LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* Re: [PATCH 1/2] IB/iSER: fix list iteration bug
@ 2008-03-03 10:36 Arne Redlich
  2008-03-04 12:07 ` Erez Zilber
  0 siblings, 1 reply; 5+ messages in thread
From: Arne Redlich @ 2008-03-03 10:36 UTC (permalink / raw)
  To: Roland Dreier; +Cc: ofa-general, lkml, erezz

The iteration through the list of "iser_device"s during device
lookup/creation is broken - it might result in an infinite loop if more
than 1 HCA is used with iSER. Use list_for_each_entry() instead of the
custom, flawed list iteration code.

Signed-off-by: Arne Redlich <arne.redlich@xiranet.com>
---
 drivers/infiniband/ulp/iser/iser_verbs.c |   36 ++++++++++++-----------------
 1 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c
index 714b8db..1c0f968 100644
--- a/drivers/infiniband/ulp/iser/iser_verbs.c
+++ b/drivers/infiniband/ulp/iser/iser_verbs.c
@@ -237,33 +237,27 @@ static int iser_free_ib_conn_res(struct iser_conn *ib_conn)
 static
 struct iser_device *iser_device_find_by_ib_device(struct rdma_cm_id *cma_id)
 {
-	struct list_head    *p_list;
-	struct iser_device  *device = NULL;
+	struct iser_device *device;
 
 	mutex_lock(&ig.device_list_mutex);
 
-	p_list = ig.device_list.next;
-	while (p_list != &ig.device_list) {
-		device = list_entry(p_list, struct iser_device, ig_list);
-		/* find if there's a match using the node GUID */
+	list_for_each_entry(device, &ig.device_list, ig_list)
 		if (device->ib_device->node_guid == cma_id->device->node_guid)
-			break;
-	}
-
-	if (device == NULL) {
-		device = kzalloc(sizeof *device, GFP_KERNEL);
-		if (device == NULL)
 			goto out;
-		/* assign this device to the device */
-		device->ib_device = cma_id->device;
-		/* init the device and link it into ig device list */
-		if (iser_create_device_ib_res(device)) {
-			kfree(device);
-			device = NULL;
-			goto out;
-		}
-		list_add(&device->ig_list, &ig.device_list);
+
+	device = kzalloc(sizeof *device, GFP_KERNEL);
+	if (device == NULL)
+		goto out;
+
+	device->ib_device = cma_id->device;
+	/* init the device and link it into ig device list */
+	if (iser_create_device_ib_res(device)) {
+		kfree(device);
+		device = NULL;
+		goto out;
 	}
+	list_add(&device->ig_list, &ig.device_list);
+
 out:
 	BUG_ON(device == NULL);
 	device->refcount++;
-- 
1.5.4.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] IB/iSER: fix list iteration bug
  2008-03-03 10:36 [PATCH 1/2] IB/iSER: fix list iteration bug Arne Redlich
@ 2008-03-04 12:07 ` Erez Zilber
  2008-03-04 15:41   ` Arne Redlich
  2008-03-11  4:16   ` Roland Dreier
  0 siblings, 2 replies; 5+ messages in thread
From: Erez Zilber @ 2008-03-04 12:07 UTC (permalink / raw)
  To: Arne Redlich; +Cc: Roland Dreier, ofa-general, lkml

Arne Redlich wrote:
> The iteration through the list of "iser_device"s during device
> lookup/creation is broken - it might result in an infinite loop if more
> than 1 HCA is used with iSER. Use list_for_each_entry() instead of the
> custom, flawed list iteration code.
> 
> Signed-off-by: Arne Redlich <arne.redlich@xiranet.com>
> ---
>  drivers/infiniband/ulp/iser/iser_verbs.c |   36 ++++++++++++-----------------
>  1 files changed, 15 insertions(+), 21 deletions(-)
> 
> diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c
> index 714b8db..1c0f968 100644
> --- a/drivers/infiniband/ulp/iser/iser_verbs.c
> +++ b/drivers/infiniband/ulp/iser/iser_verbs.c
> @@ -237,33 +237,27 @@ static int iser_free_ib_conn_res(struct iser_conn *ib_conn)
>  static
>  struct iser_device *iser_device_find_by_ib_device(struct rdma_cm_id *cma_id)
>  {
> -	struct list_head    *p_list;
> -	struct iser_device  *device = NULL;
> +	struct iser_device *device;
>  
>  	mutex_lock(&ig.device_list_mutex);
>  
> -	p_list = ig.device_list.next;
> -	while (p_list != &ig.device_list) {
> -		device = list_entry(p_list, struct iser_device, ig_list);
> -		/* find if there's a match using the node GUID */
> +	list_for_each_entry(device, &ig.device_list, ig_list)

I've just added the original comments that are missing in your patch.

