Revert "rds: ib: Implement proper cm_id compare"

gerd-rausch · vijay-suman · commit 747f45ed078f · 2024-11-29T08:03:42.000-08:00
Also revert "rds: ib: Correct the cm_id compare commit" This reverts commit 7999a6a. This reverts commit 7b0b7b2. Replacing a stale pointer by a cyclically allocated identifier that's hypothetically less likely to be stale doesn't really solve the root cause of the staleness. These pointer compares have a long history going back to: commit fe00cae ("RDS: give up on half formed connections after 15s") when a "ic->i_cm_id == cm_id" compare was introduced inside "rds_ib_cm_handle_connect" in order to test if the upper-layer "ic->i_cm_id" is already pointing to the underlying "cm_id". However, upon arrival of a "RDMA_CM_EVENT_CONNECT_REQUEST" event, the "cm_id" is expected to have been freshly allocated, ("cm_req_handler" unconditionally calls "ib_create_cm_id", which allocates with "kzalloc") and therefore cm_id->context is expected to be "NULL". What's more likely in this case is that due to the missing invalidation of "ic->i_cm_id" whenever "rds_rdma_cm_event_handler_cmn" returns a non-zero value, that "ic->i_cm_id" was still pointing to a "cm_id" that consequently gets destroyed ("rdma_destroy_id") due to the non-zero return value of the "event_handler". So a subsequent "kzalloc" may return the same pointer, but not because it's the same object, but a different object that happened to land on the same address as the never invalidated "ic->i_cm_id" pointer. Back to the commits we're reverting here. There were a number of problems with this commit: 1) "drivers/infiniband/core/cma.c" is completely unaware of of the "rds_ib_rdma_destroy_id" wrapper and will continue to call "rdma_destroy_id" instead. So the point of keeping track of and being able to invalidate these identifiers is missed whenever it's "cma.c" that destroys the "cm_id" due to a non-zero return value of "event_handler". Not only that, but this will inevitably lead to identifier / memory-leaks. 2) The identifiers started with (start == 0) in "idr_alloc_cyclic", and then cast to "(struct rds_connection *)(unsigned long)". If we ignore the confusing nature of this pointer cast for a moment, we now no longer can distinguish between a "NULL" pointer that was a result of having cast an IDR value of "== 0" and a real NULL pointer after the "kzalloc". A freshly allocated "cm_id" would stand a chance to be mistaken for "IDR value == 0". 3) There is no error check on the return value of "idr_alloc_cyclic". If identifiers would run out (e.g. due to the leak desribed in #1), "cm_id->context" would just end up with a value of PTR_ERR(-ENOSPC) or whatever error code "idr_alloc_cyclic" returned. That would lead to a number of hard to debug problems. 4) "RDS_IB_NO_CTX" was defined as "ERR_PTR(ENOENT)" The convention is to use a negative errno in the kernel, i.e. "ERR_PTR(-ENOENT)". "ERR_PTR" is defined as an inline function that just casts its parameter to a pointer. By using a positive value of (ENOENT == 2) this also causes a collision with IDR value "== 2", as both of them end up with the same value in "cm_id->context". So instead of making stale pointers or stale identifiers less likely, we fix the root-cause(s) of these problems in subsequent commits. Please note that these reverts also removes code that had been introduced on behalf of this functionality (ow reverted) between the original commit and this revert in commit 2b13b0b ("rds: add tracepoint for RDS IB errors, info") * -DEFINE_EVENT(rds_ib, rds_ib_cm_mismatch, ...); * - reason = "rds_ib_rdma_create_id failed"; + reason = "rdma_create_id failed"; * -bool rds_ib_same_cm_id(struct rds_ib_connection *ic, struct rdma_cm_id *cm_id) * -EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_cm_mismatch); Orabug: 32373816 Fixes: 7b0b7b2 ("rds: ib: Correct the cm_id compare commit") Fixes: 7999a6a ("rds: ib: Implement proper cm_id compare") Signed-off-by: Gerd Rausch <gerd.rausch@oracle.com> Reviewed-by: Ka-cheong Poon <ka-cheong.poon@oracle.com> (cherry picked from commit d91b564) Port to U3 Signed-off-by: Jack Vogel <jack.vogel@oracle.com> Orabug: 33590097 UEK6 => UEK7 (cherry picked from commit 95037a6) cherry-pick-repo=UEK/production/linux-uek.git Signed-off-by: Gerd Rausch <gerd.rausch@oracle.com> Reviewed-by: William Kucharski <william.kucharski@oracle.com> Orabug: 33590087 UEK7 => LUCI (cherry picked from commit e359ce1) cherry-pick-repo=UEK/production/linux-uek.git Signed-off-by: Gerd Rausch <gerd.rausch@oracle.com> Reviewed-by: William Kucharski <william.kucharski@oracle.com>
diff --git a/net/rds/ib.c b/net/rds/ib.c
@@ -902,7 +902,6 @@ static int rds_ib_laddr_check_cm(struct net *net, const struct in6_addr *addr,
 				 __u32 scope_id)
 {
 	int ret;
-	struct rds_ib_connection dummy_ic;
 	struct rdma_cm_id *cm_id;
 #if IS_ENABLED(CONFIG_IPV6)
 	struct sockaddr_in6 sin6;
@@ -932,8 +931,8 @@ static int rds_ib_laddr_check_cm(struct net *net, const struct in6_addr *addr,
 	/* Create a CMA ID and try to bind it. This catches both
 	 * IB and iWARP capable NICs.
 	 */
-	cm_id = rds_ib_rdma_create_id(net, rds_rdma_cm_event_handler, &dummy_ic,
-				      NULL, RDMA_PS_TCP, IB_QPT_RC);
+	cm_id = rdma_create_id(net, rds_rdma_cm_event_handler,
+			       NULL, RDMA_PS_TCP, IB_QPT_RC);
 	if (IS_ERR(cm_id))
 		return -EADDRNOTAVAIL;
 
