1. 15 7月, 2015 1 次提交
  2. 02 6月, 2015 1 次提交
  3. 19 5月, 2015 1 次提交
  4. 18 4月, 2015 1 次提交
  5. 16 4月, 2015 4 次提交
    • E
      IB/ipoib: Save only IPOIB_MAX_PATH_REC_QUEUE skb's · 1e85b806
      Erez Shitrit 提交于
      Whenever there is no path->ah to the destination, keep only defined
      number of skb's. Otherwise there are cases that the driver can keep
      infinite list of skb's.
      
      For example, when one device want to send unicast arp to the destination,
      and from some reason the SM doesn't respond, the driver currently keeps
      all the skb's. If that unicast arp traffic stopped, all  these skb's
      are kept by the path object till the interface is down.
      Signed-off-by: NErez Shitrit <erezsh@mellanox.com>
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      1e85b806
    • D
      IB/ipoib: No longer use flush as a parameter · efc82eee
      Doug Ledford 提交于
      Various places in the IPoIB code had a deadlock related to flushing
      the ipoib workqueue.  Now that we have per device workqueues and a
      specific flush workqueue, there is no longer a deadlock issue with
      flushing the device specific workqueues and we can do so unilaterally.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      efc82eee
    • D
      IB/ipoib: Use dedicated workqueues per interface · 0b39578b
      Doug Ledford 提交于
      During my recent work on the rtnl lock deadlock in the IPoIB driver, I
      saw that even once I fixed the apparent races for a single device, as
      soon as that device had any children, new races popped up.  It turns
      out that this is because no matter how well we protect against races
      on a single device, the fact that all devices use the same workqueue,
      and flush_workqueue() flushes *everything* from that workqueue means
      that we would also have to prevent all races between different devices
      (for instance, ipoib_mcast_restart_task on interface ib0 can race with
      ipoib_mcast_flush_dev on interface ib0.8002, resulting in a deadlock on
      the rtnl_lock).
      
      There are several possible solutions to this problem:
      
      Make carrier_on_task and mcast_restart_task try to take the rtnl for
      some set period of time and if they fail, then bail.  This runs the
      real risk of dropping work on the floor, which can end up being its
      own separate kind of deadlock.
      
      Set some global flag in the driver that says some device is in the
      middle of going down, letting all tasks know to bail.  Again, this can
      drop work on the floor.
      
      Or the method this patch attempts to use, which is when we bring an
      interface up, create a workqueue specifically for that interface, so
      that when we take it back down, we are flushing only those tasks
      associated with our interface.  In addition, keep the global
      workqueue, but now limit it to only flush tasks.  In this way, the
      flush tasks can always flush the device specific work queues without
      having deadlock issues.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      0b39578b
    • D
      IB/ipoib: change init sequence ordering · be7aa663
      Doug Ledford 提交于
      In preparation for using per device work queues, we need to move the
      start of the neighbor thread task to after ipoib_ib_dev_init and move
      the destruction of the neighbor task to before ipoib_ib_dev_cleanup.
      Otherwise we will end up freeing our workqueue with work possibly
      still on it.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      be7aa663
  6. 03 4月, 2015 1 次提交
  7. 31 1月, 2015 3 次提交
  8. 16 12月, 2014 3 次提交
    • D
      IPoIB: No longer use flush as a parameter · ce347ab9
      Doug Ledford 提交于
      Various places in the IPoIB code had a deadlock related to flushing
      the ipoib workqueue.  Now that we have per device workqueues and a
      specific flush workqueue, there is no longer a deadlock issue with
      flushing the device specific workqueues and we can do so unilaterally.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      ce347ab9
    • D
      IPoIB: Use dedicated workqueues per interface · 5141861c
      Doug Ledford 提交于
      During my recent work on the rtnl lock deadlock in the IPoIB driver, I
      saw that even once I fixed the apparent races for a single device, as
      soon as that device had any children, new races popped up.  It turns
      out that this is because no matter how well we protect against races
      on a single device, the fact that all devices use the same workqueue,
      and flush_workqueue() flushes *everything* from that workqueue, we can
      have one device in the middle of a down and holding the rtnl lock and
      another totally unrelated device needing to run mcast_restart_task,
      which wants the rtnl lock and will loop trying to take it unless is
      sees its own FLAG_ADMIN_UP flag go away.  Because the unrelated
      interface will never see its own ADMIN_UP flag drop, the interface
      going down will deadlock trying to flush the queue.  There are several
      possible solutions to this problem:
      
