Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp6550640ybx; Mon, 11 Nov 2019 10:48:16 -0800 (PST) X-Google-Smtp-Source: APXvYqwZhy0XTMHgcNfsHWBcFVQ9aJxmhPwR5BhqJpWJShMUQWFkgjadhdIYBOSnzeeA36fJfyGJ X-Received: by 2002:a17:906:5586:: with SMTP id y6mr24192424ejp.76.1573498096262; Mon, 11 Nov 2019 10:48:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573498096; cv=none; d=google.com; s=arc-20160816; b=wmsCkXHQ4u55bw0X3T1L0uDd10G5HVDzeBVle9rduPzTECr/5vWMnwHADfII5H4z1q 8eCbURKFPtPSgkeZOs8Sgj16bSxzK0RBNxANBXaB1hzsUhBzGfa7aU6H0j8NFHMpvOs6 dG/qusm96ugBSj3J14YTWDxf+xF5GHP8Kp3Q/pZO4flqFI0IyVgmlNX/jWXc9YUd8SQD BNR1JrPkGRwh5FaV33lESXzDo1V7x/UwZU98Pc08CVddxPabRxpidI2+rIywkBGFtKIJ CRKMp6su78trdZxSzsbUTPHUMqzmlnlDoGUCO6ZXmoJOYzhTsjwt6G4d6zsHSTCEjZV+ +x7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cu1qN4jkE9MBmjcoM83lveRFGm0HahdJGUHBMBT1Hys=; b=VWznPHuU/IsK0FD+Oiow/JKDSIvPgql9LWvsVaVak5S0OYHknBtu0wsRoydPIu8Ie9 5kRPvVzru5I46BQMeCdkmDhCxXSPUewc1dBR8NGEkI1Cs+Ls54y4mQ7HsMT+woax9bUA Qm/NeXM+nAnpkpWoAEI3fG4kHlEEbZeVVi7cA72YuElCEoaAlMWL8NloyegiS3I2087Y WQ0fNUylobmPeS7Y3KjmbZWrUDaF9v58c+GZdEhHAN4o5Nn4VB5oiQzy3M/lFR8DflKx IHUrYwZpeb3lNNbB3zOTqbvmeZZ9mluj5NZZs11Hz2ehx0/CVN6FbGay3XcwAhFOleCw k+Zw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2apHosSV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 93si12602685edo.408.2019.11.11.10.47.52; Mon, 11 Nov 2019 10:48:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2apHosSV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729311AbfKKSoT (ORCPT + 99 others); Mon, 11 Nov 2019 13:44:19 -0500 Received: from mail.kernel.org ([198.145.29.99]:35854 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729715AbfKKSoQ (ORCPT ); Mon, 11 Nov 2019 13:44:16 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 99080204FD; Mon, 11 Nov 2019 18:44:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573497855; bh=7Zx5WexqxXUn4t1M1GCJrjMg/F094LVBD2rkt4QOsNI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2apHosSV3GEGeSLjiqzIALJ0aoujvSy+1OIsHzPEHd+N5rvVc+0iDhik4Cbazn/S1 GubWL/iViZdDzcegap8J9Osva+5NsXw69bxLqp8jhKzJ1DEshICcLnVyR/6OLMNKWz Pa3Dpo9XyYuuGXVBvZ9x9iXY8IktLXdb2hFi/iqQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Potnuri Bharat Teja , Doug Ledford , Sasha Levin Subject: [PATCH 4.19 075/125] iw_cxgb4: fix ECN check on the passive accept Date: Mon, 11 Nov 2019 19:28:34 +0100 Message-Id: <20191111181450.129063326@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191111181438.945353076@linuxfoundation.org> References: <20191111181438.945353076@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Potnuri Bharat Teja [ Upstream commit 612e0486ad0845c41ac10492e78144f99e326375 ] pass_accept_req() is using the same skb for handling accept request and sending accept reply to HW. Here req and rpl structures are pointing to same skb->data which is over written by INIT_TP_WR() and leads to accessing corrupt req fields in accept_cr() while checking for ECN flags. Reordered code in accept_cr() to fetch correct req fields. Fixes: 92e7ae7172 ("iw_cxgb4: Choose appropriate hw mtu index and ISS for iWARP connections") Signed-off-by: Potnuri Bharat Teja Link: https://lore.kernel.org/r/20191003104353.11590-1-bharat@chelsio.com Signed-off-by: Doug Ledford Signed-off-by: Sasha Levin --- drivers/infiniband/hw/cxgb4/cm.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c index 3be6405d9855e..566bfcc6add0d 100644 --- a/drivers/infiniband/hw/cxgb4/cm.c +++ b/drivers/infiniband/hw/cxgb4/cm.c @@ -2380,20 +2380,6 @@ static int accept_cr(struct c4iw_ep *ep, struct sk_buff *skb, enum chip_type adapter_type = ep->com.dev->rdev.lldi.adapter_type; pr_debug("ep %p tid %u\n", ep, ep->hwtid); - - skb_get(skb); - rpl = cplhdr(skb); - if (!is_t4(adapter_type)) { - skb_trim(skb, roundup(sizeof(*rpl5), 16)); - rpl5 = (void *)rpl; - INIT_TP_WR(rpl5, ep->hwtid); - } else { - skb_trim(skb, sizeof(*rpl)); - INIT_TP_WR(rpl, ep->hwtid); - } - OPCODE_TID(rpl) = cpu_to_be32(MK_OPCODE_TID(CPL_PASS_ACCEPT_RPL, - ep->hwtid)); - cxgb_best_mtu(ep->com.dev->rdev.lldi.mtus, ep->mtu, &mtu_idx, enable_tcp_timestamps && req->tcpopt.tstamp, (ep->com.remote_addr.ss_family == AF_INET) ? 0 : 1); @@ -2439,6 +2425,20 @@ static int accept_cr(struct c4iw_ep *ep, struct sk_buff *skb, if (tcph->ece && tcph->cwr) opt2 |= CCTRL_ECN_V(1); } + + skb_get(skb); + rpl = cplhdr(skb); + if (!is_t4(adapter_type)) { + skb_trim(skb, roundup(sizeof(*rpl5), 16)); + rpl5 = (void *)rpl; + INIT_TP_WR(rpl5, ep->hwtid); + } else { + skb_trim(skb, sizeof(*rpl)); + INIT_TP_WR(rpl, ep->hwtid); + } + OPCODE_TID(rpl) = cpu_to_be32(MK_OPCODE_TID(CPL_PASS_ACCEPT_RPL, + ep->hwtid)); + if (CHELSIO_CHIP_VERSION(adapter_type) > CHELSIO_T4) { u32 isn = (prandom_u32() & ~7UL) - 1; opt2 |= T5_OPT_2_VALID_F; -- 2.20.1