@@ -996,7 +995,7 @@ static int rds_ib_laddr_check_cm(struct net *net, const struct in6_addr *addr,
 		 cm_id->device ? cm_id->device->node_type : -1);
 
 out:
-	rds_ib_rdma_destroy_id(cm_id);
+	rdma_destroy_id(cm_id);
 
 	return ret;
 }
diff --git a/net/rds/ib.h b/net/rds/ib.h
@@ -209,7 +209,6 @@ struct rds_ib_connection {
 	/* alphabet soup, IBTA style */
 	struct rw_semaphore	i_cm_id_free_lock;
 	struct rdma_cm_id	*i_cm_id;
-	struct rds_connection	*i_cm_id_ctx;
 	struct ib_pd		*i_pd;
 	struct ib_mr		*i_mr;
 	struct ib_cq		*i_scq;
@@ -564,69 +563,6 @@ struct rds_ib_statistics {
 
 extern struct workqueue_struct *rds_ib_wq;
 
-#define RDS_IB_NO_CTX ERR_PTR(ENOENT)
-
-static inline struct rds_connection *rds_ib_map_conn(struct rds_connection *conn)
-{
-	int id;
-
-	mutex_lock(&cm_id_map_lock);
-	id = idr_alloc_cyclic(&cm_id_map, conn, 0, 0, GFP_KERNEL);
-	mutex_unlock(&cm_id_map_lock);
-
-	if (id < 0)
-		return ERR_PTR(id);
-
-	return (struct rds_connection *)(unsigned long)id;
-}
-
-static inline struct rdma_cm_id *rds_ib_rdma_create_id(struct net *net,
-						       rdma_cm_event_handler event_handler,
-						       struct rds_ib_connection *ic,
-						       void *context,
-						       enum rdma_ucm_port_space ps,
-						       enum ib_qp_type qp_type)
-{
-	ic->i_cm_id_ctx = rds_ib_map_conn(context);
-
-	return rdma_create_id(net, event_handler, ic->i_cm_id_ctx, ps, qp_type);
-}
-
-static inline struct rds_connection *rds_ib_get_conn(struct rdma_cm_id *cm_id)
-{
-	struct rds_connection *conn;
-
-	mutex_lock(&cm_id_map_lock);
-	conn = idr_find(&cm_id_map, (unsigned long)cm_id->context);
-	mutex_unlock(&cm_id_map_lock);
-
-	return conn;
-}
-
-static inline void rds_ib_rdma_unlink_id(struct rdma_cm_id *cm_id)
-{
-	struct rds_ib_connection *ic = NULL;
-	struct rds_connection *conn;
-
-	conn = rds_ib_get_conn(cm_id);
-	if (conn)
-		ic = conn->c_transport_data;
-	if (ic)
-		ic->i_cm_id_ctx = RDS_IB_NO_CTX;
-
-	mutex_lock(&cm_id_map_lock);
-	(void)idr_remove(&cm_id_map, (int)(u64)cm_id->context);
-	mutex_unlock(&cm_id_map_lock);
-
-	cm_id->context = RDS_IB_NO_CTX;
-}
-
-static inline void rds_ib_rdma_destroy_id(struct rdma_cm_id *cm_id)
-{
-	rds_ib_rdma_unlink_id(cm_id);
-	rdma_destroy_id(cm_id);
-}
-
 /*
  * Fake ib_dma_sync_sg_for_{cpu,device} as long as ib_verbs.h
  * doesn't define it.
@@ -701,7 +637,6 @@ extern struct list_head ib_nodev_conns;
 extern struct socket *rds_ib_inet_socket;
 
