[PATCHv3,net-next-2.6,2/3] qlcnic: Take FW dump via ethtool

Driver checks if the previous dump has been cleared before taking the dump.
It doesn't take the dump if it is not cleared.

Changes from v2:
Added lock to protect dump data structures from being mangled while
dumping or setting them via ethtool.

Signed-off-by: Anirban Chakraborty <anirban.chakraborty@qlogic.com>
---
 drivers/net/qlcnic/qlcnic_ethtool.c |   81 +++++++++++++++++++++++++++++++++++
 1 files changed, 81 insertions(+), 0 deletions(-)

On Wed, 2011-05-11 at 15:54 -0700, Anirban Chakraborty wrote:
> Driver checks if the previous dump has been cleared before taking the dump.
> It doesn't take the dump if it is not cleared.
> 
> Changes from v2:
> Added lock to protect dump data structures from being mangled while
> dumping or setting them via ethtool.

Unfortunately it still seems to be possible for the dump length to
change between the ethtool core calling qlcnic_get_dump_flag() and
qlcnic_get_dump_data().

So I think qlcnic_get_dump_data() will need to double-check the length
after taking the internal lock:

[...]
> +static int
> +qlcnic_get_dump_data(struct net_device *netdev, struct ethtool_dump *dump,
> +                       void *buffer)
> +{
> +       int i, copy_sz;
> +       u32 *hdr_ptr, *data;
> +       struct qlcnic_adapter *adapter = netdev_priv(netdev);
> +       struct qlcnic_fw_dump *fw_dump = &adapter->ahw->fw_dump;
> +
> +       if (qlcnic_api_lock(adapter))
> +               return -EIO;
[...]

	if (dump->len < fw_dump->tmpl_hdr->size + fw_dump->size) {
		qlcnic_api_unlock(adapter);
		return -EINVAL;
	}

I'm not sure about the error code... and I'm really not happy about the
need to check lengths in both the ethtool core and the driver.

Can't you change the function that actually makes a dump to acquire the
RTNL lock?  (You'll need to do that *before* acquiring the driver's own
lock.)

Ben.

On May 12, 2011, at 10:27 AM, Ben Hutchings wrote:

> On Wed, 2011-05-11 at 15:54 -0700, Anirban Chakraborty wrote:
>> Driver checks if the previous dump has been cleared before taking the dump.
>> It doesn't take the dump if it is not cleared.
>> 
>> Changes from v2:
>> Added lock to protect dump data structures from being mangled while
>> dumping or setting them via ethtool.
> 
> Unfortunately it still seems to be possible for the dump length to
> change between the ethtool core calling qlcnic_get_dump_flag() and
> qlcnic_get_dump_data().

dump length is serialized via the driver lock. dump length is a static entity for a given capture mask
and it can only be changed when there is a different capture mask set in the driver (via calling
set_dump() from ethtool core).
Actual dump size is determined during the initial steps of FW dump which takes the driver lock
to start with. So, I am not sure how the dump length could be changed between the calls to
get_dump_flag and get_dump_data from within the ethtool core without a call to set_dump()
in between.

> 
> So I think qlcnic_get_dump_data() will need to double-check the length
> after taking the internal lock:
> 
> [...]
>> +static int
>> +qlcnic_get_dump_data(struct net_device *netdev, struct ethtool_dump *dump,
>> +                       void *buffer)
>> +{
>> +       int i, copy_sz;
>> +       u32 *hdr_ptr, *data;
>> +       struct qlcnic_adapter *adapter = netdev_priv(netdev);
>> +       struct qlcnic_fw_dump *fw_dump = &adapter->ahw->fw_dump;
>> +
>> +       if (qlcnic_api_lock(adapter))
>> +               return -EIO;
> [...]
> 
> 	if (dump->len < fw_dump->tmpl_hdr->size + fw_dump->size) {
> 		qlcnic_api_unlock(adapter);
> 		return -EINVAL;
> 	}
> 
> I'm not sure about the error code... and I'm really not happy about the
> need to check lengths in both the ethtool core and the driver.
I can put the check in here but don't think it is required really.

> 
> Can't you change the function that actually makes a dump to acquire the
> RTNL lock?  (You'll need to do that *before* acquiring the driver's own
> lock.)
We can't do that because the driver lock is taken at much higher level where it does
some hardware specific things even before attempting to take FW dump.

Thanks.
-Anirban



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Thu, 2011-05-12 at 11:53 -0700, Anirban Chakraborty wrote:
> On May 12, 2011, at 10:27 AM, Ben Hutchings wrote:
> 
> > On Wed, 2011-05-11 at 15:54 -0700, Anirban Chakraborty wrote:
> >> Driver checks if the previous dump has been cleared before taking the dump.
> >> It doesn't take the dump if it is not cleared.
> >> 
> >> Changes from v2:
> >> Added lock to protect dump data structures from being mangled while
> >> dumping or setting them via ethtool.
> > 
> > Unfortunately it still seems to be possible for the dump length to
> > change between the ethtool core calling qlcnic_get_dump_flag() and
> > qlcnic_get_dump_data().
> 
> dump length is serialized via the driver lock. dump length is a static
> entity for a given capture mask and it can only be changed when there
> is a different capture mask set in the driver (via calling set_dump()
> from ethtool core).