      Make carrier_on_task and mcast_restart_task try to take the rtnl for
      some set period of time and if they fail, then bail.  This runs the
      real risk of dropping work on the floor, which can end up being its
      own separate kind of deadlock.
      
      Set some global flag in the driver that says some device is in the
      middle of going down, letting all tasks know to bail.  Again, this can
      drop work on the floor.  I suppose if our own ADMIN_UP flag doesn't go
      away, then maybe after a few tries on the rtnl lock we can queue our
      own task back up as a delayed work and return and avoid dropping work
      on the floor that way.  But I'm not 100% convinced that we won't cause
      other problems.
      
      Or the method this patch attempts to use, which is when we bring an
      interface up, create a workqueue specifically for that interface, so
      that when we take it back down, we are flushing only those tasks
      associated with our interface.  In addition, keep the global
      workqueue, but now limit it to only flush tasks.  In this way, the
      flush tasks can always flush the device specific work queues without
      having deadlock issues.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      5141861c
    • D
      IPoIB: change init sequence ordering · 3bcce487
      Doug Ledford 提交于
      In preparation for using per device work queues, we need to move the
      start of the neighbor thread task to after ipoib_ib_dev_init and move
      the destruction of the neighbor task to before ipoib_ib_dev_cleanup.
      Otherwise we will end up freeing our workqueue with work possibly
      still on it.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      3bcce487
  9. 08 10月, 2014 1 次提交
    • E
      net: better IFF_XMIT_DST_RELEASE support · 02875878
      Eric Dumazet 提交于
      Testing xmit_more support with netperf and connected UDP sockets,
      I found strange dst refcount false sharing.
      
      Current handling of IFF_XMIT_DST_RELEASE is not optimal.
      
      Dropping dst in validate_xmit_skb() is certainly too late in case
      packet was queued by cpu X but dequeued by cpu Y
      
      The logical point to take care of drop/force is in __dev_queue_xmit()
      before even taking qdisc lock.
      
      As Julian Anastasov pointed out, need for skb_dst() might come from some
      packet schedulers or classifiers.
      
      This patch adds new helper to cleanly express needs of various drivers
      or qdiscs/classifiers.
      
      Drivers that need skb_dst() in their ndo_start_xmit() should call
      following helper in their setup instead of the prior :
      
      	dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
      ->
      	netif_keep_dst(dev);
      
      Instead of using a single bit, we use two bits, one being
      eventually rebuilt in bonding/team drivers.
      
      The other one, is permanent and blocks IFF_XMIT_DST_RELEASE being
      rebuilt in bonding/team. Eventually, we could add something
      smarter later.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: Julian Anastasov <ja@ssi.bg>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      02875878
  10. 23 9月, 2014 1 次提交
  11. 11 8月, 2014 1 次提交
    • A
      IB/ipoib: Avoid multicast join attempts with invalid P_key · dd57c930
      Alex Estrin 提交于
      Currently, the parent interface keeps sending broadcast group join
      requests even if p_key index 0 is invalid, which is possible/common in
      virtualized environments where a VF has been probed to VM but the
      actual P_key configuration has not yet been assigned by the management
      software. This creates unnecessary noise on the fabric and in the
      kernel logs:
      
          ib0: multicast join failed for ff12:401b:8000:0000:0000:0000:ffff:ffff, status -22
      
      The original code run the multicast task regardless of the actual
      P_key value, which can be avoided. The fix is to re-init resources and
      bring interface up only if P_key index 0 is valid either when starting
      up or on PKEY_CHANGE event.
      
