It is possible to get ESTABLISHED RDMACM event while the connection
is already started teardown flow (i.e. addr change).
At teardown the refcount is reduced to zero and we start releasing the
connection. In established event We need to check conn is not in teardown
flow by checking its ref count is not 0.
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6879 d57e44dd-8a1f-0410-8b47-8ef2f437770f
The tmo timer is set when allocating a new connection.
We need to release it in case it didn't execute yet.
Else timer execution will lead to a NULL dereference bug on conn.
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6878 d57e44dd-8a1f-0410-8b47-8ef2f437770f
There is a race between RDMACM event handler and isert_conn_free.
The event handler use the connection resources and isert_conn_free
destroy them.
This commit fix multiple NULL dereference bugs.
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6877 d57e44dd-8a1f-0410-8b47-8ef2f437770f
A nop that is sent from the scst is treated as a fake request.
When a fake request is allocated we release it immediately,
so it's wrong to release it also on a completion error (isert_pdu_err).
This commit fix a NULL dereference bug when receiving completion with
error on this nop.
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
Signed-off-by: Ariel Nahum <arieln@mellanox.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6876 d57e44dd-8a1f-0410-8b47-8ef2f437770f
The C language does not require to use an explicit cast when assigning
a void * pointer to a pointer of another type.
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6633 d57e44dd-8a1f-0410-8b47-8ef2f437770f
The get and put of resources from the tx_free commands pool was not
symmetric. Commands that are self issued by the target (e.g. nop outs)
didn't release their resources, although they acquired them earlier.
Signed-off-by: Ariel Nahum <arieln@mellanox.com>
Signed-off-by: Alex Lyakas <alex@zadarastorage.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6630 d57e44dd-8a1f-0410-8b47-8ef2f437770f
Code after BUG() is unreachable both with CONFIG_BUG=y and with
CONFIG_BUG=n. Hence remove such code. Detected by smatch.
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6600 d57e44dd-8a1f-0410-8b47-8ef2f437770f
In a state where the list isert_conn->tx_free_list is empty
(mostly under traffic), we might fail to receive a command from
the isert command pool. This will result in later null deref.
In this case, busy-wait until a command will be available (will
be freed by the receive context).
[2158233.952087] BUG: unable to handle kernel NULL pointer dereference at (null)
[2158233.956023] IP: [<ffffffffa04e14d0>] isert_pdu_send+0xc0/0x1f0 [isert_scst]
....
[2158233.956023] [<ffffffffa04d98c8>] ? isert_cmnd_alloc+0x78/0x110 [isert_scst]
[2158233.956023] [<ffffffffa045b5a0>] req_cmnd_release+0x50/0x130 [iscsi_scst]
[2158233.956023] [<ffffffffa04622cb>] iscsi_send_nop_in+0x19b/0x370 [iscsi_scst]
Signed-off-by: Ariel Nahum <arieln@mellanox.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6554 d57e44dd-8a1f-0410-8b47-8ef2f437770f
On scst teardown we call rdma_disconnect() on all connections.
this moves the qps to error state and flushes all the wc, including
the drain wc which will results in kref_put of the connection.
In a race condition with the connection request, we might be only in
the init stage of the ref, and calling kref_put will result in refcount
0 and freeing the connection while establishing it.
Call the first kref_get before rdma_accept() to prevent this race.
Signed-off-by: Ariel Nahum <arieln@mellanox.com>
Signed-off-by: Yan Burman <yanb@mellanox.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6486 d57e44dd-8a1f-0410-8b47-8ef2f437770f
The second TM request can come while the old one, response for which is
going to be delayed, is still being processed, hence no response
prepared yet, so the delayed response should be dropped on the stage of
the new response preparing. Otherwise in this place the old delayed
response will trigger BUG_ON().
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6456 d57e44dd-8a1f-0410-8b47-8ef2f437770f
We were submitting work requests sometimes after the drain_wr,
so we would try to process flushes on something that is already
destroyed. This can be seen with very high login/logout load.
Signed-off-by: Yan Burman <yanb@mellanox.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6428 d57e44dd-8a1f-0410-8b47-8ef2f437770f
In order to be able to support large block sizes (larger than 512K),
we allocate required structured in a lazy fashion. This way we both support
large block sizes (over 512K and even over 1M). We also lower memory footprint
when smaller block sizes are used.
Signed-off-by: Yan Burman <yanb@mellanox.com>
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6418 d57e44dd-8a1f-0410-8b47-8ef2f437770f
Preprocessor directives are not allowed in argument lists of a macro.
This patch reverts r6317.
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6393 d57e44dd-8a1f-0410-8b47-8ef2f437770f
