This is a note to let you know that I've just added the patch titled
iser-target: Fix variable-length response error completion
to the 4.0-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
iser-target-fix-variable-length-response-error-completion.patch
and it can be found in the queue-4.0 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 9253e667ab50fd4611a60e1cdd6a6e05a1d91cf1 Mon Sep 17 00:00:00 2001
From: Sagi Grimberg <sagig@xxxxxxxxxxxx>
Date: Thu, 4 Jun 2015 19:49:19 +0300
Subject: iser-target: Fix variable-length response error completion
From: Sagi Grimberg <sagig@xxxxxxxxxxxx>
commit 9253e667ab50fd4611a60e1cdd6a6e05a1d91cf1 upstream.
Since commit "2426bd456a6 target: Report correct response ..."
we might get a command with data_size that does not fit to
the number of allocated data sg elements. Given that we rely on
cmd t_data_nents which might be different than the data_size,
we sometimes receive local length error completion. The correct
approach would be to take the command data_size into account when
constructing the ib sg_list.
Signed-off-by: Sagi Grimberg <sagig@xxxxxxxxxxxx>
Signed-off-by: Jenny Falkovich <jennyf@xxxxxxxxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/infiniband/ulp/isert/ib_isert.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -2316,7 +2316,6 @@ isert_build_rdma_wr(struct isert_conn *i
page_off = offset % PAGE_SIZE;
send_wr->sg_list = ib_sge;
- send_wr->num_sge = sg_nents;
send_wr->wr_id = (uintptr_t)&isert_cmd->tx_desc;
/*
* Perform mapping of TCM scatterlist memory ib_sge dma_addr.
@@ -2336,14 +2335,17 @@ isert_build_rdma_wr(struct isert_conn *i
ib_sge->addr, ib_sge->length, ib_sge->lkey);
page_off = 0;
data_left -= ib_sge->length;
+ if (!data_left)
+ break;
ib_sge++;
isert_dbg("Incrementing ib_sge pointer to %p\n", ib_sge);
}
+ send_wr->num_sge = ++i;
isert_dbg("Set outgoing sg_list: %p num_sg: %u from TCM SGLs\n",
send_wr->sg_list, send_wr->num_sge);
- return sg_nents;
+ return send_wr->num_sge;
}
static int
Patches currently in stable-queue which might be from sagig@xxxxxxxxxxxx are
queue-4.0/iser-target-fix-variable-length-response-error-completion.patch
queue-4.0/iser-target-fix-possible-use-after-free.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in