[PATCH 14/20] libfc: Fix frags in frame exceeding SKB_MAX_FRAGS in fc_fcp_send_data

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

From: Robert Love <robert.w.love@intel.com>
To: James.Bottomley@HansenPartnership.com, linux-scsi@vger.kernel.org
Cc: Yi Zou <yi.zou@intel.com>, Robert Love <robert.w.love@intel.com>
Subject: [PATCH 14/20] libfc: Fix frags in frame exceeding SKB_MAX_FRAGS in fc_fcp_send_data
Date: Wed, 21 Oct 2009 16:27:58 -0700	[thread overview]
Message-ID: <20091021232758.12986.69286.stgit@localhost.localdomain> (raw)
In-Reply-To: <20091021232640.12986.79205.stgit@localhost.localdomain>

From: Yi Zou <yi.zou@intel.com>

In case of sequence offload, in fc_fcp_send_data(), the skb_fill_page_info()
called may end up adding more frags to the skb_shinfo(fp_skb(fp))->frags[],
exceeding SKB_MAX_FRAGS, this eventually corrupts the memory. I am adding the
FR_FRAME_SG_LEN back, but as SKB_MAX_FRAGS -1, leaving 1 for our fcoe_eof_crc
page. And send will be broken into multiple large sends if the frame already
contains more frags than skb handle.

Signed-off-by: Yi Zou <yi.zou@intel.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
---

 drivers/scsi/libfc/fc_fcp.c |    3 ++-
 include/scsi/fc_frame.h     |    3 +++
 2 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/drivers/scsi/libfc/fc_fcp.c b/drivers/scsi/libfc/fc_fcp.c
index 40ed744..28bfe1c 100644
--- a/drivers/scsi/libfc/fc_fcp.c
+++ b/drivers/scsi/libfc/fc_fcp.c
@@ -574,7 +574,8 @@ static int fc_fcp_send_data(struct fc_fcp_pkt *fsp, struct fc_seq *seq,
 		tlen -= sg_bytes;
 		remaining -= sg_bytes;
 
-		if (tlen)
+		if ((skb_shinfo(fp_skb(fp))->nr_frags < FC_FRAME_SG_LEN) &&
+		    (tlen))
 			continue;
 
 		/*
diff --git a/include/scsi/fc_frame.h b/include/scsi/fc_frame.h
index c35d238..148126d 100644
--- a/include/scsi/fc_frame.h
+++ b/include/scsi/fc_frame.h
@@ -37,6 +37,9 @@
 #define	FC_FRAME_HEADROOM	32	/* headroom for VLAN + FCoE headers */
 #define	FC_FRAME_TAILROOM	8	/* trailer space for FCoE */
 
+/* Max number of skb frags allowed, reserving one for fcoe_crc_eof page */
+#define FC_FRAME_SG_LEN		(MAX_SKB_FRAGS - 1)
+
 #define fp_skb(fp)	(&((fp)->skb))
 #define fr_hdr(fp)	((fp)->skb.data)
 #define fr_len(fp)	((fp)->skb.len)

next prev parent reply	other threads:[~2009-10-21 23:28 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-21 23:26 [PATCH 00/20] libfc, fcoe and fnci fixes for 2.6.32 RC Robert Love
2009-10-21 23:26 ` [PATCH 01/20] libfc: fix typo in retry check on received PRLI Robert Love
2009-10-21 23:26 ` [PATCH 02/20] libfc: fix ddp in fc_fcp for 0 xid Robert Love
2009-10-21 23:26 ` [PATCH 03/20] fcoe: remove redundant checking of netdev->netdev_ops Robert Love
2009-10-21 23:27 ` [PATCH 04/20] libfc, fcoe: Don't EXPORT_SYMBOLS unnecessarily Robert Love
2009-10-21 23:27 ` [PATCH 05/20] libfc: Remove unused fc_lport pointer from fc_fcp_pkt_abort Robert Love
2009-10-21 23:27 ` [PATCH 06/20] libfc: Fix wrong scsi return status under FC_DATA_UNDRUN Robert Love
2009-10-21 23:27 ` [PATCH 07/20] libfc: lport: fix minor documentation errors Robert Love
2009-10-21 23:27 ` [PATCH 08/20] libfc: don't WARN_ON in lport_timeout for RESET state Robert Love
2009-10-21 23:27 ` [PATCH 09/20] libfc: removes initializing fc_cpu_order and fc_cpu_mask per lport Robert Love
2009-10-21 23:27 ` [PATCH 10/20] libfc: adds missing exch release for accepted RRQ Robert Love
2009-10-21 23:27 ` [PATCH 11/20] libfc: removes unused disc_work and ex_list Robert Love
2009-10-21 23:27 ` [PATCH 12/20] fcoe: initialize return value in fcoe_destroy Robert Love
2009-10-21 23:27 ` [PATCH 13/20] fcoe: Use NETIF_F_FCOE_MTU flag to set up max frame size (lport->mfs) Robert Love
2009-10-21 23:27 ` Robert Love [this message]
2009-10-21 23:28 ` [PATCH 15/20] fcoe: Call ndo_fcoe_enable/disable to turn FCoE feature on/off in LLD Robert Love
2009-10-21 23:28 ` [PATCH 16/20] libfc: fix memory corruption caused by double frees and bad error handling Robert Love
2009-10-21 23:28 ` [PATCH 17/20] fnic: Process all cq entries per ISR Robert Love
2009-10-21 23:28 ` [PATCH 18/20] fnic: Set max_cmd_len to driver supported CDB length Robert Love
2009-10-21 23:28 ` [PATCH 19/20] fnic: Pad the unused bytes of CDB to 0s Robert Love
2009-10-21 23:28 ` [PATCH 20/20] libfc: fix free of fc_rport_priv with timer pending Robert Love

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:40ed744 dfblob:28bfe1c dfblob:c35d238 dfblob:148126d )
 OR (
bs:"[PATCH 14/20] libfc: Fix frags in frame exceeding SKB_MAX_FRAGS in fc_fcp_send_data" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20091021232758.12986.69286.stgit@localhost.localdomain \
    --to=robert.w.love@intel.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=linux-scsi@vger.kernel.org \
    --cc=yi.zou@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox