d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sdp: Use an mbufq for received control packets.

Browse Source 
This is simpler than the hand-rolled queue, and fixes a use-after-free.

Sponsored by:	EMC / Isilon Storage Division
This commit is contained in:
markj 2016-07-29 20:35:04 +00:00
parent 62a56fa648
commit f9f7369f3f
3 changed files with 6 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/ofed/drivers/infiniband/ulp/sdp/sdp.h
View File

@ -403,8 +403,7 @@ struct sdp_sock {
struct sdp_rx_ring rx_ring; struct sdp_rx_ring rx_ring;
struct sdp_tx_ring tx_ring; struct sdp_tx_ring tx_ring;
struct rwlock lock; struct rwlock lock;
struct mbuf *rx_ctl_q; struct mbufq rxctlq; /* received control packets */
struct mbuf *rx_ctl_tail;
int qp_active; /* XXX Flag. */ int qp_active; /* XXX Flag. */
int max_sge; int max_sge;

1
sys/ofed/drivers/infiniband/ulp/sdp/sdp_main.c
View File

@ -469,6 +469,7 @@ sdp_attach(struct socket *so, int proto, struct thread *td)
ssk->flags = 0; ssk->flags = 0;
ssk->qp_active = 0; ssk->qp_active = 0;
ssk->state = TCPS_CLOSED; ssk->state = TCPS_CLOSED;
mbufq_init(&ssk->rxctlq, INT_MAX);
SDP_LIST_WLOCK(); SDP_LIST_WLOCK();
LIST_INSERT_HEAD(&sdp_list, ssk, list); LIST_INSERT_HEAD(&sdp_list, ssk, list);
sdp_count++; sdp_count++;

16
sys/ofed/drivers/infiniband/ulp/sdp/sdp_rx.c
View File

@ -459,14 +459,9 @@ sdp_process_rx_mb(struct sdp_sock *ssk, struct mbuf *mb)
ntohl(rrch->len)); ntohl(rrch->len));
} }
#endif #endif
mb->m_nextpkt = NULL; if (mbufq_enqueue(&ssk->rxctlq, mb) != 0)
if (ssk->rx_ctl_tail) m_freem(mb);
ssk->rx_ctl_tail->m_nextpkt = mb; return (0);
else
ssk->rx_ctl_q = mb;
ssk->rx_ctl_tail = mb;
return 0;
} }
sdp_prf1(sk, NULL, "queueing %s mb\n", mid2str(h->mid)); sdp_prf1(sk, NULL, "queueing %s mb\n", mid2str(h->mid));
@ -611,11 +606,8 @@ sdp_do_posts(struct sdp_sock *ssk)
return; return;
} }
while ((mb = ssk->rx_ctl_q)) { while ((mb = mbufq_dequeue(&ssk->rxctlq)) != NULL)
ssk->rx_ctl_q = mb->m_nextpkt;
mb->m_nextpkt = NULL;
sdp_process_rx_ctl_mb(ssk, mb); sdp_process_rx_ctl_mb(ssk, mb);
}
if (ssk->state == TCPS_TIME_WAIT) if (ssk->state == TCPS_TIME_WAIT)
return; return;