From: Saeed Mahameed <saeedm@mellanox.com>
To: "David S. Miller" <davem@davemloft.net>,
Doug Ledford <dledford@redhat.com>
Cc: netdev@vger.kernel.org, linux-rdma@vger.kernel.org,
Leon Romanovsky <leonro@mellanox.com>,
Eli Cohen <eli@mellanox.com>, Matan Barak <matanb@mellanox.com>,
Leon Romanovsky <leon@kernel.org>,
Saeed Mahameed <saeedm@mellanox.com>
Subject: [for-next V3 01/10] IB/mlx5: Fix kernel to user leak prevention logic
Date: Mon, 9 Jan 2017 21:00:44 +0200 [thread overview]
Message-ID: <1483988453-28551-2-git-send-email-saeedm@mellanox.com> (raw)
In-Reply-To: <1483988453-28551-1-git-send-email-saeedm@mellanox.com>
From: Eli Cohen <eli@mellanox.com>
The logic was broken as it failed to update the response length for
architectures with PAGE_SIZE larger than 4kB. As a result further
extension of the ucontext response struct would fail.
Fixes: d69e3bcf7976 ('IB/mlx5: Mmap the HCA's core clock register to user-space')
Signed-off-by: Eli Cohen <eli@mellanox.com>
Reviewed-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
---
drivers/infiniband/hw/mlx5/main.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index 86c61e7..852b5b7 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -1148,13 +1148,13 @@ static struct ib_ucontext *mlx5_ib_alloc_ucontext(struct ib_device *ibdev,
* pretend we don't support reading the HCA's core clock. This is also
* forced by mmap function.
*/
- if (PAGE_SIZE <= 4096 &&
- field_avail(typeof(resp), hca_core_clock_offset, udata->outlen)) {
- resp.comp_mask |=
- MLX5_IB_ALLOC_UCONTEXT_RESP_MASK_CORE_CLOCK_OFFSET;
- resp.hca_core_clock_offset =
- offsetof(struct mlx5_init_seg, internal_timer_h) %
- PAGE_SIZE;
+ if (field_avail(typeof(resp), hca_core_clock_offset, udata->outlen)) {
+ if (PAGE_SIZE <= 4096) {
+ resp.comp_mask |=
+ MLX5_IB_ALLOC_UCONTEXT_RESP_MASK_CORE_CLOCK_OFFSET;
+ resp.hca_core_clock_offset =
+ offsetof(struct mlx5_init_seg, internal_timer_h) % PAGE_SIZE;
+ }
resp.response_length += sizeof(resp.hca_core_clock_offset) +
sizeof(resp.reserved2);
}
--
2.7.4
next prev parent reply other threads:[~2017-01-09 19:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-09 19:00 [for-next V3 00/10][pull request] Mellanox 100G mlx5 4K UAR support Saeed Mahameed
2017-01-09 19:00 ` Saeed Mahameed [this message]
2017-01-09 19:00 ` [for-next V3 02/10] IB/mlx5: Fix error handling order in create_kernel_qp Saeed Mahameed
2017-01-09 19:00 ` [for-next V3 04/10] IB/mlx5: Fix retrieval of index to first hi class bfreg Saeed Mahameed
2017-01-09 19:00 ` [for-next V3 05/10] net/mlx5: Introduce blue flame register allocator Saeed Mahameed
2017-01-09 19:00 ` [for-next V3 06/10] net/mlx5: Add interface to get reference to a UAR Saeed Mahameed
[not found] ` <1483988453-28551-1-git-send-email-saeedm-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-01-09 19:00 ` [for-next V3 03/10] mlx5: Fix naming convention with respect to UARs Saeed Mahameed
2017-01-09 19:00 ` [for-next V3 07/10] IB/mlx5: Use blue flame register allocator in mlx5_ib Saeed Mahameed
2017-01-09 19:00 ` [for-next V3 08/10] IB/mlx5: Allow future extension of libmlx5 input data Saeed Mahameed
2017-01-09 19:00 ` [for-next V3 09/10] IB/mlx5: Support 4k UAR for libmlx5 Saeed Mahameed
2017-01-10 4:53 ` [for-next V3 00/10][pull request] Mellanox 100G mlx5 4K UAR support Doug Ledford
[not found] ` <1484024006.2149.11.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-10 6:50 ` Leon Romanovsky
2017-01-10 6:50 ` Leon Romanovsky
2017-01-09 19:00 ` [for-next V3 10/10] net/mlx5: Activate support for 4K UARs Saeed Mahameed
2017-01-09 22:16 ` [for-next V3 00/10][pull request] Mellanox 100G mlx5 4K UAR support David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1483988453-28551-2-git-send-email-saeedm@mellanox.com \
--to=saeedm@mellanox.com \
--cc=davem@davemloft.net \
--cc=dledford@redhat.com \
--cc=eli@mellanox.com \
--cc=leon@kernel.org \
--cc=leonro@mellanox.com \
--cc=linux-rdma@vger.kernel.org \
--cc=matanb@mellanox.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.