <parav@mellanox.com> Reviewed-by:
Mark Bloch <markb@mellanox.com> Signed-off-by:
-
Parav Pandit authored
cma_validate_port uses rdma_dev_addr to validate the port of the cm_id. It needs to honor the net namespace which is setup during cm_id creation when finding netdevice. Signed-off-by:
-
Parav Pandit authored
Pass the rdma_cm_id so that multiple fields of the rdma_dev_addr structure can be accessed, instead of passing each individual fields. This is needed to access some additional fields in followup patches. Signed-off-by:
-
Parav Pandit authored
If valid netdevice is not found for RoCE, GID table should not be searched with NULL netdevice. Doing so causes the search routines to ignore the netdev argument and may match the wrong GID table entry if the netdev is deleted. Fixes: abae1b71 ("IB/cma: cma_validate_port should verify the port and netdevice") Signed-off-by:
-
- 19 Jan, 2018 5 commits
-
-
Leon Romanovsky authored
The kmalloc() failure to allocate memory generates enough information and doesn't need to be accompanied by another driver print. Fixes: d69a24e0 ("IB/mlx5: Move IB event processing onto a workqueue") Signed-off-by:
Yuval Shaia <yuval.shaia@oracle.com> Signed-off-by:
-
Parav Pandit authored
Now that all callers who care about RoCE addresses have been converted to use rdma_read_gids() simplify rdma_addr_get_sgid() to only support real GID addresses. Callers should only use it for OPA and IB transports. The now deleted implementation for RoCE has several bugs related to IPv6 support and incorrect/inconsistent 'GID' addresses compared to the CM paths. Signed-off-by:
Daniel Jurgens <danielj@mellanox.com> Signed-off-by:
-
Parav Pandit authored
Use the newly introduced rdma_read_gids() to read the SGID and DGID for the connection which returns GID correctly for RoCE transport as well. rdma_addr_get_dgid() for RoCE for client side connections returns MAC address, instead of DGID. rdma_addr_get_sgid() for RoCE doesn't return correct SGID for IPv6 and when more than one IP address is assigned to the netdevice. Therefore use transport agnostic rdma_read_gids() API provided by rdma_cm module. Signed-off-by:
Santosh Shilimkar <santosh.shilimkar@oracle.com> Signed-off-by:
-
Parav Pandit authored
Make use of rdma_read_gids() API to read SGID and DGID which returns correct GIDs for RoCE and other transports. rdma_addr_get_dgid() for RoCE for client side connections returns MAC address, instead of DGID. rdma_addr_get_sgid() for RoCE doesn't return correct SGID for IPv6 and when more than one IP address is assigned to the netdevice. Therefore use transport agnostic rdma_read_gids() API provided by rdma_cm module. Signed-off-by:
-
Parav Pandit authored
This patch introduces an API that allows legacy applications to query GIDs for a rdma_cm_id which is used during connection establishment. GIDs are stored and created differently for iWarp, IB and RoCE transports. Therefore rdma_read_gids() returns GID for all the transports hiding such internal details to caller. It is usable for client side and server side connections. In general continued use of GID based addressing outside of IB is discouraged, so rdma_read_gids() should not be used by any new ULPs. Signed-off-by:
-
- 18 Jan, 2018 18 commits
-
-
Bart Van Assche authored
This patch does not change any functionality but makes srpt_cm_req_recv() independent of the IB/CM and hence simplifies the patch that introduces RDMA/CM support. Signed-off-by:
-
Bart Van Assche authored
Introduce a union in struct srpt_rdma_ch for member variables that depend on the type of connection manager. Avoid that error messages report the IB/CM ID. Signed-off-by:
-
Bart Van Assche authored
If a receive I/O context is removed from the wait list and srpt_handle_new_iu() fails to allocate a send I/O context then re-adding the receive I/O context to the wait list can cause reordering. Avoid this by only removing a receive I/O context from the wait list after allocating a send I/O context succeeded. Signed-off-by:
-
Bart Van Assche authored
Wait list processing only occurs if the channel state >= CH_LIVE. Hence set the channel state to CH_LIVE before triggering wait list processing asynchronously. Signed-off-by:
-
Bart Van Assche authored
Make sure that sport->mutex is not released between the duplicate channel check, adding a channel to the channel list and performing the sport enabled check. Avoid that srpt_disconnect_ch() can be invoked concurrently with the ib_send_cm_rep() call by srpt_cm_req_recv(). Signed-off-by:
-
Bart Van Assche authored
The new pr_debug() statements are useful when debugging the ib_srpt driver. Signed-off-by:
-
Bart Van Assche authored
Move a mutex lock and unlock statement from srpt_close_session() into srpt_disconnect_ch_sync(). Since the previous patch removed the last user of the return value of that function, change the return value of srpt_disconnect_ch_sync() into void. Signed-off-by:
-
Bart Van Assche authored
Store initiator and target port ID's once per nexus instead of in each channel data structure. This change simplifies the duplicate connection check in srpt_cm_req_recv(). Signed-off-by:
-
Bart Van Assche authored
Use the source GID as session name instead of the initiator port ID from the SRP login request. The only functional change in this patch is that it changes the session name shown in debug messages. Note: the fifth argument that is passed to target_alloc_session() is what the SCSI target core uses as key for lookups in the ACL (access control list) information. Signed-off-by:
-
Bart Van Assche authored
In multipathing setups where a target system is equipped with dual-port HCAs it is useful to have one connection per target port instead of one connection per target HCA. Hence move the connection list (rch_list) from struct srpt_device into struct srpt_port. Signed-off-by:
-
Bart Van Assche authored
Process connection requests that use another P_Key than the default correctly. Signed-off-by:
-
Bart Van Assche authored
This patch fixes a use-after-free issue for ch->release_done when running the SRP protocol on top of the rdma_rxe driver. Signed-off-by:
-
Bart Van Assche authored
The next patch will iterate over rch_list from a context from which it is not allowed to block. Hence make rch_list RCU-safe. Signed-off-by:
-
Bart Van Assche authored
This patch does not change any functionality but prepares for the patch that adds RDMA_CM support by making the RDMA_CM patch much easier to read. Signed-off-by:
-
Bart Van Assche authored
Show all path record query parameters if a path record query fails. Signed-off-by:
-
Bart Van Assche authored
Use kstrtoull() since simple_strtoull() is deprecated. This patch improves error checking but otherwise does not change any functionality. Signed-off-by:
-
weiyongjun (A) authored
devm_ioremap_resource() already checks if the resource is NULL, so remove the unnecessary platform_get_resource() error check. Signed-off-by:
Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by:
-
Feras Daoud authored
This patch maps the new page to user space applications to allow converting a user space completion timestamp to system wall time at the lowest possible latency cost. By using a versioning scheme we allow compatibility between current and future userspace libraries. The change moves mlx5_ib_mmap_cmd enum from mlx5_ib.h to the abi header file mlx5-abi.h. Reviewed-by:
Alex Vesker <valex@mellanox.com> Reviewed-by:
Yishai Hadas <yishaih@mellanox.com> Signed-off-by:
Feras Daoud <ferasda@mellanox.com> Signed-off-by:
Eitan Rabin <rabin@mellanox.com> Signed-off-by:
-