      Fixes: c2904141 ("IPoIB: Fix pkey change flow for virtualization environments")
      Reviewed-by: NIra Weiny <ira.weiny@intel.com>
      Signed-off-by: NAlex Estrin <alex.estrin@intel.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      dd57c930
  12. 05 8月, 2014 2 次提交
  13. 16 7月, 2014 1 次提交
    • T
      net: set name_assign_type in alloc_netdev() · c835a677
      Tom Gundersen 提交于
      Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
      all users to pass NET_NAME_UNKNOWN.
      
      Coccinelle patch:
      
      @@
      expression sizeof_priv, name, setup, txqs, rxqs, count;
      @@
      
      (
      -alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
      +alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
      |
      -alloc_netdev_mq(sizeof_priv, name, setup, count)
      +alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
      |
      -alloc_netdev(sizeof_priv, name, setup)
      +alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
      )
      
      v9: move comments here from the wrong commit
      Signed-off-by: NTom Gundersen <teg@jklm.no>
      Reviewed-by: NDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c835a677
  14. 23 1月, 2014 1 次提交
    • M
      IPoIB: Report operstate consistently when brought up without a link · 437708c4
      Michal Schmidt 提交于
      After booting without a working link, "ip link" shows:
      
       5: mlx4_ib1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 2044 qdisc pfifo_fast
       state DOWN qlen 256
          ...
       7: mlx4_ib1.8003@mlx4_ib1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 2044 qdisc
       pfifo_fast state DOWN qlen 256
          ...
      
      Then after connecting and disconnecting the link, which should result
      in exactly the same state as before, it shows:
      
       5: mlx4_ib1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 2044 qdisc pfifo_fast
       state DOWN qlen 256
          ...
       7: mlx4_ib1.8003@mlx4_ib1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 2044 qdisc
       pfifo_fast state LOWERLAYERDOWN qlen 256
          ...
      
      Notice the (now correct) LOWERLAYERDOWN operstate shown for the
      mlx4_ib1.8003 interface. Ideally the identical state would be shown
      right after boot.
      
      The problem is related to the calling of netif_carrier_off() in
      network drivers.  For a long time it was known that doing
      netif_carrier_off() before registering the netdevice would result in
      the interface's operstate being shown as UNKNOWN if the device was
      brought up without a working link. This problem was fixed in commit
      8f4cccbb ('net: Set device operstate at registration time'), but
      still there remains the minor inconsistency demonstrated above.
      
      This patch fixes it by moving ipoib's call to netif_carrier_off() into
      the .ndo_open method, which is where network drivers ordinarily do it.
      With the patch when doing the same test as above, the operstate of
      mlx4_ib1.8003 is shown as LOWERLAYERDOWN right after boot.
      Signed-off-by: NMichal Schmidt <mschmidt@redhat.com>
      Acked-by: NErez Shitrit <erezsh@mellanox.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      437708c4
  15. 09 11月, 2013 2 次提交
    • M
      IPoIB: lower NAPI weight · 7f1a3867
      Michal Schmidt 提交于
      Since commit 82dc3c63 ("net: introduce NAPI_POLL_WEIGHT")
      netif_napi_add() produces an error message if a NAPI poll weight
      greater than 64 is requested.
      
      Use the standard NAPI weight.
      Signed-off-by: NMichal Schmidt <mschmidt@redhat.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      7f1a3867
    • E
      IPoIB: Fix deadlock between dev_change_flags() and __ipoib_dev_flush() · f47944cc
      Erez Shitrit 提交于
      When ipoib interface is going down it takes all of its children with
      it, under mutex.
      
