From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Gerd Rausch <gerd.rausch@oracle.com>,
Santosh Shilimkar <santosh.shilimkar@oracle.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 18/23] net/rds: dma_map_sg is entitled to merge entries
Date: Wed, 1 Sep 2021 14:27:03 +0200 [thread overview]
Message-ID: <20210901122250.373007276@linuxfoundation.org> (raw)
In-Reply-To: <20210901122249.786673285@linuxfoundation.org>
From: Gerd Rausch <gerd.rausch@oracle.com>
[ Upstream commit fb4b1373dcab086d0619c29310f0466a0b2ceb8a ]
Function "dma_map_sg" is entitled to merge adjacent entries
and return a value smaller than what was passed as "nents".
Subsequently "ib_map_mr_sg" needs to work with this value ("sg_dma_len")
rather than the original "nents" parameter ("sg_len").
This old RDS bug was exposed and reliably causes kernel panics
(using RDMA operations "rds-stress -D") on x86_64 starting with:
commit c588072bba6b ("iommu/vt-d: Convert intel iommu driver to the iommu ops")
Simply put: Linux 5.11 and later.
Signed-off-by: Gerd Rausch <gerd.rausch@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Link: https://lore.kernel.org/r/60efc69f-1f35-529d-a7ef-da0549cad143@oracle.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rds/ib_frmr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/rds/ib_frmr.c b/net/rds/ib_frmr.c
index d290416e79e9..9fd550d4116c 100644
--- a/net/rds/ib_frmr.c
+++ b/net/rds/ib_frmr.c
@@ -112,9 +112,9 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr)
cpu_relax();
}
- ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_len,
+ ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_dma_len,
&off, PAGE_SIZE);
- if (unlikely(ret != ibmr->sg_len))
+ if (unlikely(ret != ibmr->sg_dma_len))
return ret < 0 ? ret : -EINVAL;
/* Perform a WR for the fast_reg_mr. Each individual page
--
2.30.2
next prev parent reply other threads:[~2021-09-01 12:29 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-01 12:26 [PATCH 4.14 00/23] 4.14.246-rc1 review Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 01/23] ARC: Fix CONFIG_STACKDEPOT Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 02/23] can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 03/23] Revert "USB: serial: ch341: fix character loss at high transfer rates" Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 04/23] USB: serial: option: add new VID/PID to support Fibocom FG150 Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 05/23] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 06/23] usb: dwc3: gadget: Stop EP0 transfers during pullup disable Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 07/23] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 08/23] e1000e: Fix the max snoop/no-snoop latency for 10M Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 09/23] ip_gre: add validation for csum_start Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 10/23] xgene-v2: Fix a resource leak in the error handling path of xge_probe() Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 11/23] net: marvell: fix MVNETA_TX_IN_PRGRS bit number Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 12/23] usb: gadget: u_audio: fix race condition on endpoint stop Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 13/23] opp: remove WARN when no valid OPPs remain Greg Kroah-Hartman
2021-09-01 12:26 ` [PATCH 4.14 14/23] virtio: Improve vq->broken access to avoid any compiler optimization Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 4.14 15/23] vringh: Use wiov->used to check for read/write desc order Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 4.14 16/23] drm: Copy drm_wait_vblank to user before returning Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 4.14 17/23] drm/nouveau/disp: power down unused DP links during init Greg Kroah-Hartman
2021-09-01 12:27 ` Greg Kroah-Hartman [this message]
2021-09-01 12:27 ` [PATCH 4.14 19/23] vt_kdsetmode: extend console locking Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 4.14 20/23] fbmem: add margin check to fb_check_caps() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 4.14 21/23] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 4.14 22/23] KVM: X86: MMU: Use the correct inherited permissions to get shadow page Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 4.14 23/23] Revert "floppy: reintroduce O_NDELAY fix" Greg Kroah-Hartman
2021-09-01 19:21 ` [PATCH 4.14 00/23] 4.14.246-rc1 review Jon Hunter
2021-09-01 19:22 ` Jon Hunter
2021-09-02 1:08 ` Samuel Zou
2021-09-02 16:08 ` Naresh Kamboju
2021-09-02 21:50 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210901122250.373007276@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=gerd.rausch@oracle.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=santosh.shilimkar@oracle.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.