lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 13 Apr 2017 17:12:54 +0300
From:   Moni Shoua <monis@...lanox.com>
To:     Johannes Thumshirn <jthumshirn@...e.de>
Cc:     Doug Ledford <dledford@...hat.com>,
        Sean Hefty <sean.hefty@...el.com>,
        Hal Rosenstock <hal.rosenstock@...il.com>,
        Linux Kernel Mailinglist <linux-kernel@...r.kernel.org>,
        linux-rdma <linux-rdma@...r.kernel.org>,
        Hannes Reinecke <hare@...e.de>,
        Sagi Grimberg <sagi@...mberg.me>,
        Max Gurtovoy <maxg@...lanox.com>
Subject: Re: [PATCH] IB/rxe: Don't clamp residual length to mtu

On Thu, Apr 6, 2017 at 3:49 PM, Johannes Thumshirn <jthumshirn@...e.de> wrote:
> When reading a RDMA WRITE FIRST packet we copy the DMA length from the RDMA
> header into the qp->resp.resid variable for later use. Later in check_rkey()
> we clamp it to the MTU if the packet is an  RDMA WRITE packet and has a
> residual length bigger than the MTU. Later in write_data_in() we subtract the
> payload of the packet from the residual length. If the packet happens to have a
> payload of exactly the MTU size we end up with a residual length of 0 despite
> the packet not being the last in the conversation. When the next packet in the
> conversation arrives, we don't have any residual length left and thus set the QP
> into an error state.
>
> This broke NVMe over Fabrics functionality over rdma_rxe.ko
>
> The patch was verified using the following test.
>
>  # echo eth0 > /sys/module/rdma_rxe/parameters/add
>  # nvme connect -t rdma -a 192.168.155.101 -s 1023 -n nvmf-test
>  # mkfs.xfs -fK /dev/nvme0n1
>  meta-data=/dev/nvme0n1           isize=256    agcount=4, agsize=65536 blks
>           =                       sectsz=4096  attr=2, projid32bit=1
>           =                       crc=0        finobt=0, sparse=0
>  data     =                       bsize=4096   blocks=262144, imaxpct=25
>           =                       sunit=0      swidth=0 blks
>  naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
>  log      =internal log           bsize=4096   blocks=2560, version=2
>           =                       sectsz=4096  sunit=1 blks, lazy-count=1
>  realtime =none                   extsz=4096   blocks=0, rtextents=0
>  # mount /dev/nvme0n1 /tmp/
>  [  148.923263] XFS (nvme0n1): Mounting V4 Filesystem
>  [  148.961196] XFS (nvme0n1): Ending clean mount
>  # dd if=/dev/urandom of=test.bin bs=1M count=128
>  128+0 records in
>  128+0 records out
>  134217728 bytes (134 MB, 128 MiB) copied, 0.437991 s, 306 MB/s
>  # sha256sum test.bin
>  cde42941f045efa8c4f0f157ab6f29741753cdd8d1cff93a6b03649d83c4129a  test.bin
>  # cp test.bin /tmp/
>  sha256sum /tmp/test.bin
>  cde42941f045efa8c4f0f157ab6f29741753cdd8d1cff93a6b03649d83c4129a  /tmp/test.bin
>
> Signed-off-by: Johannes Thumshirn <jthumshirn@...e.de>
> Cc: Hannes Reinecke <hare@...e.de>
> Cc: Sagi Grimberg <sagi@...mberg.me>
> Cc: Max Gurtovoy <maxg@...lanox.com>
> ---
>  drivers/infiniband/sw/rxe/rxe_resp.c | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c
> index c9dd385..58764df 100644
> --- a/drivers/infiniband/sw/rxe/rxe_resp.c
> +++ b/drivers/infiniband/sw/rxe/rxe_resp.c
> @@ -478,8 +478,6 @@ static enum resp_states check_rkey(struct rxe_qp *qp,
>                                 state = RESPST_ERR_LENGTH;
>                                 goto err;
>                         }
> -
> -                       qp->resp.resid = mtu;
>                 } else {
>                         if (pktlen != resid) {
>                                 state = RESPST_ERR_LENGTH;
> --
> 2.10.2
>
> --
Thanks Johannes

Acked-by: Moni Shoua <monis@...lanox.com>

Powered by blists - more mailing lists