Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2642857pxj; Mon, 14 Jun 2021 03:51:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwqLHQiyLHZy66z+uJHoLSO5oo+xxkelnriX8zH5ecp/Hfcg/g2vm51VP2nj38VRE7Z78Zq X-Received: by 2002:aa7:c68f:: with SMTP id n15mr16388970edq.145.1623667877471; Mon, 14 Jun 2021 03:51:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623667877; cv=none; d=google.com; s=arc-20160816; b=BONFPDH0ytCeJn0PN7BpgdZ5puE6JtLHWpXIG7Ee6XyfauUuRoVBF2tSJ+Ayg+ozKM AP4m4MCflZEPPZGJcICtpOAetc8NEWIMqK3PNA0gMNUFenGBHCHlEvcTN3rtOH7jTp1G GLQlRlXMLnh/NM2HULAN0mw0WKrrcZwNu2ts8KId3GUUe8miYXGmeFxvx7MED7evwYm1 r8oXzkaNI3V2DvR1ImntaFnK5PeegRK9QrK1cn1AWEYXrey80rwJSObwtXIwODhAZLx2 yp99usyiOCSH2TIObbe7+KUsLERD4ZjgqyV21UOfSOSmZnHf2bHtHe1kgEAJ5CYrPUeA gsbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WWNYkFE6dZ/N5Li3RJyQEGFdIci6733PJGZ/hPhek+0=; b=I7frLKXQvODKKDvzay2tuXq0/CHKraVYa3+ByYaRIGdgOQpS0ybWKHxG9f9x65n7cb K7LpDrEE5z8Shu6pADytCrO7jDh88IfFha/9wFvyXdvcHonMVy5t2GT62zqyy8TZiCd+ AMu6dOMVNq+aQdDay4sV9YTjKcJgFw8ZuvNVf+k8HI9dV/ZCLpY4QJN+WEbny5HNZd7l X9t+0O77iLWWaDM46I/4FYkyDrGbw4AyRg1lbDp8/ZsvncXK3iF1+yso1fFHQ0qb2RL6 lteDirq/hgjXeCWg7mlDBMuPQDLp6bDVIkL2rX8wzey0uP6jFh0//3plGankDYgeiqM0 2Qww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="E9/99SBf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id rv25si11274473ejb.507.2021.06.14.03.50.55; Mon, 14 Jun 2021 03:51:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="E9/99SBf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234409AbhFNKvc (ORCPT + 99 others); Mon, 14 Jun 2021 06:51:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:50550 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234163AbhFNKoS (ORCPT ); Mon, 14 Jun 2021 06:44:18 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0C226611C1; Mon, 14 Jun 2021 10:36:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1623666977; bh=HqkcPOwuwXLSvOrwJ6RRUfXkTvsbUo//ls8BR4H4/Qc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=E9/99SBf2beQtPICDvX4V4An6qBliHcYBHqljdAqU7agVdheJqubeIy5r5SRCM5ga zU5nwFSA5yVugmjaVTtGMGONE76N76FSQ94bX9X5iR3jMKmQPq0UTkBnqnWRzE5399 XZbFo1VvdpoHHZetylLCZEiUam/7PBJtC9SdY4VQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Shay Drory , Leon Romanovsky , Jason Gunthorpe Subject: [PATCH 4.19 51/67] RDMA/mlx4: Do not map the core_clock page to user space unless enabled Date: Mon, 14 Jun 2021 12:27:34 +0200 Message-Id: <20210614102645.500765990@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210614102643.797691914@linuxfoundation.org> References: <20210614102643.797691914@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Shay Drory commit 404e5a12691fe797486475fe28cc0b80cb8bef2c upstream. Currently when mlx4 maps the hca_core_clock page to the user space there are read-modifiable registers, one of which is semaphore, on this page as well as the clock counter. If user reads the wrong offset, it can modify the semaphore and hang the device. Do not map the hca_core_clock page to the user space unless the device has been put in a backwards compatibility mode to support this feature. After this patch, mlx4 core_clock won't be mapped to user space on the majority of existing devices and the uverbs device time feature in ibv_query_rt_values_ex() will be disabled. Fixes: 52033cfb5aab ("IB/mlx4: Add mmap call to map the