Received: by 2002:a89:288:0:b0:1f7:eeee:6653 with SMTP id j8csp427573lqh; Tue, 7 May 2024 03:40:41 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWtjqiWjCyLE/EQDfn3fxS/1dVbVUxD+txxc5FEbKr9AASAkFly5DRg9zSx0CgWYXbPjyqlXrwnwar83fDOEtqiHfc8SQpF7I5stTBuAw== X-Google-Smtp-Source: AGHT+IG3QKFwCyGcjJPHhzaN1iZ+4WKRn56d0PzdsKg7tafSPxelFxnP22XTEqmyC+7f2Q67NdPi X-Received: by 2002:a50:c319:0:b0:572:a126:6760 with SMTP id a25-20020a50c319000000b00572a1266760mr9441226edb.11.1715078441360; Tue, 07 May 2024 03:40:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715078441; cv=pass; d=google.com; s=arc-20160816; b=LAV5JtXxS5IU1R6WoVe1Cipa/RVALVANKJ0h9mOHME+saWAFFkYCIFiTLvTpzOrXrE QrF3kGvyaXkjwYvf98/GGtlh0ZAnRT8Rosp7oX3NTIP69FMfJkpyhVpM9kHod1pT9p+X wwWzeazq8n9+6/n6N1IDdaUU8okWMN/LUfNg7Hj8RzTyTvnEsJafzcHsgaluOSEB/Aym whr7YhbyZJO/WNxlrH6WjYBdko6N/phXgbGBvd6SoBABo/X4vgVHzOtmB4XDCrPtLz6Z odhjUC4JqSR8AO/Hdfsk+6NTKO8qbKUsWTlvA/LDrMA92TeMYQVFKYMHtAvrJEsp7rqq leMQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=UQu/lfpz1bNTbtmouXE8uSwcjGxRPXhP7N7yJc5k/ko=; fh=rYzBNuq8LB6LVCP1ONhjFPEzgCfJuTN0K7ODTDuEMyI=; b=UNJ7SufJBfd1IhIyWkrw1ZUHroXMUzib38O5j7lNjorAv7jWpG/Ht3WeOIDNkL8Vf5 S3JsvW962PIHja1qlMsdWwY3LwWjcFT25GLwNJHmeXON265CB8QnLNKmAzHxalGfgIZh ObcOf9bp41KOfBmqTJ21iGnxZ88Lw+gpeTkjxC+nzflr78wkfvSw8QDh98XA+Q2cBZhV 053pJqJ7ZrVFt789SWvIgj1JBbN2bcSUcZ0hlIyfJMZ5dklBa6ZvHdNCoJJ9ta1jp4Ca mA1LEHPTEOw4BL9kXCWGDQXE7IlAveLi05jQNSGROpqhLWI/NVdjRCXP+lPGyIZXHKiX xUNw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SZJCL35l; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-171116-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-171116-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id b7-20020aa7c6c7000000b00572c67411f8si5808547eds.634.2024.05.07.03.40.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 May 2024 03:40:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-171116-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SZJCL35l; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-171116-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-171116-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E69A11F256C1 for ; Tue, 7 May 2024 10:40:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 36FB41509A5; Tue, 7 May 2024 10:40:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="SZJCL35l" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C69F314EC4A for ; Tue, 7 May 2024 10:40:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715078422; cv=none; b=ERd1NqX1MjO9eNpiDHjwkMwf4/K5zbM1Dxag3s7VW5w1XLkGpF06dCHt+nrpWlFFHEnlpaU5GMQ+GmYRB8dlX+6F8EyRu0pj7BXcwMX5Vi8FL1s7NH8t9IJxpW0Hrm5BoIJx0mV05WAnhrbgShUFYpN3z60fFvAtl/JpvLZdHgA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715078422; c=relaxed/simple; bh=X9UOm5QxQmoKFnw7VYuRiqytXd3mrNifyQakztYF7h0=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=g+F5OgAf2VysZBIHnj3xhRt46FUAquahq7/dHoGKBOBXgT6ZXR3NfqkR5lalptAzJTEUDtCyWdoczuKrzmPYvpPSkjS4zOxsrXvmSWL881rmctq7KJCGGKKwTBSfKdKXkQD7n20xvDL7yz78Dh0Z6BpkAk9R8exaSIbmy2EwxUM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=SZJCL35l; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1715078419; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=UQu/lfpz1bNTbtmouXE8uSwcjGxRPXhP7N7yJc5k/ko=; b=SZJCL35lq+vWIWtD6VQC+YWCfQ5R0U7G28QDCjYN3QZ4cXG7xNgRdbYhqGh0lA46eptXSZ VyK6PfCo3/wwVY05EOjnZ8JPLKcQU12sdCbifZb4mtDHHb5qFyXgX4D0AR/6z0dhsJxHWr /SdinUM4gwOtnelcHXjoSKhp1G5Qod0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-625-o91bb09VPoGOr6rhArLFeA-1; Tue, 07 May 2024 06:40:13 -0400 X-MC-Unique: o91bb09VPoGOr6rhArLFeA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9B455801211; Tue, 7 May 2024 10:40:12 +0000 (UTC) Received: from toolbox.brq.redhat.com (unknown [10.43.2.89]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7BB96EC68D; Tue, 7 May 2024 10:40:11 +0000 (UTC) From: