* [PATCH] IB/rxe: avoid putting a large struct rxe_qp on stack
@ 2016-09-19 11:57 ` Arnd Bergmann
0 siblings, 0 replies; 6+ messages in thread
From: Arnd Bergmann @ 2016-09-19 11:57 UTC (permalink / raw)
To: Doug Ledford, Sean Hefty, Hal Rosenstock
Cc: Arnd Bergmann, Moni Shoua, Yonatan Cohen, Leon Romanovsky,
linux-rdma-u79uwXL29TY76Z2rM5mHXA,
linux-kernel-u79uwXL29TY76Z2rM5mHXA
A race condition fix added an rxe_qp structure to the stack in order
to be able to perform rollback in rxe_requester(), but the structure
is large enough to trigger the warning for possible stack overflow:
drivers/infiniband/sw/rxe/rxe_req.c: In function 'rxe_requester':
drivers/infiniband/sw/rxe/rxe_req.c:757:1: error: the frame size of 2064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
This changes the rollback function to only save the psn inside
the qp, which is the only field we access in the rollback_qp
anyway.
Fixes: 3050b9985024 ("IB/rxe: Fix race condition between requester and completer")
Signed-off-by: Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>
---
drivers/infiniband/sw/rxe/rxe_req.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_req.c b/drivers/infiniband/sw/rxe/rxe_req.c
index 13a848a518e8..cf1ffac25585 100644
--- a/drivers/infiniband/sw/rxe/rxe_req.c
+++ b/drivers/infiniband/sw/rxe/rxe_req.c
@@ -548,23 +548,23 @@ static void update_wqe_psn(struct rxe_qp *qp,
static void save_state(struct rxe_send_wqe *wqe,
struct rxe_qp *qp,
struct rxe_send_wqe *rollback_wqe,
- struct rxe_qp *rollback_qp)
+ u32 *rollback_psn)
{
rollback_wqe->state = wqe->state;
rollback_wqe->first_psn = wqe->first_psn;
rollback_wqe->last_psn = wqe->last_psn;
- rollback_qp->req.psn = qp->req.psn;
+ *rollback_psn = qp->req.psn;
}
static void rollback_state(struct rxe_send_wqe *wqe,
struct rxe_qp *qp,
struct rxe_send_wqe *rollback_wqe,
- struct rxe_qp *rollback_qp)
+ u32 rollback_psn)
{
wqe->state = rollback_wqe->state;
wqe->first_psn = rollback_wqe->first_psn;
wqe->last_psn = rollback_wqe->last_psn;
- qp->req.psn = rollback_qp->req.psn;
+ qp->req.psn = rollback_psn;
}
static void update_state(struct rxe_qp *qp, struct rxe_send_wqe *wqe,
@@ -593,8 +593,8 @@ int rxe_requester(void *arg)
int mtu;
int opcode;
int ret;
- struct rxe_qp rollback_qp;
struct rxe_send_wqe rollback_wqe;
+ u32 rollback_psn;
next_wqe:
if (unlikely(!qp->valid || qp->req.state == QP_STATE_ERROR))
@@ -717,7 +717,7 @@ int rxe_requester(void *arg)
* rxe_xmit_packet().
* Otherwise, completer might initiate an unjustified retry flow.
*/
- save_state(wqe, qp, &rollback_wqe, &rollback_qp);
+ save_state(wqe, qp, &rollback_wqe, &rollback_psn);
update_wqe_state(qp, wqe, &pkt);
update_wqe_psn(qp, wqe, &pkt, payload);
ret = rxe_xmit_packet(to_rdev(qp->ibqp.device), qp, &pkt, skb);
@@ -725,7 +725,7 @@ int rxe_requester(void *arg)
qp->need_req_skb = 1;
kfree_skb(skb);
- rollback_state(wqe, qp, &rollback_wqe, &rollback_qp);
+ rollback_state(wqe, qp, &rollback_wqe, rollback_psn);
if (ret == -EAGAIN) {
rxe_run_task(&qp->req.task, 1);
--
2.9.0
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] IB/rxe: avoid putting a large struct rxe_qp on stack
@ 2016-09-19 11:57 ` Arnd Bergmann
0 siblings, 0 replies; 6+ messages in thread
From: Arnd Bergmann @ 2016-09-19 11:57 UTC (permalink / raw)
To: Doug Ledford, Sean Hefty, Hal Rosenstock
Cc: Arnd Bergmann, Moni Shoua, Yonatan Cohen, Leon Romanovsky,
linux-rdma, linux-kernel
A race condition fix added an rxe_qp structure to the stack in order
to be able to perform rollback in rxe_requester(), but the structure
is large enough to trigger the warning for possible stack overflow:
drivers/infiniband/sw/rxe/rxe_req.c: In function 'rxe_requester':
drivers/infiniband/sw/rxe/rxe_req.c:757:1: error: the frame size of 2064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
This changes the rollback function to only save the psn inside
the qp, which is the only field we access in the rollback_qp
anyway.
