From: Chris Leech <cleech@redhat.com>

Subject: iscsiuio: serialize xmit_mutex lock to prevent iscsiuio seg fault

Bugzilla: ZZZ

Upstream Status:

Build Info: XXX

Tested:

commit a1be9c4ec348f87923f63ce2dbc23893a3b9e45c

Author: Nilesh Javali <nilesh.javali@cavium.com>

Date:   Thu May 18 23:04:20 2017 +0530

    iscsiuio: serialize xmit_mutex lock to prevent iscsiuio seg fault

    Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>

---

 iscsiuio/src/unix/libs/bnx2x.c | 24 +++++++++++-------------

 iscsiuio/src/unix/libs/cnic.c  |  9 +++------

 iscsiuio/src/unix/libs/qedi.c  | 19 +++++++++++--------

 3 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/iscsiuio/src/unix/libs/bnx2x.c b/iscsiuio/src/unix/libs/bnx2x.c

index 19cbcecaacca..1e8f532edcdf 100644

--- a/iscsiuio/src/unix/libs/bnx2x.c

+++ b/iscsiuio/src/unix/libs/bnx2x.c

@@ -1316,7 +1316,6 @@ void bnx2x_start_xmit(nic_t *nic, size_t len, u16_t vlan_id)

 	if ((rx_bd->addr_hi == 0) && (rx_bd->addr_lo == 0)) {

 		LOG_PACKET(PFX "%s: trying to transmit when device is closed",

 			   nic->log_name);

-		pthread_mutex_unlock(&nic->xmit_mutex);

 		return;

 	}

@@ -1343,12 +1342,9 @@ void bnx2x_start_xmit(nic_t *nic, size_t len, u16_t vlan_id)

 			       (bp->tx_bd_prod << 16));

 		bnx2x_flush_doorbell(bp, bp->tx_doorbell);

 	} else {

-		/* If the doorbell is not rung, the packet will not

-		   get sent.  Hence, the xmit_mutex lock will not

-		   get freed.

-		 */

-		pthread_mutex_unlock(&nic->xmit_mutex);

+		LOG_ERR(PFX "Pkt transmission failed.");

 	}

+

 	LOG_PACKET(PFX "%s: sent %d bytes using bp->tx_prod: %d",

 		   nic->log_name, len, bp->tx_prod);

 }

@@ -1412,6 +1408,8 @@ int bnx2x_write(nic_t *nic, nic_interface_t *nic_iface, packet_t *pkt)

 		   nic->log_name, pkt->buf_size,

 		   bp->tx_cons, bp->tx_prod, bp->tx_bd_prod);

+	pthread_mutex_unlock(&nic->xmit_mutex);

+

 	return 0;

 }

@@ -1560,17 +1558,16 @@ static int bnx2x_clear_tx_intr(nic_t *nic)

 	hw_cons = bp->get_tx_cons(bp);

 	if (bp->tx_cons == hw_cons) {

-		if (bp->tx_cons == bp->tx_prod) {

-			/* Make sure the xmit_mutex lock is unlock */

-			if (pthread_mutex_trylock(&nic->xmit_mutex))

-				LOG_ERR(PFX "bnx2x tx lock with prod == cons");

-

-			pthread_mutex_unlock(&nic->xmit_mutex);

+		if (bp->tx_cons == bp->tx_prod)

 			return 0;

-		}

 		return -EAGAIN;

 	}

+	if (pthread_mutex_trylock(&nic->xmit_mutex)) {

+		LOG_ERR(PFX "%s: unable to get xmit_mutex.", nic->log_name);

+		return -EINVAL;

+	}

+

 	LOG_PACKET(PFX "%s: clearing tx interrupt [%d %d]",

 		   nic->log_name, bp->tx_cons, hw_cons);

 	bp->tx_cons = hw_cons;

@@ -1600,6 +1597,7 @@ static int bnx2x_clear_tx_intr(nic_t *nic)

 				   nic->log_name, pkt->buf_size,

 				   bp->tx_cons, bp->tx_prod, bp->tx_bd_prod);

+			pthread_mutex_unlock(&nic->xmit_mutex);

 			return 0;

