From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Denis Bolotin <dbolotin@marvell.com>,
Michal Kalderon <mkalderon@marvell.com>,
Ariel Elior <aelior@marvell.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.0 35/99] qed: Fix the doorbell address sanity check
Date: Tue, 7 May 2019 01:31:29 -0400 [thread overview]
Message-ID: <20190507053235.29900-35-sashal@kernel.org> (raw)
In-Reply-To: <20190507053235.29900-1-sashal@kernel.org>
From: Denis Bolotin <dbolotin@marvell.com>
[ Upstream commit b61b04ad81d5f975349d66abbecabf96ba211140 ]
Fix the condition which verifies that doorbell address is inside the
doorbell bar by checking that the end of the address is within range
as well.
Signed-off-by: Denis Bolotin <dbolotin@marvell.com>
Signed-off-by: Michal Kalderon <mkalderon@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qed/qed_dev.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qed/qed_dev.c b/drivers/net/ethernet/qlogic/qed/qed_dev.c
index ff0bbf8d073d..228891e459bc 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_dev.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_dev.c
@@ -102,11 +102,15 @@ static void qed_db_recovery_dp_entry(struct qed_hwfn *p_hwfn,
/* Doorbell address sanity (address within doorbell bar range) */
static bool qed_db_rec_sanity(struct qed_dev *cdev,
- void __iomem *db_addr, void *db_data)
+ void __iomem *db_addr,
+ enum qed_db_rec_width db_width,
+ void *db_data)
{
+ u32 width = (db_width == DB_REC_WIDTH_32B) ? 32 : 64;
+
/* Make sure doorbell address is within the doorbell bar */
if (db_addr < cdev->doorbells ||
- (u8 __iomem *)db_addr >
+ (u8 __iomem *)db_addr + width >
(u8 __iomem *)cdev->doorbells + cdev->db_size) {
WARN(true,
"Illegal doorbell address: %p. Legal range for doorbell addresses is [%p..%p]\n",
@@ -159,7 +163,7 @@ int qed_db_recovery_add(struct qed_dev *cdev,
}
/* Sanitize doorbell address */
- if (!qed_db_rec_sanity(cdev, db_addr, db_data))
+ if (!qed_db_rec_sanity(cdev, db_addr, db_width, db_data))
return -EINVAL;
/* Obtain hwfn from doorbell address */
@@ -205,10 +209,6 @@ int qed_db_recovery_del(struct qed_dev *cdev,
return 0;
}
- /* Sanitize doorbell address */
- if (!qed_db_rec_sanity(cdev, db_addr, db_data))
- return -EINVAL;
-
/* Obtain hwfn from doorbell address */
p_hwfn = qed_db_rec_find_hwfn(cdev, db_addr);
@@ -317,7 +317,7 @@ static void qed_db_recovery_ring(struct qed_hwfn *p_hwfn,
/* Sanity */
if (!qed_db_rec_sanity(p_hwfn->cdev, db_entry->db_addr,
- db_entry->db_data))
+ db_entry->db_width, db_entry->db_data))
return;
/* Flush the write combined buffer. Since there are multiple doorbelling
--
2.20.1
next prev parent reply other threads:[~2019-05-07 6:06 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-07 5:30 [PATCH AUTOSEL 5.0 01/99] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
2019-05-07 5:30 ` [PATCH AUTOSEL 5.0 02/99] iio: adc: xilinx: fix potential use-after-free on probe Sasha Levin
2019-05-07 5:30 ` [PATCH AUTOSEL 5.0 03/99] iio: adc: xilinx: prevent touching unclocked h/w on remove Sasha Levin
2019-05-07 5:30 ` [PATCH AUTOSEL 5.0 04/99] acpi/nfit: Always dump _DSM output payload Sasha Levin
2019-05-07 5:30 ` Sasha Levin
2019-05-07 5:30 ` Sasha Levin
2019-05-07 5:30 ` [PATCH AUTOSEL 5.0 05/99] libnvdimm/namespace: Fix a potential NULL pointer dereference Sasha Levin
2019-05-07 5:30 ` Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 06/99] HID: input: add mapping for Expose/Overview key Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 07/99] HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 08/99] HID: input: add mapping for "Toggle Display" key Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 09/99] libnvdimm/btt: Fix a kmemdup failure check Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 10/99] s390/dasd: Fix capacity calculation for large volumes Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 11/99] mac80211: fix unaligned access in mesh table hash function Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 12/99] mac80211: Increase MAX_MSG_LEN Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 13/99] cfg80211: Handle WMM rules in regulatory domain intersection Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 14/99] mac80211: fix memory accounting with A-MSDU aggregation Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 15/99] nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 16/99] libnvdimm/security: provide fix for secure-erase to use zero-key Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 17/99] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 18/99] libnvdimm/pmem: fix a possible OOB access when read and write pmem Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 19/99] tools/testing/nvdimm: Retain security state after overwrite Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 20/99] mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 21/99] s390/3270: fix lockdep false positive on view->lock Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 22/99] drm/ttm: fix dma_fence refcount imbalance on error path Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 23/99] drm/amd/display: extending AUX SW Timeout Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 24/99] clocksource/drivers/npcm: select TIMER_OF Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 25/99] clocksource/drivers/oxnas: Fix OX820 compatible Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 26/99] selftests: fib_tests: Fix 'Command line is not complete' errors Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` sashal
