lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ffdc4cbe5b
linux-kernel-test/drivers/scsi/libfc/fc_frame.c
Chris Leech 18fa11efc2 [SCSI] libfc, fcoe: fixes for highmem skb linearize panics 
There are cases outside of our control that may result in a transmit
skb being linearized in dev_queue_xmit.  There are a couple of bugs
in libfc/fcoe that can result in a panic at that point.  This patch
contains two fixes to prevent those panics.

1) use fast cloning instead of shared skbs with dev_queue_xmit

dev_queue_xmit doen't want shared skbuffs being passed in, and
__skb_linearize will BUG if the skb is shared.  FCoE is holding an extra
reference around the call to dev_queue_xmit, so that when it returns an
error code indicating the frame has been dropped it can maintain it's
own backlog and retransmit.  Switch to using fast skb cloning for this
instead.

2) don't append compound pages as > PAGE_SIZE skb fragments

fc_fcp_send_data will append pages from a scatterlist to the nr_frags[]
if the netdev supports it.  But, it's using > PAGE_SIZE compound pages
as a single skb_frag.  In the highmem linearize case that page will be
passed to kmap_atomic to get a mapping to copy out of, but
kmap_atomic will only allow access to the first PAGE_SIZE part.
The memcpy will keep going and cause a page fault once is crosses the
first boundary.

If fc_fcp_send_data uses linear buffers from the start, it calls
kmap_atomic one PAGE_SIZE at a time.  That same logic needs to be
applied when setting up skb_frags.

Signed-off-by: Chris Leech <christopher.leech@intel.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2009-12-04 12:01:25 -06:00

91 lines
2.4 KiB
C
Raw Blame History

/*
* Copyright(c) 2007 Intel Corporation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
*
* Maintained at www.Open-FCoE.org
*/
/*
* Frame allocation.
*/
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/crc32.h>
#include <scsi/fc_frame.h>
/*
* Check the CRC in a frame.
*/
u32 fc_frame_crc_check(struct fc_frame *fp)
{
u32 crc;
u32 error;
const u8 *bp;
unsigned int len;
WARN_ON(!fc_frame_is_linear(fp));
fr_flags(fp) &= ~FCPHF_CRC_UNCHECKED;
len = (fr_len(fp) + 3) & ~3; /* round up length to include fill */
bp = (const u8 *) fr_hdr(fp);
crc = ~crc32(~0, bp, len);
error = crc ^ fr_crc(fp);
return error;
}
EXPORT_SYMBOL(fc_frame_crc_check);
/*
* Allocate a frame intended to be sent via fcoe_xmit.
* Get an sk_buff for the frame and set the length.
*/
struct fc_frame *_fc_frame_alloc(size_t len)
{
struct fc_frame *fp;
struct sk_buff *skb;
WARN_ON((len % sizeof(u32)) != 0);
len += sizeof(struct fc_frame_header);
skb = alloc_skb_fclone(len + FC_FRAME_HEADROOM + FC_FRAME_TAILROOM +
NET_SKB_PAD, GFP_ATOMIC);
if (!skb)
return NULL;
skb_reserve(skb, NET_SKB_PAD + FC_FRAME_HEADROOM);
fp = (struct fc_frame *) skb;
fc_frame_init(fp);
skb_put(skb, len);
return fp;
}
EXPORT_SYMBOL(_fc_frame_alloc);
struct fc_frame *fc_frame_alloc_fill(struct fc_lport *lp, size_t payload_len)
{
struct fc_frame *fp;
size_t fill;
fill = payload_len % 4;
if (fill != 0)
fill = 4 - fill;
fp = _fc_frame_alloc(payload_len + fill);
if (fp) {
memset((char *) fr_hdr(fp) + payload_len, 0, fill);
/* trim is OK, we just allocated it so there are no fragments */
skb_trim(fp_skb(fp),
payload_len + sizeof(struct fc_frame_header));
}
return fp;
}
EXPORT_SYMBOL(fc_frame_alloc_fill);
Reference in New Issue View Git Blame Copy Permalink