Fixes: 3050b9985024 ("IB/rxe: Fix race condition between requester and completer")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
drivers/infiniband/sw/rxe/rxe_req.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_req.c b/drivers/infiniband/sw/rxe/rxe_req.c
index 13a848a518e8..cf1ffac25585 100644
--- a/drivers/infiniband/sw/rxe/rxe_req.c
+++ b/drivers/infiniband/sw/rxe/rxe_req.c
@@ -548,23 +548,23 @@ static void update_wqe_psn(struct rxe_qp *qp,
static void save_state(struct rxe_send_wqe *wqe,
struct rxe_qp *qp,
struct rxe_send_wqe *rollback_wqe,
- struct rxe_qp *rollback_qp)
+ u32 *rollback_psn)
{
rollback_wqe->state = wqe->state;
rollback_wqe->first_psn = wqe->first_psn;
rollback_wqe->last_psn = wqe->last_psn;
- rollback_qp->req.psn = qp->req.psn;
+ *rollback_psn = qp->req.psn;
}
static void rollback_state(struct rxe_send_wqe *wqe,
struct rxe_qp *qp,
struct rxe_send_wqe *rollback_wqe,
- struct rxe_qp *rollback_qp)
+ u32 rollback_psn)
{
wqe->state = rollback_wqe->state;
wqe->first_psn = rollback_wqe->first_psn;
wqe->last_psn = rollback_wqe->last_psn;
- qp->req.psn = rollback_qp->req.psn;
+ qp->req.psn = rollback_psn;
}
static void update_state(struct rxe_qp *qp, struct rxe_send_wqe *wqe,
@@ -593,8 +593,8 @@ int rxe_requester(void *arg)
int mtu;
int opcode;
int ret;
- struct rxe_qp rollback_qp;
struct rxe_send_wqe rollback_wqe;
+ u32 rollback_psn;
next_wqe:
if (unlikely(!qp->valid || qp->req.state == QP_STATE_ERROR))
@@ -717,7 +717,7 @@ int rxe_requester(void *arg)
* rxe_xmit_packet().
* Otherwise, completer might initiate an unjustified retry flow.
*/
- save_state(wqe, qp, &rollback_wqe, &rollback_qp);
+ save_state(wqe, qp, &rollback_wqe, &rollback_psn);
update_wqe_state(qp, wqe, &pkt);
update_wqe_psn(qp, wqe, &pkt, payload);
ret = rxe_xmit_packet(to_rdev(qp->ibqp.device), qp, &pkt, skb);
@@ -725,7 +725,7 @@ int rxe_requester(void *arg)
qp->need_req_skb = 1;
kfree_skb(skb);
- rollback_state(wqe, qp, &rollback_wqe, &rollback_qp);
+ rollback_state(wqe, qp, &rollback_wqe, rollback_psn);
if (ret == -EAGAIN) {
rxe_run_task(&qp->req.task, 1);
--
2.9.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] IB/rxe: avoid putting a large struct rxe_qp on stack
2016-09-19 11:57 ` Arnd Bergmann
@ 2016-09-19 13:28 ` Leon Romanovsky
-1 siblings, 0 replies; 6+ messages in thread
From: Leon Romanovsky @ 2016-09-19 13:28 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Doug Ledford, Sean Hefty, Hal Rosenstock, Moni Shoua,
Yonatan Cohen, linux-rdma-u79uwXL29TY76Z2rM5mHXA,
linux-kernel-u79uwXL29TY76Z2rM5mHXA
[-- Attachment #1: Type: text/plain, Size: 896 bytes --]
On Mon, Sep 19, 2016 at 01:57:26PM +0200, Arnd Bergmann wrote:
> A race condition fix added an rxe_qp structure to the stack in order
> to be able to perform rollback in rxe_requester(), but the structure
> is large enough to trigger the warning for possible stack overflow:
>
> drivers/infiniband/sw/rxe/rxe_req.c: In function 'rxe_requester':
> drivers/infiniband/sw/rxe/rxe_req.c:757:1: error: the frame size of 2064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
>
> This changes the rollback function to only save the psn inside
> the qp, which is the only field we access in the rollback_qp
> anyway.
>
> Fixes: 3050b9985024 ("IB/rxe: Fix race condition between requester and completer")
> Signed-off-by: Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>
Thanks Arnd,
It is much cleaner approach.