Michal Schmidt To: Selvin Xavier , Jason Gunthorpe , Leon Romanovsky , Devesh Sharma , Naresh Kumar PBS Cc: linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Date: Tue, 7 May 2024 12:39:28 +0200 Message-ID: <20240507103929.30003-1-mschmidt@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0. In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called. roundup_pow_of_two is documented as undefined for 0. Fix it in the one caller that had this combination. The undefined behavior was detected by UBSAN: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4 Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023 Call Trace: dump_stack_lvl+0x5d/0x80 ubsan_epilogue+0x5/0x30 __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec __roundup_pow_of_two+0x25/0x35 [bnxt_re] bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re] bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re] bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re] ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? __kmalloc+0x1b6/0x4f0 ? create_qp.part.0+0x128/0x1c0 [ib_core] ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re] create_qp.part.0+0x128/0x1c0 [ib_core] ib_create_qp_kernel+0x50/0xd0 [ib_core] create_mad_qp+0x8e/0xe0 [ib_core] ? __pfx_qp_event_handler+0x10/0x10 [ib_core] ib_mad_init_device+0x2be/0x680 [ib_core] add_client_context+0x10d/0x1a0 [ib_core] enable_device_and_get+0xe0/0x1d0 [ib_core] ib_register_device+0x53c/0x630 [ib_core] ? srso_alias_return_thunk+0x5/0xfbef5 bnxt_re_probe+0xbd8/0xe50 [bnxt_re] ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re] auxiliary_bus_probe+0x49/0x80 ? driver_sysfs_add+0x57/0xc0 really_probe+0xde/0x340 ? pm_runtime_barrier+0x54/0x90 ? __pfx___driver_attach+0x10/0x10 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8f/0xe0 bus_add_driver+0x146/0x220 driver_register+0x72/0xd0 __auxiliary_driver_register+0x6e/0xd0 ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re] bnxt_re_mod_init+0x3e/0xff0 [bnxt_re] ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re] do_one_initcall+0x5b/0x310 do_init_module+0x90/0x250 init_module_from_file+0x86/0xc0 idempotent_init_module+0x121/0x2b0 __x64_sys_finit_module+0x5e/0xb0 do_syscall_64+0x82/0x160 ? srso_alias_return_thunk+0x5/0xfbef5 ? syscall_exit_to_user_mode_prepare+0x149/0x170 ? srso_alias_return_thunk+0x5/0xfbef5 ? syscall_exit_to_user_mode+0x75/0x230 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_syscall_64+0x8e/0x160 ? srso_alias_return_thunk+0x5/0xfbef5 ? __count_memcg_events+0x69/0x100 ? srso_alias_return_thunk+0x5/0xfbef5 ? count_memcg_events.constprop.0+0x1a/0x30 ? srso_alias_return_thunk+0x5/0xfbef5 ? handle_mm_fault+0x1f0/0x300 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_user_addr_fault+0x34e/0x640 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f4e5132821d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0 R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60 ---[ end trace ]--- Fixes: 0c4dcd602817 ("RDMA/bnxt_re: Refactor hardware queue memory allocation") Signed-off-by: Michal Schmidt --- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.c b/drivers/infiniband/hw/bnxt_re/qplib_fp.c index 439d0c7c5d0c..04258676d072 100644 --- a/drivers/infiniband/hw/bnxt_re/qplib_fp.c +++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.c @@ -1013,7 +1013,8 @@ int bnxt_qplib_create_qp(struct bnxt_qplib_res *res, struct bnxt_qplib_qp *qp) hwq_attr.stride = sizeof(struct sq_sge); hwq_attr.depth = bnxt_qplib_get_depth(sq); hwq_attr.aux_stride = psn_sz; - hwq_attr.aux_depth = bnxt_qplib_set_sq_size(sq, qp->wqe_mode); + hwq_attr.aux_depth = psn_sz ? bnxt_qplib_set_sq_size(sq, qp->wqe_mode) + : 0; /* Update msn tbl size */ if (BNXT_RE_HW_RETX(qp->dev_cap_flags) && psn_sz) { hwq_attr.aux_depth = roundup_pow_of_two(bnxt_qplib_set_sq_size(sq, qp->wqe_mode)); -- 2.44.0