1. 26 7月, 2018 1 次提交
  2. 13 6月, 2018 1 次提交
    • K
      treewide: kzalloc() -> kcalloc() · 6396bb22
      Kees Cook 提交于
      The kzalloc() function has a 2-factor argument form, kcalloc(). This
      patch replaces cases of:
      
              kzalloc(a * b, gfp)
      
      with:
              kcalloc(a * b, gfp)
      
      as well as handling cases of:
      
              kzalloc(a * b * c, gfp)
      
      with:
      
              kzalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kzalloc_array(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kzalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kzalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kzalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kzalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kzalloc
      + kcalloc
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kzalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(sizeof(THING) * C2, ...)
      |
        kzalloc(sizeof(TYPE) * C2, ...)
      |
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(C1 * C2, ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      Signed-off-by: NKees Cook <keescook@chromium.org>
      6396bb22
  3. 28 4月, 2018 1 次提交
  4. 30 3月, 2018 1 次提交
  5. 17 3月, 2018 1 次提交
  6. 14 12月, 2017 2 次提交
  7. 14 11月, 2017 1 次提交
    • B
      iw_cxgb4: Fix possible circular dependency locking warning · 1c8f1da5
      Bharat Potnuri 提交于
      Locking sequence of iw_cxgb4 and RoCE drivers in ib_register_device() is
      slightly different and this leads to possible circular dependency locking
      warning when both the devices are brought up.
      
      Here is the locking sequence upto ib_register_device():
      iw_cxgb4: rtnl_mutex(net stack) --> uld_mutex --> device_mutex
      RoCE drivers: device_mutex --> rtnl_mutex
      
      Here is the possibility of cross locking:
      
      	CPU #0 (iw_cxgb4) 		     CPU #1 (RoCE drivers)
      
      -> on interface up cxgb4_up()
      executed with rtnl_mutex held
      -> hold uld_mutex and try
      registering ib device
      					-> In ib_register_device() hold
      					   device_mutex
      -> hold device mutex in
      ib_register_device
      					-> try acquiring rtnl_mutex in
      					   ib_enum_roce_netdev()
      
      Current patch schedules the ib_register_device() functionality of
      iw_cxgb4 to a workqueue to prevent the possible cross-locking.
      Also rename the labels in c4iw_reister_device().
      Signed-off-by: NPotnuri Bharat Teja <bharat@chelsio.com>
      Reviewed-by: NSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      1c8f1da5
  8. 15 10月, 2017 1 次提交
  9. 29 9月, 2017 1 次提交
    • S
      iw_cxgb4: add referencing to wait objects · 2015f26c
      Steve Wise 提交于
      For messages sent from the host to fw that solicit a reply from fw,
      the c4iw_wr_wait struct pointer is passed in the host->fw message, and
      included in the fw->host fw6_msg reply.  This allows the sender to wait
      until the reply is received, and the code processing the ingress reply
      to wake up the sender.
      
      If c4iw_wait_for_reply() times out, however, we need to keep the
      c4iw_wr_wait object around in case the reply eventually does arrive.
      Otherwise we have touch-after-free bugs in the wake_up paths.
      
      This was hit due to a bad kernel driver that blocked ingress processing
      of cxgb4 for a long time, causing iw_cxgb4 timeouts, but eventually
      resuming ingress processing and thus hitting the touch-after-free bug.
      
      So I want to fix iw_cxgb4 such that we'll at least keep the wait object
      around until the reply comes.  If it never comes we leak a small amount of
      memory, but if it does come late, we won't potentially crash the system.
      
      So add a kref struct in the c4iw_wr_wait struct, and take a reference
      before sending a message to FW that will generate a FW6 reply.  And remove
      the reference (and potentially free the wait object) when the reply
      is processed.
      
      The ep code also uses the wr_wait for non FW6 CPL messages and doesn't
      embed the c4iw_wr_wait object in the message sent to firmware.  So for
      those cases we add c4iw_wake_up_noref().
      
      The mr/mw, cq, and qp object create/destroy paths do need this reference
      logic.  For these paths, c4iw_ref_send_wait() is introduced to take the
      wr_wait reference, send the msg to fw, and then wait for the reply.
      
      So going forward, iw_cxgb4 either uses c4iw_ofld_send(),
      c4iw_wait_for_reply() and c4iw_wake_up_noref() like is done in the some
      of the endpoint logic, or c4iw_ref_send_wait() and c4iw_wake_up_deref()
      (formerly c4iw_wake_up()) when sending messages with the c4iw_wr_wait
      object pointer embedded in the message and resulting FW6 reply.
      Signed-off-by: NSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      2015f26c
  10. 27 9月, 2017 1 次提交
  11. 24 7月, 2017 1 次提交
  12. 15 6月, 2017 1 次提交
  13. 02 6月, 2017 1 次提交
  14. 21 4月, 2017 2 次提交
  15. 25 1月, 2017 1 次提交
  16. 11 1月, 2017 1 次提交
    • S
      iw_cxgb4: free EQ queue memory on last deref · c12a67fe
      Steve Wise 提交于
      Commit ad61a4c7 ("iw_cxgb4: don't block in destroy_qp awaiting
      the last deref") introduced a bug where the RDMA QP EQ queue memory
      (and QIDs) are possibly freed before the underlying connection has been
      fully shutdown.  The result being a possible DMA read issued by HW after
      the queue memory has been unmapped and freed.  This results in possible
      WR corruption in the worst case, system bus errors if an IOMMU is in use,
      and SGE "bad WR" errors reported in the very least.  The fix is to defer
      unmap/free of queue memory and QID resources until the QP struct has
      been fully dereferenced.  To do this, the c4iw_ucontext must also be kept
      around until the last QP that references it is fully freed.  In addition,
      since the last QP deref can happen in an IRQ disabled context, we need
      a new workqueue thread to do the final unmap/free of the EQ queue memory.
      
      Fixes: ad61a4c7 ("iw_cxgb4: don't block in destroy_qp awaiting the last deref")
      Cc: stable@vger.kernel.org
      Signed-off-by: NSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      c12a67fe
  17. 08 12月, 2016 1 次提交
  18. 04 12月, 2016 1 次提交
  19. 19 11月, 2016 1 次提交
  20. 19 9月, 2016 1 次提交
  21. 04 9月, 2016 1 次提交
  22. 23 6月, 2016 1 次提交
  23. 17 3月, 2016 1 次提交
  24. 01 3月, 2016 1 次提交
  25. 20 1月, 2016 2 次提交
  26. 24 12月, 2015 1 次提交
  27. 22 10月, 2015 1 次提交
  28. 12 6月, 2015 1 次提交
  29. 13 5月, 2015 1 次提交
  30. 06 5月, 2015 1 次提交
  31. 05 5月, 2015 3 次提交
  32. 18 2月, 2015 1 次提交
  33. 26 1月, 2015 1 次提交
  34. 16 1月, 2015 2 次提交