 /* ib_cm.c */
-bool rds_ib_same_cm_id(struct rds_ib_connection *ic, struct rdma_cm_id *cm_id);
 int rds_ib_conn_alloc(struct rds_connection *conn, gfp_t gfp);
 void rds_ib_conn_free(void *arg);
 bool rds_ib_conn_has_alt_conn(struct rds_connection *conn);
diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c
@@ -1439,23 +1439,6 @@ u32 __rds_find_ifindex_v4(struct net *net, __be32 addr)
 	return idx;
 }
 
-bool rds_ib_same_cm_id(struct rds_ib_connection *ic, struct rdma_cm_id *cm_id)
-{
-	char *reason = "no connection";
-
-	if (ic) {
-		if (ic->i_cm_id != cm_id)
-			reason = "cm_id mismatch";
-		else if (ic->i_cm_id_ctx != cm_id->context)
-			reason = "context mismatch";
-		else
-			return true;
-	}
-	trace_rds_ib_cm_mismatch(NULL, ic ? ic->rds_ibdev : NULL,
-				 ic ? ic->conn : NULL, ic, reason, 0);
-	return false;
-}
-
 static void rds_destroy_cm_id_worker(struct work_struct *_work)
 {
 	struct rds_ib_destroy_cm_id_work *work = container_of(_work,
@@ -1498,12 +1481,11 @@ static int rds_ib_cm_accept(struct rds_connection *conn,
 
 	ic = conn->c_transport_data;
 
-	BUG_ON(rds_ib_get_conn(cm_id));
+	BUG_ON(cm_id->context);
 	BUG_ON(ic->i_cm_id);
 
 	ic->i_cm_id = cm_id;
-	cm_id->context = rds_ib_map_conn(conn);
-	ic->i_cm_id_ctx = cm_id->context;
+	cm_id->context = conn;
 
 	if (isv6) {
 #if IS_ENABLED(CONFIG_IPV6)
@@ -1811,7 +1793,7 @@ void rds_ib_conn_destroy_init(struct rds_connection *conn)
 
 int rds_ib_cm_initiate_connect(struct rdma_cm_id *cm_id, bool isv6)
 {
-	struct rds_connection *conn = rds_ib_get_conn(cm_id);
+	struct rds_connection *conn = cm_id->context;
 	struct rds_ib_connection *ic = conn->c_transport_data;
 	struct rdma_conn_param conn_param;
 	union rds_ib_conn_priv dp;
@@ -1878,7 +1860,7 @@ int rds_ib_cm_initiate_connect(struct rdma_cm_id *cm_id, bool isv6)
 		trace_rds_ib_cm_initiate_connect_err(ic->rds_ibdev ?
 		    ic->rds_ibdev->dev : NULL, ic->rds_ibdev, conn, ic,
 		    reason, ret);
-		if (rds_ib_same_cm_id(ic, cm_id))
+		if (ic->i_cm_id == cm_id)
 			ret = 0;
 	}
 
@@ -2018,13 +2000,13 @@ int rds_ib_conn_path_connect(struct rds_conn_path *cp)
 		handler = rds_rdma_cm_event_handler;
 