      For each child, dev_change_flags() is called.  That function calls
      ipoib_stop() via the ndo, and causes flush of the workqueue.
      Sometimes in the workqueue an __ipoib_dev_flush work() is waiting and
      when invoked tries to get the same mutex, which leads to a deadlock,
      as seen below.
      
      The solution is to switch to rw-sem instead of mutex.
      
      The deadlock:
      [11028.165303]  [<ffffffff812b0977>] ? vgacon_scroll+0x107/0x2e0
      [11028.171844]  [<ffffffff814eaac5>] schedule_timeout+0x215/0x2e0
      [11028.178465]  [<ffffffff8105a5c3>] ? perf_event_task_sched_out+0x33/0x80
      [11028.185962]  [<ffffffff814ea743>] wait_for_common+0x123/0x180
      [11028.192491]  [<ffffffff8105fa40>] ? default_wake_function+0x0/0x20
      [11028.199504]  [<ffffffff814ea85d>] wait_for_completion+0x1d/0x20
      [11028.206224]  [<ffffffff8108b4f1>] flush_cpu_workqueue+0x61/0x90
      [11028.212948]  [<ffffffff8108b5a0>] ? wq_barrier_func+0x0/0x20
      [11028.219375]  [<ffffffff8108bfc4>] flush_workqueue+0x54/0x80
      [11028.225712]  [<ffffffffa05a0576>] ipoib_mcast_stop_thread+0x66/0x90 [ib_ipoib]
      [11028.233988]  [<ffffffffa059ccea>] ipoib_ib_dev_down+0x6a/0x100 [ib_ipoib]
      [11028.241678]  [<ffffffffa059849a>] ipoib_stop+0x8a/0x140 [ib_ipoib]
      [11028.248692]  [<ffffffff8142adf1>] dev_close+0x71/0xc0
      [11028.254447]  [<ffffffff8142a631>] dev_change_flags+0xa1/0x1d0
      [11028.261062]  [<ffffffffa059851b>] ipoib_stop+0x10b/0x140 [ib_ipoib]
      [11028.268172]  [<ffffffff8142adf1>] dev_close+0x71/0xc0
      [11028.273922]  [<ffffffff8142a631>] dev_change_flags+0xa1/0x1d0
      [11028.280452]  [<ffffffff8148f20b>] devinet_ioctl+0x5eb/0x6a0
      [11028.286786]  [<ffffffff814903b8>] inet_ioctl+0x88/0xa0
      [11028.292633]  [<ffffffff8141591a>] sock_ioctl+0x7a/0x280
      [11028.298576]  [<ffffffff81189012>] vfs_ioctl+0x22/0xa0
      [11028.304326]  [<ffffffff81140540>] ? unmap_region+0x110/0x130
      [11028.310756]  [<ffffffff811891b4>] do_vfs_ioctl+0x84/0x580
      [11028.316897]  [<ffffffff81189731>] sys_ioctl+0x81/0xa0
      
      and
      
      11028.017533]  [<ffffffff8105a5c3>] ? perf_event_task_sched_out+0x33/0x80
      [11028.025030]  [<ffffffff8100bb8e>] ? apic_timer_interrupt+0xe/0x20
      [11028.031945]  [<ffffffff814eb2ae>] __mutex_lock_slowpath+0x13e/0x180
      [11028.039053]  [<ffffffff814eb14b>] mutex_lock+0x2b/0x50
      [11028.044910]  [<ffffffffa059f7e7>] __ipoib_ib_dev_flush+0x37/0x210 [ib_ipoib]
      [11028.052894]  [<ffffffffa059fa00>] ? ipoib_ib_dev_flush_light+0x0/0x20 [ib_ipoib]
      [11028.061363]  [<ffffffffa059fa17>] ipoib_ib_dev_flush_light+0x17/0x20 [ib_ipoib]
      [11028.069738]  [<ffffffff8108b120>] worker_thread+0x170/0x2a0
      [11028.076068]  [<ffffffff81090990>] ? autoremove_wake_function+0x0/0x40
      [11028.083374]  [<ffffffff8108afb0>] ? worker_thread+0x0/0x2a0
      [11028.089709]  [<ffffffff81090626>] kthread+0x96/0xa0
      [11028.095266]  [<ffffffff8100c0ca>] child_rip+0xa/0x20
      [11028.100921]  [<ffffffff81090590>] ? kthread+0x0/0xa0
      [11028.106573]  [<ffffffff8100c0c0>] ? child_rip+0x0/0x20
      [11028.112423] INFO: task ifconfig:23640 blocked for more than 120 seconds.
      Signed-off-by: NErez Shitrit <erezsh@mellanox.com>
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      f47944cc
  16. 14 8月, 2013 1 次提交
    • J
      IPoIB: Fix race in deleting ipoib_neigh entries · 49b8e744
      Jim Foraker 提交于
      In several places, this snippet is used when removing neigh entries:
      