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 27/99] drm/amdgpu: shadow in shadow_list without tbo.mem.start cause page fault in sriov TDR Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 28/99] mISDN: Check address length before reading address family Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 29/99] vxge: fix return of a free'd memblock on a failed dma mapping Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 30/99] qede: fix write to free'd pointer error and double free of ptp Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 31/99] afs: Unlock pages for __pagevec_release() Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 32/99] afs: Fix in-progess ops to ignore server-level callback invalidation Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 33/99] bfq: update internal depth state when queue depth changes Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 34/99] qed: Delete redundant doorbell recovery types Sasha Levin
2019-05-07 5:31 ` Sasha Levin [this message]
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 36/99] qed: Fix missing DORQ attentions Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 37/99] qed: Fix the DORQ's attentions handling Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 38/99] drm/amd/display: If one stream full updates, full update all planes Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 39/99] s390/pkey: add one more argument space for debug feature entry Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 40/99] x86/build/lto: Fix truncated .bss with -fdata-sections Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 41/99] x86/mm: Prevent bogus warnings with "noexec=off" Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 42/99] x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 43/99] x86/mm/tlb: Revert "x86/mm: Align TLB invalidation info" Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 44/99] KVM: nVMX: always use early vmcs check when EPT is disabled Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 45/99] KVM: x86: Raise #GP when guest vCPU do not support PMU Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 46/99] KVM: nVMX: Expose RDPMC-exiting only when guest supports PMU Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 47/99] KVM: fix spectrev1 gadgets Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 48/99] KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 49/99] tools lib traceevent: Fix missing equality check for strcmp Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 50/99] perf top: Always sample time to satisfy needs of use of ordered queuing Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 51/99] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 52/99] ocelot: Don't sleep in atomic context (irqs_disabled()) Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 53/99] perf tools: Fix map reference counting Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 54/99] x86/mm/KASLR: Fix the size of the direct mapping section Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 55/99] scsi: aic7xxx: fix EISA support Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 56/99] slab: store tagged freelist for off-slab slabmgmt Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 57/99] mm/hotplug: treat CMA pages as unmovable Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 58/99] mm: fix inactive list balancing between NUMA nodes and cgroups Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 59/99] init: initialize jump labels before command line option parsing Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 60/99] drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 61/99] selftests: netfilter: check icmp pkttoobig errors are set as related Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` sashal
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 62/99] ipvs: do not schedule icmp errors from tunnels Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 63/99] netfilter: ctnetlink: don't use conntrack/expect object addresses as id Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 64/99] netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook() Sasha Levin