 		}

diff --git a/iscsiuio/src/unix/libs/cnic.c b/iscsiuio/src/unix/libs/cnic.c

index 5d60f898ad57..a009f25f0814 100644

--- a/iscsiuio/src/unix/libs/cnic.c

+++ b/iscsiuio/src/unix/libs/cnic.c

@@ -141,6 +141,7 @@ static int cnic_arp_send(nic_t *nic, nic_interface_t *nic_iface, int fd,

 	memcpy(&addr.s_addr, &dst_ip, sizeof(addr.s_addr));

 	LOG_DEBUG(PFX "%s: Sent cnic arp request for IP: %s",

 		  nic->log_name, addr_str);

+	pthread_mutex_unlock(&nic->xmit_mutex);

 	return 0;

 }

@@ -204,6 +205,8 @@ static int cnic_neigh_soliciation_send(nic_t *nic,

 	LOG_DEBUG(PFX "%s: Sent cnic ICMPv6 neighbor request %s",

 		  nic->log_name, addr_str);

+	pthread_mutex_unlock(&nic->xmit_mutex);

+

 	return 0;

 }

@@ -433,9 +436,6 @@ done:

 		rc = -EIO;

 	}

-	if (status != 0 || rc != 0)

-		pthread_mutex_unlock(&nic->xmit_mutex);

-

 	if (ev) {

 		cnic_nl_neigh_rsp(nic, fd, ev, path, mac_addr,

 				  nic_iface, status, AF_INET);

@@ -632,9 +632,6 @@ done:

 		rc = -EIO;

 	}

-	if (status != 0 || rc != 0)

-		pthread_mutex_unlock(&nic->xmit_mutex);

-

 	if (ev) {

 		cnic_nl_neigh_rsp(nic, fd, ev, path, mac_addr,

 				  nic_iface, status, AF_INET6);

diff --git a/iscsiuio/src/unix/libs/qedi.c b/iscsiuio/src/unix/libs/qedi.c

index c2096e59dad1..c6ff6e7724a3 100644

--- a/iscsiuio/src/unix/libs/qedi.c

+++ b/iscsiuio/src/unix/libs/qedi.c

@@ -887,7 +887,6 @@ void qedi_start_xmit(nic_t *nic, size_t len, u16_t vlan_id)

 			   nic->log_name, len, bp->tx_prod);

 	} else {

 		LOG_ERR(PFX "Pkt transmission failed: %d", rc);

-		pthread_mutex_unlock(&nic->xmit_mutex);

 	}

 	free(ubuf);

@@ -950,6 +949,10 @@ int qedi_write(nic_t *nic, nic_interface_t *nic_iface, packet_t *pkt)

 		   nic->log_name, pkt->buf_size,

 		   bp->tx_cons, bp->tx_prod, bp->tx_bd_prod);

+	LOG_DEBUG(PFX "%s: host:%d - releasing xmit mutex",

+		  nic->log_name, nic->host_no);

+	pthread_mutex_unlock(&nic->xmit_mutex);

+

 	return 0;

 }

@@ -1059,17 +1062,16 @@ static int qedi_clear_tx_intr(nic_t *nic)

 	hw_cons = uctrl->hw_tx_cons;

 	if (bp->tx_cons == hw_cons) {

-		if (bp->tx_cons == bp->tx_prod) {

-			/* Make sure the xmit_mutex lock is unlock */

-			if (pthread_mutex_trylock(&nic->xmit_mutex))

-				LOG_ERR(PFX "qedi tx lock with prod == cons");

-

-			pthread_mutex_unlock(&nic->xmit_mutex);

+		if (bp->tx_cons == bp->tx_prod)

 			return 0;

-		}

 		return -EAGAIN;

 	}

+	if (pthread_mutex_trylock(&nic->xmit_mutex)) {

+		LOG_ERR(PFX "%s: unable to get xmit_mutex.", nic->log_name);

+		return -EINVAL;

+	}

+

 	LOG_PACKET(PFX "%s: clearing tx interrupt [%d %d]",

 		   nic->log_name, bp->tx_cons, hw_cons);

 	bp->tx_cons = hw_cons;

@@ -1099,6 +1101,7 @@ static int qedi_clear_tx_intr(nic_t *nic)

 				   nic->log_name, pkt->buf_size,

 				   bp->tx_cons, bp->tx_prod, bp->tx_bd_prod);

+			pthread_mutex_unlock(&nic->xmit_mutex);

 			return 0;

 		}