      	list_del(&neigh->list);
      	ipoib_neigh_free(neigh);
      
      The list_del() removes neigh from the associated struct ipoib_path, while
      ipoib_neigh_free() removes neigh from the device's neigh entry lookup
      table.  Both of these operations are protected by the priv->lock
      spinlock.  The table however is also protected via RCU, and so naturally
      the lock is not held when doing reads.
      
      This leads to a race condition, in which a thread may successfully look
      up a neigh entry that has already been deleted from neigh->list.  Since
      the previous deletion will have marked the entry with poison, a second
      list_del() on the object will cause a panic:
      
        #5 [ffff8802338c3c70] general_protection at ffffffff815108c5
           [exception RIP: list_del+16]
           RIP: ffffffff81289020  RSP: ffff8802338c3d20  RFLAGS: 00010082
           RAX: dead000000200200  RBX: ffff880433e60c88  RCX: 0000000000009e6c
           RDX: 0000000000000246  RSI: ffff8806012ca298  RDI: ffff880433e60c88
           RBP: ffff8802338c3d30   R8: ffff8806012ca2e8   R9: 00000000ffffffff
           R10: 0000000000000001  R11: 0000000000000000  R12: ffff8804346b2020
           R13: ffff88032a3e7540  R14: ffff8804346b26e0  R15: 0000000000000246
           ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0000
        #6 [ffff8802338c3d38] ipoib_cm_tx_handler at ffffffffa066fe0a [ib_ipoib]
        #7 [ffff8802338c3d98] cm_process_work at ffffffffa05149a7 [ib_cm]
        #8 [ffff8802338c3de8] cm_work_handler at ffffffffa05161aa [ib_cm]
        #9 [ffff8802338c3e38] worker_thread at ffffffff81090e10
       #10 [ffff8802338c3ee8] kthread at ffffffff81096c66
       #11 [ffff8802338c3f48] kernel_thread at ffffffff8100c0ca
      
      We move the list_del() into ipoib_neigh_free(), so that deletion happens
      only once, after the entry has been successfully removed from the lookup
      table.  This same behavior is already used in ipoib_del_neighs_by_gid()
      and __ipoib_reap_neigh().
      Signed-off-by: NJim Foraker <foraker1@llnl.gov>
      Reviewed-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Reviewed-by: NJack Wang <jinpu.wang@profitbricks.com>
      Reviewed-by: NShlomo Pongratz <shlomop@mellanox.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      49b8e744
  17. 01 8月, 2013 1 次提交
  18. 18 4月, 2013 1 次提交
    • P
      IPoIB: add support for TIPC protocol · dc850b0e
      Patrick McHardy 提交于
      Support TIPC in the IPoIB driver. Since IPoIB now keeps track of its own
      neighbour entries and doesn't require the packet to have a dst_entry
      anymore, the only necessary changes are to:
      
      - not drop multicast TIPC packets because of the unknown ethernet type
      - handle unicast TIPC packets similar to IPv4/IPv6 unicast packets
      
      in ipoib_start_xmit().
      