 	WARN_ON(ic->i_cm_id);
-	ic->i_cm_id = rds_ib_rdma_create_id(rds_conn_net(conn),
-					    handler, ic, conn, RDMA_PS_TCP, IB_QPT_RC);
+	ic->i_cm_id = rdma_create_id(rds_conn_net(conn),
+				     handler, conn, RDMA_PS_TCP, IB_QPT_RC);
 
 	if (IS_ERR(ic->i_cm_id)) {
 		ret = PTR_ERR(ic->i_cm_id);
 		ic->i_cm_id = NULL;
-		reason = "rds_ib_rdma_create_id failed";
+		reason = "rdma_create_id failed";
 		goto out;
 	}
 
@@ -2067,7 +2049,7 @@ int rds_ib_conn_path_connect(struct rds_conn_path *cp)
 		ic->i_cm_id = NULL;
 		up_write(&ic->i_cm_id_free_lock);
 
-		rds_ib_rdma_destroy_id(cm_id);
+		rdma_destroy_id(cm_id);
 	}
 
 out:
@@ -2165,10 +2147,10 @@ void rds_ib_conn_path_shutdown_final(struct rds_conn_path *cp)
 		 * when the conn cannot be associated with the underlying
 		 * device.
 		 */
-		rds_ib_rdma_unlink_id(ic->i_cm_id);
 
 		down_write(&ic->i_cm_id_free_lock);
 		cm_id = ic->i_cm_id;
+		cm_id->context = NULL;
 		ic->i_cm_id = NULL;
 		up_write(&ic->i_cm_id_free_lock);
 
@@ -2296,7 +2278,6 @@ int rds_ib_conn_alloc(struct rds_connection *conn, gfp_t gfp)
 	list_add_tail(&ic->ib_node, &ib_nodev_conns);
 	spin_unlock_irqrestore(&ib_nodev_conns_lock, flags);
 
-	ic->i_cm_id_ctx = RDS_IB_NO_CTX;
 	ic->i_irq_local_cpu = NR_CPUS;
 
 	INIT_DELAYED_WORK(&ic->i_cm_watchdog_w, rds_ib_cm_watchdog_handler);
diff --git a/net/rds/ib_send.c b/net/rds/ib_send.c
@@ -458,7 +458,7 @@ int rds_ib_send_grab_credits(struct rds_ib_connection *ic,
 		avail--;
 
 	if (avail < wanted) {
-		struct rds_connection *conn = rds_ib_get_conn(ic->i_cm_id);
+		struct rds_connection *conn = ic->i_cm_id->context;
 
 		/* Oops, there aren't that many credits left! */
 		set_bit(RDS_LL_SEND_FULL, &conn->c_flags);
diff --git a/net/rds/rdma_transport.c b/net/rds/rdma_transport.c
@@ -105,7 +105,7 @@ static int rds_rdma_cm_event_handler_cmn(struct rdma_cm_id *cm_id,
 					 bool isv6)
 {
 	/* this can be null in the listening path */
-	struct rds_connection *conn;
+	struct rds_connection *conn = cm_id->context;
 	struct rds_transport *trans = &rds_ib_transport;
 	int ret = 0;
 	/* ADDR_CHANGE event indicates that the local address has moved
@@ -120,7 +120,6 @@ static int rds_rdma_cm_event_handler_cmn(struct rdma_cm_id *cm_id,
 	char *reason = NULL;
 	int *err;
 
-	conn = rds_ib_get_conn(cm_id);
 	if (!conn) {
 		if (event->event == RDMA_CM_EVENT_CONNECT_REQUEST) {
 			trace_rds_rdma_cm_event_handler(NULL, NULL, NULL,
@@ -205,7 +204,7 @@ static int rds_rdma_cm_event_handler_cmn(struct rdma_cm_id *cm_id,
 			 */
 			reason = "resolve route failed";
 			ibic = conn->c_transport_data;
-			if (rds_ib_same_cm_id(ibic, cm_id))
+			if (ibic && ibic->i_cm_id == cm_id)
 				ibic->i_cm_id = NULL;
 			rds_conn_drop(conn, DR_IB_RESOLVE_ROUTE_FAIL, ret);
 		} else if (conn->c_to_index < (RDS_RDMA_RESOLVE_TO_MAX_INDEX-1))
@@ -220,7 +219,7 @@ static int rds_rdma_cm_event_handler_cmn(struct rdma_cm_id *cm_id,
 		 * cm_id is valid before proceeding */
 
