1. 11 Oct, 2018 2 commits
  2. 05 Oct, 2018 1 commit
  3. 03 Oct, 2018 1 commit
  4. 26 Sep, 2018 1 commit
  5. 12 Sep, 2018 1 commit
  6. 31 Jul, 2018 1 commit
  7. 24 Jul, 2018 1 commit
  8. 10 Jul, 2018 1 commit
  9. 27 Jun, 2018 1 commit
  10. 25 Jun, 2018 3 commits
  11. 18 Jun, 2018 6 commits
    • Bharat Potnuri's avatar
      RDMA/core: Save kernel caller name when creating CQ using ib_create_cq() · 7350cdd0
      Bharat Potnuri authored
      Few kernel applications like SCST-iSER create CQ using ib_create_cq(),
      where accessing CQ structures using rdma restrack tool leads to below NULL
      pointer dereference. This patch saves caller kernel module name similar to
      BUG: unable to handle kernel NULL pointer dereference at           (null)
      IP: [<ffffffff8132ca70>] skip_spaces+0x30/0x30
      PGD 738bac067 PUD 8533f0067 PMD 0
      Oops: 0000 [#1] SMP
      R10: ffff88017fc03300 R11: 0000000000000246 R12: 0000000000000000
      R13: ffff88082fa5a668 R14: ffff88017475a000 R15: 0000000000000000
      FS:  00002b32726582c0(0000) GS:ffff88087fc40000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000000 CR3: 00000008491a1000 CR4: 00000000003607e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       [<ffffffffc05af69c>] ? fill_res_name_pid+0x7c/0x90 [ib_core]
       [<ffffffffc05af79f>] fill_res_cq_entry+0xef/0x170 [ib_core]
       [<ffffffffc05af4c4>] res_get_common_dumpit+0x3c4/0x480 [ib_core]
       [<ffffffffc05af5d3>] nldev_res_get_cq_dumpit+0x13/0x20 [ib_core]
       [<ffffffff815bc1e7>] netlink_dump+0x117/0x2e0
       [<ffffffff815bcb8b>] __netlink_dump_start+0x1ab/0x230
       [<ffffffffc059fead>] ibnl_rcv_msg+0x11d/0x1f0 [ib_core]
       [<ffffffffc05af5c0>] ? nldev_res_get_mr_dumpit+0x20/0x20 [ib_core]
       [<ffffffffc059fd90>] ? rdma_nl_multicast+0x30/0x30 [ib_core]
       [<ffffffff815bea49>] netlink_rcv_skb+0xa9/0xc0
       [<ffffffffc05a0018>] ibnl_rcv+0x98/0xb0 [ib_core]
       [<ffffffff815be132>] netlink_unicast+0xf2/0x1b0
       [<ffffffff815be50f>] netlink_sendmsg+0x31f/0x6a0
       [<ffffffff8156b580>] sock_sendmsg+0xb0/0xf0
       [<ffffffff816ace9e>] ? _raw_spin_unlock_bh+0x1e/0x20
       [<ffffffff8156f998>] ? release_sock+0x118/0x170
       [<ffffffff8156b731>] SYSC_sendto+0x121/0x1c0
       [<ffffffff81568340>] ? sock_alloc_file+0xa0/0x140
       [<ffffffff81221265>] ? __fd_install+0x25/0x60
       [<ffffffff8156c2ce>] SyS_sendto+0xe/0x10
       [<ffffffff816b6c2a>] system_call_fastpath+0x16/0x1b
      RIP  [<ffffffff8132ca70>] skip_spaces+0x30/0x30
      RSP <ffff88072be97760>
      CR2: 0000000000000000
      Cc: <stable@vger.kernel.org>
      Fixes: f66c8ba4 ("RDMA/core: Save kernel caller name when creating PD and CQ objects")
      Reviewed-by: default avatarSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: default avatarPotnuri Bharat Teja <bharat@chelsio.com>
      Reviewed-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
    • Jason Gunthorpe's avatar
      RDMA: Hold the sgid_attr inside the struct ib_ah/qp · 1a1f460f
      Jason Gunthorpe authored
      If the AH has a GRH then hold a reference to the sgid_attr inside the
      common struct.
      If the QP is modified with an AV that includes a GRH then also hold a
      reference to the sgid_attr inside the common struct.
      This informs the cache that the sgid_index is in-use so long as the AH or
      QP using it exists.
      This also means that all drivers can access the sgid_attr directly from
      the ah_attr instead of querying the cache during their UD post-send paths.
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
    • Jason Gunthorpe's avatar
      IB{cm, core}: Introduce and use ah_attr copy, move, replace APIs · d97099fe
      Jason Gunthorpe authored
      Introduce AH attribute copy, move and replace APIs to be used by core and
      provider drivers.
      In CM code flow when ah attribute might be re-initialized twice while
      processing incoming request, or initialized once while from path record
      while sending out CM requests. Therefore use rdma_move_ah_attr API to
      handle such scenarios instead of memcpy().