      An alternative would be to remove all ethertype limitations since they're
      not necessary anymore, all TIPC needs to know about is ARP and RARP since
      it wants to always perform "path find", even if a path is already known.
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dc850b0e
  19. 17 4月, 2013 1 次提交
    • D
      IPoIB: Fix ipoib_hard_header() return value · 83bdd3b9
      Doug Ledford 提交于
      If you have a patched up dhcp server (and dhclient), they will use
      AF_PACKET/SOCK_DGRAM pair to send dhcp packets over IPoIB.
      
      However, when testing an upstream kernel, this has been broken for a
      very long time (I tested 2.6.34, 2.6.38, 3.0, 3.1, 3.8, HEAD).
      
      It turns out that the hard_header routine in ipoib is not following
      the API and is returning 0 even when it pushed data onto the skb.
      This then causes af_packet.c to overwrite the header just pushed with
      data from user space.
      
      Fixing this gets DHCP working on IPoIB.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      83bdd3b9
  20. 26 2月, 2013 1 次提交
    • R
      IPoIB: Free ipoib neigh on path record failure so path rec queries are retried · f72dd566
      Roland Dreier 提交于
      If IPoIB fails to look up a path record (eg if it tries during an SM
      failover when one SM is dead but the new one hasn't taken over yet), the
      driver ends up with a neighbour structure but no address handle (AH).
      There's no mechanism to recover from this: any further packets sent to
      this destination will be silently dumped in ipoib_start_xmit().
      
      Fix this by freeing the neighbour structures when a path rec query
      fails, so that the next packet queued to be sent will trigger a new path
      record query.
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      f72dd566
  21. 20 2月, 2013 3 次提交
  22. 03 10月, 2012 1 次提交
  23. 02 10月, 2012 1 次提交
    • O
      IB/ipoib: Add more rtnl_link_ops callbacks · 862096a8
      Or Gerlitz 提交于
      Add the rtnl_link_ops changelink and fill_info callbacks, through
      which the admin can now set/get the driver mode, etc policies.
      Maintain the proprietary sysfs entries only for legacy childs.
      
      For child devices, set dev->iflink to point to the parent
      device ifindex, such that user space tools can now correctly
      show the uplink relation as done for vlan, macvlan, etc
      devices. Pointed out by Patrick McHardy <kaber@trash.net>
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      862096a8
  24. 01 10月, 2012 1 次提交
    • P
      IPoIB: Fix use-after-free of multicast object · bea1e22d
      Patrick McHardy 提交于
      Fix a crash in ipoib_mcast_join_task().  (with help from Or Gerlitz)
      
      Commit c8c2afe3 ("IPoIB: Use rtnl lock/unlock when changing device
      flags") added a call to rtnl_lock() in ipoib_mcast_join_task(), which
      is run from the ipoib_workqueue, and hence the workqueue can't be
      flushed from the context of ipoib_stop().
      
      In the current code, ipoib_stop() (which doesn't flush the workqueue)
      calls ipoib_mcast_dev_flush(), which goes and deletes all the
      multicast entries.  This takes place without any synchronization with
      a possible running instance of ipoib_mcast_join_task() for the same
      ipoib device, leading to a crash due to NULL pointer dereference.
      
      Fix this by making sure that the workqueue is flushed before
      ipoib_mcast_dev_flush() is called.  To make that possible, we move the
      RTNL-lock wrapped code to ipoib_mcast_join_finish().
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      bea1e22d
  25. 21 9月, 2012 1 次提交
    • O
      IB/ipoib: Add rtnl_link_ops support · 9baa0b03
      Or Gerlitz 提交于
      Add rtnl_link_ops to IPoIB, with the first usage being child device
      create/delete through them. Childs devices are now either legacy ones,
      created/deleted through the ipoib sysfs entries, or RTNL ones.
      
      Adding support for RTNL childs involved refactoring of ipoib_vlan_add
      which is now used by both the sysfs and the link_ops code.
      
