Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp4479936ybx; Mon, 4 Nov 2019 14:07:30 -0800 (PST) X-Google-Smtp-Source: APXvYqwI4PBETnLJaErz6kf6yPdSO1dSVOx+DM6jsO/vcXS1FjCzsCzrNRCY+SVY6t6RkDNOk3R1 X-Received: by 2002:a17:906:edb7:: with SMTP id sa23mr25947362ejb.327.1572905250191; Mon, 04 Nov 2019 14:07:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572905250; cv=none; d=google.com; s=arc-20160816; b=Gw9W0yP4RC5Rl2qpZt6TSYIpKVp61Oi1PDrwubiRx/UWDlotm1uxpzcm50tG0vABxb NIfmQqaZh2DYRZkdNwy4KabMMtn+kEJ7p+MNuh1Dm/0zoLVCJbTOr9QUx7CR2BxqyvRT K9iwEXBdqef5IAuAXunuY+x2HUn0skR6JLtgNUQtj4Nhzl0s4jtR7Cqa8SQwD3K6E66+ 2q2xuI7udljXMK/PN159b1S9geDfs//LcFksbhFzE+Ulilar+EgKnT7qLopWZvuLd5D3 PUtUo54fH4cgdFv0kGQ4nurGb/XdYA+tdDNdC3iGLIuJezFR3owXD0tR5YP2Lg7fh7UQ 4+qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=OibEikMHEhJ33e7zKti9X21EK8Ol9TklWcMFiO1l6lU=; b=pmQ5TeTrfZsoTpc/3vNSNmZCpy/Ml40Jd9tQexLbrWfm759t9s22p/P+WNCAAsUDnZ ND9XgCHip6yv98wrevtkVT8RK9OJyC8jBR9w9KYyji0KhVt4PonlPpX4VwLILVjKT+FO uDVxOy+HlRze6IKi21HVgm/y4H60Ou8IxzAss2k/mPm1nFKyY1uV6aNazacrLLHsMiBL jfGoMvExvpMGbz2SahMIT2DBAOYDycNACHoShdtZlfFg67GXE8o3gePSoB/qx4lEN8C5 gTtZt5mIs35Hur0Ufs9iu9QKqTWY3AQ1VLJ7XFNpOd8dIDpP/5VcXExAAvdHdfWw0v94 japA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DC9WG9Lj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ci3si3111810ejb.37.2019.11.04.14.07.07; Mon, 04 Nov 2019 14:07:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DC9WG9Lj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389726AbfKDWEo (ORCPT + 99 others); Mon, 4 Nov 2019 17:04:44 -0500 Received: from mail.kernel.org ([198.145.29.99]:35518 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389718AbfKDWEn (ORCPT ); Mon, 4 Nov 2019 17:04:43 -0500 Received: from localhost (6.204-14-84.ripe.coltfrance.com [84.14.204.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 63BE2217F4; Mon, 4 Nov 2019 22:04:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572905082; bh=YWefkR9LMZuyDk383P/EHzICtHOQ03NgYUEwjlP1mDo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DC9WG9LjdfrcPowBQAXEg/nWwEJ9IViZ8FhonkMcc82E6S7KG36k6vi4MaMofANB1 PU1D2e82eVRiHe/KC7a6+cqf3KoR5zrEuPytADU6LfnrFZ+02e52Slgh57IIy5dFf6 gG3K1IEhXdMe3n2M9YZD8vSQdo7GNOSwoI9pNqws= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Rahul Kundu , Potnuri Bharat Teja , Jason Gunthorpe , Sasha Levin Subject: [PATCH 5.3 023/163] RDMA/iw_cxgb4: fix SRQ access from dump_qp() Date: Mon, 4 Nov 2019 22:43:33 +0100 Message-Id: <20191104212142.043159001@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191104212140.046021995@linuxfoundation.org> References: <20191104212140.046021995@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Potnuri Bharat Teja [ Upstream commit 91724c1e5afe45b64970036170659726e7dc5cff ] dump_qp() is wrongly trying to dump SRQ structures as QP when SRQ is used by the application. This patch matches the QPID before dumping them. Also removes unwanted SRQ id addition to QP id xarray. Fixes: 2f43129127e6 ("cxgb4: Convert qpidr to XArray") Link: https://lore.kernel.org/r/20190930074119.20046-1-bharat@chelsio.com Signed-off-by: Rahul Kundu Signed-off-by: Potnuri Bharat Teja Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin --- drivers/infiniband/hw/cxgb4/device.c | 7 +++++-- drivers/infiniband/hw/cxgb4/qp.c | 10 +--------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/infiniband/hw/cxgb4/device.c b/drivers/infiniband/hw/cxgb4/device.c index a8b9548bd1a26..599340c1f0b82 100644 --- a/drivers/infiniband/hw/cxgb4/device.c +++ b/drivers/infiniband/hw/cxgb4/device.c @@ -242,10 +242,13 @@ static void set_ep_sin6_addrs(struct c4iw_ep *ep, } } -static int dump_qp(struct c4iw_qp *qp, struct c4iw_debugfs_data *qpd) +static int dump_qp(unsigned long id, struct c4iw_qp *qp, + struct c4iw_debugfs_data *qpd) { int space; int cc; + if (id != qp->wq.sq.qid) + return 0; space = qpd->bufsize - qpd->pos - 1; if (space == 0) @@ -350,7 +353,7 @@ static int qp_open(struct inode *inode, struct file *file) xa_lock_irq(&qpd->devp->qps); xa_for_each(&qpd->devp->qps, index, qp) - dump_qp(qp, qpd); + dump_qp(index, qp, qpd); xa_unlock_irq(&qpd->devp->qps); qpd->buf[qpd->pos++] = 0; diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c index eb9368be28c1d..bbcac539777a2 100644 --- a/drivers/infiniband/hw/cxgb4/qp.c +++ b/drivers/infiniband/hw/cxgb4/qp.c @@ -2737,15 +2737,11 @@ int c4iw_create_srq(struct ib_srq *ib_srq, struct ib_srq_init_attr *attrs, if (CHELSIO_CHIP_VERSION(rhp->rdev.lldi.adapter_type) > CHELSIO_T6) srq->flags = T4_SRQ_LIMIT_SUPPORT; - ret = xa_insert_irq(&rhp->qps, srq->wq.qid, srq, GFP_KERNEL); - if (ret) - goto err_free_queue; - if (udata) { srq_key_mm = kmalloc(sizeof(*srq_key_mm), GFP_KERNEL); if (!srq_key_mm) { ret = -ENOMEM; - goto err_remove_handle; + goto err_free_queue; } srq_db_key_mm = kmalloc(sizeof(*srq_db_key_mm), GFP_KERNEL); if (!srq_db_key_mm) { @@ -2789,8 +2785,6 @@ err_free_srq_db_key_mm: kfree(srq_db_key_mm); err_free_srq_key_mm: kfree(srq_key_mm); -err_remove_handle: - xa_erase_irq(&rhp->qps, srq->wq.qid); err_free_queue: free_srq_queue(srq, ucontext ? &ucontext->uctx : &rhp->rdev.uctx, srq->wr_waitp); @@ -2813,8 +2807,6 @@ void c4iw_destroy_srq(struct ib_srq *ibsrq, struct ib_udata *udata) rhp = srq->rhp; pr_debug("%s id %d\n", __func__, srq->wq.qid); - - xa_erase_irq(&rhp->qps, srq->wq.qid); ucontext = rdma_udata_to_drv_context(udata, struct c4iw_ucontext, ibucontext); free_srq_queue(srq, ucontext ? &ucontext->uctx : &rhp->rdev.uctx, -- 2.20.1