>  		if (device->ib_device->node_guid == cma_id->device->node_guid)
> -			break;
> -	}
> -
> -	if (device == NULL) {
> -		device = kzalloc(sizeof *device, GFP_KERNEL);
> -		if (device == NULL)
>  			goto out;
> -		/* assign this device to the device */
> -		device->ib_device = cma_id->device;
> -		/* init the device and link it into ig device list */
> -		if (iser_create_device_ib_res(device)) {
> -			kfree(device);
> -			device = NULL;
> -			goto out;
> -		}
> -		list_add(&device->ig_list, &ig.device_list);
> +
> +	device = kzalloc(sizeof *device, GFP_KERNEL);
> +	if (device == NULL)
> +		goto out;
> +
> +	device->ib_device = cma_id->device;
> +	/* init the device and link it into ig device list */
> +	if (iser_create_device_ib_res(device)) {
> +		kfree(device);
> +		device = NULL;
> +		goto out;
>  	}
> +	list_add(&device->ig_list, &ig.device_list);
> +
>  out:
>  	BUG_ON(device == NULL);
>  	device->refcount++;

The iteration through the list of "iser_device"s during device
lookup/creation is broken - it might result in an infinite loop if more
than 1 HCA is used with iSER. Use list_for_each_entry() instead of the
custom, flawed list iteration code.

Signed-off-by: Arne Redlich <arne.redlich@xiranet.com>
Signed-off-by: Erez Zilber <erezz@voltaire.com>
---
 drivers/infiniband/ulp/iser/iser_verbs.c |   36 +++++++++++++----------------
 1 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c
index 714b8db..768ba69 100644
--- a/drivers/infiniband/ulp/iser/iser_verbs.c
+++ b/drivers/infiniband/ulp/iser/iser_verbs.c
@@ -237,33 +237,29 @@ static int iser_free_ib_conn_res(struct iser_conn *ib_conn)
 static
 struct iser_device *iser_device_find_by_ib_device(struct rdma_cm_id *cma_id)
 {
-	struct list_head    *p_list;
-	struct iser_device  *device = NULL;
+	struct iser_device *device;
 
 	mutex_lock(&ig.device_list_mutex);
 
-	p_list = ig.device_list.next;
-	while (p_list != &ig.device_list) {
-		device = list_entry(p_list, struct iser_device, ig_list);
+	list_for_each_entry(device, &ig.device_list, ig_list)
 		/* find if there's a match using the node GUID */
 		if (device->ib_device->node_guid == cma_id->device->node_guid)
-			break;
-	}
-
-	if (device == NULL) {
-		device = kzalloc(sizeof *device, GFP_KERNEL);
-		if (device == NULL)
 			goto out;
-		/* assign this device to the device */
-		device->ib_device = cma_id->device;
-		/* init the device and link it into ig device list */
-		if (iser_create_device_ib_res(device)) {
-			kfree(device);
-			device = NULL;
-			goto out;
-		}
-		list_add(&device->ig_list, &ig.device_list);
+
+	device = kzalloc(sizeof *device, GFP_KERNEL);
+	if (device == NULL)
+		goto out;
+
+	/* assign this device to the device */
+	device->ib_device = cma_id->device;
+	/* init the device and link it into ig device list */
+	if (iser_create_device_ib_res(device)) {
+		kfree(device);
+		device = NULL;
+		goto out;
 	}
+	list_add(&device->ig_list, &ig.device_list);
+
 out:
 	BUG_ON(device == NULL);
 	device->refcount++;
-- 
1.5.3.6


I agree with your patch. It seems that we forgot to add something like p_list=p_list->next. Anyway, using list_for_each_entry is better than what we had.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] IB/iSER: fix list iteration bug
  2008-03-04 12:07 ` Erez Zilber
@ 2008-03-04 15:41   ` Arne Redlich
  2008-03-05  6:26     ` Erez Zilber
  2008-03-11  4:16   ` Roland Dreier
  1 sibling, 1 reply; 5+ messages in thread
From: Arne Redlich @ 2008-03-04 15:41 UTC (permalink / raw)
  To: Erez Zilber; +Cc: Roland Dreier, ofa-general, lkml

Erez Zilber <erezz@voltaire.com> writes:

