Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit abe03080 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 

Pull infiniband/rdma fixes from Roland Dreier:
 - Fixes for the newly merged mlx5 hardware driver
 - Stack info leak fixes from Dan Carpenter
 - Fixes for pkey table handling with SR-IOV
 - A few other small things

* tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  IPoIB: Fix pkey change flow for virtualization environments
  IPoIB: Make sure child devices use valid/proper pkeys
  IB/core: Create QP1 using the pkey index which contains the default pkey
  mlx5_core: Variable may be used uninitialized
  mlx5_core: Implement new initialization sequence
  mlx5_core: Fix use after free in mlx5_cmd_comp_handler()
  IB/mlx5: Fix stack info leak in mlx5_ib_alloc_ucontext()
  IB/mlx5: Fix error return code in init_one()
  IB/mlx4: Use default pkey when creating tunnel QPs
  RDMA/cma: Only call cma_save_ib_info() for CM REQs
  RDMA/cma: Fix accessing invalid private data for UD
  RDMA/cma: Fix gcc warning
  Revert "RDMA/nes: Fix compilation error when nes_debug is enabled"
  IB/qib: Add err_decode() call for ring dump
  RDMA/cxgb3: Fix stack info leak in iwch_create_cq()
  RDMA/nes: Fix info leaks in nes_create_qp() and nes_create_cq()
  RDMA/ocrdma: Fix several stack info leaks
  RDMA/cxgb4: Fix stack info leak in c4iw_create_qp()
  RDMA/ocrdma: Remove unused include
parents 1cb39a6c 569935db

drivers/infiniband/core/cma.c

+16 −13
Original line number Diff line number Diff line
@@ -423,7 +423,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv) 
	struct sockaddr_ib *addr;

	union ib_gid gid, sgid, *dgid;

	u16 pkey, index;

	u8 port, p;

	u8 p;

	int i;



	cma_dev = NULL;
@@ -443,7 +443,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv) 
				if (!memcmp(&gid, dgid, sizeof(gid))) {

					cma_dev = cur_dev;

					sgid = gid;

					port = p;

					id_priv->id.port_num = p;

					goto found;

				}
@@ -451,7 +451,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv) 
						 dgid->global.subnet_prefix)) {

					cma_dev = cur_dev;

					sgid = gid;

					port = p;

					id_priv->id.port_num = p;

				}

			}

		}
@@ -462,7 +462,6 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv) 


found:

	cma_attach_to_dev(id_priv, cma_dev);

	id_priv->id.port_num = port;

	addr = (struct sockaddr_ib *) cma_src_addr(id_priv);

	memcpy(&addr->sib_addr, &sgid, sizeof sgid);

	cma_translate_ib(addr, &id_priv->id.route.addr.dev_addr);
@@ -880,7 +879,8 @@ static int cma_save_net_info(struct rdma_cm_id *id, struct rdma_cm_id *listen_id 
{

	struct cma_hdr *hdr;



	if (listen_id->route.addr.src_addr.ss_family == AF_IB) {

	if ((listen_id->route.addr.src_addr.ss_family == AF_IB) &&

	    (ib_event->event == IB_CM_REQ_RECEIVED)) {

		cma_save_ib_info(id, listen_id, ib_event->param.req_rcvd.primary_path);

		return 0;

	}
@@ -2677,29 +2677,32 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv, 
{

	struct ib_cm_sidr_req_param req;

	struct ib_cm_id	*id;

	void *private_data;

	int offset, ret;



	memset(&req, 0, sizeof req);

	offset = cma_user_data_offset(id_priv);

	req.private_data_len = offset + conn_param->private_data_len;

	if (req.private_data_len < conn_param->private_data_len)

		return -EINVAL;



	if (req.private_data_len) {

		req.private_data = kzalloc(req.private_data_len, GFP_ATOMIC);

		if (!req.private_data)

		private_data = kzalloc(req.private_data_len, GFP_ATOMIC);

		if (!private_data)

			return -ENOMEM;

	} else {

		req.private_data = NULL;

		private_data = NULL;