Reviewed-by: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] IB/rxe: avoid putting a large struct rxe_qp on stack
@ 2016-09-19 13:28 ` Leon Romanovsky
0 siblings, 0 replies; 6+ messages in thread
From: Leon Romanovsky @ 2016-09-19 13:28 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Doug Ledford, Sean Hefty, Hal Rosenstock, Moni Shoua,
Yonatan Cohen, linux-rdma, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 849 bytes --]
On Mon, Sep 19, 2016 at 01:57:26PM +0200, Arnd Bergmann wrote:
> A race condition fix added an rxe_qp structure to the stack in order
> to be able to perform rollback in rxe_requester(), but the structure
> is large enough to trigger the warning for possible stack overflow:
>
> drivers/infiniband/sw/rxe/rxe_req.c: In function 'rxe_requester':
> drivers/infiniband/sw/rxe/rxe_req.c:757:1: error: the frame size of 2064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
>
> This changes the rollback function to only save the psn inside
> the qp, which is the only field we access in the rollback_qp
> anyway.
>
> Fixes: 3050b9985024 ("IB/rxe: Fix race condition between requester and completer")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Thanks Arnd,
It is much cleaner approach.
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] IB/rxe: avoid putting a large struct rxe_qp on stack
2016-09-19 13:28 ` Leon Romanovsky
@ 2016-12-12 21:30 ` Doug Ledford
-1 siblings, 0 replies; 6+ messages in thread
From: Doug Ledford @ 2016-12-12 21:30 UTC (permalink / raw)
To: Leon Romanovsky, Arnd Bergmann
Cc: Sean Hefty, Hal Rosenstock, Moni Shoua, Yonatan Cohen,
linux-rdma-u79uwXL29TY76Z2rM5mHXA,
linux-kernel-u79uwXL29TY76Z2rM5mHXA
[-- Attachment #1.1: Type: text/plain, Size: 1107 bytes --]
On 9/19/2016 9:28 AM, Leon Romanovsky wrote:
> On Mon, Sep 19, 2016 at 01:57:26PM +0200, Arnd Bergmann wrote:
>> A race condition fix added an rxe_qp structure to the stack in order
>> to be able to perform rollback in rxe_requester(), but the structure
>> is large enough to trigger the warning for possible stack overflow:
>>
>> drivers/infiniband/sw/rxe/rxe_req.c: In function 'rxe_requester':
>> drivers/infiniband/sw/rxe/rxe_req.c:757:1: error: the frame size of 2064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
>>
>> This changes the rollback function to only save the psn inside
>> the qp, which is the only field we access in the rollback_qp
>> anyway.
>>
>> Fixes: 3050b9985024 ("IB/rxe: Fix race condition between requester and completer")
>> Signed-off-by: Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>
>
> Thanks Arnd,
> It is much cleaner approach.
> Reviewed-by: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>
Thanks, applied.
--
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
GPG Key ID: 0E572FDD
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 884 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] IB/rxe: avoid putting a large struct rxe_qp on stack
@ 2016-12-12 21:30 ` Doug Ledford
0 siblings, 0 replies; 6+ messages in thread
From: Doug Ledford @ 2016-12-12 21:30 UTC (permalink / raw)
To: Leon Romanovsky, Arnd Bergmann
Cc: Sean Hefty, Hal Rosenstock, Moni Shoua, Yonatan Cohen,
linux-rdma, linux-kernel
[-- Attachment #1.1: Type: text/plain, Size: 1031 bytes --]
On 9/19/2016 9:28 AM, Leon Romanovsky wrote:
> On Mon, Sep 19, 2016 at 01:57:26PM +0200, Arnd Bergmann wrote:
>> A race condition fix added an rxe_qp structure to the stack in order
>> to be able to perform rollback in rxe_requester(), but the structure
>> is large enough to trigger the warning for possible stack overflow:
>>
>> drivers/infiniband/sw/rxe/rxe_req.c: In function 'rxe_requester':
>> drivers/infiniband/sw/rxe/rxe_req.c:757:1: error: the frame size of 2064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
>>
>> This changes the rollback function to only save the psn inside
>> the qp, which is the only field we access in the rollback_qp
>> anyway.
>>
>> Fixes: 3050b9985024 ("IB/rxe: Fix race condition between requester and completer")
>> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
>
> Thanks Arnd,
> It is much cleaner approach.
> Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
>
Thanks, applied.
--
Doug Ledford <dledford@redhat.com>
GPG Key ID: 0E572FDD
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 884 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-12-12 21:30 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-19 11:57 [PATCH] IB/rxe: avoid putting a large struct rxe_qp on stack Arnd Bergmann
2016-09-19 11:57 ` Arnd Bergmann
[not found] ` <20160919115826.553858-1-arnd-r2nGTMty4D4@public.gmane.org>
2016-09-19 13:28 ` Leon Romanovsky
2016-09-19 13:28 ` Leon Romanovsky
[not found] ` <20160919132811.GI3273-2ukJVAZIZ/Y@public.gmane.org>
2016-12-12 21:30 ` Doug Ledford
2016-12-12 21:30 ` Doug Ledford
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.