Re: [PATCH] IPMI driver for Linux, version 6

[Corey Minyard <cminyard@mvista.com>]

Arjan van de Ven wrote:

>On Mon, 2002-10-14 at 03:06, Corey Minyard wrote:
>  
>
>>Yet one more update, mostly fixes for stylistic things that Randy Dunlap 
>>pointed out, and a bug fix that lets the KCS state machine get out of 
>>the "hosed" state on the next message (buggy hardware can sometimes be 
>>useful :-).  As usual, on my home page at  http://home.attbi.com/~minyard.
>>
>>-Corey
>>    
>>
>+static int ipmi_open(struct inode *inode, struct file *file)
>..
>+	priv = kmalloc(sizeof(*priv), GFP_KERNEL);
>..
>+	MOD_INC_USE_COUNT;
>
>hmm. Ok so you either need the MOD_INC_USE_COUNT or you don't, but if
>you do it should go before the sleeping kmalloc ;)
>
Ok, it will be fixed in the next release.

>
>+static int ipmi_ioctl(struct inode  *inode,
>...
>+		if (copy_from_user(&req, (void *) data, sizeof(req))) {
>+			rv = -EFAULT;
>+			break;
>+		}
>+
>+		if (req.addr_len > sizeof(struct ipmi_addr))
>+		{
>+			rv = -EINVAL;
>+			break;
>+		}
>+
>+		if (copy_from_user(&addr, req.addr, req.addr_len)) {
>
>since addr_len is a signed value, a user that passes -1 will get a
>LOOOONG copy_from_user scribbling all over kernel memory...same for
>data_len a few lines onwards
>
Ok, I changed the numbers to unsigned ones, like they should have been.

>
>+static void sender(void                *send_info,
>..
>+	if (kcs_info->run_to_completion) {
>+		/* If we are running to completion, then throw it in
>+		   the list and run transactions until everything is
>+		   clear.  Priority doesn't matter here. */
>+		list_add_tail(&(msg->link), &(kcs_info->xmit_msgs));
>+		result = kcs_event_handler(kcs_info, 0);
>+		while (result != KCS_SM_IDLE) {
>+			udelay(500);
>+			result = kcs_event_handler(kcs_info, 500);
>+		}
>
>is that unconditional udelay with interrupts off really needed? 
>
This only happens in run-to-completion mode, which only happens at panic 
time, so that shouldn't be a big deal.  This is a special mode that 
allows things like watchdog messages and IPMI panic events to go out 
without having working timers.

>
>+/* The locking for these for a write lock is done by two locks, first
>+   the "outside" lock then the normal lock.  This way, the interfaces
>+   lock can be converted to a read lock without allowing a new write
>+   locker to come in.  Note that at interrupt level, this can only be
>+   claimed read, so there is no reason for read lock to save
>+   interrupts.  Write locks must still save interrupts because they
>+   can block an interrupt. */
>
>I get the feeling this locking is fishy. A double r/w lock smells bad.
>really. Either you always take both the same way (eg both for read or
>both for write) and then the inner lock could be a normal spinlock; or
>you will deadlock in new and surprising ways....
>
This is a little wierd, but I wanted to be able to release the write 
lock, but not allow another write locker in until some other things were 
done.  The r/w locks in the kernel do not have a way to convert directly 
from a write lock to a read lock, so I used this to do that.  The 
outside lock is a normal lock and is only claimed immediately before 
grabbing the write lock, and is only released after releasing the write 
lock, so it should not deadlock.

In effect, the outside lock is really the write lock, the normal lock is 
used so that readers can block it.  A way to convert a write lock 
directly to a read lock without releasing the lock would make this 
wierdness go away.

> 
>+	spin_lock_irqsave(&interfaces_outside_lock, flags);
>+	write_lock(&interfaces_lock);
>+	for (i=0; i<MAX_IPMI_INTERFACES; i++) {
>+		if (ipmi_interfaces[i] == NULL) {
>+			new_intf = kmalloc(sizeof(*new_intf), GFP_KERNEL);
>
>ehm ehm didn't just take TWO spinlocks 3 lines above this sleeping
>function ?
>
Oops.  I'll re-work that (and a couple of others I found).

Thanks,

-Corey