OK.

> Actual dump size is determined during the initial steps of FW dump
> which takes the driver lock to start with. So, I am not sure how the
> dump length could be changed between the calls to get_dump_flag and
> get_dump_data from within the ethtool core without a call to
> set_dump() in between.
[...]

What prevents this sequence:

1. Driver detects firmware dump is required, and creates the dump
(length L1).
2. User changes firmware dump flags through ethtool.
3. User starts to save firmware dump through ethtool:
   a. ethtool utility reads dump length (= L1) and allocates user buffer
   b. ethtool utility reads dump:
   c. ethtool core reads dump length (L1) and allocates kernel buffer
4. Meanwhile, driver detects firmware dump is required again, and
creates a new dump (length L2, since dump flags changed)
5. (Continuation of 3)
   d. ethtool core calls driver to read firmware dump
   e. Driver copies new dump (length L2) into buffer of length L1

Ben.

On May 12, 2011, at 12:18 PM, Ben Hutchings wrote:

> On Thu, 2011-05-12 at 11:53 -0700, Anirban Chakraborty wrote:
>> On May 12, 2011, at 10:27 AM, Ben Hutchings wrote:
>> 
>>> On Wed, 2011-05-11 at 15:54 -0700, Anirban Chakraborty wrote:
>>>> Driver checks if the previous dump has been cleared before taking the dump.
>>>> It doesn't take the dump if it is not cleared.
>>>> 
>>>> Changes from v2:
>>>> Added lock to protect dump data structures from being mangled while
>>>> dumping or setting them via ethtool.
>>> 
>>> Unfortunately it still seems to be possible for the dump length to
>>> change between the ethtool core calling qlcnic_get_dump_flag() and
>>> qlcnic_get_dump_data().
>> 
>> dump length is serialized via the driver lock. dump length is a static
>> entity for a given capture mask and it can only be changed when there
>> is a different capture mask set in the driver (via calling set_dump()
>> from ethtool core).
> 
> OK.
> 
>> Actual dump size is determined during the initial steps of FW dump
>> which takes the driver lock to start with. So, I am not sure how the
>> dump length could be changed between the calls to get_dump_flag and
>> get_dump_data from within the ethtool core without a call to
>> set_dump() in between.
> [...]
> 
> What prevents this sequence:
> 
> 1. Driver detects firmware dump is required, and creates the dump
> (length L1).
> 2. User changes firmware dump flags through ethtool.
> 3. User starts to save firmware dump through ethtool:
>   a. ethtool utility reads dump length (= L1) and allocates user buffer
>   b. ethtool utility reads dump:
>   c. ethtool core reads dump length (L1) and allocates kernel buffer
> 4. Meanwhile, driver detects firmware dump is required again, and
> creates a new dump (length L2, since dump flags changed)

This step won't happen as driver ensures that if a dump is taken that is not
cleared yet by ethtool utility, it is not going to take any further dump. So, until
the get_dump_data() has been called to fetch the dump data, changing dump
flag (and hence dump size) will not have any effect.
In 3 above, ethtool core created a buffer of L1 size but hasn't yet called 
get_dump_data() of the driver, so driver is still holding onto its previously
dumped data even though capture mask has been changed and the driver
encountered a situation where it ought to take the dump.

-Anirban
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Thu, 2011-05-12 at 13:54 -0700, Anirban Chakraborty wrote:
> On May 12, 2011, at 12:18 PM, Ben Hutchings wrote:
[...]
> > What prevents this sequence:
> > 
> > 1. Driver detects firmware dump is required, and creates the dump
> > (length L1).
> > 2. User changes firmware dump flags through ethtool.
> > 3. User starts to save firmware dump through ethtool:
> >   a. ethtool utility reads dump length (= L1) and allocates user buffer
> >   b. ethtool utility reads dump:
> >   c. ethtool core reads dump length (L1) and allocates kernel buffer
> > 4. Meanwhile, driver detects firmware dump is required again, and
> > creates a new dump (length L2, since dump flags changed)
> 
> This step won't happen as driver ensures that if a dump is taken that is not
> cleared yet by ethtool utility, it is not going to take any further dump. So, until
> the get_dump_data() has been called to fetch the dump data, changing dump
> flag (and hence dump size) will not have any effect.
> In 3 above, ethtool core created a buffer of L1 size but hasn't yet called 
> get_dump_data() of the driver, so driver is still holding onto its previously
> dumped data even though capture mask has been changed and the driver
> encountered a situation where it ought to take the dump.

OK, that sounds safe.

Ben.