      Provider drivers keeps a copy ah_attr during the lifetime of the ah.
      Therefore, use rdma_replace_ah_attr() which conditionally release
      reference to old ah_attr and holds reference to new attribute whose
      referrence is released when the AH is freed.
      Signed-off-by: default avatarParav Pandit <parav@mellanox.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
    • Parav Pandit's avatar
      IB/core: Tidy ib_resolve_eth_dmac · 947c99ec
      Parav Pandit authored
      No reason to call rdma_ah_retrieve_grh, tidy whitespace, and add a
      function comment block.
      Signed-off-by: default avatarParav Pandit <parav@mellanox.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
    • Jason Gunthorpe's avatar
      IB/core: Add a sgid_attr pointer to struct rdma_ah_attr · 8d9ec9ad
      Jason Gunthorpe authored
      The sgid_attr will ultimately replace the sgid_index in the ah_attr.
      This will allow for all layers to have a consistent view of what
      gid table entry was selected as processing runs through all stages of the
      This commit introduces the pointer and ensures it is set before calling
      any driver callback that includes a struct ah_attr callback, allowing
      future patches to adjust both the drivers and the callers to use
      sgid_attr instead of sgid_index.
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
      Signed-off-by: default avatarParav Pandit <parav@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
    • Parav Pandit's avatar
      IB: Replace ib_query_gid/ib_get_cached_gid with rdma_query_gid · 1dfce294
      Parav Pandit authored
      If the gid_attr argument is NULL then the functions behave identically to
      rdma_query_gid. ib_query_gid just calls ib_get_cached_gid, so everything
      can be consolidated to one function.
      Now that all callers either use rdma_query_gid() or ib_get_cached_gid(),
      ib_query_gid() API is removed.
      Signed-off-by: default avatarParav Pandit <parav@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
  12. 02 Jun, 2018 1 commit
  13. 27 Apr, 2018 1 commit
  14. 05 Apr, 2018 1 commit
  15. 14 Mar, 2018 2 commits
  16. 08 Mar, 2018 1 commit
  17. 06 Mar, 2018 1 commit
    • Bart Van Assche's avatar
      RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access · a1ae7d03
      Bart Van Assche authored
      This patch fixes the following KASAN complaint:
      BUG: KASAN: stack-out-of-bounds in rxe_post_send+0x77d/0x9b0 [rdma_rxe]
      Read of size 8 at addr ffff880061aef860 by task 01/1080
      CPU: 2 PID: 1080 Comm: 01 Not tainted 4.16.0-rc3-dbg+ #2
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
      Call Trace:
      rxe_post_send+0x77d/0x9b0 [rdma_rxe]
      __ib_drain_sq+0x1ad/0x250 [ib_core]
      ib_drain_qp+0x9/0x30 [ib_core]
      srp_destroy_qp+0x51/0x70 [ib_srp]
      srp_free_ch_ib+0xfc/0x380 [ib_srp]
      srp_create_target+0x1071/0x19e0 [ib_srp]
      The buggy address belongs to the page:
      page:ffffea000186bbc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
      flags: 0x4000000000000000()
      raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff
      raw: 0000000000000000 ffffea000186bbe0 0000000000000000 0000000000000000
      page dumped because: kasan: bad access detected
      Memory state around the buggy address:
      ffff880061aef700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      ffff880061aef780: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
      >ffff880061aef800: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 f2 f2 f2 f2
      ffff880061aef880: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 f2 f2
      ffff880061aef900: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00
      Fixes: 765d6774 ("IB: new common API for draining queues")
      Signed-off-by: default avatarBart Van Assche <bart.vanassche@wdc.com>
      Cc: Steve Wise <swise@opengridcomputing.com>
      Cc: Sagi Grimberg <sagi@grimberg.me>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
  18. 23 Feb, 2018 1 commit
  19. 16 Feb, 2018 1 commit
    • Steve Wise's avatar
      RDMA/restrack: don't use uaccess_kernel() · 2f08ee36
      Steve Wise authored
      uaccess_kernel() isn't sufficient to determine if an rdma resource is
      user-mode or not.  For example, resources allocated in the add_one()
      function of an ib_client get falsely labeled as user mode, when they
      are kernel mode allocations.  EG: mad qps.
      The result is that these qps are skipped over during a nldev query
      because of an erroneous namespace mismatch.
      So now we determine if the resource is user-mode by looking at the object
      struct's uobject or similar pointer to know if it was allocated for user
      mode applications.
      Fixes: 02d8883f ("RDMA/restrack: Add general infrastructure to track RDMA resources")
      Signed-off-by: default avatarSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
  20. 30 Jan, 2018 3 commits
  21. 29 Jan, 2018 1 commit
  22. 18 Jan, 2018 1 commit
  23. 15 Jan, 2018 4 commits
  24. 11 Jan, 2018 1 commit
  25. 05 Jan, 2018 1 commit
  26. 27 Dec, 2017 1 commit