      Also, added ndo_uninit entry to support calling unregister_netdevice_queue
      from the rtnl dellink entry. This required removal of calls to
      ipoib_dev_cleanup from the driver in flows which use unregister_netdevice,
      since the networking core will invoke ipoib_uninit which does exactly that.
      Signed-off-by: NErez Shitrit <erezsh@mellanox.co.il>
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9baa0b03
  26. 13 9月, 2012 2 次提交
  27. 15 8月, 2012 1 次提交
  28. 30 7月, 2012 1 次提交
    • S
      IPoIB: Use a private hash table for path lookup in xmit path · b63b70d8
      Shlomo Pongratz 提交于
      Dave Miller <davem@davemloft.net> provided a detailed description of
      why the way IPoIB is using neighbours for its own ipoib_neigh struct
      is buggy:
      
          Any time an ipoib_neigh is changed, a sequence like the following is made:
      
          			spin_lock_irqsave(&priv->lock, flags);
          			/*
          			 * It's safe to call ipoib_put_ah() inside
          			 * priv->lock here, because we know that
          			 * path->ah will always hold one more reference,
          			 * so ipoib_put_ah() will never do more than
          			 * decrement the ref count.
          			 */
          			if (neigh->ah)
          				ipoib_put_ah(neigh->ah);
          			list_del(&neigh->list);
          			ipoib_neigh_free(dev, neigh);
          			spin_unlock_irqrestore(&priv->lock, flags);
          			ipoib_path_lookup(skb, n, dev);
      
          This doesn't work, because you're leaving a stale pointer to the freed up
          ipoib_neigh in the special neigh->ha pointer cookie.  Yes, it even fails
          with all the locking done to protect _changes_ to *ipoib_neigh(n), and
          with the code in ipoib_neigh_free() that NULLs out the pointer.
      
          The core issue is that read side calls to *to_ipoib_neigh(n) are not
          being synchronized at all, they are performed without any locking.  So
          whether we hold the lock or not when making changes to *ipoib_neigh(n)
          you still can have threads see references to freed up ipoib_neigh
          objects.
      
          	cpu 1			cpu 2
          	n = *ipoib_neigh()
          				*ipoib_neigh() = NULL
          				kfree(n)
          	n->foo == OOPS
      
          [..]
      
          Perhaps the ipoib code can have a private path database it manages
          entirely itself, which holds all the necessary information and is
          looked up by some generic key which is available easily at transmit
          time and does not involve generic neighbour entries.
      
      See <http://marc.info/?l=linux-rdma&m=132812793105624&w=2> and
      <http://marc.info/?l=linux-rdma&w=2&r=1&s=allows+references+to+freed+memory&q=b>
      for the full discussion.
      
      This patch aims to solve the race conditions found in the IPoIB driver.
      
      The patch removes the connection between the core networking neighbour
      structure and the ipoib_neigh structure.  In addition to avoiding the
      race described above, it allows us to handle SKBs carrying IP packets
      that don't have any associated neighbour.
      
      We add an ipoib_neigh hash table with N buckets where the key is the
      destination hardware address.  The ipoib_neigh is fetched from the
      hash table and instead of the stashed location in the neighbour
      structure. The hash table uses both RCU and reference counting to
      guarantee that no ipoib_neigh instance is ever deleted while in use.
      
      Fetching the ipoib_neigh structure instance from the hash also makes
      the special code in ipoib_start_xmit that handles remote and local
      bonding failover redundant.
      
      Aged ipoib_neigh instances are deleted by a garbage collection task
      that runs every M seconds and deletes every ipoib_neigh instance that
      was idle for at least 2*M seconds. The deletion is safe since the
      ipoib_neigh instances are protected using RCU and reference count
      mechanisms.
      
      The number of buckets (N) and frequency of running the GC thread (M),
      are taken from the exported arb_tbl.
      Signed-off-by: NShlomo Pongratz <shlomop@mellanox.com>
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      b63b70d8