> Arne Redlich wrote:
>> The iteration through the list of "iser_device"s during device
>> lookup/creation is broken - it might result in an infinite loop if more
>> than 1 HCA is used with iSER. Use list_for_each_entry() instead of the
>> custom, flawed list iteration code.
>> 
>> Signed-off-by: Arne Redlich <arne.redlich@xiranet.com>
>> ---
>>  drivers/infiniband/ulp/iser/iser_verbs.c |   36 ++++++++++++-----------------
>>  1 files changed, 15 insertions(+), 21 deletions(-)
>> 
>> diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c
>> index 714b8db..1c0f968 100644
>> --- a/drivers/infiniband/ulp/iser/iser_verbs.c
>> +++ b/drivers/infiniband/ulp/iser/iser_verbs.c
>> @@ -237,33 +237,27 @@ static int iser_free_ib_conn_res(struct iser_conn *ib_conn)
>>  static
>>  struct iser_device *iser_device_find_by_ib_device(struct rdma_cm_id *cma_id)
>>  {
>> -	struct list_head    *p_list;
>> -	struct iser_device  *device = NULL;
>> +	struct iser_device *device;
>>  
>>  	mutex_lock(&ig.device_list_mutex);
>>  
>> -	p_list = ig.device_list.next;
>> -	while (p_list != &ig.device_list) {
>> -		device = list_entry(p_list, struct iser_device, ig_list);
>> -		/* find if there's a match using the node GUID */
>> +	list_for_each_entry(device, &ig.device_list, ig_list)
>
> I've just added the original comments that are missing in your patch.

Ah well, I probably should've mentioned in the patch description that I
intentionally removed those comments as I think they're really
redundant, stating the obvious. But of course I won't insist. :)

Thanks,
Arne

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] IB/iSER: fix list iteration bug
  2008-03-04 15:41   ` Arne Redlich
@ 2008-03-05  6:26     ` Erez Zilber
  0 siblings, 0 replies; 5+ messages in thread
From: Erez Zilber @ 2008-03-05  6:26 UTC (permalink / raw)
  To: Arne Redlich, Roland Dreier; +Cc: ofa-general, lkml

Arne Redlich wrote:

> Erez Zilber <erezz@voltaire.com> writes:
>
>   
>> Arne Redlich wrote:
>>     
>>> The iteration through the list of "iser_device"s during device
>>> lookup/creation is broken - it might result in an infinite loop if more
>>> than 1 HCA is used with iSER. Use list_for_each_entry() instead of the
>>> custom, flawed list iteration code.
>>>
>>> Signed-off-by: Arne Redlich <arne.redlich@xiranet.com>
>>> ---
>>>  drivers/infiniband/ulp/iser/iser_verbs.c |   36 ++++++++++++-----------------
>>>  1 files changed, 15 insertions(+), 21 deletions(-)
>>>
>>> diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c
>>> index 714b8db..1c0f968 100644
>>> --- a/drivers/infiniband/ulp/iser/iser_verbs.c
>>> +++ b/drivers/infiniband/ulp/iser/iser_verbs.c
>>> @@ -237,33 +237,27 @@ static int iser_free_ib_conn_res(struct iser_conn *ib_conn)
>>>  static
>>>  struct iser_device *iser_device_find_by_ib_device(struct rdma_cm_id *cma_id)
>>>  {
>>> -	struct list_head    *p_list;
>>> -	struct iser_device  *device = NULL;
>>> +	struct iser_device *device;
>>>  
>>>  	mutex_lock(&ig.device_list_mutex);
>>>  
>>> -	p_list = ig.device_list.next;
>>> -	while (p_list != &ig.device_list) {
>>> -		device = list_entry(p_list, struct iser_device, ig_list);
>>> -		/* find if there's a match using the node GUID */
>>> +	list_for_each_entry(device, &ig.device_list, ig_list)
>>>       
>> I've just added the original comments that are missing in your patch.
>>     
>
> Ah well, I probably should've mentioned in the patch description that I
> intentionally removed those comments as I think they're really
> redundant, stating the obvious. But of course I won't insist. :)
>
> Thanks,
> Arne
>   
OK and thanks for catching the bugs.

Roland - will you be able to merge these 2 patches for 2.6.25? Both are
bug fixes.

Thanks,
Erez


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] IB/iSER: fix list iteration bug
  2008-03-04 12:07 ` Erez Zilber
  2008-03-04 15:41   ` Arne Redlich
@ 2008-03-11  4:16   ` Roland Dreier
  1 sibling, 0 replies; 5+ messages in thread
From: Roland Dreier @ 2008-03-11  4:16 UTC (permalink / raw)
  To: Erez Zilber; +Cc: Arne Redlich, Roland Dreier, ofa-general, lkml

thanks, applied.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2008-03-11  4:16 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-03 10:36 [PATCH 1/2] IB/iSER: fix list iteration bug Arne Redlich
2008-03-04 12:07 ` Erez Zilber
2008-03-04 15:41   ` Arne Redlich
2008-03-05  6:26     ` Erez Zilber
2008-03-11  4:16   ` Roland Dreier

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).