2019-05-07 5:31 ` [PATCH AUTOSEL 5.0 65/99] netfilter: nat: fix icmp id randomization Sasha Levin
2019-05-07 5:31 ` Sasha Levin
2019-05-07 5:31 ` sashal
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 66/99] MIPS: perf: ath79: Fix perfcount IRQ assignment Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 67/99] IB/mlx5: Fix scatter to CQE in DCT QP creation Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 68/99] s390: ctcm: fix ctcm_new_device error return code Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 69/99] drm/sun4i: Set device driver data at bind time for use in unbind Sasha Levin
2019-05-07 5:32 ` Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 70/99] drm/sun4i: Fix component unbinding and component master deletion Sasha Levin
2019-05-07 5:32 ` Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 71/99] of_net: Fix residues after of_get_nvmem_mac_address removal Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 72/99] selftests/net: correct the return value for run_netsocktests Sasha Levin
2019-05-07 5:32 ` Sasha Levin
2019-05-07 5:32 ` sashal
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 73/99] selftests/net: correct the return value for run_afpackettests Sasha Levin
2019-05-07 5:32 ` Sasha Levin
2019-05-07 5:32 ` sashal
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 74/99] netfilter: never get/set skb->tstamp Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 75/99] netfilter: fix nf_l4proto_log_invalid to log invalid packets Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 76/99] dmaengine: bcm2835: Avoid GFP_KERNEL in device_prep_slave_sg Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 77/99] arm64/module: ftrace: deal with place relative nature of PLTs Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 78/99] gpu: ipu-v3: dp: fix CSC handling Sasha Levin
2019-05-07 5:32 ` Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 79/99] drm/imx: don't skip DP channel disable for background plane Sasha Levin
2019-05-07 5:32 ` Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 80/99] ARM: fix function graph tracer and unwinder dependencies Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 81/99] ARM: 8856/1: NOMMU: Fix CCR register faulty initialization when MPU is disabled Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 82/99] spi: Micrel eth switch: declare missing of table Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 83/99] spi: ST ST95HF NFC: " Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 84/99] ceph: handle the case where a dentry has been renamed on outstanding req Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 85/99] Revert "drm/virtio: drop prime import/export callbacks" Sasha Levin
2019-05-07 5:32 ` Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 86/99] x86/mm: Fix a crash with kmemleak_scan() Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 87/99] drm/sun4i: Unbind components before releasing DRM and memory Sasha Levin
2019-05-07 5:32 ` Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 88/99] Input: snvs_pwrkey - make it depend on ARCH_MXC Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 89/99] Input: synaptics-rmi4 - fix possible double free Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 90/99] net: vrf: Fix operation not supported when set vrf mac Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 91/99] gpio: Fix gpiochip_add_data_with_key() error path Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 92/99] btrfs: Switch memory allocations in async csum calculation path to kvmalloc Sasha Levin
2019-05-07 7:49 ` David Sterba
2019-05-13 13:37 ` Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 93/99] RDMA/hns: Bugfix for mapping user db Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 94/99] mm/memory_hotplug.c: drop memory device reference after find_memory_block() Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 95/99] mm/page_alloc.c: avoid potential NULL pointer dereference Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 96/99] bpf: only test gso type on gso packets Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 97/99] net: sched: fix cleanup NULL pointer exception in act_mirr Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 98/99] net: mvpp2: fix validate for PPv2.1 Sasha Levin
2019-05-07 5:32 ` [PATCH AUTOSEL 5.0 99/99] drm/rockchip: fix for mailbox read validation Sasha Levin
2019-05-07 5:32 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190507053235.29900-35-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=aelior@marvell.com \
--cc=davem@davemloft.net \
--cc=dbolotin@marvell.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mkalderon@marvell.com \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.