hardware clock") Link: https://lore.kernel.org/r/9632304e0d6790af84b3b706d8c18732bc0d5e27.1622726305.git.leonro@nvidia.com Signed-off-by: Shay Drory Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe Signed-off-by: Greg Kroah-Hartman --- drivers/infiniband/hw/mlx4/main.c | 5 +---- drivers/net/ethernet/mellanox/mlx4/fw.c | 3 +++ drivers/net/ethernet/mellanox/mlx4/fw.h | 1 + drivers/net/ethernet/mellanox/mlx4/main.c | 6 ++++++ include/linux/mlx4/device.h | 1 + 5 files changed, 12 insertions(+), 4 deletions(-) --- a/drivers/infiniband/hw/mlx4/main.c +++ b/drivers/infiniband/hw/mlx4/main.c @@ -577,12 +577,9 @@ static int mlx4_ib_query_device(struct i props->cq_caps.max_cq_moderation_count = MLX4_MAX_CQ_COUNT; props->cq_caps.max_cq_moderation_period = MLX4_MAX_CQ_PERIOD; - if (!mlx4_is_slave(dev->dev)) - err = mlx4_get_internal_clock_params(dev->dev, &clock_params); - if (uhw->outlen >= resp.response_length + sizeof(resp.hca_core_clock_offset)) { resp.response_length += sizeof(resp.hca_core_clock_offset); - if (!err && !mlx4_is_slave(dev->dev)) { + if (!mlx4_get_internal_clock_params(dev->dev, &clock_params)) { resp.comp_mask |= MLX4_IB_QUERY_DEV_RESP_MASK_CORE_CLOCK_OFFSET; resp.hca_core_clock_offset = clock_params.offset % PAGE_SIZE; } --- a/drivers/net/ethernet/mellanox/mlx4/fw.c +++ b/drivers/net/ethernet/mellanox/mlx4/fw.c @@ -822,6 +822,7 @@ int mlx4_QUERY_DEV_CAP(struct mlx4_dev * #define QUERY_DEV_CAP_MAD_DEMUX_OFFSET 0xb0 #define QUERY_DEV_CAP_DMFS_HIGH_RATE_QPN_BASE_OFFSET 0xa8 #define QUERY_DEV_CAP_DMFS_HIGH_RATE_QPN_RANGE_OFFSET 0xac +#define QUERY_DEV_CAP_MAP_CLOCK_TO_USER 0xc1 #define QUERY_DEV_CAP_QP_RATE_LIMIT_NUM_OFFSET 0xcc #define QUERY_DEV_CAP_QP_RATE_LIMIT_MAX_OFFSET 0xd0 #define QUERY_DEV_CAP_QP_RATE_LIMIT_MIN_OFFSET 0xd2 @@ -840,6 +841,8 @@ int mlx4_QUERY_DEV_CAP(struct mlx4_dev * if (mlx4_is_mfunc(dev)) disable_unsupported_roce_caps(outbox); + MLX4_GET(field, outbox, QUERY_DEV_CAP_MAP_CLOCK_TO_USER); + dev_cap->map_clock_to_user = field & 0x80; MLX4_GET(field, outbox, QUERY_DEV_CAP_RSVD_QP_OFFSET); dev_cap->reserved_qps = 1 << (field & 0xf); MLX4_GET(field, outbox, QUERY_DEV_CAP_MAX_QP_OFFSET); --- a/drivers/net/ethernet/mellanox/mlx4/fw.h +++ b/drivers/net/ethernet/mellanox/mlx4/fw.h @@ -131,6 +131,7 @@ struct mlx4_dev_cap { u32 health_buffer_addrs; struct mlx4_port_cap port_cap[MLX4_MAX_PORTS + 1]; bool wol_port[MLX4_MAX_PORTS + 1]; + bool map_clock_to_user; }; struct mlx4_func_cap { --- a/drivers/net/ethernet/mellanox/mlx4/main.c +++ b/drivers/net/ethernet/mellanox/mlx4/main.c @@ -498,6 +498,7 @@ static int mlx4_dev_cap(struct mlx4_dev } } + dev->caps.map_clock_to_user = dev_cap->map_clock_to_user; dev->caps.uar_page_size = PAGE_SIZE; dev->caps.num_uars = dev_cap->uar_size / PAGE_SIZE; dev->caps.local_ca_ack_delay = dev_cap->local_ca_ack_delay; @@ -1949,6 +1950,11 @@ int mlx4_get_internal_clock_params(struc if (mlx4_is_slave(dev)) return -EOPNOTSUPP; + if (!dev->caps.map_clock_to_user) { + mlx4_dbg(dev, "Map clock to user is not supported.\n"); + return -EOPNOTSUPP; + } + if (!params) return -EINVAL; --- a/include/linux/mlx4/device.h +++ b/include/linux/mlx4/device.h @@ -631,6 +631,7 @@ struct mlx4_caps { bool wol_port[MLX4_MAX_PORTS + 1]; struct mlx4_rate_limit_caps rl_caps; u32 health_buffer_addrs; + bool map_clock_to_user; }; struct mlx4_buf_list {