Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2662039pxj; Mon, 14 Jun 2021 04:19:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwXzDuBHc02pc2OgpGJp7GSLm5sgMauKqgqKLHkI8ac6ANd1KnI2kDBpOcZOFQX++R939GV X-Received: by 2002:a17:906:4882:: with SMTP id v2mr15055764ejq.134.1623669566139; Mon, 14 Jun 2021 04:19:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623669566; cv=none; d=google.com; s=arc-20160816; b=YTHeEdoS1QsXVJO838Lvau3D0Pu3ss4tPHVEvd2i5kGwNHdck7Rq3KFx4RRfS3ZBTc pfIX2QnkpwP3WVW4EEFF84YMqPy0ZjlnaEZHOTAJf2yL5TkyZCGxNr0MEfYNUyrfFAbQ AQdJvlAj5GAso4jHGBW8mSggPWygFrTGbEmglbPG8EvJtZwd7lIUH2w9asgg1oV87KG1 pKEKrewqsi+FsxwJoinkwgPJHY8cx8Wyk6Lnz603HpoNTjRtwyTTn2dsRTI1HgHlMyFh axNgcAO/atViMJj7JlQlf7tydJsNnggcLrsfO6djAEVgL3VmXDfRICouYd0PrYzjxfJp Cu+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=hgpQzPwypPUwaSZTf0/TKz0TWuq7ZoLoRCwWHgv9QTo=; b=OIE5Rn8jlad1UMSDB227AvkjRXRUXQUwApYQu83bev4z8zSxa/enRf3htwl3N9GwG/ Bxg+Q7h81+6T9AC6hq1lIL4DHRAjx+0w+9aXKnOCP0xOFAq3Elm4AMpb895xuKzS320c QJByJ9iFAH5/ymmCELaC3tBHTdWKWds9j5wM5sg5PtjFTQvkCc0cVVwZDGZbwnNIz4QU x4iBSqxu6vUbZLVaessYmnqiGhi8YYEyJQ2mUmibS9+eNjsOqsKk3fi0DwANbYqvl431 VdEqZ9tVn6L/Zc8AfImHsSw5eNFXmMhCsKOmsuHeOvAabQt3CcBBZbEUj4T1k3OXnp5v lnvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qNTs9ALj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id rv25si11274473ejb.507.2021.06.14.04.19.03; Mon, 14 Jun 2021 04:19:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qNTs9ALj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233165AbhFNLSq (ORCPT + 99 others); Mon, 14 Jun 2021 07:18:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:38268 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234650AbhFNLG0 (ORCPT ); Mon, 14 Jun 2021 07:06:26 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3104C6191E; Mon, 14 Jun 2021 10:45:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1623667524; bh=A18hCNEy7xcPwBnOghVhvoAvi/QJ5o68YH9wmgkL5j0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qNTs9ALj+nhIWuKwEBjZoc2Xk86DeAp37cwzejr8m3liEVSnWJze45NSeKqHRxub9 bKBprUIhZtKpEfPeS9Jkp8mykGZ/P5wCNDrgA4GJ1g1nkaWkWaONJN0IvhAhAEDcqI mxuhLvgnTcV5ijDQh6g+kTmfXRko5ARsSf4kjRvo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Shay Drory , Leon Romanovsky , Jason Gunthorpe Subject: [PATCH 5.10 104/131] RDMA/mlx4: Do not map the core_clock page to user space unless enabled Date: Mon, 14 Jun 2021 12:27:45 +0200 Message-Id: <20210614102656.541247879@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210614102652.964395392@linuxfoundation.org> References: <20210614102652.964395392@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Shay Drory commit 404e5a12691fe797486475fe28cc0b80cb8bef2c upstream. Currently when mlx4 maps the hca_core_clock page to the user space there are read-modifiable registers, one of which is semaphore, on this page as well as the clock counter. If user reads the wrong offset, it can modify the semaphore and hang the device. Do not map the hca_core_clock page to the user space unless the device has been put in a backwards compatibility mode to support this feature. After this patch, mlx4 core_clock won't be mapped to user space on the majority of existing devices and the uverbs device time feature in ibv_query_rt_values_ex() will be disabled. Fixes: 52033cfb5aab ("IB/mlx4: Add mmap call to map the