	}



	if (conn_param->private_data && conn_param->private_data_len)

		memcpy((void *) req.private_data + offset,

		       conn_param->private_data, conn_param->private_data_len);

		memcpy(private_data + offset, conn_param->private_data,

		       conn_param->private_data_len);



	if (req.private_data) {

		ret = cma_format_hdr((void *) req.private_data, id_priv);

	if (private_data) {

		ret = cma_format_hdr(private_data, id_priv);

		if (ret)

			goto out;

		req.private_data = private_data;

	}



	id = ib_create_cm_id(id_priv->id.device, cma_sidr_rep_handler,
@@ -2721,7 +2724,7 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv, 
		id_priv->cm_id.ib = NULL;

	}

out:

	kfree(req.private_data);

	kfree(private_data);

	return ret;

}

drivers/infiniband/core/mad.c

+7 −1
Original line number Diff line number Diff line
@@ -2663,6 +2663,7 @@ static int ib_mad_port_start(struct ib_mad_port_private *port_priv) 
	int ret, i;

	struct ib_qp_attr *attr;

	struct ib_qp *qp;

	u16 pkey_index;



	attr = kmalloc(sizeof *attr, GFP_KERNEL);

	if (!attr) {
@@ -2670,6 +2671,11 @@ static int ib_mad_port_start(struct ib_mad_port_private *port_priv) 
		return -ENOMEM;

	}



	ret = ib_find_pkey(port_priv->device, port_priv->port_num,

			   IB_DEFAULT_PKEY_FULL, &pkey_index);

	if (ret)

		pkey_index = 0;



	for (i = 0; i < IB_MAD_QPS_CORE; i++) {

		qp = port_priv->qp_info[i].qp;

		if (!qp)
@@ -2680,7 +2686,7 @@ static int ib_mad_port_start(struct ib_mad_port_private *port_priv) 
		 * one is needed for the Reset to Init transition

		 */

		attr->qp_state = IB_QPS_INIT;

		attr->pkey_index = 0;

		attr->pkey_index = pkey_index;

		attr->qkey = (qp->qp_num == 0) ? 0 : IB_QP1_QKEY;

		ret = ib_modify_qp(qp, attr, IB_QP_STATE |

					     IB_QP_PKEY_INDEX | IB_QP_QKEY);

drivers/infiniband/hw/cxgb3/iwch_provider.c

+1 −0
Original line number Diff line number Diff line
@@ -226,6 +226,7 @@ static struct ib_cq *iwch_create_cq(struct ib_device *ibdev, int entries, int ve 
			mm->len = PAGE_ALIGN(((1UL << uresp.size_log2) + 1) *

					     sizeof(struct t3_cqe));

			uresp.memsize = mm->len;

			uresp.reserved = 0;

			resplen = sizeof uresp;

		}

		if (ib_copy_to_udata(udata, &uresp, resplen)) {

drivers/infiniband/hw/cxgb4/qp.c

+2 −0
Original line number Diff line number Diff line
@@ -1657,6 +1657,8 @@ struct ib_qp *c4iw_create_qp(struct ib_pd *pd, struct ib_qp_init_attr *attrs, 
		if (mm5) {

			uresp.ma_sync_key = ucontext->key;

			ucontext->key += PAGE_SIZE;

		} else {

			uresp.ma_sync_key =  0;

		}

		uresp.sq_key = ucontext->key;

		ucontext->key += PAGE_SIZE;

drivers/infiniband/hw/mlx4/mad.c

+8 −2
Original line number Diff line number Diff line
@@ -1511,6 +1511,12 @@ static int create_pv_sqp(struct mlx4_ib_demux_pv_ctx *ctx, 


	memset(&attr, 0, sizeof attr);

	attr.qp_state = IB_QPS_INIT;

	ret = 0;

	if (create_tun)

		ret = find_slave_port_pkey_ix(to_mdev(ctx->ib_dev), ctx->slave,

					      ctx->port, IB_DEFAULT_PKEY_FULL,

					      &attr.pkey_index);

	if (ret || !create_tun)

		attr.pkey_index =

			to_mdev(ctx->ib_dev)->pkeys.virt2phys_pkey[ctx->slave][ctx->port - 1][0];

	attr.qkey = IB_QP1_QKEY;