 		ibic = conn->c_transport_data;
-		if (rds_ib_same_cm_id(ibic, cm_id)) {
+		if (ibic && ibic->i_cm_id == cm_id) {
 			/* ibacm caches the path record without considering the tos/sl.
 			 * It is considered a match if the <src,dest> matches the
 			 * cache. In order to create qp with the correct sl/vl, RDS
@@ -349,18 +348,13 @@ static int rds_rdma_listen_init_common(rdma_cm_event_handler handler,
 				       struct sockaddr *sa,
 				       struct rdma_cm_id **ret_cm_id)
 {
-	struct rds_ib_connection *dummy_ic;
 	struct rdma_cm_id *cm_id;
 	int ret;
 
-	dummy_ic = kmalloc(sizeof(*dummy_ic), GFP_KERNEL);
-	if (!dummy_ic)
-		return -ENOMEM;
-
-	cm_id = rds_ib_rdma_create_id(&init_net, handler, dummy_ic, NULL, RDMA_PS_TCP, IB_QPT_RC);
+	cm_id = rdma_create_id(&init_net, handler, NULL, RDMA_PS_TCP, IB_QPT_RC);
 	if (IS_ERR(cm_id)) {
 		ret = PTR_ERR(cm_id);
-		printk(KERN_ERR "RDS/RDMA: failed to setup listener, rds_ib_rdma_create_id() returned %d\n",
+		printk(KERN_ERR "RDS/RDMA: failed to setup listener, rdma_create_id() returned %d\n",
 		       ret);
 		return ret;
 	}
@@ -391,7 +385,7 @@ static int rds_rdma_listen_init_common(rdma_cm_event_handler handler,
 	cm_id = NULL;
 out:
 	if (cm_id)
-		rds_ib_rdma_destroy_id(cm_id);
+		rdma_destroy_id(cm_id);
 	return ret;
 }
 
@@ -436,25 +430,16 @@ static int rds_rdma_listen_init(void)
 
 static void rds_rdma_listen_stop(void)
 {
-	struct rds_ib_connection *ic;
-	struct rds_connection *conn;
-
 	if (rds_rdma_listen_id) {
-		conn = rds_ib_get_conn(rds_rdma_listen_id);
-		ic = conn ? conn->c_transport_data : NULL;
 		rdsdebug("cm %p\n", rds_rdma_listen_id);
-		rds_ib_rdma_destroy_id(rds_rdma_listen_id);
+		rdma_destroy_id(rds_rdma_listen_id);
 		rds_rdma_listen_id = NULL;
-		kfree(ic);
 	}
 #if IS_ENABLED(CONFIG_IPV6)
 	if (rds6_rdma_listen_id) {
-		conn = rds_ib_get_conn(rds6_rdma_listen_id);
-		ic = conn ? conn->c_transport_data : NULL;
 		rdsdebug("cm %p\n", rds6_rdma_listen_id);
-		rds_ib_rdma_destroy_id(rds6_rdma_listen_id);
+		rdma_destroy_id(rds6_rdma_listen_id);
 		rds6_rdma_listen_id = NULL;
-		kfree(ic);
 	}
 #endif
 }
diff --git a/net/rds/trace.c b/net/rds/trace.c
@@ -25,7 +25,6 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_add_device_err);
 EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_remove_device);
 EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_remove_device_err);
 EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_shutdown_device);
-EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_cm_mismatch);
 EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_cm_accept_err);
 EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_cm_handle_connect);
 EXPORT_TRACEPOINT_SYMBOL_GPL(rds_ib_cm_handle_connect_err);
diff --git a/net/rds/trace.h b/net/rds/trace.h
@@ -728,16 +728,6 @@ DEFINE_EVENT(rds_ib, rds_ib_shutdown_device,
 
 );
 
-DEFINE_EVENT(rds_ib, rds_ib_cm_mismatch,
-
-	TP_PROTO(struct ib_device *dev, struct rds_ib_device *rds_ibdev,
-		 struct rds_connection *conn, struct rds_ib_connection *ic,
-		 char *reason, int err),
-
-	TP_ARGS(dev, rds_ibdev, conn, ic, reason, err)
-
-);
-
 DEFINE_EVENT(rds_ib, rds_ib_cm_accept_err,
 
 	TP_PROTO(struct ib_device *dev, struct rds_ib_device *rds_ibdev,