hardware clock") Link: https://lore.kernel.org/r/9632304e0d6790af84b3b706d8c18732bc0d5e27.1622726305.git.leonro@nvidia.com Signed-off-by: Shay Drory Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe Signed-off-by: Greg Kroah-Hartman --- drivers/infiniband/hw/mlx4/main.c | 5 +---- drivers/net/ethernet/mellanox/mlx4/fw.c | 3 +++ drivers/net/ethernet/mellanox/mlx4/fw.h | 1 + drivers/net/ethernet/mellanox/mlx4/main.c | 6 ++++++ include/linux/mlx4/device.h | 1 + 5 files changed, 12 insertions(+), 4 deletions(-) --- a/drivers/infiniband/hw/mlx4/main.c +++ b/drivers/infiniband/hw/mlx4/main.c @@ -580,12 +580,9 @@ static int mlx4_ib_query_device(struct i props->cq_caps.max_cq_moderation_count = MLX4_MAX_CQ_COUNT; props->cq_caps.max_cq_moderation_period = MLX4_MAX_CQ_PERIOD; - if (!mlx4_is_slave(dev->dev)) - err = mlx4_get_internal_clock_params(dev->dev, &clock_params); - if (uhw->outlen >= resp.response_length + sizeof(resp.hca_core_clock_offset)) { resp.response_length += sizeof(resp.hca_core_clock_offset); - if (!err && !mlx4_is_slave(dev->dev)) { + if (!mlx4_get_internal_clock_params(dev->dev, &clock_params)) { resp.comp_mask |= MLX4_IB_QUERY_DEV_RESP_MASK_CORE_CLOCK_OFFSET; resp.hca_core_clock_offset = clock_params.offset % PAGE_SIZE; } --- a/drivers/net/ethernet/mellanox/mlx4/fw.c +++ b/drivers/net/ethernet/mellanox/mlx4/fw.c @@ -823,6 +823,7 @@ int mlx4_QUERY_DEV_CAP(struct mlx4_dev * #define QUERY_DEV_CAP_MAD_DEMUX_OFFSET 0xb0 #define QUERY_DEV_CAP_DMFS_HIGH_RATE_QPN_BASE_OFFSET 0xa8 #define QUERY_DEV_CAP_DMFS_HIGH_RATE_QPN_RANGE_OFFSET 0xac +#define QUERY_DEV_CAP_MAP_CLOCK_TO_USER 0xc1 #define QUERY_DEV_CAP_QP_RATE_LIMIT_NUM_OFFSET 0xcc #define QUERY_DEV_CAP_QP_RATE_LIMIT_MAX_OFFSET 0xd0 #define QUERY_DEV_CAP_QP_RATE_LIMIT_MIN_OFFSET 0xd2 @@ -841,6 +842,8 @@ int mlx4_QUERY_DEV_CAP(struct mlx4_dev * if (mlx4_is_mfunc(dev)) disable_unsupported_roce_caps(outbox); + MLX4_GET(field, outbox, QUERY_DEV_CAP_MAP_CLOCK_TO_USER); + dev_cap->map_clock_to_user = field & 0x80; MLX4_GET(field, outbox, QUERY_DEV_CAP_RSVD_QP_OFFSET); dev_cap->reserved_qps = 1 << (field & 0xf); MLX4_GET(field, outbox, QUERY_DEV_CAP_MAX_QP_OFFSET); --- a/drivers/net/ethernet/mellanox/mlx4/fw.h +++ b/drivers/net/ethernet/mellanox/mlx4/fw.h @@ -131,6 +131,7 @@ struct mlx4_dev_cap { u32 health_buffer_addrs; struct mlx4_port_cap port_cap[MLX4_MAX_PORTS + 1]; bool wol_port[MLX4_MAX_PORTS + 1]; + bool map_clock_to_user; }; struct mlx4_func_cap { --- a/drivers/net/ethernet/mellanox/mlx4/main.c +++ b/drivers/net/ethernet/mellanox/mlx4/main.c @@ -498,6 +498,7 @@ static int mlx4_dev_cap(struct mlx4_dev } } + dev->caps.map_clock_to_user = dev_cap->map_clock_to_user; dev->caps.uar_page_size = PAGE_SIZE; dev->caps.num_uars = dev_cap->uar_size / PAGE_SIZE; dev->caps.local_ca_ack_delay = dev_cap->local_ca_ack_delay; @@ -1948,6 +1949,11 @@ int mlx4_get_internal_clock_params(struc if (mlx4_is_slave(dev)) return -EOPNOTSUPP; + if (!dev->caps.map_clock_to_user) { + mlx4_dbg(dev, "Map clock to user is not supported.\n"); + return -EOPNOTSUPP; + } + if (!params) return -EINVAL; --- a/include/linux/mlx4/device.h +++ b/include/linux/mlx4/device.h @@ -631,6 +631,7 @@ struct mlx4_caps { bool wol_port[MLX4_MAX_PORTS + 1]; struct mlx4_rate_limit_caps rl_caps; u32 health_buffer_addrs; + bool map_clock_to_user; }; struct mlx4_buf_list {